Ansible Pilot

Deploy a web server apache httpd virtualhost on RedHat-like systems - Ansible modules yum, file, copy, template, service and firewalld

How to automate the deployment of a web server apache httpd virtual host "example.com" on RedHat-like systems with custom web page taking care of downloading, installing, and enabling the service instantly and on boot and open the relevant firewall ports with Ansible modules yum, file, copy, template, service, and firewalld. CentOS, Fedora, RockyLinux, AlmaLinux, Amazon Linux all the similar distributions.

How to deploy a webserver apache httpd virtual host on RedHat-like systems with Ansible?

I’m going to show you a live demo with some simple Ansible code. This demo is quick and dirty but shows you the basics of Ansible automation technology that you could use in your System Administrator every day. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

Deploy a web server apache httpd virtualhost on RedHat-like systems

Today we’re talking about how to Deploy a web server apache httpd on RedHat-like Linux systems. The full process requires six steps that you could automate with different Ansible modules. Firstly you need to install the httpd package and dependency using the ansible.builtin.yum Ansible module. Secondly, you need to create the document root with the right permission with the ansible.builtin.file module. Thirsty, you need to create the custom index.html with ansible.builtin.copy Ansible module. You could upgrade this step using the template module. Fourthly, you need to set up Apache configuration for the specific virtual host using the ansible.builtin.template module. Fifthly, you need to start the httpd service and enable it on boot and all the dependant using the ansible.builtin.service Ansible module. Sixthly you need to open the relevant firewall service-related ports using the ansible.posix.firewalld Ansible module.

demo

Deploy a web server apache httpd virtual host on RedHat-like systems with Ansible Playbook.

code

---
- name: setup webserver with vhost
  hosts: all
  become: true
  vars:
    app_user: "apache"
    http_host: "example.com"
    http_conf: "example.com.conf"
    http_port: "80"
  tasks:
    - name: httpd installed
      ansible.builtin.yum:
        name: httpd
        state: latest

    - name: document root exist
      ansible.builtin.file:
        path: "/var/www/{{ http_host }}"
        state: directory
        owner: "{{ app_user }}"
        mode: '0755'
        setype: "httpd_sys_content_t"

    - name: custom index.html
      ansible.builtin.copy:
        dest: "/var/www/{{ http_host }}/index.html"
        content: |
                    Custom Web Page

    - name: setup Apache virtualhost
      ansible.builtin.template:
        src: "templates/httpd.conf.j2"
        dest: "/etc/httpd/conf.d/{{ http_conf }}"

    - name: httpd service enabled
      ansible.builtin.service:
        name: httpd
        enabled: true
        state: restarted

    - name: open firewall
      ansible.posix.firewalld:
        service: http
        state: enabled
        immediate: true
        permanent: true

<VirtualHost *:{{ http_port }}>
  ServerAdmin [email protected]
  ServerName {{ http_host }}
  ServerAlias www.{{ http_host }}
  ErrorLog /var/log/httpd/error.log
  CustomLog /var/log/httpd/access.log combined
  DocumentRoot "/var/www/{{ http_host }}"
</VirtualHost>

execution

ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory services/httpd_redhat_vhost.yml
PLAY [setup webserver with vhost] *****************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [httpd installed] ****************************************************************************
changed: [demo.example.com]
TASK [document root exist] ************************************************************************
changed: [demo.example.com]
TASK [custom index.html] **************************************************************************
changed: [demo.example.com]
TASK [setup Apache virtualhost] *******************************************************************
changed: [demo.example.com]
TASK [httpd service enabled] **********************************************************************
changed: [demo.example.com]
TASK [open firewall] ******************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=7    changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

idempotency

ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory services/httpd_redhat_vhost.yml
PLAY [setup webserver with vhost] *****************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [httpd installed] ****************************************************************************
ok: [demo.example.com]
TASK [document root exist] ************************************************************************
ok: [demo.example.com]
TASK [custom index.html] **************************************************************************
ok: [demo.example.com]
TASK [setup Apache virtualhost] *******************************************************************
ok: [demo.example.com]
TASK [httpd service enabled] **********************************************************************
ok: [demo.example.com]
TASK [open firewall] ******************************************************************************
ok: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com           : ok=7    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

before execution

ansible-pilot $ ssh [email protected]
Last login: Tue Mar  1 16:49:38 2022 from 192.168.0.59
[[email protected] ~]$ sudo su
[[email protected] devops]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
[[email protected] devops]# dnf list httpd
Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)            4.7 MB/s |  39 MB     00:08    
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)               5.2 MB/s |  43 MB     00:08    
Last metadata expiration check: 0:00:01 ago on Tue 01 Mar 2022 04:51:54 PM UTC.
Available Packages
httpd.x86_64       2.4.37-43.module+el8.5.0+13806+b30d9eec.1        rhel-8-for-x86_64-appstream-rpms
[[email protected] devops]# rpm -qa | grep httpd
[[email protected] devops]# cat /etc/httpd/conf.d/example.com.conf
cat: /etc/httpd/conf.d/example.com.conf: No such file or directory
[[email protected] devops]# cat /var/www/example.com/index.html
cat: /var/www/example.com/index.html: No such file or directory
[[email protected] devops]# ls -al /var/www/example.com/
ls: cannot access '/var/www/example.com/': No such file or directory
[[email protected] devops]# systemctl status httpd
Unit httpd.service could not be found.
[[email protected] devops]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0 eth1
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[[email protected] devops]#

after execution

ansible-pilot $ ssh [email protected]
Last login: Tue Mar  1 15:44:18 2022 from 192.168.0.59
[[email protected] ~]$ sudo su
[[email protected] devops]# dnf list httpd
Updating Subscription Management repositories.
Last metadata expiration check: 0:01:21 ago on Tue 01 Mar 2022 03:43:25 PM UTC.
Installed Packages
httpd.x86_64      2.4.37-43.module+el8.5.0+13806+b30d9eec.1       @rhel-8-for-x86_64-appstream-rpms
[[email protected] devops]# rpm -qa | grep httpd
httpd-tools-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64
redhat-logos-httpd-84.5-1.el8.noarch
httpd-filesystem-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.noarch
httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64
[[email protected] devops]# cat /etc/httpd/conf.d/example.com.conf
<VirtualHost *:80>
  ServerAdmin [email protected]
  ServerName example.com
  ServerAlias www.example.com
  ErrorLog /var/log/httpd/error.log
  CustomLog /var/log/httpd/access.log combined
  DocumentRoot "/var/www/example.com"
</VirtualHost>
[[email protected] devops]# cat /var/www/example.com/index.html 
Custom Web Page
[[email protected] devops]# ls -al /var/www/example.com/
total 4
drwxr-xr-x. 2 apache root 24 Mar  1 15:43 .
drwxr-xr-x. 5 root   root 52 Mar  1 15:43 ..
-rw-r--r--. 1 root   root 16 Mar  1 15:43 index.html
[[email protected] devops]# ls -alZ /var/www/example.com/
total 4
drwxr-xr-x. 2 apache root unconfined_u:object_r:httpd_sys_content_t:s0 24 Mar  1 15:43 .
drwxr-xr-x. 5 root   root system_u:object_r:httpd_sys_content_t:s0     52 Mar  1 15:43 ..
-rw-r--r--. 1 root   root system_u:object_r:httpd_sys_content_t:s0     16 Mar  1 15:43 index.html
[[email protected] devops]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2022-03-01 15:43:39 UTC; 2min 20s ago
     Docs: man:httpd.service(8)
 Main PID: 7516 (httpd)
   Status: "Running, listening on: port 80"
    Tasks: 213 (limit: 4952)
   Memory: 25.0M
   CGroup: /system.slice/httpd.service
           ├─7516 /usr/sbin/httpd -DFOREGROUND
           ├─7517 /usr/sbin/httpd -DFOREGROUND
           ├─7518 /usr/sbin/httpd -DFOREGROUND
           ├─7519 /usr/sbin/httpd -DFOREGROUND
           └─7520 /usr/sbin/httpd -DFOREGROUND
Mar 01 15:43:38 demo.example.com systemd[1]: Starting The Apache HTTP Server...
Mar 01 15:43:39 demo.example.com systemd[1]: Started The Apache HTTP Server.
Mar 01 15:43:39 demo.example.com httpd[7516]: Server configured, listening on: port 80
[[email protected] devops]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0 eth1
  sources: 
  services: cockpit dhcpv6-client http ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
  [[email protected] devops]# cat /var/log/httpd/access.log
  192.168.0.59 - - [01/Mar/2022:16:03:58 +0000] "GET / HTTP/1.1" 200 17 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
  192.168.0.59 - - [01/Mar/2022:16:03:58 +0000] "GET /favicon.ico HTTP/1.1" 404 196 "http://demo.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
  192.168.0.59 - - [01/Mar/2022:16:04:02 +0000] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
  192.168.0.59 - - [01/Mar/2022:16:04:10 +0000] "GET /favicon.ico HTTP/1.1" 404 196 "http://demo.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
  192.168.0.59 - - [01/Mar/2022:16:04:55 +0000] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
  192.168.0.59 - - [01/Mar/2022:16:04:57 +0000] "-" 408 - "-" "-"

web server apache httpd virtual host on RedHat-like system

code with ❤️ in GitHub

Recap

Now you know how to deploy a web server apache httpd virtual host on RedHat-like systems with Ansible. Subscribe to the YouTube channel, Medium, Website and Twitter to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 100+ Automation Examples For Linux and Windows System Administrator and DevOps

Want to keep this project going? Please donate

Trustpilot
Follow me

Subscribe not to miss any new releases

March 1, 2022

FREE Top 10 Best Practices

Top 10 Best Practices of Ansible Automation: save time, reduce errors and stress