Build NGINX Server / Firewalld with Ansible

ssh-copy-id root@10.66.10.29

ssh-copy-id root@10.66.10.29

You should now be able to SSH into the host without a password you can try this

ssh root@10.66.10.29

Configure your ansible host these are in /etc/ansible/hosts

[testserver]
10.66.10.29

cd to /etc/ansible/playbook place the below in this directory, along with index.html

                         
INDEX.HTML
<html>
  <head>
    <title>Welcome to ansible</title>
  </head>
  <body>
  <h1>nginx, configured by Ansible</h1>
  <p>If you can see this, Ansible successfully installed nginx.</p>

  <p>{{ ansible_managed }}</p>
  </body>
</html>

---
- name: Install nginx
  hosts: testserver
  become: true

  tasks:
  - name: Add epel-release repo
    yum:
      name: epel-release
      state: present

  - name: Install nginx
    yum:
      name: nginx
      state: present

  - name: Insert Index Page
    template:
      src: index.html
      dest: /usr/share/nginx/html/index.html

  - name: Start NGiNX
    service:
      name: nginx
      state: started

  - firewalld:
      service: https
      permanent: yes
      state: enabled

  - firewalld:
     zone: public
     service: http
     permanent: yes
     state: enabled

  - name: Bounce firewalld
    service:
      name: firewalld
      state: restarted

Run your playbook with

ansible-playbook build-nginx-firewalld.yml

We can verity on the remote machine that the above has been configured on the remote machine

[root@localhost ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  sources:
  services: dhcpv6-client http https ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

[root@localhost ~]# systemctl status nginx
● nginx.service – The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset : disabled)
Active: active (running) since Wed 2020-08-26 11:10:27 BST; 3h 38min ago
Process: 18598 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 18595 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 18594 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status =0/SUCCESS)
Main PID: 18600 (nginx)
CGroup: /system.slice/nginx.service
├─18600 nginx: master process /usr/sbin/nginx
└─18601 nginx: worker process

Aug 26 11:10:27 localhost.localdomain systemd[1]: Starting The nginx HTTP and…
Aug 26 11:10:27 localhost.localdomain nginx[18595]: nginx: the configuration …
Aug 26 11:10:27 localhost.localdomain nginx[18595]: nginx: configuration file…
Aug 26 11:10:27 localhost.localdomain systemd[1]: Failed to parse PID from fi…
Aug 26 11:10:27 localhost.localdomain systemd[1]: Started The nginx HTTP and …
Hint: Some lines were ellipsized, use -l to show in full

This verifies that the firewalld configuration has been applied to the remote host as configured in our playbook

You can also web browser to your NGINX server via the IP, index.html should then be shown as below.

Leave a Reply

Your email address will not be published. Required fields are marked *