Configure Apache Vhost on RedHat Using Ansible Playbook
Automate Apache virtual host setup on RedHat systems with Ansible. Learn to manage web server installation, configuration, and firewall settings.
March 1, 2022
YouTube Video
How to deploy a webserver apache httpd virtual host on RedHat-like systems with Ansible?
I’m going to show you a live demo with some simple Ansible code. This demo is quick and dirty but shows you the basics of Ansible automation technology that you could use in your System Administrator every day. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.
Deploy a web server apache httpd virtualhost on RedHat-like systems
- install packages =>
ansible.builtin.yum - document root =>
ansible.builtin.file - custom index.html =>
ansible.builtin.copy - Apache virtualhost =>
ansible.builtin.template - start service =>
ansible.builtin.service - open firewall =>
ansible.posix.firewalld
Today we’re talking about how to Deploy a web server apache httpd on RedHat-like Linux systems.
The full process requires six steps that you could automate with different Ansible modules.
Firstly you need to install the httpd package and dependency using the ansible.builtin.yum Ansible module.
Secondly, you need to create the document root with the right permission with the ansible.builtin.file module.
Thirsty, you need to create the custom index.html with ansible.builtin.copy Ansible module. You could upgrade this step using the template module.
Fourthly, you need to set up Apache configuration for the specific virtual host using the ansible.builtin.template module.
Fifthly, you need to start the httpd service and enable it on boot and all the dependant using the ansible.builtin.service Ansible module.
Sixthly you need to open the relevant firewall service-related ports using the ansible.posix.firewalld Ansible module.
demo
Deploy a web server apache httpd virtual host on RedHat-like systems with Ansible Playbook.
code
- httpd_redhat_vhost.yml
---
- name: setup webserver with vhost
hosts: all
become: true
vars:
app_user: "apache"
http_host: "example.com"
http_conf: "example.com.conf"
http_port: "80"
tasks:
- name: httpd installed
ansible.builtin.yum:
name: httpd
state: latest
- name: document root exist
ansible.builtin.file:
path: "/var/www/{{ http_host }}"
state: directory
owner: "{{ app_user }}"
mode: '0755'
setype: "httpd_sys_content_t"
- name: custom index.html
ansible.builtin.copy:
dest: "/var/www/{{ http_host }}/index.html"
content: |
Custom Web Page
- name: setup Apache virtualhost
ansible.builtin.template:
src: "templates/httpd.conf.j2"
dest: "/etc/httpd/conf.d/{{ http_conf }}"
- name: httpd service enabled
ansible.builtin.service:
name: httpd
enabled: true
state: restarted
- name: open firewall
ansible.posix.firewalld:
service: http
state: enabled
immediate: true
permanent: true
- templates/httpd.conf.j2
<VirtualHost *:{{ http_port }}>
ServerAdmin webmaster@localhost
ServerName {{ http_host }}
ServerAlias www.{{ http_host }}
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
DocumentRoot "/var/www/{{ http_host }}"
</VirtualHost>
execution
ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory services/httpd_redhat_vhost.yml
PLAY [setup webserver with vhost] *****************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [httpd installed] ****************************************************************************
changed: [demo.example.com]
TASK [document root exist] ************************************************************************
changed: [demo.example.com]
TASK [custom index.html] **************************************************************************
changed: [demo.example.com]
TASK [setup Apache virtualhost] *******************************************************************
changed: [demo.example.com]
TASK [httpd service enabled] **********************************************************************
changed: [demo.example.com]
TASK [open firewall] ******************************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=7 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ansible-pilot $
idempotency
ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory services/httpd_redhat_vhost.yml
PLAY [setup webserver with vhost] *****************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [httpd installed] ****************************************************************************
ok: [demo.example.com]
TASK [document root exist] ************************************************************************
ok: [demo.example.com]
TASK [custom index.html] **************************************************************************
ok: [demo.example.com]
TASK [setup Apache virtualhost] *******************************************************************
ok: [demo.example.com]
TASK [httpd service enabled] **********************************************************************
ok: [demo.example.com]
TASK [open firewall] ******************************************************************************
ok: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ansible-pilot $
before execution
ansible-pilot $ ssh [email protected]
Last login: Tue Mar 1 16:49:38 2022 from 192.168.0.59
[devops@demo ~]$ sudo su
[root@demo devops]# cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
[root@demo devops]# dnf list httpd
Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 4.7 MB/s | 39 MB 00:08
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 5.2 MB/s | 43 MB 00:08
Last metadata expiration check: 0:00:01 ago on Tue 01 Mar 2022 04:51:54 PM UTC.
Available Packages
httpd.x86_64 2.4.37-43.module+el8.5.0+13806+b30d9eec.1 rhel-8-for-x86_64-appstream-rpms
[root@demo devops]# rpm -qa | grep httpd
[root@demo devops]# cat /etc/httpd/conf.d/example.com.conf
cat: /etc/httpd/conf.d/example.com.conf: No such file or directory
[root@demo devops]# cat /var/www/example.com/index.html
cat: /var/www/example.com/index.html: No such file or directory
[root@demo devops]# ls -al /var/www/example.com/
ls: cannot access '/var/www/example.com/': No such file or directory
[root@demo devops]# systemctl status httpd
Unit httpd.service could not be found.
[root@demo devops]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 eth1
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@demo devops]#
after execution
ansible-pilot $ ssh [email protected]
Last login: Tue Mar 1 15:44:18 2022 from 192.168.0.59
[devops@demo ~]$ sudo su
[root@demo devops]# dnf list httpd
Updating Subscription Management repositories.
Last metadata expiration check: 0:01:21 ago on Tue 01 Mar 2022 03:43:25 PM UTC.
Installed Packages
httpd.x86_64 2.4.37-43.module+el8.5.0+13806+b30d9eec.1 @rhel-8-for-x86_64-appstream-rpms
[root@demo devops]# rpm -qa | grep httpd
httpd-tools-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64
redhat-logos-httpd-84.5-1.el8.noarch
httpd-filesystem-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.noarch
httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64
[root@demo devops]# cat /etc/httpd/conf.d/example.com.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName example.com
ServerAlias www.example.com
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
DocumentRoot "/var/www/example.com"
</VirtualHost>
[root@demo devops]# cat /var/www/example.com/index.html
Custom Web Page
[root@demo devops]# ls -al /var/www/example.com/
total 4
drwxr-xr-x. 2 apache root 24 Mar 1 15:43 .
drwxr-xr-x. 5 root root 52 Mar 1 15:43 ..
-rw-r--r--. 1 root root 16 Mar 1 15:43 index.html
[root@demo devops]# ls -alZ /var/www/example.com/
total 4
drwxr-xr-x. 2 apache root unconfined_u:object_r:httpd_sys_content_t:s0 24 Mar 1 15:43 .
drwxr-xr-x. 5 root root system_u:object_r:httpd_sys_content_t:s0 52 Mar 1 15:43 ..
-rw-r--r--. 1 root root system_u:object_r:httpd_sys_content_t:s0 16 Mar 1 15:43 index.html
[root@demo devops]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-03-01 15:43:39 UTC; 2min 20s ago
Docs: man:httpd.service(8)
Main PID: 7516 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 4952)
Memory: 25.0M
CGroup: /system.slice/httpd.service
├─7516 /usr/sbin/httpd -DFOREGROUND
├─7517 /usr/sbin/httpd -DFOREGROUND
├─7518 /usr/sbin/httpd -DFOREGROUND
├─7519 /usr/sbin/httpd -DFOREGROUND
└─7520 /usr/sbin/httpd -DFOREGROUND
Mar 01 15:43:38 demo.example.com systemd[1]: Starting The Apache HTTP Server...
Mar 01 15:43:39 demo.example.com systemd[1]: Started The Apache HTTP Server.
Mar 01 15:43:39 demo.example.com httpd[7516]: Server configured, listening on: port 80
[root@demo devops]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 eth1
sources:
services: cockpit dhcpv6-client http ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@demo devops]# cat /var/log/httpd/access.log
192.168.0.59 - - [01/Mar/2022:16:03:58 +0000] "GET / HTTP/1.1" 200 17 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
192.168.0.59 - - [01/Mar/2022:16:03:58 +0000] "GET /favicon.ico HTTP/1.1" 404 196 "http://demo.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
192.168.0.59 - - [01/Mar/2022:16:04:02 +0000] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
192.168.0.59 - - [01/Mar/2022:16:04:10 +0000] "GET /favicon.ico HTTP/1.1" 404 196 "http://demo.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
192.168.0.59 - - [01/Mar/2022:16:04:55 +0000] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
192.168.0.59 - - [01/Mar/2022:16:04:57 +0000] "-" 408 - "-" "-"
Recap
Now you know how to deploy a web server apache httpd virtual host on RedHat-like systems with Ansible. Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.
Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate
