Ansible Firefighting Hotline Series – (19) Automated Diagnosis of Httpd Service

🔍 Ansible Firefighting Hotline | Struggling with Httpd Service Troubleshooting? One-Click Automated Diagnosis Turns You into a Web Expert!

Are you still struggling with chaotic troubleshooting of httpd service failures? Today, we bring you a comprehensive automated analysis solution for RHEL8/9 & CentOS8/9 httpd service failures, allowing you to say goodbye to the nightmare of manually typing commands!

🎯 Pain Points Addressed

The daily routine of an operations engineer: httpd service anomaly → manually check service status → view configuration files → check port listening → analyze error logs → troubleshoot SELinux → check firewall… After a series of actions, several hours have passed, and the problem may still be elusive.

Even more frightening is: manual troubleshooting can easily overlook key information, lack systematic analysis, and fail to quickly locate the root cause. Have you ever thought that if there were an automated httpd diagnosis solution, all these problems would be solved?

✨ Solution Preview

Today, we share an automated analysis of httpd service failures for RHEL8/9 & CentOS8/9 using Ansible, which includes six core diagnostic modules, standardizing, automating, and intelligentizing your Web service troubleshooting!

🎯 Results Preview

Understand the httpd diagnosis results at a glance ✅

📌 Fault Profile (3 lines to understand)

Host and System: 10.66.208.232 · RHEL 9.6 (Kernel 5.14)Service Status: Installed but not running (systemd: inactive / disabled)Environmental Evidence: Configuration syntax OK; 80/443 firewall allowed; no port listening

🎯 Quick Conclusion

Root cause points to: service not started and not set to start on boot → no listening → no accessSupporting Evidence:<span><span>httpd -t</span></span> returns 0; <span><span>ss</span></span> no :80/:443; SELinux=Permissive; no new entries in logs

🧾 Original Diagnosis Report Segment (transparent and verifiable)

================== RHEL8 Httpd Diagnosis Report ==================
Generation Time: 2025-09-06T10:31:11Z
Target Host: 10.66.208.232

【Basic Information】
- OS: RedHat 9.6
- Kernel: 5.14.0-570.37.1.el9_6.x86_64
- SELinux: Permissive

【Software and Service Status】
- httpd Package: Installed
- systemd Active Status: inactive
- systemd Enabled Status: disabled

【Configuration Syntax Check】
- httpd -t: rc=0, output: Syntax OK

【Port Listening and Firewall】
- Expected Ports: 80, 443
- ss -lntp (fragment):
State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess                                 
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=1072,fd=3))         
LISTEN 0      4096       127.0.0.1:631       0.0.0.0:*    users:(("cupsd",pid=1070,fd=8))        
LISTEN 0      4096           [::1]:631          [::]:*    users:(("cupsd",pid=1070,fd=7))        
LISTEN 0      4096               *:9090            *:*    users:(("node_exporter",pid=7295,fd=3))
LISTEN 0      128             [::]:22           [::]:*    users:(("sshd",pid=1072,fd=4))         
- firewalld Status: running
- firewalld Services: cockpit dhcpv6-client ssh
- firewalld Ports: 53/tcp 80/tcp 443/tcp 5432/tcp 6379/tcp 9000/tcp 9001/tcp 9002/tcp 9003/tcp 27199/tcp 50051/tcp 53/udp 80/udp 443/udp 5432/udp 6379/udp 9000/udp 9001/udp 9002/udp 9003/udp 27199/udp 50051/udp

【SELinux Boolean Values】
- httpd_can_network_connect: httpd_can_network_connect --> off
- httpd_can_network_connect_db: httpd_can_network_connect_db --> off

【Configuration and Logs】
- httpd.conf Exists: True
- Error Log Path: /var/log/httpd/error_log
- Error Log Tail:
(no or unreadable)

【journalctl Recent Logs】
-- No entries --

【Optional Attempt to Start Result】
Not enabled attempt to start (attempt_service_start=false)

【Common Fault Clue Tips】
- Syntax Error: Non-zero return value from httpd -t usually points to configuration spelling/path errors
- Port Occupation: If :80/:443 in ss is occupied by non-httpd processes, it needs to be released or change ports
- SELinux: Access denied, please check AVC logs and set corresponding boolean values/add context
- Firewall: firewalld not open http/https services or ports
- Permissions: Web directory/log directory permissions or SELinux context anomalies

=============================================================

🤔 Design Philosophy: Why Our Playbook is Best Practice?

A professional automation solution is not just a simple pile of commands. Our design philosophy incorporates the core practices advocated by Red Hat, allowing your automation solution to leap from “just works” to “professional and reliable”!

1

Non-destructive Diagnosis, Safety First ✨ We adopt a read-only analysis mode that does not modify any system configurations, ensuring safety in production environments. All checks are non-intrusive, allowing you to execute with confidence.

2

Variable Driven, Flexible Adaptation 💻 We centralize all configurable parameters (such as ports, log paths, report output locations) in <span><span>group_vars/all.yml</span></span>. This means that when you need to adjust the diagnostic scope, you only need to modify these variables without touching any core automation task logic.

3

Idempotency Assurance, Worry-Free ✅ All our Playbooks strictly adhere to Ansible’s core principle—idempotency. You can confidently execute this Playbook repeatedly, and Ansible will automatically detect the current state and only perform necessary checks.

4

Closed-loop Verification, Visible Results 🎯 The last step of the Playbook generates a complete diagnostic report. This forms a check-analyze-report closed loop. Not only have you executed automation, but you can also immediately see the diagnostic results, ensuring that the problem is under control!

⭐ Automation Scenario Rating

Rating Dimension Rating Description
Ease of Use ⭐⭐⭐⭐⭐ One-click execution, detailed comments, beginner-friendly
Reusability ⭐⭐⭐⭐⭐ Variable configuration, supports multi-host parallel execution
Stability ⭐⭐⭐⭐⭐ Idempotent design, comprehensive error handling
Scalability ⭐⭐⭐⭐⭐ Modular design, easy to extend functionality
Best Practice Compliance ⭐⭐⭐⭐⭐ Follows Ansible best practices, code standards

🗂️ Project Directory Structure

04_RHEL8Httpd Service Failure Automated Analysis/
├── inventory                    # Host inventory configuration
├── group_vars/
│   └── all.yml                 # Global variable configuration
├── playbook.yml                # Main playbook file
├── templates/
│   └── httpd_diagnosis_report.j2# Diagnosis report template
├── README.md                   # Project documentation

📄 Core File Content Overview

🎯 Main Playbook File (playbook.yml)

---
- name: RHEL8/9 &amp; CentOS8/9 Httpd Service Failure Automated Analysis
  hosts: web
  become: true
  gather_facts: true

  vars:
    # Mode only analyzes, does not make changes; if you need to attempt to start the service, you can override attempt_service_start=true in group_vars/all.yml or -e
    attempt_service_start: false

  pre_tasks:
    - name: Assert running only on RHEL/CentOS 8/9
      ansible.builtin.assert:
        that:
          - ansible_distribution in ['RedHat', 'CentOS']
          - ansible_distribution_major_version in ['8', '9']
        fail_msg: "This Playbook only supports RHEL 8/9 or CentOS 8/9 series operating systems."
        quiet: true

  tasks:
    - name: Collect service facts
      ansible.builtin.service_facts:

    - name: Check if httpd package is installed
      ansible.builtin.command: "rpm -q {{ httpd_package }}"
      register: rpm_query
      changed_when: false
      failed_when: false

    - name: Check current active status of httpd
      ansible.builtin.command: "systemctl is-active {{ httpd_service }}"
      register: svc_active
      changed_when: false
      failed_when: false

    - name: Check if httpd is set to start on boot
      ansible.builtin.command: "systemctl is-enabled {{ httpd_service }}"
      register: svc_enabled
      changed_when: false
      failed_when: false

    - name: Syntax check - httpd -t
      ansible.builtin.command: "/usr/sbin/httpd -t"
      register: httpd_syntax
      changed_when: false
      failed_when: false

    - name: Listening port check - ss
      ansible.builtin.command: "ss -lntp"
      register: ss_listen
      changed_when: false
      failed_when: false

    - name: SELinux working mode
      ansible.builtin.command: getenforce
      register: selinux_mode
      changed_when: false
      failed_when: false

    - name: firewalld service running status
      ansible.builtin.command: firewall-cmd --state
      register: firewalld_state
      changed_when: false
      failed_when: false

    - name: Generate diagnostic report
      ansible.builtin.template:
        src: templates/httpd_diagnosis_report.j2
        dest: "{{ report_output_path }}"
        owner: root
        group: root
        mode: '0644'

    - name: Display report path
      ansible.builtin.debug:
        msg: "Httpd diagnostic report has been generated: {{ report_output_path }}"

🔧 Host Inventory Configuration (inventory)

[web]
# Fill in the target RHEL 8/9 or CentOS 8/9 hosts here
# For example:
# web1.example.com
10.166.208.232

⚙️ Global Variable Configuration (group_vars/all.yml)

---
# Global Variables - RHEL8/9 &amp; CentOS8/9 Httpd Failure Analysis

# Target host group name needs to align with inventory
target_group: web

# Service and package
httpd_service: httpd
httpd_package: httpd

# Ports (adjust as needed)
http_ports:
  - 80
https_ports:
  - 443

# Logs and reports
httpd_error_log: /var/log/httpd/error_log
collect_journal_lines: 200
report_output_path: /root/httpd_diagnosis_report.txt

# Whether to attempt to start the service (default false, analysis first)
attempt_service_start: false

📊 Diagnosis Report Template (templates/httpd_diagnosis_report.j2)

================== RHEL8/9 &amp; CentOS8/9 Httpd Diagnosis Report ================
Generation Time: {{ ansible_date_time.iso8601 }}
Target Host: {{ inventory_hostname }}

【Basic Information】
- OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
- Kernel: {{ ansible_kernel }}
- SELinux: {{ selinux_mode.stdout | default('unknown') }}

【Software and Service Status】
- httpd Package: {{ 'Installed' if rpm_query.rc  0 else 'Not Installed' }}
- systemd Active Status: {{ svc_active.stdout | default('unknown') }}
- systemd Enabled Status: {{ svc_enabled.stdout | default('unknown') }}

【Configuration Syntax Check】
- httpd -t: rc={{ httpd_syntax.rc }}, output: {{ (httpd_syntax.stdout + ' ' + httpd_syntax.stderr) | trim }}

【Port Listening and Firewall】
- Expected Ports: {{ (httpd_expected_ports | map('string')) | join(', ') }}
- ss -lntp (fragment):
{{ ss_listen.stdout | default('') }}
- firewalld Status: {{ firewalld_state.stdout | default('unknown') }}

【Common Fault Clue Tips】
- Syntax Error: Non-zero return value from httpd -t usually points to configuration spelling/path errors
- Port Occupation: If :80/:443 in ss is occupied by non-httpd processes, it needs to be released or change ports
- SELinux: Access denied, please check AVC logs and set corresponding boolean values/add context
- Firewall: firewalld not open http/https services or ports
- Permissions: Web directory/log directory permissions or SELinux context anomalies

=============================================================

🛠️ Foolproof Deployment Guide

Seeing it a thousand times in theory is not as good as doing it once!

Prerequisites

1One Ansible control node.2The target server is configured with SSH trust, and the user executing Ansible has<span><span>sudo</span></span> permissions.3The control node has Ansible installed.

Project Directory Structure

This is a very simple project, you only need a few files!

04_RHEL8Httpd Service Failure Automated Analysis/
├── inventory
├── group_vars/
│   └── all.yml
├── playbook.yml
├── templates/
│   └── httpd_diagnosis_report.j2
└── README.md

How to Use?

1

Modify Variables ✏️: Open <span><span>group_vars/all.yml</span></span> file and modify the variable section according to your needs, such as port configuration, log paths, etc.

2

Update Host Inventory 📝: Edit <span><span>inventory</span></span> file and fill in your web server hostnames or IP addresses.

3

Execute Automation ▶️: Run the following command, then you can go make a cup of coffee ☕️!

# Basic diagnosis (only analysis, no modification)
ansible-playbook -i inventory playbook.yml

# Optional: Attempt to start the service to capture errors
ansible-playbook -i inventory playbook.yml -e attempt_service_start=true

🔍 Diagnosis Coverage

✅ Package Check

httpd package installation statusVersion information query

✅ Service Status Analysis

systemd service active statusBoot auto-start configurationService dependencies

✅ Configuration Syntax Validation

httpd -t syntax checkConfiguration file path validationConfiguration error localization

✅ Network Port Diagnosis

Port listening status checkProcess binding analysisPort conflict detection

✅ Security Policy Check

SELinux working modeKey boolean value statusFirewall rules check

✅ Log Analysis

Error log extractionSystem log analysisFault clue summary

✅ Comprehensive Error Handling

Idempotent designFault tolerance for failed tasksTimeout control mechanismRetry mechanism support

💡 Tips for Use

🎯 Batch Diagnosis

# Add multiple servers in inventory
[web]
server1 ansible_host=192.168.1.100
server2 ansible_host=192.168.1.101
server3 ansible_host=192.168.1.102

# Execute in parallel, doubling efficiency
ansible-playbook playbook.yml -i inventory --forks 10

🔧 Custom Configuration

Edit <span><span>group_vars/all.yml</span></span> file to adjust according to your environment:

Modify port configurationAdjust the number of log collection linesConfigure report output pathSet service start attempt

🐛 Troubleshooting

If you encounter issues, check the generated diagnostic report:

Report location:<span><span>/root/httpd_diagnosis_report.txt</span></span>Contains complete fault clue tipsProvides solutions for common problems

🎁 Surprise Time! Get the Complete Annotated Version!

Do you find the above Playbook not detailed enough? Want to delve into the logic behind each line of code and the best practices recommended by the official documentation?

Let you not only use it but also be able to extrapolate, becoming the most outstanding Ansible automation expert in your team!

👉 Click the 【Read Original】 below to get the packaged download of the Playbook project with complete annotations and syntax highlighting! 👈

🎁 Summary

This RHEL8/9 & CentOS8/9 httpd service fault automated analysis solution truly achieves:

🔍 Comprehensive Diagnosis: Analyzing from software packages to service status, from configuration to network, all-around analysis🚀 One-Click Execution: Automating all diagnostic steps without manual intervention📊 Professional Report: Generating structured diagnostic reports, making problems clear at a glance🔧 Highly Customizable: Variable configuration, adapting to different Web environments📈 Batch Processing: Supporting multi-host parallel diagnosis, doubling efficiency🛡️ Safe and Reliable: Default read-only analysis, not modifying system configurations

Tags:#Ansible #Automation Operations #Httpd Diagnosis #RHEL8 #CentOS8 #Web Services #Operational Efficiency

Leave a Comment