Wednesday, July 10, 2019

Manage firewall to allow http


# Write a Ansible play to manage http, firewalld and deploy http config
=================================================

1.) Install http package and manage its services.

2.) Configure firewalld rule to allow http traffic and manage firewalld.

3.)  deploy http config from ansible master to web clients and restart service
       while there is any config change in http config.

4.) Test wesite should be working in network.

========= lets start ============

 [root@ansimaster:~]# mkdir -p /root/ansiroot/config/httpd/

#Now put you web config file in this directory in our case you will put index.html 

[root@ansimaster:~]# ls -l /root/ansiroot/config/httpd/
total 8
-rw-r--r--. 1 root root 4907 Jul  9 18:30 index.html
[root@ansimaster:~]#




 [root@ansimaster:~]# vi /root/playbook/mange_web_intranet.yml
 ---
  - name: Play book to install httpd package and manage firewall.
    hosts: webservers
    tasks:
      - name: install httpd package and start apache web service.
        yum:
          name: httpd
          state: present

      - name: installing firewalld latest version.
        yum:
          name: firewalld
          state: latest

      - name: Starting web services.
        service:
         name: httpd
         state: started
         enabled: true
   
      - name: Starting Firewalld.
        service:
         name: firewalld
         state: started

      - name: Firewalld permits http service.
        firewalld:
          service: http
          state: enabled
          immediate: yes

    
      - name: Deploying http config.
        copy: src=/root/ansiroot/config/httpd/ dest=/usr/share/httpd/noindex/

        notify:
        - restart httpd
      - name: ensure httpd is running
        service:
          name: httpd
          state: started
    handlers:
        - name: restart httpd
          service:
            name: httpd
            state: restarted

  - name: Playbook to test Mylinuxfriend blog working in intranet.
    hosts: webservers
    tasks:
     - name: connected to intranet...!
       uri:
         url: http://192.168.122.50
         status_code: 200
wq!


============== Now lets check playbook has any error or not =====

 [root@ansimaster:~/playbook]# ansible-playbook mange_web_intranet.yml -C

PLAY [Play book to install httpd package and manage firewall.] ***************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************
ok: [192.168.122.50]

TASK [install httpd package and start apache web service.] *******************************************************************************
ok: [192.168.122.50]

TASK [installing firewalld latest version.] **********************************************************************************************
ok: [192.168.122.50]

TASK [Starting web services.] ************************************************************************************************************
ok: [192.168.122.50]

TASK [Starting Firewalld.] ***************************************************************************************************************
ok: [192.168.122.50]

TASK [Firewalld permits http service.] ***************************************************************************************************
ok: [192.168.122.50]

TASK [Deploying http config.] ************************************************************************************************************
ok: [192.168.122.50]

TASK [ensure httpd is running] ***********************************************************************************************************
ok: [192.168.122.50]

PLAY [Playbook to test Mylinuxfriend blog working in intranet.] **************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************
ok: [192.168.122.50]

TASK [connected to intranet...!] *********************************************************************************************************
skipping: [192.168.122.50]

PLAY RECAP *******************************************************************************************************************************
192.168.122.50             : ok=9    changed=0    unreachable=0    failed=0  

[root@ansimaster:~/playbook]#


Now playbook is ready just execute it by removing -C  from above command.

===============  ITS WORKING  ================

at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

kubernetes Pod Scheduling

 ===================   Deployment ================= 1.) Deployment without any nodeName or nodeSelector, pod will spread among all of the av...

  • # Ansible module and some advance options
    # Ansible module and some advance options Modules: Command: This module help you to execute commands to the target host, it may be comma...
  • (no title)
    # Using Facts, in ansible playbook [root@ansimaster:~/ansiroot/playbook]# vi playbook1_remote_facts.yml ---  - name: Playbook that wil...
  • (no title)
    Create user using vault [ansible@ansiblemaster playbooks]$ cat inventory [webserver] web1.mylinuxfriends.blogspot.com [dbserver]...