Configure web server
Step 1. Configure yum repo
a. Get a software from DVD and mount it/
b. Copy software to local directory
# cat /etc/yum.repos.d/myrepo.repo
Step 2. Install software
google or how to create a folder in ansible
look for file module
go to example
state and choices: file or directories
now define path
# ansible-playoook web-preq-yaml
check under changed=1, which means it created. if you see all green or changed=0 mean, there is no change
-> idompotence - things already exist, does not have to run it again.
Doing same thing using command line .. Ad-hock command
file/package module ..
# anisble all -m file -a "path=/dev1 state=directory"
check return code, exist code ..
play book works behind the scene. so it will not give you/ show detail. You don't know what task exactly it did.
for that you have to run as verbose
# ansible-laybook -v web-create.yml
if something fails, you can debug. or if you need some extra stuff, you can use -v option
it will show you what config file is using...
from the file, it will pick the inventory anad shows you the server list (facts)
it will show you task. ..
to get more verbose, you can use
search for mount module
look for example..
check the state: mounted option
disk (block) - you have to format and mount
for dvc/cd - format type is iso9660
[root@master ws2]# cat webserver.yaml
- hosts: all
tasks:
# create a directory
- file:
state: directory
path: "/dvd1"
# mount it
- mount:
src: "/dev/cdrom"
path: "/dvd1"
state: mounted
fstype: "iso9660"
# add entry to fstab
Now, configure yum..
keywork: yum, mount, partition
Now, add yum repo module
google for yum repo create for ansible
yum repo module
go to example
- hosts: all
tasks:
- file:
state: directory
path: "/dvd1"
- mount:
src: "/dev/cdrom"
path: "/dvd1"
state: mounted
fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
- yum_repository:
baseurl:
and run and you will see it failed...
review the error, it says you need name parameter.
there are some parameters that need to include ..
add name
and run you get error again
you need description as well.
- hosts: all
tasks:
- file:
state: directory
path: "/dvd1"
- mount:
src: "/dev/cdrom"
path: "/dvd1"
state: mounted
fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
- yum_repository:
baseurl: "/dvd1"
name= "mydvd"
description: "My yum repo"
~
run it again..
software are on appstream
cat
- hosts: all
tasks:
- file:
state: directory
path: "/dvd1"
- mount:
src: "/dev/cdrom"
path: "/dvd1"
state: mounted
fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
- yum_repository:
baseurl: "/dvd1"
name: "mydvd1"
description: "My yum repo"
- yum_repository:
baseurl: "/dvd1/BaseOS"
name: "mydvd2"
description: "My yum repo 2"
now, yum is configured..
Now, install package
- hosts: all
tasks:
- file:
state: directory
path: "/dvd1"
- mount:
src: "/dev/cdrom"
path: "/dvd1"
state: mounted
fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
- yum_repository:
baseurl: "/dvd1"
name: "mydvd1"
description: "My yum repo"
- yum_repository:
baseurl: "/dvd1/BaseOS"
name: "mydvd2"
description: "My yum repo 2"
- package:
name: "httpd"
state: present
~
~
:
ansible-playbook -vvv webserver.yaml
look at the error, you see it failed.
validate GPG ...
what is it?
something is missing ... on yum, we have to provide gpg key or diable this feature..
go to yum repo module and gpgcheck set to no..
- hosts: all
tasks:
- file:
state: directory
path: "/dvd1"
- mount:
src: "/dev/cdrom"
path: "/dvd1"
state: mounted
fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
- yum_repository:
baseurl: "/dvd1"
name: "mydvd1"
description: "My yum repo"
gpgcheck: no
- yum_repository:
baseurl: "/dvd1/BaseOS"
name: "mydvd2"
description: "My yum repo 2"
gpgcheck: no
- package:
name: "httpd"
state: present
go to search and look for
ansible copy module and look for keyword content
[root@master ws2]# cat webserver.yaml
- hosts: all
tasks:
- file:
state: directory
path: "/dvd1"
- mount:
src: "/dev/cdrom"
path: "/dvd1"
state: mounted
fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
- yum_repository:
baseurl: "/dvd1/AppStream"
name: "mydvd1"
description: "My yum repo"
gpgcheck: no
- yum_repository:
baseurl: "/dvd1/BaseOS"
name: "mydvd2"
description: "My yum repo 2"
gpgcheck: no
- package:
name: "httpd"
state: present
- copy:
dest: "/var/www/html/index.html"
content: "This is a web site"
if you want to skip any characters, you have to include on double quote(""). it does not work on single quote. It treats single quote as a literal value.
now, start service and make it permanent (at boot time)
go to service module and state =?
enable?
yu
-------------------
[root@master ws2]# cat webserver.yaml
- hosts: all
tasks:
- file:
state: directory
path: "/dvd1"
- mount:
src: "/dev/cdrom"
path: "/dvd1"
state: mounted
fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
- yum_repository:
baseurl: "/dvd1/AppStream"
name: "mydvd1"
description: "My yum repo"
gpgcheck: no
- yum_repository:
baseurl: "/dvd1/BaseOS"
name: "mydvd2"
description: "My yum repo 2"
gpgcheck: no
- package:
name: "httpd"
state: present
- copy:
dest: "/var/www/html/index.html"
content: "This is a web site"
---------------------
Now, go to the browser with the ip to see you can get the site.
But its not displaying anything, so, now, we check firewall..
how do we enable firewall
now, enable port 80 ..
anyone comes to port 80, grant access...
google
ansible firewalld
module firewalls - look for example
check port -- accept the connection
state: to be enable,
rule is temporary
so make it permanent
and enable this set up immediate
[root@master ws2]# cat webserver.yaml
- hosts: all
tasks:
- file:
state: directory
path: "/dvd1"
- mount:
src: "/dev/cdrom"
path: "/dvd1"
state: mounted
fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
- yum_repository:
baseurl: "/dvd1/AppStream"
name: "mydvd1"
description: "My yum repo"
gpgcheck: no
- yum_repository:
baseurl: "/dvd1/BaseOS"
name: "mydvd2"
description: "My yum repo 2"
gpgcheck: no
- package:
name: "httpd"
state: present
- copy:
dest: "/var/www/html/index.html"
content: "This is a web site"
- firewalld:
port: 80
state: enabled
permanent: yes
immediate: yes
failed to apply firewall
go back to doc
check under port , see the syntax how to write it...
- firewalld:
port: "80/tcp"
state: enabled
permanent: yes
immediate: yes
now run it again
[root@master ws2]# ansible-playbook -v webserver.yaml
[root@master ws2]# cat webserver.yaml
- hosts: all
tasks:
- file:
state: directory
path: "/dvd1"
- mount:
src: "/dev/cdrom"
path: "/dvd1"
state: mounted
fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
- yum_repository:
baseurl: "/dvd1/AppStream"
name: "mydvd1"
description: "My yum repo"
gpgcheck: no
- yum_repository:
baseurl: "/dvd1/BaseOS"
name: "mydvd2"
description: "My yum repo 2"
gpgcheck: no
- package:
name: "httpd"
state: present
- copy:
dest: "/var/www/html/index.html"
content: "Welcome to my web page. Enjoy !!!"
- firewalld:
port: "80/tcp"
state: enabled
permanent: yes
immediate: yes
[root@master ws2]#
Now, we just configured web server. lets see you have to create hundred of servers, you can do that by changing the inventory and add new system entry there and your web site is ready
===========================
[root@master ~]# cat /etc/ansible/ansible.cfg |more
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
inventory = /home/sam/ansible/myhosts
host_key_checking=false
#inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
[root@master ~]# cat /home/sam/ansible/myhosts
#[masterserver]
#master ansible_user=sam
#[WebServer]
#worker1
#worker1 ansible_user=sam
#worker2 ansible_user=sam
worker1 ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh
worker2 ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh
[root@master ~]#
Wednesday, November 25, 2020
Ansible - note - step by step to create yaml file to deploy web server
Subscribe to:
Post Comments (Atom)
Git branch show detached HEAD
Git branch show detached HEAD 1. List your branch $ git branch * (HEAD detached at f219e03) 00 2. Run re-set hard $ git reset --hard 3. ...
-
snmpconfig command allow you to managge snmpv1/v3 agent configuration on SAN switch. Event trap level is mapped with event severity level....
-
Firmware upgrade on HPE SuperDom Flex 280 - prerequisites tasks a. Set up repo b. Upload firmware to your webserver 1. For foundation so...
-
Disabling the Telnet protocol on Brocade SAN switches By default, telnet is enabled on Brocade SAN switches. As part of security hardening o...
No comments:
Post a Comment