- Slides
-
Labs
- 1.0 - Setting up Ansible
- 2.0 - Documentation
- 3.0 - Setup and AdHoc Commands
- 4.0 - Ansible Playbooks - Basics
- 4.1 - Ansible Playbooks - Variables and Loops
- 4.2 - Ansible Playbooks - Templates
- 4.3 - Ansible Playbooks - Output
- 5.0 - Ansible Roles - Basics
- 5.1 - Ansible Roles - Handlers and Blocks
- 6.0 - Managing Secrets with Ansible Vault
- 7.0 - Ansible Galaxy and more
- About
- Setup
4.0 - Ansible Playbooks - Basics
In this lab we’ll get used to writing and running Ansible playbooks.
Task 1
Create a playbook webserver.yml which does the following:
- Install
httpdon the nodes in thewebgroup. - Start
httpdand ensure the service starts on boot. Ensure that the firewall is also started and enabled. - Ensure port 80 is open on the
firewall.
Check what the options “immediate” and “permanent” of the firewalld module mean and do.
- Run the playbook. After completion test if the
httpd.serviceis running and enabled on node1.
Task 2
- Create a folder
inventoryand move your inventoryhoststhere. - Configure ansible to use
/home/ansible/techlab/hostsas the default inventory. Do this using a configuration file in the/home/ansible/techlab/directory. - Run the playbook again without using the
-iflag to see if the configuration works.
Task 3
- Add intentionally errors to your playbook and have a look at the output. You should get a feeling for errormessages.
- Add a wrong intendation. Remember that this is a common mistake!
- Add a wrong parameter name.
- Remove the mistakes.
TASK 4
- Create a playbook
tempfolder.yml - The playbook
tempfolder.ymlshould create a temporary folder/root/tempfolderon all servers except those in the groupdb.
Have a look at the user guide to know how to use more complex inventory patterns. See Ansible Docs - User Guide
- The folder has to have the sticky bit set, so that only the owner of the content (or root) can delete the files.
- Run the playbook and then check if the sticky bit was set using an ad hoc command.
Solutions
Below is a possible solution for your playbook:
---
- hosts: web
become: yes
tasks:
- name: install httpd
yum:
name: httpd
state: installed
- name: start and enable httpd
service:
name: httpd
state: started
enabled: yes
- name: start and enable firewalld
service:
name: firewalld
state: started
enabled: yes
- name: open firewall for http
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
Run your playbook with:
$ ansible-playbook -i hosts webserver.yml
Check httpd.service on group web:
$ ansible web -b -a "systemctl status httpd"
Copy the default ansible.cfg to your directory:
$ mkdir /home/ansible/techlab/inventory
$ mv /home/ansible/techlab/hosts /home/ansible/techlab/inventory/
$ cp /etc/ansible/ansible.cfg /home/ansible/techlab/
Edit your ansible.cfg file. Uncomment and edit the “inventory” entry to use your file:
[defaults]
# some basic default values...
inventory = /home/ansible/techlab/inventory/hosts # <-- edit this line
#library = /usr/share/my_modules/
$ ansible-playbook webserver.yml
PLAY [web] ***********************************************************************
TASK [Gathering Facts] ***********************************************************
ok: [node1]
TASK [install httpd] *************************************************************
ok: [node1]
...
The path for the inventory key can be relative but will only
work when executing the ansible commands at the same location.
But if used by multiple people and SCM comes into play a relative
path is a more sensible choice.
Wrong intendation:
---
- hosts: web
become: yes
tasks:
- name: install httpd
yum:
name: httpd # <-- wrong intendation
state: installed # <-- wrong intendation
Wrong parameter name:
---
- hosts: web
become: yes
tasks:
- name: install httpd
yum:
name: httpd
state: installed
enabled: yes # <-- doesn't exist for yum module
$ cat tempfolder.yml
---
- hosts: all:!db
become: yes
tasks:
- name: create temp folder with sticky bit set
file:
dest: /root/tempfolder
mode: "01755"
state: directory
$ ansible-playbook tempfolder.yml
$ ansible web,controller -b -a "ls -lah /root/"
ansible-doc file doesn’t provide any information about setting special permissions like sticky bit.
Remember to use a leading 0 before the actual permissions.