-
Notifications
You must be signed in to change notification settings - Fork 0
/
Web01_apache_setup.yml
175 lines (150 loc) · 4.7 KB
/
Web01_apache_setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
---
- name: Configure Web-01 Server
hosts: Web-01
become: true
vars:
web_server_name: "192.168.56.21"
apache_port: 8080
wp_port: 80
web01_document_root: "/srv/web/web01/"
wp01_document_root: "/srv/web/wp01/"
wp_site_url: "http://wordpress.example.com/"
wp_db: "wordpress_db"
wp_user: "wordpress_user"
wp_password: "wordpress_P@ssw0rd"
database_host: "192.168.56.40"
tasks:
- name: Install nfs client
dnf:
name:
- nfs-utils
- nfsv4-client-utils
state: present
- name: Start and enable NFS service
service:
name: nfs-server
state: started
enabled: yes
- name: Add firewall rule for NFS (permanent)
firewalld:
service: nfs
permanent: yes
state: enabled
- name: Add firewall rule for httpd (permanent)
firewalld:
service: http
permanent: yes
state: enabled
- name: Add firewall rule for custom port (permanent)
firewalld:
port: "{{ apache_port }}/tcp"
permanent: yes
state: enabled
- name: Restart firewalld to apply permanent rules
service:
name: firewalld
state: restarted
- name: Mount NFS directory for apache website
mount:
src: "192.168.56.30:/srv/nfs/web01"
path: "{{ web01_document_root }}"
fstype: nfs
opts: "defaults"
state: mounted
tags: nfs_mount
- name: Mount NFS directory for WordPress site
mount:
src: "192.168.56.30:/srv/nfs/wp01"
path: "{{ wp01_document_root }}"
fstype: nfs
opts: "defaults"
state: mounted
tags: nfs_mount
- name: Configure Apache VirtualHost for apache website
template:
src: templates/web01_virtualhost.conf.j2
dest: /etc/httpd/conf.d/web01.conf
tags: web01_virtualhost
- name: Install tar
yum:
name: tar
state: present
- name: Create index.html file for Web Server information
template:
src: templates/index.html.j2
dest: "{{ web01_document_root }}index.html"
vars:
domain: "example.com"
ip_address: "192.168.56.21"
server_name: "Web-01"
- name: Check if the 'wordpress' directory exists
stat:
path: "/srv/web/wp01/wordpress"
register: wordpress_dir
- name: Extract and untar WordPress archive
unarchive:
src: /tmp/wordpress.tar.gz
dest: /srv/web/wp01/
remote_src: yes
when: not wordpress_dir.stat.exists
- name: Set permissions and ownership for WordPress directory
file:
path: "/srv/web/wp01/wordpress"
mode: "0757"
owner: "apache"
group: "apache"
recurse: yes
become: true
- name: Get the mode of wp-config-sample.php
stat:
path: "/srv/web/wp01/wordpress/wp-config-sample.php"
register: wp_config_sample_stat
- name: Copy wp-config-sample.php to wp-config.php
copy:
src: "/srv/web/wp01/wordpress/wp-config-sample.php"
dest: "/srv/web/wp01/wordpress/wp-config.php"
remote_src: yes
mode: "{{ wp_config_sample_stat.stat.mode }}"
owner: "apache"
group: "apache"
- name: Update wp-config.php
lineinfile:
path: "/srv/web/wp01/wordpress/wp-config.php"
regexp: "^define\\(\\s*'{{ item.name }}',"
line: "define('{{ item.name }}', '{{ item.value }}');"
state: present
loop:
- { name: 'DB_NAME', value: '{{ wp_db }}' }
- { name: 'DB_USER', value: '{{ wp_user }}' }
- { name: 'DB_PASSWORD', value: '{{ wp_password }}' }
- { name: 'DB_HOST', value: '{{ database_host }}' }
loop_control:
loop_var: item
- name: Configure Apache VirtualHost for wordpress website
template:
src: templates/wp01_virtualhost.conf.j2
dest: /etc/httpd/conf.d/wp01.conf
- name: Set permissions and ownership with web directory
file:
path: "/srv/web/web01/"
mode: "0757"
owner: "apache"
group: "apache"
recurse: yes
become: true
- name: Ensure SELinux allows Apache to make network connections
command: "setsebool -P httpd_can_network_connect 1"
become: true
- name: Restore SELinux context for web01 document root
command: "restorecon -Rv {{ web01_document_root }}"
become: true
- name: Set SELinux context for NFS shared directory
command: "sudo setsebool -P httpd_use_nfs 1"
become: true
- name: Set Selinux DB
command: "sudo setsebool httpd_can_network_connect_db=1"
become: true
- name: Restart Apache
service:
name: httpd
state: restarted