- Slides
-
Labs
- 1.0 - Setting up Ansible
- 2.0 - Documentation
- 3.0 - Setup and AdHoc Commands
- 4.0 - Ansible Playbooks - Basics
- 4.1 - Ansible Playbooks - Variables and Loops
- 4.2 - Ansible Playbooks - Templates
- 4.3 - Ansible Playbooks - Output
- 5.0 - Ansible Roles - Basics
- 5.1 - Ansible Roles - Handlers and Blocks
- 6.0 - Managing Secrets with Ansible Vault
- 7.0 - Ansible Galaxy and more
- About
- Setup
5.0 - Ansible Roles - Basics
During this lab we’ll learn how to write and use Ansible roles.
Task 1
- Create a directory
rolesin your techlab folder. - Configure your ansible environment to use the
rolesfolder as an additional resource for roles.
Task 2
Write a role httpd in your new roles folder which does the
following:
- Install
httpd, start its service and enable it to run on boot. - Install
firewalld, start its service and allow traffic for the serviceshttpandhttps.
Task 3
- Modify your playbook
webserver.ymlto use your newhttpdrole. It should be run on all hosts in thewebgroup. - Run your playbook and check if everything went as expected.
Task 4
- Create a new role called
base. It’smain.ymltaskfile should import the taskfilesmotd.ymlandpackages.yml motd.ymlshould do the following: Use the variablemotd_contentto change the/etc/motdcontent to “This is a server\n”. Remember to move the template as well as the variable to a correct location in therolesfolder.packages.ymlshould install the yum packagesfirewalld,yum-utils,dos2unix,emacsandvim- Write a playbook
prod.ymlthat applies the rolebaseto all servers and the rolehttpdonly to the groupweb
Task 5
- Rewrite the
httpdrole to apply thebaserole each time it is used in a playbook. Use a dependency in themeta/main.ymlfile. - Remove the play to run
baserole on all hosts in theprod.ymlplaybook. Run the playbook and see if rolebasewas applied on hosts in thewebgroup as well.
Solutions
$ mkdir roles
$ grep roles_path ansible.cfg
roles_path = /etc/ansible/roles:/usr/share/ansible/roles:/home/ansible/techlab/roles
$ cd roles/
$ ansible-galaxy init httpd
$ cat roles/httpd/tasks/main.yml
---
# tasks file for httpd
- name: install packages
yum:
name:
- httpd
- firewalld
state: installed
- name: start services
service:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- httpd
- firewalld
- name: open firewall for http and https
firewalld:
service: "{{ item }}"
state: enabled
immediate: yes
permanent: true
with_items:
- http
- https
$ cat webserver.yml
---
- hosts: web
become: yes
roles:
- httpd
$ ansible-playbook webserver.yml
$ cd roles/; ansible-galaxy init base;
$ cat roles/base/defaults/main.yml
---
# defaults file for base
motd_content: "This is a server\n"
$ ls roles/base/tasks/
main.yml motd.yml packages.yml
$ cat roles/base/tasks/motd.yml
---
- name: put motd template
template:
src: templates/motd.j2
dest: /etc/motd
$ cat roles/base/tasks/packages.yml
---
- name: install packages
yum:
name:
- firewalld
- yum-utils
- dos2unix
- emacs
- vim
state: installed
$ cat roles/base/tasks/main.yml
---
# tasks file for base
- name: set custom text
include: motd.yml
tags: motd
- name: install packages
include: packages.yml
tags: packages
$ cat prod.yml
---
- hosts: all
become: yes
roles:
- base
- hosts: web
become: yes
roles:
- httpd
Take notice of the different content of /etc/motd on the control node!
$ cat roles/httpd/meta/main.yml
---
dependencies:
- base
$ cat prod.yml
---
- hosts: web
become: yes
roles:
- httpd
$ ansible-playbook prod.yml