How to implement ansible automated installation and configuration of httpd in Linux system

1. Use ansible's playbook to automatically install httpd

1) First configure the hosts file of Ansible so that the corresponding host can be controlled by Ansible

Tip: We configured the controlled host addresses in the host list, but directly used the ansible ping module to detect the survival of the host, but it showed permission denied. The prompt tells us to specify what authentication to use. By default, Ansible is authenticated by SSH key, so it is not enough to configure the IP address of the control host in the host list of Ansible. We also need to configure SSH based on KEY authentication.

2) Configure the control host to be able to authenticate based on SSH key

[root@test ~]# ip as enp2s0
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
 link/ether 00:30:18:51:af:3c brd ff:ff:ff:ff:ff:ff
 inet 192.168.0.99/24 brd 192.168.0.255 scope global noprefixroute enp2s0
 valid_lft forever preferred_lft forever
 inet 172.16.1.2/16 brd 172.16.255.255 scope global noprefixroute enp2s0:0
 valid_lft forever preferred_lft forever
 inet6 fe80::230:18ff:fe51:af3c/64 scope link
 valid_lft forever preferred_lft forever
[root@test ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:UORxi5JhiKDBOhZP3FsbsZfyCjqUcjwqdl1qcnTyGsw root@test
The key's randomart image is:
+---[RSA 2048]----+
|+.....oo= . |
|.+.oo B.+.. |
|o + *o=o. |
|o..... ++ |
|.o * + oS. |
| = BB . |
|.o = E o |
|o . = o |
| . |
+----[SHA256]-----+
[root@test ~]# ssh-copy-id 192.168.0.99 -p 41319
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '[192.168.0.99]:41319 ([192.168.0.99]:41319)' can't be established.
ECDSA key fingerprint is SHA256:W2pD2PA2K9tGKGVK+weiINcVESkUaHjsTI263OVqBh4.
ECDSA key fingerprint is MD5:3a:f8:c9:b1:63:c6:c1:ae:e0:6e:e2:ca:17:4a:20:7a.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
 
Number of key(s) added: 1
 
Now try logging into the machine, with: "ssh -p '41319' '192.168.0.99'"
and check to make sure that only the key(s) you wanted were added.
 
[root@test ~]# scp -r .ssh 192.168.0.10:~/
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
ECDSA key fingerprint is SHA256:EG9nua4JJuUeofheXlgQeL9hX5H53JynOqf2vf53mII.
ECDSA key fingerprint is MD5:57:83:e6:46:2c:4b:bb:33:13:56:17:f7:fd:76:71:cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.10' (ECDSA) to the list of known hosts.
[email protected]'s password:
id_rsa 100% 1675 677.0KB/s 00:00 
id_rsa.pub 100% 391 207.6KB/s 00:00 
known_hosts 100% 356 12.2KB/s 00:00 
authorized_keys 100% 391 12.6KB/s 00:00 
[root@test ~]#

Tip: SSH key-based authentication needs to be done on the Ansible host. I generate a pair of SSH keys on the Ansible host, and then copy the public key to the local machine through ssh-copy-id to generate the authorized_keys file, and then copy the .ssh directory to the remote client. In this way, the Ansible host can log in to the remote client through SSH based on key without password, and the remote client can also log in to the Ansible host through SSH without password, thus realizing two-way SSH key-based authentication. If you only want one-way SSH key-based authentication, you can generate a key pair on the Ansible host and then send the public key to the other party. For detailed description of ssh key-based authentication, please refer to my blog https://www.jb51.net/article/180381.htm

Test: Use ansible host to connect to remote client host via ssh

[root@test ~]# ssh 192.168.0.10
Last login: Mon Jan 27 04:58:46 2020 from 192.168.0.99
[root@test-centos7-node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host
 valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
 link/ether 00:0c:29:f2:82:0c brd ff:ff:ff:ff:ff:ff
 inet 192.168.0.10/24 brd 192.168.0.255 scope global ens33
 valid_lft forever preferred_lft forever
 inet6 fe80::20c:29ff:fef2:820c/64 scope link
 valid_lft forever preferred_lft forever
[root@test-centos7-node1 ~]# exit
LogoutConnection to 192.168.0.10 closed.
[root@test ~]#

Tip: You can see that the Ansible host can log in to the remote host normally without a password. Next, we use the Ansible ping module to detect the survival of the controlled host.

Tip: You can see that the ping module of Ansible is used to detect the survival of the remote host. The returned status is SUCCESS, and the data is pong, which means that the remote host is alive.

At this point, the ansible environment is ready. Next, write a playbook to install httpd

[root@test ~]# cat install_httpd.yml
---
 - hosts: websers
 remote_user: root
 
 tasks:
 - name: copy epel file
 copy: src=/etc/yum.repos.d/CentOS-Base.repo dest=/etc/yum.repos.d/CentOS-Base.repo
 - name: install httpd
 yum: name=httpd
 - name: start httpd
 service: name=httpd state=started enabled=yes
 
 
[root@test ~]# ansible-playbook -C install_httpd.yml
 
PLAY [websers] ***************************************************************************************************************
 
TASK [copy epel file] *********************************************************************************************************
changed: [192.168.0.10]
 
TASK [install httpd] ******************************************************************************************************
changed: [192.168.0.10]
 
TASK [start httpd] ***************************************************************************************************************
changed: [192.168.0.10]
 
PLAY RECAP *******************************************************************************************************************
192.168.0.10 : ok=3 changed=3 unreachable=0 failed=0 
 
[root@test ~]#

Tip: The main content of the above playbook is to copy the local yum source to the remote server, then install the httpd package through yum, and finally start httpd; after writing the playbook, we use the ansible-playbook -C install_httpd.yml command to test the playbook we wrote. There is no problem. Next, we use ansible-playbook to install httpd

[root@test ~]# ansible-playbook install_httpd.yml 
 
PLAY [websers] ***************************************************************************************************************
 
TASK [copy epel file] *********************************************************************************************************
changed: [192.168.0.10]
 
TASK [install httpd] ******************************************************************************************************
changed: [192.168.0.10]
 
TASK [start httpd] ***************************************************************************************************************
changed: [192.168.0.10]
 
PLAY RECAP *******************************************************************************************************************
192.168.0.10 : ok=3 changed=3 unreachable=0 failed=0 
 
[root@test ~]#

Tip: From the execution status of ansible-playbook on playbook, it is successful. Next, we directly use the browser to access 192.168.0.10 to see if httpd can be accessed normally. If it can be accessed normally, it means that httpd has been installed.

Tip: You can see that we can directly access the test page of 192.168.0.10 with the browser, indicating that httpd is successfully installed on 192.168.0.10

2. Establish an httpd server, requiring two name-based virtual hosts:

(1) www.X.com, the page file directory is /web/vhosts/x; the error log is /var/log/httpd/x.err, and the access log is /var/log/httpd/x.access

Create a new configuration file for the virtual host www.X.com

[root@test ~]# cat x_com.conf
<VirtualHost *:80>
 ServerName www.X.com
 DocumentRoot "/web/vhosts/x"
 <Directory "/web/vhosts/x">
 Options None
 AllowOverride None
 Require all granted
 </Directory>
 ErrorLog "logs/x.err"
 CustomLog "logs/x.access" combined
</VirtualHost>
[root@test ~]#

Tip: We create the configuration file on the ansible host, and then use ansible to push the file to the corresponding directory of the corresponding host.

(2) www.Y.com, the page file directory is /web/vhosts/y; the error log is /var/log/httpd/www2.err, and the access log is /var/log/httpd/y.access

Create a new configuration file for the virtual host www.Y.com

[root@test ~]# cat y_com.conf
<VirtualHost *:80>
 ServerName www.Y.com
 DocumentRoot "/web/vhosts/y"
 <Directory "/web/vhosts/y">
 Options None
 AllowOverride None
 Require all granted
 </Directory>
 ErrorLog "logs/www2.err"
 CustomLog "logs/y.access" combined
</VirtualHost>
[root@test ~]#

(3) Create respective homepage files index.html for the two virtual hosts, with the contents being their corresponding host names.

[root@test ~]# cat x_index.html
<h1>www.X.com</h1>
[root@test ~]# cat y_index.html 
<h1>www.Y.com</h1>
[root@test ~]#

Tip: After the above files are prepared on the ansible host, we will write a playbook to push the corresponding files directly to the remote host.

[root@test ~]# cat set_virtualhost_conf_file.yml
---
 - hosts: websers
 remote_user: root
 
 tasks:
 - name: mkdir virtualhost documentroot directory
 shell: mkdir -p /web/vhosts/{x,y}
 
 - name: copy x_com.conf to remotehost
 copy: src=/root/x_com.conf dest=/etc/httpd/conf.d/x_com.conf
 - name: copy x_com index file
 copy: src=/root/x_index.html dest=/web/vhosts/x/index.html
 
 - name: copy y_com.conf to remotehost
 copy: src=/root/y_com.conf dest=/etc/httpd/conf.d/y_com.conf
 - name: copy y_com index file
 copy: src=/root/y_index.html dest=/web/vhosts/y/index.html
 
[root@test ~]#

Tip: The content of the above file mainly pushes the configuration file we have created to the corresponding directory of the corresponding host. Next, let's check whether the playbook we wrote has any syntax problems.

[root@test ~]# ansible-playbook -C set_virtualhost_conf_file.yml 
 
PLAY [websers] ***************************************************************************************************************
 
TASK [mkdir virtualhost documentroot directory] **************************************************************************
skipping: [192.168.0.10]
 
TASK [copy x_com.conf to remotehost] *****************************************************************************************
changed: [192.168.0.10]
 
TASK [copy x_com index file] **********************************************************************************************
changed: [192.168.0.10]
 
TASK [copy y_com.conf to remotehost] *****************************************************************************************
changed: [192.168.0.10]
 
TASK [copy y_com index file] *************************************************************************************************
changed: [192.168.0.10]
 
PLAY RECAP *******************************************************************************************************************
192.168.0.10 : ok=4 changed=4 unreachable=0 failed=0 
 
[root@test ~]#

Tip: There is no problem with testing the playbook. Next, let's run the playbook, push the corresponding files to the httpd server, and then check whether the configuration file we wrote is correct on the server.

[root@test ~]# ansible-playbook set_virtualhost_conf_file.yml
 
PLAY [websers] ***************************************************************************************************************
 
TASK [mkdir virtualhost documentroot directory] **************************************************************************
 [WARNING]: Consider using file module with state=directory rather than running mkdir
 
changed: [192.168.0.10]
 
TASK [copy x_com.conf to remotehost] *****************************************************************************************
changed: [192.168.0.10]
 
TASK [copy x_com index file] **********************************************************************************************
changed: [192.168.0.10]
 
TASK [copy y_com.conf to remotehost] *****************************************************************************************
changed: [192.168.0.10]
 
TASK [copy y_com index file] *************************************************************************************************
changed: [192.168.0.10]
 
PLAY RECAP *******************************************************************************************************************
192.168.0.10 : ok=5 changed=5 unreachable=0 failed=0 
 
[root@test ~]#

Tip: From the above return status, all are successful, but the first task prompts us to use the file module to create a directory, which is better. Next, we use the ansible shell module to check whether the syntax of the configuration file on the remote server is correct.

[root@test ~]# ansible websers -m shell -a 'httpd -t'
192.168.0.10 | SUCCESS | rc=0 >>
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fef2:820c. Set the 'ServerName' directive globally to suppress this message
Syntax OK
 
[root@test ~]#

Tip: We use ansible to check the syntax of the httpd configuration file on the remote host. It prompts us that there is no servername. You can ignore this prompt. If you feel that you must deal with it, you can find ServerName in the main configuration file of httpd and configure the corresponding servername. Next, we restart httpd and then access the two virtual hosts on the client.

[root@test ~]# ansible websers -m shell -a 'systemctl restart httpd'
192.168.0.10 | SUCCESS | rc=0 >>
 
 
[root@test ~]#

Modify the /etc/hosts file on the client so that www.X.com and www.Y.com can be resolved to the remote host.

[root@test ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.10 www.X.com www.Y.com
[root@test ~]#

Test: Use curl to access the two virtual hosts respectively to see if the corresponding homepage file contents are different

[root@test ~]# curl http://www.X.com/index.html
<h1>www.X.com</h1>
[root@test ~]# curl http://www.Y.com/index.html
<h1>www.Y.com</h1>
[root@test ~]#

Tip: We use curl to access the homepage files of their respective virtual hosts, and we can see the corresponding homepage file contents. Of course, you can also change the Windows hosts file, write the corresponding parsed content into it, and then use the Windows browser, as shown below:

Tip: Find the hosts file on Windows and add the corresponding record as follows

Tip: Next we use the Windows browser to access the next two virtual hosts

Next, let's see if the httpd server logs have been generated.

[root@test ~]# ansible websers -m shell -a 'ls -l /var/log/httpd' 
192.168.0.10 | SUCCESS | rc=0 >>
Total dosage 16
-rw-r--r--. 1 root root 2668 Jan 27 06:30 access_log
-rw-r--r--. 1 root root 2940 Jan 27 07:34 error_log
-rw-r--r--. 1 root root 0 January 27 07:38 www2.err
-rw-r--r--. 1 root root 500 Jan 27 07:52 x.access
-rw-r--r--. 1 root root 0 Jan 27 07:38 x.err
-rw-r--r--. 1 root root 500 January 27 07:52 y.access
 
[root@test ~]# ansible websers -m shell -a 'cat /var/log/httpd/x.access'
192.168.0.10 | SUCCESS | rc=0 >>
192.168.0.99 - - [27/Jan/2020:07:39:15 -0500] "GET /index.html HTTP/1.1" 200 20 "-" "curl/7.29.0"
192.168.0.232 - - [27/Jan/2020:07:52:31 -0500] "GET / HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
192.168.0.232 - - [27/Jan/2020:07:52:31 -0500] "GET /favicon.ico HTTP/1.1" 404 209 "http://www.x.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
 
[root@test ~]# ansible websers -m shell -a 'cat /var/log/httpd/y.access'
192.168.0.10 | SUCCESS | rc=0 >>
192.168.0.99 - - [27/Jan/2020:07:39:19 -0500] "GET /index.html HTTP/1.1" 200 20 "-" "curl/7.29.0"
192.168.0.232 - - [27/Jan/2020:07:52:48 -0500] "GET / HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
192.168.0.232 - - [27/Jan/2020:07:52:48 -0500] "GET /favicon.ico HTTP/1.1" 404 209 "http://www.y.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
 
[root@test ~]#

Tip: You can see that log files with corresponding names have been generated on the httpd server.

Summarize

The above is the method introduced by the editor to realize the automatic installation and configuration of httpd by ansible on Linux system. I hope it will be helpful to everyone!

You may also be interested in:

Ansible automated operation and maintenance deployment method for Linux system
In-depth analysis of Linux lightweight automatic operation and maintenance tool-Ansible
Detailed tutorial on using the Linux automated operation and maintenance tool Ansible

<<: How to use axios to make network requests in React Native

>>: Detailed explanation of server-id example in MySQL master-slave synchronization