Ansible/Playbooks: Difference between revisions
From charlesreid1
| Line 74: | Line 74: | ||
</pre> | </pre> | ||
Required files: <code>/etc/nginx/sites-available/default</code>, <code>/usr/share/nginx/html/index.html</code> | |||
YAML | YAML truth-y values: <code>true, True, TRUE, yes, Yes, YES, on, On, ON, y, Y</code> | ||
YAML | YAML false-y values: <code>false, False, FALSE, no, No, NO, off, Off, OFF, n, N</code> | ||
Here is the corresponding nginx configuration file, which we put in <code>files/nginx.conf</code>: | |||
'''files/nginx.conf:''' | |||
<pre> | |||
server { | |||
listen 80 default_server; | |||
listen [::]:80 default_server ipv6only=on; | |||
root /usr/share/nginx/html; | |||
index index.html index.htm; | |||
server_name localhost; | |||
location / { | |||
try_files $uri $uri/ =404; | |||
} | |||
} | |||
</pre> | |||
Likewise, we want to create an index page for nginx to serve up, and we want to put template files into the playbook directory, in the templates subdirectory. | |||
(NOTE: .j2 extension means it is a Jinja 2 template) | |||
'''playbooks/templates/index.html.j2''' | |||
<pre> | |||
<html> | |||
<head> | |||
<title>Welcome to ansible</title> | |||
</head> | |||
<body> | |||
<h1>nginx, configured by Ansible</h1> | |||
<p>If you can see this, Ansible successfully installed nginx.</p> | |||
<p>Running on {{ inventory_hostname }}</p> | |||
</body> | |||
</html> | |||
</pre> | |||
=Flags= | =Flags= | ||
Revision as of 05:18, 5 November 2018
Example: Secure Nginx Server
This page walks through a procedure resulting in the following files:
playbooks/ansible.cfg
playbooks/hosts
playbooks/Vagrantfile
playbooks/web-notls.yml
playbooks/web-tls.yml
playbooks/files/nginx.key
playbooks/files/nginx.crt
playbooks/files/nginx.conf
playbooks/templates/index.html.j2
playbooks/templates/nginx.conf.j2
Port configuration (Vagrantfile)
We want to arrange the Vagrant machine so that we map the local port 8080 to the vagrant machine's port 80, and map the local port 8443 to the vagrant machine's port 443.
The Vagrantfile is a Ruby file that specifies how to start up and set up the Vagrant boxes. The Vagrantfile should be modified as follows:
VAGRANTFILE_API_VERSION = "2" Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "ubuntu/xenial64" config.vm.network "forwarded_port", guest: 80, host: 8080 config.vm.network "forwarded_port", guest: 443, host: 8443 end
Now instruct vagrant to reload from the Vagrantfile:
$ vagrant reload
==> default: Forwarding ports...
default: 80 => 8080 (adapter 1)
default: 443 => 8443 (adapter 1)
default: 22 => 2222 (adapter 1)
Simple playbook
Here is a simple playbook for our secure nginx server:
web-notls.yml:
- name: Configure webserver with nginx
hosts: webservers
become: True
tasks:
- name: install nginx
apt: name=nginx update_cache=yes
- name: copy nginx config file
copy: src=files/nginx.conf dest=/etc/nginx/sites-available/default
- name: enable configuration
file: >
dest=/etc/nginx/sites-enabled/default
src=/etc/nginx/sites-available/default
state=link
- name: copy index.html
template: src=templates/index.html.j2 dest=/usr/share/nginx/html/index.html
mode=0644
- name: restart nginx
service: name=nginx state=restarted
Required files: /etc/nginx/sites-available/default, /usr/share/nginx/html/index.html
YAML truth-y values: true, True, TRUE, yes, Yes, YES, on, On, ON, y, Y
YAML false-y values: false, False, FALSE, no, No, NO, off, Off, OFF, n, N
Here is the corresponding nginx configuration file, which we put in files/nginx.conf:
files/nginx.conf:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ =404;
}
}
Likewise, we want to create an index page for nginx to serve up, and we want to put template files into the playbook directory, in the templates subdirectory.
(NOTE: .j2 extension means it is a Jinja 2 template)
playbooks/templates/index.html.j2
<html>
<head>
<title>Welcome to ansible</title>
</head>
<body>
<h1>nginx, configured by Ansible</h1>
<p>If you can see this, Ansible successfully installed nginx.</p>
<p>Running on {{ inventory_hostname }}</p>
</body>
</html>