Web Hosting

• httpd.

---
- name: apache web server
  hosts: all
  become: true

  tasks:
  - name: install apache
    yum:
      name: httpd
      state: latest
  - name: service
    service:
      name: httpd
      state: started
  - name: copy index file to html directory
    copy:
      src: index.html
      dest: /var/www/html/index.html

• index.html

Hello Worldskills

SSH & User

• ssh.yaml

---
- name: ssh user setting
  hosts: all
  become: true

  tasks:
  - name: Target file list
    ansible.builtin.find:
      paths: "/etc/ssh"
      file_type: file
      recurse: true
    register: whole_file_list

  - name: Filter files
    ansible.builtin.set_fact:
      file_list: >-
        {{
          whole_file_list.files
          | map(attribute='path')
          | select("search", "sshd_config")
          | reject("search", ".bak")
          | list
        }}

  - name: Find files that `PasswordAuthentication` option is enabled
    ansible.builtin.shell:
      cmd: grep -E "^(PasswordAuthentication .+)$" "{{ item }}"
    loop: "{{ file_list }}"
    register: file_list
    failed_when: false
    changed_when: false

  - name: Filter files
    ansible.builtin.set_fact:
      file_list: "{{ file_list.results | selectattr('rc', 'equalto', 0) | map(attribute='item') | list }}"

  - name: Backup `sshd_config` file
    ansible.builtin.copy:
      src: "/etc/ssh/sshd_config"
      dest: "/etc/ssh/sshd_config.bak.{{ ansible_date_time.date }}"
      remote_src: true

  - name: Disable if enabled `PasswordAuthentication` exist
    ansible.builtin.replace:
      path: "{{ item }}"
      regexp: "^(PasswordAuthentication .+)$"
      replace: '# \\1'
    loop: "{{ file_list }}"
    
  - name: Set `PasswordAuthentication yes`
    ansible.builtin.lineinfile:
      path: "/etc/ssh/sshd_config"
      regexp: '#\\s?(PasswordAuthentication .+)$'
      insertafter: "EOF"
      line: "PasswordAuthentication yes"

  - name: Set `PasswordAuthentication yes`
    ansible.builtin.lineinfile:
      path: "/etc/ssh/sshd_config"
      regexp: '#\\s?(PasswordAuthentication .+)$'
      insertafter: "EOF"
      line: "PasswordAuthentication yes"

  - name: Change SSH Port
    lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '^#?Port'
      line: Port 22

  - name: Skill2024** password
    shell: echo 'Skill2024**' | passwd --stdin ec2-user
  
  - name: Restart `sshd`
    ansible.builtin.service:
      name: sshd
      state: restarted

Automation

S3

자동화를 위해 작성된 ansible 코드들을 s3에 업로드해준다.
S3에 WEB 폴더를 만들고 여기에 Web hosting 코드들을, SSH 폴더를 만들고 SSH hosting 코드를 올린다.

System manager