In today's post, we are going to discuss Ansible, a powerful IT automation tool that can configure systems, deploy software, and orchestrate more advanced IT tasks. We will create a simple Ansible playbook that installs and configures Nginx to host static websites.
Prerequisites
To follow this guide, you need:
An Ansible control node: This is the machine where Ansible is installed and from where all tasks and playbooks will be executed. You can install Ansible on a machine running Linux, macOS, or Unix.
At least one managed node: This is the host you are managing with Ansible. In our case, this is the server on which we will install Nginx. (In the case of today we will use Ubuntu 22.04 LTS)
SSH access from the control node to the managed node(s). For security, it's recommended to use key-based SSH authentication.
In this example we will use the access of the user called
ubuntuand an Ansible inventory file. The Ansible inventory file is a crucial part of Ansible configurations. It is a text file (usually named 'hosts' by convention, but can be named anything) that defines the hosts and groups of hosts upon which commands, modules, tasks, and playbooks will operate. More details
Steps
- Create the Nginx Configuration File
On your control node, create a new file called static-site-config:
server {
listen 80;
server_name your_domain.com;
location / {
root /var/www/html;
index index.html;
}
}
- Create the Ansible Playbook
Playbooks are the language by which Ansible orchestrates, configures, administers, or deploys systems. They are written in YAML.
On your control node, create a new file called nginx-setup.yml and add the following content:
---
- name: Install and configure nginx for static website hosting
hosts: webservers
become: yes
tasks:
- name: Install nginx
apt:
name: nginx
state: latest
update_cache: yes
- name: Add user to group root
user:
name: "{{ user }}"
groups: root
state: present
- name: Remove default nginx configuration
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Add nginx configuration
copy:
src: <control-node-path-to>/static-site-config
dest: /etc/nginx/sites-available/
owner: "{{ user }}"
group: root
mode: '0644'
- name: Enable website configuration
file:
src: /etc/nginx/sites-available/static-site-config
dest: /etc/nginx/sites-enabled/static-site-config
state: link
- name: Ensure nginx is running
systemd:
name: nginx
state: started
enabled: yes
vars:
user: "ubuntu"
Replace your_domain.com with your actual domain. This configuration will serve files from the /var/www/html directory.
- Run the Playbook
After you've defined your inventory and created your playbook and Nginx configuration file, you can run the playbook with the following command:
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini nginx-setup.yml -u ubuntu
ANSIBLE_HOST_KEY_CHECKING
Host key checking is a security feature of SSH, which is also used by Ansible, as Ansible primarily communicates with the machines it manages via SSH.
The first time you connect to a new host via SSH, you'll see a prompt similar to this:
The authenticity of host 'hostname (192.168.0.1)' can't be established.
ECDSA key fingerprint is SHA256:3w1zq...Do you want to continue connecting (yes/no)?
If you answer "yes", the host's key is added to the known_hosts file in your .ssh directory. Any subsequent SSH connections to this host will not prompt you again.
This mechanism is designed to prevent man-in-the-middle attacks. If a host's key changes (which could indicate that you're connecting to a different machine impersonating the host you intended to connect to), SSH will warn you and refuse to connect.
By default, Ansible also uses host key checking for the same reason. But in some situations (e.g., when you frequently recreate virtual machines with different keys), it can be inconvenient.
If you want to disable host key checking in Ansible, you can do so by setting the host_key_checking option to False in the Ansible configuration file, or by setting the ANSIBLE_HOST_KEY_CHECKING=False environment variable.
Note that while disabling host key checking can make Ansible easier to use in certain scenarios, it also bypasses an important security feature of SSH, and should only be done if you understand the risks involved.
- Explain the Playbook
This playbook will do the following:
It targets hosts in the group "webservers". You need to replace this with the actual group or hosts you want to target in your Ansible inventory file.
become: yes tells Ansible to use sudo to execute the commands.
It installs the latest version of Nginx using the apt module.
It removes the default Nginx configuration file.
It copies a new Nginx configuration file from the control node to the managed node. You need to replace <control-node-path-to>/static-site-config with the path to your Nginx configuration file on the control node.
It creates a symbolic link from the sites-available directory to the sites-enabled directory, enabling our new configuration.
It makes sure that the Nginx service is running and will start on boot.
And there you have it. You have just created and run an Ansible playbook to install and configure Nginx for static website hosting. You can now access your static website at your domain.
Top comments (0)