How to install UFW via ansible (.yml) - ansible

I found an Ansible playbook to install a LAMP server. Thing is Debian 11 does not include UFW in the default installation and the playbook tries to configure it and fails. I can remove these lines from the PB, but it would be great to be able to install UFW. Not sure how?
Here's the yml file:
---
- name: Install prerequisites
apt: name={{ item }} update_cache=yes state=latest force_apt_get=yes
loop: [ 'aptitude' ]
#Apache Configuration
- name: Install Apache and PHP Packages
apt: name={{ item }} update_cache=yes state=latest
loop: [ 'apache2', 'php', 'php-mysql', 'libapache2-mod-php' ]
- name: Create document root
file:
path: "/var/www/{{ http_host }}"
state: directory
owner: "{{ app_user }}"
mode: '0755'
- name: Set up Apache virtualhost
template:
src: "files/apache.conf.j2"
dest: "/etc/apache2/sites-available/{{ http_conf }}"
- name: Enable new site
shell: /usr/sbin/a2ensite {{ http_conf }}
- name: Disable default Apache site
shell: /usr/sbin/a2dissite 000-default.conf
when: disable_default
notify: Reload Apache
# UFW Configuration
- name: "UFW - Allow HTTP on port {{ http_port }}"
ufw:
rule: allow
port: "{{ http_port }}"
proto: tcp
# PHP Info Page
- name: Sets Up PHP Info Page
template:
src: "files/info.php.j2"
dest: "/var/www/{{ http_host }}/info.php"
- name: Reload Apache
service:
name: apache2
state: reloaded
- name: Restart Apache
service:
name: apache2
state: restarted

Add additional tasks to install and enable UFW as given below.
#UFW Configuration
- name: Install UFW firewall
apt: name=ufw update_cache=yes state=latest
- name: Enable UFW
community.general.ufw:
state: enabled
Refer ufw_module documentation for more configuration params.

Related

How do I correct ansible playbook syntax error? [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed last year.
Improve this question
I am creating an ansible playbook in centos7. I get the syntax error every-time I adjust to the syntax error (I even checked spacing and still getting same error):
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: No JSON object could be decoded
Syntax Error while loading YAML.
could not find expected ':'
The error appears to be in '/etc/ansible/playbook.yml': line 121, column 5, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Install MySQL repo
^ here
hosts: local host
connection: local
vars: digital_ocean_token: ****
droplets:
- wordpress1
- wordpress2
tasks:
- name: Create SSH Key
user:
name: "{{ansible_user_id}}"
generate_ssh_key_type: rsa
ssh_key_type 4096
ssh_key_file .ssh/id_rsa
- name: Create Digital Ocean Key
community.digitalocean.digital_ocean:
state: present
command: droplet
name: "" "{{ item }}"
unique_name: yes
size_id: s-1vcpu-1gb
region_id: nyc
image_id: centos-7-x64
ssh_key_ids: "{{ my_ssh.ssh_key.id }}"
api_token: "{{ digital_ocean_token }}"
with_items: "{{droplets}}"
register: droplet_details
- name: Add doplets to /etc/ansible/hosts
add_host:
path: /etc/ansible/hosts
groups: droplets
name: "{{ item.droplet.ip_address }}"
with_items:: "{{ droplet_details.results }}"
- pause:
seconds: 45
- hosts: droplets
tasks:
- name: Disable SeLinux
selinux:
state: disabled
#Epel-Release
- name: Install epel-release
yum:
name: epel-release
state: present
- name: update
yum:
name: "*"
state: present
#Install Apache
- name: Install Apache
yum:
name: httpd
state: latest
- name: enable service to start on boot up
service:
name: httpd
state: started
#Install MariaDB
- name: Install MariaDB
yum:
name: mariadb
state: latest
- name: Install MariaDB Server
yum:
name: mariadb-server
state: latest
- name: Install Python2
yum:
name: python2
state: latest
- name: Install Python3
yum:
name: python3
state: latest
- name: Install pip
pip:
name: pip
extra_args: --upgrade
executable: pip3
#Install PHP
- name: Install Remi Repository
yum:
name: https://rpms.remirepo.net/enterprise/remi-release-7.rpm
state: present
- name: Install PHP
yum:
enablerepo: "remiremi-php80"
name:
- php
- php-common
- php-cli
- php-gd
- php-curl
- php-mysqlnd
- php-fpm
- php-mysqli
- php-json
state:latest
- name: Install MySQL repo
yum:
name: http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm
state: present
- name: Install PyMySQL
yum:
pkg: ['mysql-community-server', 'mysql-community-client', 'MySQL-python']
# Start MySQL
- name: Start MySQL
service:
name: mysqld
state: started
enabled: yes
# Create MariaDB Database
- name: MySQL login
mysql_user:
user: ***
login_user: ***
login_password: "****"
state: present
- name: Create MariaDB username & password
mysql_user:
login_user: ****
login_password: "****!"
name: wordpressuser
password: ****
priv: "*.*;ALL,GRANT"
host: "localhost"
state: present
- name: Vreate MariaDB Database
mysql_db:
login_user: ***
login_password: "****"
state: present
- name: Restart MariaDB Database
service:
name: mysqld
state: restarted
# Install Wordpress
- name: Download Wordpress
get_url:
url=http://wordpress.org/latest.tar.gz
dest=/tmp/wordpress.latest.tar.gz
validate_certs=no
- name: unzip Wordpress
unarchive:
src=/tmp/wordpress.latest.tar.gz
dest=/var/www
copy=no
- name: Copy sample config file
command: mv /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php
- name: Update Wordpress config file
lineinfile:
path: /var/www/wordpress/wp-config.php
regexp: "{{item.regexp}}"
line: "{{item.line}}"
with_items:
- {'regexp': "define\\( 'DB_NAME', '(.)+' \\);", 'line': "define( 'DB_NAME'', 'wordpress');"}
- {'regexp': "define\\( 'DB_USER', '(.)+' \\);", 'line': "define( 'DB_USER', 'wordpressuser' );"}
- {'regexp': "define\\( 'DB_PASSWORD', '(.)+' \\);", 'line': "define( 'DB_PASSWORD', '***' );"}
- name: Give Ownership to Apache user
file:
path: /var/www/wordpress
state" directory
recurse: yes
owner: apache
group: apache
- name: Set correct permissions on Wordpress directories
command: find /var/www/wordpress/ -type d -exec chomd 755 {} \;
- name: Set correct permissions for Wordpress files
command: find /var/www/wordpress/ -type f -exec chomd 755 {} \;
- name: Restart Apache
service:
name: httpd
state: restarted
It looks from what you provided that you don't have a valid yaml format playbook.
You can do quick syntax checks using:
ansible-playbook playbook.yaml --syntax-check
The plays need to be one or more elements of a yaml list, under tasks.
I'd expect your playbook to look something like:
---
# YAML documents begin with the document separator ---
- hosts: hosta,hostb ...etc
tasks:
- name: install MySQL repo
yum:
name: http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm
state: present
# Three dots indicate the end of a YAML document
...
There are other sections you might have in a playbook, but I've omitted those. The sections like vars, handlers or roles, would be list items at the same indention level as the hosts: and tasks: if you were to need those.
It looks like your issue is here:
name: Install PHP
yum:
enablerepo: "remiremi-php80"
name:
- php
- php-common
- php-cli
- php-gd
- php-curl
- php-mysqlnd
- php-fpm
- php-mysqli
- php-json
state: latest
Notice that state: has to be indented exactly at the same level as enablerepo and name. Make sure you have a space there between state: and latest.

ERROR! 'notify' is not a valid attribute for a Play

I am trying to install LAMP using Ansible-playbook. But I am getting the error[as shown in image]
The code that I had used for playbook is as follows:-
---
- hosts: all
become: yes
tasks:
- name: Install httpd
yum:
name: httpd
state: present
notify:
- restart apache
- name: starting httpd service
service:
name: httpd
enabled: yes
state: started
- name: Installing php packages
yum:
name: "{{ item }}"
state: present
with_items:
- php
- php-mysql
- php-pdo
- php-gd
- php-mbstring
notify:
-restart apache
handlers:
- name: restart apache
service:
name: httpd
state: restarted
Error in image format
Your indenting is incorrect. This should work:
---
- hosts: all
become: yes
tasks:
- name: Install httpd
yum:
name: httpd
state: present
notify:
- restart apache
- name: starting httpd service
service:
name: httpd
enabled: yes
state: started
- name: Installing php packages
yum:
name: "{{ item }}"
state: present
with_items:
- php
- php-mysql
- php-pdo
- php-gd
- php-mbstring
notify:
- restart apache
handlers:
- name: restart apache
service:
name: httpd
state: restarted
Please try as below. I think indention is the problem here.
---
- hosts: all
become: yes
tasks:
- name: Install httpd
yum:
name: httpd
state: present
notify: "restart apache"
The correct solution is as follows:
---
- hosts: all
become: yes
tasks:
- name: Install httpd
yum:
name: httpd
state: present
- name: starting httpd service
service:
name: httpd
enabled: yes
state: started
- name: Installing php packages
yum:
name: "{{ item }}"
state: present
with_items:
- php
- php-mysql
- php-pdo
- php-gd
- php-mbstring
notify:
- restart httpd
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
Solution in image form

How to resolve ansible playbook error installing php "No package php-mysql available"?

I am trying to install Php, Apache in RHEL using the Ansible Playbook. But I am getting following error.
*failed: [18.191.65.251] (item=[u'php', u'php-mysql', u'php-pdo', u'php-gd', u'php-mbstring']) => {"ansible_loop_var": "item",
"changed": false, "failures": ["No package php-mysql available."],
"item": ["php", "php-mysql", "php-pdo", "php-gd", "php-mbstring"],
"msg": ["Failed to install some of the specified packages"], "rc": 1,
"results": []}
Screenshot of error
The code that I have used to write the playbook is as follows
---
- hosts: all
become: yes
tasks:
- name: Install httpd
yum:
name: httpd
state: present
- name: starting httpd service
service:
name: httpd
enabled: yes
state: started
- name: Installing php packages
yum:
name: "{{ item }}"
state: present
with_items:
- php
- php-mysql
- php-pdo
- php-gd
- php-mbstring
- name: restart Apache service
service:
name: httpd
state: restarted
Use Amazon Linux instead of RHEL, rest code will code work.
hosts: all
become: yes
tasks:
name: Install httpd
yum:
name: httpd
state: present
name: starting httpd service
service:
name: httpd
enabled: yes
state: started
name: Installing php packages
yum:
name: "{{ item }}"
state: present
with_items:
php
php-mysql
php-pdo
php-gd
php-mbstring
name: restart Apache service
service:
name: httpd
state: restarted

How to fix the ansible playbook error "Unsupported parameters for (systemd) module: enable Supported parameters?

I am trying to install Apache 2, PHP on Ubuntu machine using the ansible-playbook.
I am getting the following error
Error after executing playbook
fatal: [18.220.215.181]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (systemd) module: enable Supported parameters include: daemon_reexec, daemon_reload, enabled, force, masked, name, no_block, scope, state, user"}The ansible playbook is as follows---
- hosts: all
become: yes
tasks:
- name: Chenking ping
ping:
- name: Update packages
apt:
name: apache2
update_cache: yes
state: present
- name: restart apache2 server
service:
name: apache2
enable: yes
state: restarted
- name: install php module
apt:
name: "{{ item }}"
state: present
with_items:
- php
- libapache2-mod-php5
- php-mcrypt
- php-mysql
- name: restart apache2 afetr restart
service:
name: apache2
enable: yes
state: restarted
`
The right parameter is enabled (not enable) in your service tasks.
- name: restart apache2 afetr restart
service:
name: apache2
enabled: yes
state: restarted
Change "enabled" task containing service module.
- hosts: all
become: yes
tasks:
- name: Chenking ping
ping:
- name: Update packages
apt:
name: apache2
update_cache: yes
state: present
- name: restart apache2 server
service:
name: apache2
enabled: yes
state: restarted
- name: install php module
apt:
name: "{{ item }}"
state: present
with_items:
- php
- libapache2-mod-php5
- php-mcrypt
- php-mysql
I think last task is not required.

ansible playbook error at -name

Hi i have an error when running the following ansible-playbook:
(i am trying to install a LAMP stack and wordpress on my virtual machine)
The error seems like it's coming from the database.
Are mysql_db and mysql_user valid commands to create database and user ?
Please help, Thank you.
---
- hosts: vbox
remote_user: arnold
become: yes
become_method: sudo
vars:
MySQL_root_pass: root_pass
dbase: dbwordpress
user: wp_user
parola: wp_pass
tasks:
- name: Linux update
apt: update_cache=yes
- name: Linux upgrade
apt: upgrade=safe
async: 600
poll: 5
- name: Install apache
apt: pkg=apache2 state=installed
notify:
- start apache
- name: Set MySQL root password before installing
debconf: name='mysql-server' question='mysql-server/root_password' value='{{MySQL_root_pass | quote}}' vtype='password'
- name: Confirm MySQL root password before installing
debconf: name='mysql-server' question='mysql-server/root_password_again' value='{{MySQL_root_pass | quote}}' vtype='password'
- name: Install mysql
apt: name={{ item }} state=installed
with_items:
- mysql-server
- libapache2-mod-auth-mysql
- pkg=php5-mysql
notify:
- start mysql
- name: Install php
apt: name={{ item }} state=installed
with_items:
- php5
- libapache2-mod-php5
- php5-mcrypt
notify:
- restart apache
- name: Create database and user for wordpress
mysql_db: name={{ dbase }} state=present
mysql_user: name={{ user }} password={{ parola }} priv=dbwordpress.*:ALL state=present
notify:
- restart mysql
- name: Install wordpress
command: "{{ item }}"
with_items:
- cd ~
- wget http://wordpress.org/latest.tar.gz
- tar xzvf latest.tar.gz
- cd ~/wordpress
- cp wp-config-sample.php wp-config.php
- name: Config wordpress
lineinfile: dest=~/wordpress/wp-config.php {{ item }}
with_items:
- regexp=^DB_NAME line="define('DB_NAME', '{{ dbase }}');"
- regexp=^DB_USER line="define('DB_USER', '{{ user }}');"
- regexp=^DB_PASSWORD line="define('DB_PASSWORD', '{{ parola }}');"
- name: Copy files to root document
command: "{{ item }}"
with_items:
- rsync -avP ~/wordpress/ /var/www/html/
- cd /var/www/html
- chown -R arnold:arnold *
handlers:
- name: start apache
service: name=apache state=started
- name: start mysql
service: name=mysql state=started
- name: restart mysql
service: name=mysql state=restarted
- name: restart apache
service: name=php state=restarted
And the error code:
ERROR! conflicting action statements
The error appears to have been in '/home/arnold/Documents/wordpress': line 49, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Create database and user for wordpress
^ here
The error appears to have been in '/home/arnold/Documents/wordpress': line 49, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Create database and user for wordpress
^ here
You have two modules mysql_db and mysql_user under one task:
- name: Create database and user for wordpress
mysql_db: name={{ dbase }} state=present
mysql_user: name={{ user }} password={{ parola }} priv=dbwordpress.*:ALL state=present
notify:
- restart mysql
Spilt them into two tasks:
- name: Ensure the database for WordPress exists
mysql_db: name={{ dbase }} state=present
notify:
- restart mysql
- name: Ensure the user for WordPress exists
mysql_user: name={{ user }} password={{ parola }} priv=dbwordpress.*:ALL state=present
notify:
- restart mysql

Resources