-
Notifications
You must be signed in to change notification settings - Fork 98
/
lesson11-lab.yaml
57 lines (57 loc) · 1.53 KB
/
lesson11-lab.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
---
- name: Managing web server SELinux properties
hosts: ansible1
vars:
package: httpd
service: httpd
message: warning: authorized use only
tasks:
- name: ensure SELinux is enabled and enforcing
selinux:
policy: targeted
state: enforcing
- name: install the webserver
yum:
name: {{ package }}
state: latest
- name: start and enable the webserver
service:
name: "{{ service }}"
state: started
enabled: yes
- name: open the firewall service
firewalld:
- service: http
immediate: yes
permanent: yes
state: enabled
- name: create the /web directory
file:
name: /web
state: directory
- name: create the index.html file in /web
copy:
content: "{{ message }}"
dest: /web/index.html
- name: use lineinfile to change webserver configuration
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^DocumentRoot "/var/www/html"'
line: DocumentRoot "/web"
- name: use lineinfile to change webserver security
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^<Directory "/var/www">'
line: '<Directory "/web">'
- name: use sefcontext to set context on new documentroot
sefcontext:
target: '/web(/.*)?'
setype: httpd_sys_content_t
state: present
- name: run the restorecon command
command: restorecon -Rv /web
- name: allow the web server to run user content
seboolean:
name: httpd_read_user_content
state: yes
persistent: yes