Playbook is nothing but Ansible’s configuration management scripts, and it can be used to manage deployments and configurations of managed nodes. Playbook contains set of policies that you want your managed nodes to enforce or a set of steps in a general IT process.
Playbooks are written and developed in a simple text language. The syntax that we use in playbooks are different from normal commands that we used to test in the previous tutorial.
In the previous tutorial, we saw how to Install Ansible on CentOS 7 / RHEL 7 / Ubuntu 18.04 / 16.04 & Debian 9.
Create Ansible Playbook
For this demo, we will create a playbook called web.yml to configure a host to run an Apache web server. Each playbook is composed of one or more plays in a list.
For each play in the playbook, you get to choose which machines in your infrastructure to target and what remote user to complete the tasks.
CentOS / RHEL Playbook:
--- - hosts: 192.168.1.20 remote_user: raj become: yes become_method: su tasks: - name: Install Apache yum: pkg=httpd state=latest - name: Copying the demo file template: src=/etc/ansible/index.html dest=/var/www/html owner=apache group=apache mode=0644 - name: Enable Apache on System Boot service: name=httpd enabled=yes notify: - start apache - setup firewalld - reload firewalld handlers: - name: start apache service: name=httpd state=started - name: setup firewalld firewalld: service: http permanent: true state: enabled - name: reload firewalld service: name=firewalld state=restarted
Ubuntu / Debian Playbook:
--- - hosts: 192.168.1.30 remote_user: raj become: yes become_method: sudo tasks: - name: Install Apache apt: name: apache2 update_cache: yes - name: Copying the demo file template: src=/etc/ansible/index.html dest=/var/www/html owner=www-data group=www-data mode=0644
Create a demo HTML file (/etc/ansible/index.html). This HTML file will be placed in the default DocumentRoot of Apache server on the managed node.
<html> <head> <title>Apache is installed by Ansible</title> </head> <body> <h1>Apache is installed by Ansible</h1> <p>Now, Apache is managed through Ansible</p> </body> </html>
Breaking Down Ansible Playbook
Now, we will go through each sections of playbook web.yml file to understand what these are means.
File starts with
All YAML files should begin with (Three dashes)
--- and this indicates the start of a document. YAML is very sensitive to space and uses that to group different pieces of information together. Spaces must be consistent across your file to be read correctly. Items at the same level of indentation are considered sibling elements.
Host and Users
--- - hosts: 192.168.1.20 remote_user: raj
The hosts line is a list of one or more groups (ex. demo-servers) or host patterns (ex. 192.168.1.20), separated by colons. Along with host, you can mention remote user account.
--- - hosts: 192.168.1.20 remote_user: raj become: yes become_method: su
You must become root user to install any packages on a system, To do that, you can use privilege escalation methods, like su or sudo. Whenever you use this kind of privilege escalation methods, you have to run ansible playbook with
Now, we have a set of tasks.
tasks: - name: Install Apache yum: pkg=httpd state=latest - name: Copying the demo file template: src=/etc/ansible/index.html dest=/var/www/html owner=apache group=apache mode=0644 - name: Enable Apache on System Boot service: name=httpd enabled=yes
Each play contains a list of tasks, those are executed in order, one at a time, against all machines matched by the host pattern, before moving on to the next task.
When you are running the playbook, it runs top to bottom and hosts with failed tasks are taken out of the rotation for the entire playbook.
Every task should have a name and is used to display the current activity while running the playbook. This output is for humans, so it is nice to have reasonably good descriptions of each task step.
Here, will install the latest version of Apache and copy the demo HTML (/etc/ansible/index.html) to /var/www/html directory of the managed node and then enable Apache service to start automatically during system boot.
These notify actions are triggered at the end of each block of tasks in a playbook, and will only be triggered once even if notified by multiple different tasks.
notify: - start apache - setup firewalld - reload firewalld
The notify item contains an item called start apache, setup firewalld and reload firewalld. These are the reference to handlers which perform specific functions when it is called from within a task. We will define the start apache and firewalld handler.
Handlers are lists of tasks, not really any different from regular tasks. But, they only run when they have been told by a task that changes have occurred on the client system.
handlers: - name: start apache service: name=httpd state=started - name: setup firewalld firewalld: service: http permanent: true state: enabled - name: reload firewalld service: name=firewalld state=restarted
In our case, we have a handler that starts Apache service and configure the firewall after the package is installed.
This action happens because of the notifier notified handler about changes to the system, meaning that Apache package had to be installed and along with that demo file had to be copied to DocumentRoot.
Execute Ansible Playbook
Once you have a playbook ready, you can run it using below command.
ansible-playbook web.yml -f 1 --ask-become-pass OR ansible-playbook web.yml -f 1 --ask-become-pass -u raj --ask-pass
ansible-playbook: Command to run Ansible playbooks.
web.yml: YAML file (Ansible Playbook file – that we created at the start of this tutorial)
-f 1: playbook using a parallelism level of 1
–ask-become-pass: Since we need to become root user to install packages.
-u raj: User on the managed node
Assume you have created a playbook for a group (ex. demo-servers) of servers and want to run a playbook on a specific host. The below command runs playbook only on 192.168.1.40.
ansible-playbook -l 192.168.1.40 web.yml -u raj --ask-become-pass
Verify Ansible Playbook Actions
After running a playbook, open your browser and navigate to the remote host mentioned in ansible inventory.
In my case, URL will be
You should now get above page Apache is installed by Ansible, and this page confirms us that Apache was installed by Ansible.
You have learned how to create a simple playbook for automation of apache installation. You can find more information on creating playbooks here.