Ansible configuration management, deploying web servers with ease

Create a basic nginx web server on centos and document the configurations to an ansible playbook yaml file

I fired up one of my OVF templates on my vcenter server and setup the IP using DHCP. I logged into the virtual machine which already had sshd running and most essential packages installed.

The OVF template had created a user with sudo rights already so that’s the first thing I needed to document on the playbook file.

I added the following lines to my main.yml file.

– name: Create user eero
user: name=eero shell=/bin/bash groups=wheel append=yes

I added openssh-server to the list to be on the server even though it has to be on it already for ansible to work. This is only to make sure that sshd is using the latest version.

– name: Install latest openssh-server
yum: name=openssh-server state=latest

Now it’s a good time to install a firewall and for this we are going to use ufw and allow our ssh port BEFORE we make the change to sshd. CentOS doesn’t have ufw in it’s default repos so we have to add epel-release to it.

– name: Add epel repos for ufw and other nice packages
yum: name=epel-release state=present

– name: Install ufw
yum: name=ufw state=present

– name: Open the firewall for the new ssh port
ufw: policy=allow port=5999 proto=tcp

We should be ready to enable the firewall now and log everything.

– name: Enable ufw
ufw: state=enabled log=yes

Next we need to copy our sshd_config template to /etc/ssh/sshd_config. To do this we add the following lines.

– name: Copy the sshd configuration
template: src=sshdconfig.template dest=/etc/ssh/sshd_config
notify: “restart sshd”

The “notify: restart sshd” part calls a task in ../handlers/main.yml with the name of “restart sshd”. The relevant yaml in that file looks like this.

– name: restart sshd
service: name=sshd state=restarted

We should also now close the old sshd port with ufw.

-name: close old ssh
ufw: policy=deny port=22 proto=tcp log=yes

Now we can install nginx and add our website to the server.

– name: Install nginx
yum: name=nginx state=latest

At this point nginx is installed but no actual website files are on the server. We need to use the following yaml to add our html files to the server. First create the needed html file(s) and create templates from them. Here the index.html is called indexhtml.template. We need to also make sure the folder where we put our files exists.

– name: Create the web folder /var/www/{{ nginx_webname }}
file: path=/var/www/{{ nginx_webname }} state=directory owner={{ nginx_user }} group={{ nginx_user }} mode=0744

– name: Copy over the html files
template: src=indexhtml.template dest=/var/www/{{ nginx_webname }}/index.html

Before turning nginx on we need to allow port 80/tcp for web traffic.

– name: Allow port 80/tcp
ufw: policy=allow port=80 proto=tcp

Finally have to modify the nginx.conf file for it to find out new website. This can be done with the following task.

– name: Copy the nginx configuration
template: src=nginxconfig.template dest=/etc/nginx/nginx.conf
notify: restart nginx

Again the notify command runs a task in the handlers folder with the name “restart nginx”

– name: restart nginx
service: name=nginx state=restarted

The web server should now display you the html site from the file indexhtml.template. I tested this on digital oceans fresh centos 6.8 server.

You can find the playbook here.

Sources:

Youtube TutoriaLinux: “Configuration Management With Ansible: A Whirlwind Tour”

Ansible documentation https://docs.ansible.com/ansible/index.html

Updated: 22.4.2017 – Added a link to github.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.