Ansible introduction

Modules

  • Command module: Takes the command and executes it
  • Shell module: Executes through a shell like /bin/sh
  • Script module: Runs a local script on a remote node after transferring it.
  • raw: executes a ssh command. useful for installation python3

Adhoc commands

Examples:

  • ansible all - ping
  • ansible web -m command -a “uptime”
  • ansible localhost -m setup

Static inventory

Sample inventory:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

[control]
control ansible_host=10.42.0.2

[web]
node-1 ansible_host=10.42.0.6
node-2 ansible_host=10.42.0.7
node-3 ansible_host=10.42.8

[haproxy]
haproxy ansible_host=10.42.0.100

[all:vars]
ansible_user=vagrant
ansible_ssh_private_key_file=~/.vagrant.d/insecure_pvt_key

Test adhoc commands

  • ansible all -i hosts.ini -u vagrant -m ping: to test if systems are up
  • ansible all -i hosts.ini -u vagrant -m setup: to test if system is setup
  • ansible webservers -i hosts -u vagrant -m yum -a “name=python36 state=present” -b: installing packages python. -a is for args for yum module, -b become root
  • Ansible is idempotent
  • ansible webservers -i hosts -u vagrant -m yum -a “name=python36 state=absent” -b: to remove python

Variables

Ansible can work with metadata from various sources and manage their context in the form of variable. Can be facts, filepaths, package versions, etc.

Variable precedence (ansible 2.x):

  1. Extra vars
  2. Task vars
  3. Block vars
  4. Role and include vars
  5. Play vars_files
  6. Play vars_prompt
  7. Play vars
  8. Set_facts
  9. Registered vars
  10. Host facts
  11. Playbook host_vars
  12. Playbook group_vars
  13. Inventory host_vars
  14. Inventory group_vars
  15. Inventory vars
  16. Role defaults

get_url: download an archive git: clone a source code repo

Tasks

Example tasks in a play

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

tasks:
  - name: add cache dir
    file:
      path: /opt/cache
      state: directory

  - name: install nginx
    yum:
      name: nginx
      state: latest

  - name: restart nginx
    service:
      name: nginx
      state: restarted

Handler Tasks

Handlers are special tasks that run at the end of the play if notified by another task (caused by change of state). If a configuration file gets changed notify a service restart it needs to run.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

tasks:
  - name: add cache dir
    file:
      path: /opt/cache
      state: directory

  - name: install nginx
    yum:
      name: nginx
      state: latest
    notify: restart nginx

handlers:
  - name: restart nginx
    service:
      name: nginx
      state: restarted

Plays and Playbooks

Plays are ordered sets of taks to execute against host selections from your inventory. A playbook is a file containing one or more plays

Playbook example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

---
- name: install and start apache
  hosts: web
  vars:
    http_port:80
    max_clients: 200
  remote_user: root

  tasks:
  - name: install httpd
    yum: pkg=httpd state=latest
  - name: write the apache config file
    template: src=/srv/httpd.j2 dest=/etc/httpd.conf
  - name: start httpd
    service: name=httpd state=started

Playbook files

site.yml(or main.yml)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

---
- name: install and start apache
  hosts: webservers
  remote_user: vagrant
  become: yes

  tasks:
  - name: install epel repo
    yum: name=epel-release state=present

  - name: install python bindings for SELinux
    yum: name={{item}} state=present
    with_items:
    - libselinux-python
    - libsemanage-python

  - name: test to see if SeLinux is running
    command: getenforce
    register: sestatus
    changed_when: false

  - name: install apache
    yum: name=httpd state=present

  - name: start apache
    service: name=httpd state=started enabled=yes
  • ansible-playbook -i hosts site.yml: to run playbook (execute tasks from top to bottom)

Transition playbooks to roles

Roles are a packages of closely related ansible content that can be shared more easily than plays alone

Roles directory structure

  • defaults:
  • files:
  • handlers:
  • meta:
  • molecule:
  • tasks:
  • templates:
  • vars:

Creating a new role

  • ansible-galaxy init –help
  • ansible-galaxy init role_name
  • meta: flush_handler: runs the handler right now

Running multiple roles in a playbook

Example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

---
- name: apply the common configuration to all hosts
  hosts: all
  remote_user: vagrant
  become: yes

  roles:
  - common

- name: apply the database configuration
  hosts: dbservers
  remote_user: vagrant 
  become: yes

  roles:
  - mariadb

- name: apply the apache and the web roles
  hosts: webservers
  remote_user: vagrant
  become: yes

  roles:
  - apache
  - web

- name: apply the lb configuration
  hosts: lbservers
  remote_user: vagrant
  become: yes

  roles: 
  - haproxy