Running ansible from webserver to manage infrastructure

nginx php ansible php-fpm user-permissions

Solution 1:

Existing web interfaces for Ansible include:

  • Semaphore
  • Tower or AWX

Should you wish to build your own, use ansible-runner as the script/Python library/container to run Ansible in. ansible-playbook is for interactive use and does not have a stable API.

Before writing your own thing, understand this is a privilaged application that could do many things to your infrastructure. You are not limited by the default security model for your installed web servers.

For example, you could have a job runner daemon that runs as its own dedicated user, separate from the user the web server runs as. This way, compromising user nginx doesn't automatically get sudo to root, you also would need to go through some API.

Also appreciate the possibilities to isolate running playbooks. AWX chose to implement chroot style job isolation.

Development of a secure, usable web app in general is way too big a topic for one answer, and there are better Stack Exchange sites for development topics. Study what already exists.

Related

Linux KVM - Windows 10 VM - Mouse movement delay
Can I build public cloud using bare metal servers? [closed]
If user passwords are set to automatically expire within a Windows domain, does this have an impact on the force password change checkbox within ADUC?
Identify/block pornographic content in Images
Ruby and "You must recompile Ruby with OpenSSL support or change the sources in your Gemfile"
Python - time difference in milliseconds not working for me
Terminate docker compose when test container finishes
Where do tabindex="0" HTML elements end up in the tabbing order?
Calculating image size ratio for resizing
How to disable a log.Logger
Stopping supervisord: Shut down
How is a pivot table created by Laravel?