---
- name: Deploy VSFTP and Web Server
hosts: ftpservers #Group name of the server going to host FTP service
tasks:
# To demonstrate FACTs we used two different OS flavor - RHEL and Ubuntu.
- block:
- name: Install FTP package on RHEL
yum:
name: vsftpd
state: present
when: ansible_distribution == "RedHat"
- name: Install FTP package on Ubuntu
apt:
name: vsftpd
state: present
when: ansible_distribution == "Ubuntu"
- name: Install HTTP package on RHEL
yum:
name: httpd
state: present
when: ansible_distribution == "RedHat"
- name: Install HTTP package on Ubuntu
apt:
name: apache2
state: present
when: ansible_distribution == "Ubuntu"
- name: Install Firewalld package on RHEL
yum:
name: firewalld
state: present
when: ansible_distribution == "RedHat"
# Bringing up services only on RHEL - HTTP, FTP and Firwall. To bring up these services only on Ubuntu you can use same modules and attribute with "when: ansible_distribution == "Ubuntu" fact.
- block:
- name: Start firewall Service
service: name=firewalld state=started enabled=yes
when: ansible_distribution == "RedHat"
- name: Start WEB Service
service: name=httpd state=started enabled=yes
when: ansible_distribution == "RedHat"
- name: Start FTP Service
service: name=vsftpd state=started enabled=yes
when: ansible_distribution == "RedHat"
# Allow Web and FTP services on RHEL Firewall
- block:
- name: Allow Web service in Firewall
firewalld: service=http permanent=true state=enabled immediate=true
when: ansible_distribution == "RedHat"
- name: Allow FTP service in Firewall
firewalld: port=21/tcp permanent=true state=enabled immediate=true
when: ansible_distribution == "RedHat"
# Modify FTP server configuration to allow Anonymous access.
- block:
- name: Create home dir for anonymous user if it does not exists
file:
path: /var/ftp/pub
state: directory
mode: 0755
- name: Modify FTP configuation
lineinfile:
dest: /etc/vsftpd/vsftpd.conf
backup: yes
backrefs: yes
state: present
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: anonymous_enable=NO, line: anonymous_enable=YES }
- { regexp: anon_upload_enable, line: anon_upload_enable=YES }
- { regexp: anon_mkdir_write_enable, line: anon_mkdir_write_enable=YES }
when: ansible_distribution == "RedHat"
# Reload FTP service to apply above chanegs.
- block:
- name: Start FTP service
service: name=vsftpd state=restarted enabled=yes
when: ansible_distribution == "RedHat"
...
- name: Deploy VSFTP and Web Server
hosts: ftpservers #Group name of the server going to host FTP service
tasks:
# To demonstrate FACTs we used two different OS flavor - RHEL and Ubuntu.
- block:
- name: Install FTP package on RHEL
yum:
name: vsftpd
state: present
when: ansible_distribution == "RedHat"
- name: Install FTP package on Ubuntu
apt:
name: vsftpd
state: present
when: ansible_distribution == "Ubuntu"
- name: Install HTTP package on RHEL
yum:
name: httpd
state: present
when: ansible_distribution == "RedHat"
- name: Install HTTP package on Ubuntu
apt:
name: apache2
state: present
when: ansible_distribution == "Ubuntu"
- name: Install Firewalld package on RHEL
yum:
name: firewalld
state: present
when: ansible_distribution == "RedHat"
# Bringing up services only on RHEL - HTTP, FTP and Firwall. To bring up these services only on Ubuntu you can use same modules and attribute with "when: ansible_distribution == "Ubuntu" fact.
- block:
- name: Start firewall Service
service: name=firewalld state=started enabled=yes
when: ansible_distribution == "RedHat"
- name: Start WEB Service
service: name=httpd state=started enabled=yes
when: ansible_distribution == "RedHat"
- name: Start FTP Service
service: name=vsftpd state=started enabled=yes
when: ansible_distribution == "RedHat"
# Allow Web and FTP services on RHEL Firewall
- block:
- name: Allow Web service in Firewall
firewalld: service=http permanent=true state=enabled immediate=true
when: ansible_distribution == "RedHat"
- name: Allow FTP service in Firewall
firewalld: port=21/tcp permanent=true state=enabled immediate=true
when: ansible_distribution == "RedHat"
# Modify FTP server configuration to allow Anonymous access.
- block:
- name: Create home dir for anonymous user if it does not exists
file:
path: /var/ftp/pub
state: directory
mode: 0755
- name: Modify FTP configuation
lineinfile:
dest: /etc/vsftpd/vsftpd.conf
backup: yes
backrefs: yes
state: present
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: anonymous_enable=NO, line: anonymous_enable=YES }
- { regexp: anon_upload_enable, line: anon_upload_enable=YES }
- { regexp: anon_mkdir_write_enable, line: anon_mkdir_write_enable=YES }
when: ansible_distribution == "RedHat"
# Reload FTP service to apply above chanegs.
- block:
- name: Start FTP service
service: name=vsftpd state=restarted enabled=yes
when: ansible_distribution == "RedHat"
...
2 comments:
Well said.Keep updating Devops Online Training
Thanks for your detailed explanation.
DevOps Online Training
Post a Comment