Ansible: 2.4.2.0

https://www.ansible.com/resources/videos/quick-start-video

 

[root@terraform ~]# ansible –version

  • 2.4.2.0  –2018
  • 1.9.2 —2015

http://docs.ansible.com/ansible/latest/intro_adhoc.html

#ansible webservers -m service -a "name=httpd state=stopped"

ansible atlanta -m copy -a "src=/etc/hosts dest=/tmp/hosts"
ansible all -m ping 
ansible foo.example.com -m yum -a "name=httpd state=installed"
ansible foo.example.com -a "/usr/sbin/reboot"

What are Ansible Playbooks?

Ansible playbooks are a way to send commands to remote computers in a scripted way. Instead of using Ansible commands individually to remotely configure computers from the command line, you can configure entire complex environments by passing a script to one or more systems.

Ansible playbooks are written in the YAML data serialization format. If you don’t know what a data serialization format is, think of it as a way to translate a programmatic data structure (lists, arrays, dictionaries, etc) into a format that can be easily stored to disk. The file can then be used to recreate the structure at a later point. JSON is another popular data serialization format, but YAML is much easier to read.

Each playbook contains one or more plays, which map hosts to a certain function. Ansible does this through something called tasks, which are basically module calls.

#vi /etc/ansible/hosts

[web]

ansible.client

ansible.server

[db]

#vi /etc/ansible/ansible.cfg

# uncomment this to disable SSH key host checking
#host_key_checking = False
host_key_checking = False

#ansible ansible.client -m ping -u root -k

#ansible ansible.client -m setupu root -k

#ssh-keygen

#cat id_rsa.pub     –Provides public key to clients..

server~]# cat ~/.ssh/id_rsa.pub | ssh root@ansible.client “cat >>~/.ssh/authorized_keys”

or —  #ssh-copy-id -i ~/.ssh/id_rsa.pub root@ansible.client

# ansible ansible.client -m file -a ‘path=/tmp/peshal state=directory mode=0777 owner=demol’

#ansible ansible.client -m file -a ‘path=/tmp/peshal’

#ansible -doc -l  —- lists all the modules

#ansible-doc docker

 

Roles:

#ansible-galaxy init apache –offline

#tree 

[root@terraform roles]# tree
.
└── apache
├── defaults
│   └── main.yml
├── files
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── README.md
├── tasks
│   └── main.yml
├── templates
── tests
│   ├── inventory
│   └── test.yml
└── vars
└── main.yml

9 directories, 8 files

root@terraform apache]# pwd
/etc/ansible/roles/apache
[root@terraform apache]# ls -ltr
total 4
drwxr-xr-x 2 root root 6 Feb 18 12:50 templates
-rw-r–r– 1 root root 1328 Feb 18 12:50 README.md
drwxr-xr-x 2 root root 6 Feb 18 12:50 files
drwxr-xr-x 2 root root 22 Feb 18 12:50 defaults
drwxr-xr-x 2 root root 22 Feb 18 12:50 handlers
drwxr-xr-x 2 root root 22 Feb 18 12:50 meta
drwxr-xr-x 2 root root 22 Feb 18 12:50 tasks
drwxr-xr-x 2 root root 39 Feb 18 12:50 tests
drwxr-xr-x 2 root root 22 Feb 18 12:50 vars

http://docs.ansible.com/ansible/latest/playbooks_reuse_roles.html

  • tasks – contains the main list of tasks to be executed by the role.
  • handlers – contains handlers, which may be used by this role or even anywhere outside this role.
  • defaults – default variables for the role (see Variables for more information).
  • vars – other variables for the role (see Variables for more information).
  • files – contains files which can be deployed via this role.
  • templates – contains templates which can be deployed via this role. (—Jinja2 template language)
  • meta – defines some meta data for this role. See below for more details.

 

[root@terraform ansible]# cat /etc/ansible/roles/apache/tasks/*

#configuring httpd.conf and sending sample html file
– name: httpd.conf file
copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
notify:
– restart apache service
– name: send index.html
copy: src=index.html dest=/var/www/html/index.html

<html>
<h1> Welcome to Ansible Roles world!!</h1>
</html>

#installing httpd package
– name: install apache
yum:
name: httpd
state: latest

# tasks file for apache
– include: install.yml
– include: configure.yml
– include: service.yml

#start apache service
– name: starting apache service
service:
name: httpd
state: started

 

[root@terraform ansible]# cat site.yml

– hosts: ansible.client
roles:
– apache
# – ntp

#ansible-playbook site.yml –syntax-check

Tags

If you have a large playbook it may become useful to be able to run a specific part of the configuration without running the whole playbook.

Both plays and tasks support a “tags:” attribute for this reason. You can ONLY filter tasks based on tags from the command line with --tags or --skip-tags. Adding “tags:” in any part of a play (including roles) adds those tags to the contained tasks.

Example:

 

tasks:

    - yum: name={{ item }} state=installed
      with_items:
         - httpd
         - memcached
      tags:
         - packages

    - template: src=templates/src.j2 dest=/etc/foo.conf
      tags:
         - configuration

If you wanted to just run the “configuration” and “packages” part of a very long playbook, you could do this:

ansible-playbook example.yml --tags "configuration,packages"

On the other hand, if you want to run a playbook without certain tasks, you could do this:

ansible-playbook example.yml --skip-tags "notification"

 

Tag Reuse

You can apply the same tag name to more than one task, in the same file or included files. This will run all tasks with that tag.

Example:

---
# file: roles/common/tasks/main.yml

- name: be sure ntp is installed
  yum: name=ntp state=installed
  tags: ntp

- name: be sure ntp is configured
  template: src=ntp.conf.j2 dest=/etc/ntp.conf
  notify:
    - restart ntpd
  tags: ntp

- name: be sure ntpd is running and enabled
  service: name=ntpd state=started enabled=yes
  tags: ntp

 

Tag Inheritance

You can apply tags to more than tasks, but they ONLY affect the tasks themselves. Applying tags anywhere else is just a convenience so you don’t have to write it on every task:

- hosts: all
  tags:
    - bar
  tasks:
    ...

- hosts: all
  tags: ['foo']
  tasks:
    ...

You may also apply tags to roles:

roles:
  - { role: webserver, port: 5000, tags: [ 'web', 'foo' ] }

And import/include statements:

- import_tasks: foo.yml
  tags: [web,foo]

or:

- include_tasks: foo.yml
  tags: [web,foo]

All of these apply the specified tags to EACH task inside the play, included file, or role, so that these tasks can be selectively run when the playbook is invoked with the corresponding tags.

Tags are inherited down the dependency chain. In order for tags to be applied to a role and all its dependencies, the tag should be applied to the role, not to all the tasks within a role.

You can see which tags are applied to tasks by running ansible-playbook with the --list-tasks option. You can display all tags using the --list-tagsoption.

 

Special Tags

There is a special always tag that will always run a task, unless specifically skipped (--skip-tags always)

Example:

tasks:

    - debug: msg="Always runs"
      tags:
        - always

    - debug: msg="runs when you use tag1"
      tags:
        - tag1

There are another 3 special keywords for tags, taggeduntagged and all, which run only tagged, only untagged and all tasks respectively.

By default ansible runs as if --tags all had been specified.

Tips of the day: 

restorecon -Rv ~/.ssh

 

Good to see:

https://www.ansible.com/ansiblefest

Roles:

https://serversforhackers.com/c/ansible-roles

Ansible: CentOS 7

http://codeheaven.io/15-things-you-should-know-about-ansible/

Click to access AnsibleTowerUserGuide.pdf

  • Understand the architecture and terminology of Ansible.
  • Deploy, install and run ad hoc commands in Ansible
  • Create Ansible plays and implement a playbook.
  • Manage inclusions and variables by understanding precedence and variable scope in a play.
  • Execute and monitor tags, handlers and task control in playbooks.
  • Configure Jinja2 templates
  • Define, execute and manage roles.
  • Use different delegations, parallelism and connection types for creating complex playbooks
  • Implement and manage encryption with Ansible Vault.
  • Troubleshoot managed nodes and control machine.
  • Install and configure Ansible Tower.
  • Use Vagrant for implementing Ansible in a DevOps setup.

Links/Sources:

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-ansible-on-centos-7

http://docs.ansible.com/ansible/latest/playbooks.html

Playbooks:

#ansible-playbooks  -v move.yml  –step

#ansible-playbooks  -v move.yml

#ansible-playbooks   move.yml

abc.yml

---
- hosts: webservers
  vars:
    http_port: 80
    max_clients: 200
  remote_user: root
  tasks:
  - name: ensure apache is at the latest version
    yum: name=httpd state=latest
  - name: write the apache config file
    template: src=/srv/httpd.j2 dest=/etc/httpd.conf
    notify:
    - restart apache
  - name: ensure apache is running (and enable it at boot)
    service: name=httpd state=started enabled=yes
  handlers:
    - name: restart apache
      service: name=httpd state=restarted