How To Create Ansible Playbooks for IT Automation

0

Playbook is nothing but Ansible’s configuration management scripts, and it can be used to manage deployments and configurations of managed nodes. Playbook contains set of policies that you want your managed nodes to enforce or a set of steps in a general IT process.

Playbooks are written and developed in a simple text language. The syntax that we use in playbooks are different from normal commands that we used to test in the previous tutorial.

In the previous tutorial, we saw how to Install Ansible on CentOS 7 / RHEL 7 / Ubuntu 18.04 / 16.04 & Debian 9.

Create Ansible Playbook

For this demo, we will create a playbook called web.yml to configure a host to run an Apache web server. Each playbook is composed of one or more plays in a list.

For each play in the playbook, you get to choose which machines in your infrastructure to target and what remote user to complete the tasks.

vi web.yml

CentOS / RHEL Playbook:

---
- hosts: 192.168.1.20
  remote_user: raj
  become: yes
  become_method: su

  tasks:
  - name: Install Apache
    yum: pkg=httpd state=latest
  - name: Copying the demo file
    template: src=/etc/ansible/index.html dest=/var/www/html
              owner=apache group=apache mode=0644
  - name: Enable Apache on System Boot
    service: name=httpd enabled=yes

    notify:
    - start apache
    - setup firewalld
    - reload firewalld

  handlers:
    - name: start apache
      service: name=httpd state=started
    - name: setup firewalld
      firewalld:
        service: http
        permanent: true
        state: enabled
    - name: reload firewalld
      service: name=firewalld state=restarted

Ubuntu / Debian Playbook:

---
- hosts: 192.168.1.30
  remote_user: raj
  become: yes
  become_method: sudo

  tasks:
  - name: Install Apache
    apt:
      name: apache2
      update_cache: yes
  - name: Copying the demo file
    template: src=/etc/ansible/index.html dest=/var/www/html
              owner=www-data group=www-data mode=0644

Create a demo HTML file (/etc/ansible/index.html). This HTML file will be placed in the default DocumentRoot of Apache server on the managed node.

vi /etc/ansible/index.html

HTML:

<html>
  <head>
    <title>Apache is installed by Ansible</title>
  </head>
  <body>
  <h1>Apache is installed by Ansible</h1>
  <p>Now, Apache is managed through Ansible</p>
  </body>
</html>

Breaking Down Ansible Playbook

Now, we will go through each sections of playbook web.yml file to understand what these are means.

File starts with

---

All YAML files should begin with (Three dashes) --- and this indicates the start of a document. YAML is very sensitive to space and uses that to group different pieces of information together. Spaces must be consistent across your file to be read correctly. Items at the same level of indentation are considered sibling elements.

Host and Users

---
- hosts: 192.168.1.20
  remote_user: raj

The hosts line is a list of one or more groups (ex. demo-servers) or host patterns (ex. 192.168.1.20), separated by colons. Along with host, you can mention remote user account.

---
- hosts: 192.168.1.20
  remote_user: raj
  become: yes
  become_method: su

You must become root user to install any packages on a system, To do that, you can use privilege escalation methods, like su or sudo. Whenever you use this kind of privilege escalation methods, you have to run ansible playbook with --ask-become-pass argument.

Tasks

Now, we have a set of tasks.

  tasks:
  - name: Install Apache
    yum: pkg=httpd state=latest
  - name: Copying the demo file
    template: src=/etc/ansible/index.html dest=/var/www/html
              owner=apache group=apache mode=0644
  - name: Enable Apache on System Boot
    service: name=httpd enabled=yes

Each play contains a list of tasks, those are executed in order, one at a time, against all machines matched by the host pattern, before moving on to the next task.

When you are running the playbook, it runs top to bottom and hosts with failed tasks are taken out of the rotation for the entire playbook.

Every task should have a name and is used to display the current activity while running the playbook. This output is for humans, so it is nice to have reasonably good descriptions of each task step.

Here, will install the latest version of Apache and copy the demo HTML (/etc/ansible/index.html) to /var/www/html directory of the managed node and then enable Apache service to start automatically during system boot.

Notify

These notify actions are triggered at the end of each block of tasks in a playbook, and will only be triggered once even if notified by multiple different tasks.

    notify:
    - start apache
    - setup firewalld
    - reload firewalld

The notify item contains an item called start apache, setup firewalld and reload firewalld. These are the reference to handlers which perform specific functions when it is called from within a task. We will define the start apache and firewalld handler.

Handler

Handlers are lists of tasks, not really any different from regular tasks. But, they only run when they have been told by a task that changes have occurred on the client system.

  handlers:
    - name: start apache
      service: name=httpd state=started
    - name: setup firewalld
      firewalld:
        service: http
        permanent: true
        state: enabled
    - name: reload firewalld
      service: name=firewalld state=restarted

In our case, we have a handler that starts Apache service and configure the firewall after the package is installed.

This action happens because of the notifier notified handler about changes to the system, meaning that Apache package had to be installed and along with that demo file had to be copied to DocumentRoot.

Execute Ansible Playbook

Once you have a playbook ready, you can run it using below command.

ansible-playbook web.yml -f 1 --ask-become-pass

OR

ansible-playbook web.yml -f 1 --ask-become-pass -u raj --ask-pass

ansible-playbook: Command to run Ansible playbooks.

web.yml: YAML file (Ansible Playbook file – that we created at the start of this tutorial)

-f 1: playbook using a parallelism level of 1

–ask-become-pass: Since we need to become root user to install packages.

-u raj: User on the managed node

Output:

Create Ansible Playbooks - Execute Ansible Playbooks
Create Ansible Playbooks – Execute Ansible Playbooks

Assume you have created a playbook for a group (ex. demo-servers) of servers and want to run a playbook on a specific host. The below command runs playbook only on 192.168.1.40.

ansible-playbook -l 192.168.1.40 web.yml -u raj --ask-become-pass

Verify Ansible Playbook Actions

After running a playbook, open your browser and navigate to the remote host mentioned in ansible inventory.

In my case, URL will be

http://192.168.1.20
Create Ansible Playbooks - Manage Apache Through Ansible
Create Ansible Playbooks – Manage Apache Through Ansible

You should now get above page Apache is installed by Ansible, and this page confirms us that Apache was installed by Ansible.

You have learned how to create a simple playbook for automation of apache installation. You can find more information on creating playbooks here.

That’s All.

You might also like