-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgeturl-setupserver-playbook02.yml
64 lines (55 loc) · 1.83 KB
/
geturl-setupserver-playbook02.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
---
- name: Setup apache2 server
hosts: fry # running only against fry
gather_facts: no
connection: ssh # use the connection plugin, ssh.py (default)
become: yes
tasks:
- name: Install apache2 server and ensure pip is installed
ansible.builtin.apt:
name:
- apache2
- python3-pip
state: present
- name: Move configuration block to secure the file
ansible.builtin.blockinfile:
insertafter: EOF
path: /etc/apache2/apache2.conf
block: |
Alias /admin /var/www/html/admin
<Directory /var/www/html/admin>
<Files secure.txt>
AuthType basic
AuthName "Secured Files area"
AuthUserFile /etc/apache2/.htpasswd
Require user sammy
</Files>
order allow,deny
deny from all
satisfy any
</Directory>
- name: create the admin/ folder
ansible.builtin.file:
state: directory
path: /var/www/html/admin/
- name: create a protected file we can download
ansible.builtin.copy:
content: "This is a super secret file!\nIf you can read it, you hacked the gibson!"
dest: /var/www/html/admin/secure.txt
mode: u=rw,g=r,o=r
# required for htpasswd to be controlled by python3
- name: install passlib
ansible.builtin.pip:
name: passlib
state: present
# Apache webserver uses htpasswd to make passwords, it so happens ansible has a module to
# edit this password file. In production, passwords should always be encrypted with vault!
- name: set a password via htpasswd
htpasswd:
path: /etc/apache2/.htpasswd
name: sammy
password: larry
owner: root
group: root
- name: restart service
shell: "/etc/init.d/apache2 restart"