Running ansible from webserver to manage infrastructure
Solution 1:
Existing web interfaces for Ansible include:
- Semaphore
- Tower or AWX
Should you wish to build your own, use ansible-runner as the script/Python library/container to run Ansible in. ansible-playbook is for interactive use and does not have a stable API.
Before writing your own thing, understand this is a privilaged application that could do many things to your infrastructure. You are not limited by the default security model for your installed web servers.
For example, you could have a job runner daemon that runs as its own dedicated user, separate from the user the web server runs as. This way, compromising user nginx doesn't automatically get sudo to root, you also would need to go through some API.
Also appreciate the possibilities to isolate running playbooks. AWX chose to implement chroot style job isolation.
Development of a secure, usable web app in general is way too big a topic for one answer, and there are better Stack Exchange sites for development topics. Study what already exists.