Ansible - Playbook

About

Playbook is the language of Ansible.

• Ansible modules are the function
• Playbooks are declarative instruction written in Yaml that run module functions

A playbook is a list of play.

Playbooks are:

• kept in source control

Playbooks can be used to manage remote machines:

• configurations (push out or assure that the configurations are in sync)
• deployments

They can :

• sequence multi-tier rollouts involving rolling updates,
• delegate actions to other hosts,
• interacting with monitoring servers and load balancers along the way.

Format

Playbooks are expressed in YAML format

---
Play1:
  - Task11
  - Task12
---
Play2:
  - Task21
  - Task22

....

Play

Each playbook is composed of one or more ‘plays’ in a list.

A play map a group of hosts to some well defined roles, represented by tasks.

Plays run in the order specified: top to bottom.

By composing a playbook of multiple plays, it is possible to orchestrate multi-machine deployments. For instance:

• running certain steps on all machines in the webservers group,
• then certain steps on the database server group,
• then more commands back on the webservers group,
• etc.

Example:

---
- hosts: all # one or more group or host patterns
  order: sorted # Host order: value can be 'inventory' ie as is in the inventory file, reverse_inventory, sorted (alpha), reverse_sorted, shuffle (random)
  remote_user: yourname # or root This property was called user before Ansible 1.4
  become: yes # optional
  become_user: postgres # optional
  gather_facts: False

where:

• --- separates play
• host defines the target machines: one or more groups or host patterns, separated by colons that should match hosts in the inventory. all is a group that means all hosts in the inventory file.
• remote_user, become and become_user are connection variable
  • remote_user defines the default logging remote user (The remote user can also be defined for a task)
  • become and become_user defines user escalation mechanism
• gather_facts defines if fact must be gathered

Task

A task is a call to an ansible module with arguments. See Ansible PlayBook - Task

vars

Variable definition

includes, imports, and roles

import statement in Playbook

All include task are dynamic (ie included at runtime) whereas import tasks are included at start time.

• see include_tasks or import_tasks
• include / import

Doc:

• https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse.html
  • https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_includes.html

Include with variable

include module

Example to loop over several domains and get the certificates by passing the variable letsencrypt_domain

- name: Get the Ovh certificate
  with_items: "{{ovh_domains}}"
  include: certbot_certonly_ovh.yml letsencrypt_domain: '{{ item }}'
  tags: nginx-cert-ovh

Import with variable

from https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_includes.html#including-and-importing-task-files

- name: Compile and copy
  import_tasks: nginx_compile_dynamic_module.yml
  vars:
    nginx_dynamic_library_name: 'ngx_pagespeed.so'
    nginx_dynamic_library_source_path: '{{ nginx_build_base_dir }}/{{ nginx_pagespeed_archive_dir_name }}'

Example

Two plays:

---
- hosts: webservers
  remote_user: root

  tasks:
  - name: ensure apache is at the latest version
    yum:
      name: httpd
      state: latest
  - name: write the apache config file
    template:
      src: /srv/httpd.j2
      dest: /etc/httpd.conf

- hosts: databases
  remote_user: root

  tasks:
  - name: ensure postgresql is at the latest version
    yum:
      name: postgresql
      state: latest
  - name: ensure that postgresql is started
    service:
      name: postgresql
      state: started

https://github.com/ansible/ansible-examples

Management

Check Syntax

ansible-playbook --syntax-check 

Pre-processing ? Filters / Function

https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html

Execution

Push

at the command line with ansible-playbook

ansible-playbook [options] playbook.yml [playbook2 ...]

• –ask-become-pass (-K).
• –verbose

If you run a become playbook and the playbook seems to hang, it’s probably stuck at the privilege escalation prompt. Just kill it.

hosts with failed tasks are taken out of the rotation for the entire playbook.

• execute a playbook using a parallelism level of 10

ansible-playbook playbook.yml -f 10

Pull

The ansible-pull is a small script that will checkout a repo of configuration instructions from git, and then run ansible-playbook against that content.

Docker Run

• Ansible Playbook can be used to install an application inside docker

Example from webserver-simple

# From a image with Ansible installed
FROM ansible/centos7-ansible:stable

# Add playbooks to the Docker image
ADD ansible /srv/example/
WORKDIR /srv/example

# Run Ansible to configure the Docker image
RUN ansible-playbook site.yml -c local

# Other Dockerfile directives are still valid
EXPOSE 22 3000 80
ENTRYPOINT ["/usr/local/bin/apachectl", "-DFOREGROUND"]

Local

On the localhost:

ansible-playbook playbook.yml --connection=local
# or
ansible-playbook playbook.yml -i hosts.ini

with

localhost ansible_connection=local

see Ansible - Connection

Documentation / Reference

• https://docs.ansible.com/ansible/latest/user_guide/playbooks.html