ansible-5(项目案例:apache虚拟主机的配置)
$ tree v4.dv4.d
├── files
│ ├── index-servera.html
│ ├── index-wwwa.html
│ ├── vhosts.conf
│ └── wwwa.pass
└── vars
└── secret.yml
2 directories, 5 files
$ cat v4.d/files/wwwa.pass ( htpasswd -c -m /文件名 用户名)
testuser1:$apr1$oE0D6Utk$qlU7cjjt8a0ic8/YAHR9e.
testuser2:{SHA}pkxl4cxVt6gakc2TDshJtkXy2p4=
隐含文件要拷贝到:/var/www/html/wwwa:
.htaccess:
AuthName "servera test apache with user and password"
AuthUserFile "/etc/httpd/wwwa.pass"
AuthType Basic
require valid-user
$ cat v4.d/files/index-server1.html
Welcome to server1.example.com.
$ cat v4.d/files/index-www1.html
Welcome to www1.example.com.
$ cat v4.d/files/vhosts.conf(拷贝自/usr/share/doc/httpd/httpd-vhost.conf)
<VirtualHost *:80>
DocumentRoot "/var/www/html/servera"
<Directory "/var/www/html/servera">
<RequireAll>
Require all granted
Require not host serverc.lab.example.com
</RequireAll>
</Directory>
ServerName servera.lab.example.com
ErrorLog "/var/log/httpd/servera.lab.example.com-error.log"
CustomLog "/var/log/httpd/servera.lab.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/html/wwwa"
<Directory "/var/www/html/wwwa">
AllowOverrideAuthConfig
</Directory>
ServerName wwwa.lab.example.com
ErrorLog "/var/log/httpd/wwwa.lab.example.com-error.log"
CustomLog "/var/log/httpd/wwwa.lab.example.com-access.log" common
</VirtualHost>
$
------------------------------------------------------------
$ ansible-vault viewv4.d/vars/secret.yml --vault-password-file=v3.d/vault.pass
web_pass: redhat123
v4-1_server1_E.yml:
---
- name: Web Configuration
hosts: servera
vars:
v_firewall_pkg: firewalld
v_firewall_svc: firewalld
v_web_pkg: httpd
v_web_svc: httpd
v_httpconf_src: ./v4.d/files/vhosts.conf
v_httpconf_dest: /etc/httpd/conf.d/vhosts.conf
v_server_root: /var/www/html/servera
v_web_server_src: ./v4.d/files/index-servera.html
v_web_server_dest: /var/www/html/servera/index.html
v_www_root: /var/www/html/wwwa
v_web_www_src: ./v4.d/files/index-wwwa.html
v_web_www_dest: /var/www/html/wwwa/index.html
v_htaccss_src: ./v4.d/files/.htaccess
v_htaccess_dest: /var/www/html/wwwa/.htaccess
v_secrets_src: ./v4.d/files/wwwa.pass
v_secrets_dest: /etc/httpd/wwwa.pass
tasks:
- name: Install Web Packages
yum:
name: "{{ v_web_pkg }}"
state: latest
- name: Create Remote Directory for server
file:
path: "{{ v_server_root }}"
# recurse: yes
state: directory
- name: Create Remote Directory for www
file:
path: "{{ v_www_root }}"
#recurse: yes
state: directory
- name: Copy index.html for server
copy:
src: "{{ v_web_server_src }}"
dest: "{{ v_web_server_dest }}"
- name: Modified the index.html for server
lineinfile:
path: "{{ v_web_server_dest }}"
line: "{{ ansible_facts['fqdn'] }} and {{ ansible_facts['default_ipv4']['address'] }}"
state: present
- name: Copy index.html for www
copy:
src: "{{ v_web_www_src }}"
dest: "{{ v_web_www_dest }}"
- name: Modified the index.html for server
lineinfile:
path: "{{ v_web_www_dest }}"
line: "{{ ansible_facts['fqdn'] }} and {{ ansible_default_ipv4['address'] }}"
state: present
- name: Copy Web Configuration
copy:
src: "{{ v_httpconf_src }}"
dest: "{{ v_httpconf_dest }}"
- name: Copy Web Passwd
copy:
src: "{{ v_secrets_src }}"
dest: "{{ v_secrets_dest }}"
- name: Copy Web Htaccess
copy:
src: "{{ v_htaccess_src }}"
dest: "{{ v_htaccess_dest }}"
- name: Start Web
service:
name: "{{ v_web_svc }}"
state: restarted
enabled: yes
- name: Firewalld Service Enable and Started
service:
name: "{{ v_firewall_svc }}"
state: started
enabled: yes
- name: Open the Port for the Web Server
firewalld:
service: http
permanent: yes
state: enabled
immediate: yes
- name: Test Web Server with Basic Auth
hosts: localhost
vars:
web_user: testuser1
vars_files:
- ./v4.d/vars/secret.yml
tags:
- tag1
tasks:
- name: Connect to Web Server without Basic Authentication
uri:
url: http://servera.lab.example.com
return_content: yes
status_code: 200
register: v_result_server
- name: Connect to Web Server with Basic Authentication
uri:
url: http://wwwa.lab.example.com
validate_certs: no
force_basic_auth: yes
user: "{{ web_user }}"
password: "{{ web_pass }}"
return_content: yes
status_code: 200
register: v_result_www
- name: Show the Result
debug:
var: "{{ item }}"
loop:
- v_result_server.content
- v_result_server.status
- v_result_www.content
- v_result_www.status
页:
[1]