Ansible - Playbook

Card Puncher Data Processing

About

Playbook is the language of Ansible.

A playbook is a list of play.

Playbooks are:

  • kept in source control

Playbooks can be used to manage remote machines:

  • configurations (push out or assure that the configurations are in sync)
  • deployments

They can :

  • sequence multi-tier rollouts involving rolling updates,
  • delegate actions to other hosts,
  • interacting with monitoring servers and load balancers along the way.

Format

Playbooks are expressed in YAML format

---
Play1:
  - Task11
  - Task12
---
Play2:
  - Task21
  - Task22

....

Play

Each playbook is composed of one or more ‘plays’ in a list.

A play map a group of hosts to some well defined roles, represented by tasks.

Plays run in the order specified: top to bottom.

By composing a playbook of multiple plays, it is possible to orchestrate multi-machine deployments. For instance:

  • running certain steps on all machines in the webservers group,
  • then certain steps on the database server group,
  • then more commands back on the webservers group,
  • etc.

Example:

---
- hosts: all # one or more group or host patterns
  order: sorted # Host order: value can be 'inventory' ie as is in the inventory file, reverse_inventory, sorted (alpha), reverse_sorted, shuffle (random)
  remote_user: yourname # or root This property was called user before Ansible 1.4
  become: yes # optional
  become_user: postgres # optional
  gather_facts: False

where:

  • --- separates play
  • host defines the target machines: one or more groups or host patterns, separated by colons that should match hosts in the inventory. all is a group that means all hosts in the inventory file.
  • remote_user, become and become_user are connection variable
    • remote_user defines the default logging remote user (The remote user can also be defined for a task)
    • become and become_user defines user escalation mechanism
  • gather_facts defines if fact must be gathered

Task

A task is a call to an ansible module with arguments. See Ansible PlayBook - Task

vars

Variable definition

includes, imports, and roles

import statement in Playbook

All include task are dynamic (ie included at runtime) whereas import tasks are included at start time.

Doc:

Include with variable

include module

Example to loop over several domains and get the certificates by passing the variable letsencrypt_domain

- name: Get the Ovh certificate
  with_items: "{{ovh_domains}}"
  include: certbot_certonly_ovh.yml letsencrypt_domain: '{{ item }}'
  tags: nginx-cert-ovh

Import with variable

from https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_includes.html#including-and-importing-task-files

- name: Compile and copy
  import_tasks: nginx_compile_dynamic_module.yml
  vars:
    nginx_dynamic_library_name: 'ngx_pagespeed.so'
    nginx_dynamic_library_source_path: '{{ nginx_build_base_dir }}/{{ nginx_pagespeed_archive_dir_name }}'

Example

Two plays:

---
- hosts: webservers
  remote_user: root

  tasks:
  - name: ensure apache is at the latest version
    yum:
      name: httpd
      state: latest
  - name: write the apache config file
    template:
      src: /srv/httpd.j2
      dest: /etc/httpd.conf

- hosts: databases
  remote_user: root

  tasks:
  - name: ensure postgresql is at the latest version
    yum:
      name: postgresql
      state: latest
  - name: ensure that postgresql is started
    service:
      name: postgresql
      state: started

https://github.com/ansible/ansible-examples

Management

Check Syntax

ansible-playbook --syntax-check 

Pre-processing ? Filters / Function

https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html

Execution

Push

at the command line with ansible-playbook

ansible-playbook [options] playbook.yml [playbook2 ...]
  • –ask-become-pass (-K).
  • –verbose

If you run a become playbook and the playbook seems to hang, it’s probably stuck at the privilege escalation prompt. Just kill it.

hosts with failed tasks are taken out of the rotation for the entire playbook.

  • execute a playbook using a parallelism level of 10
ansible-playbook playbook.yml -f 10

Pull

The ansible-pull is a small script that will checkout a repo of configuration instructions from git, and then run ansible-playbook against that content.

Docker Run

  • Ansible Playbook can be used to install an application inside docker

Example from webserver-simple

# From a image with Ansible installed
FROM ansible/centos7-ansible:stable

# Add playbooks to the Docker image
ADD ansible /srv/example/
WORKDIR /srv/example

# Run Ansible to configure the Docker image
RUN ansible-playbook site.yml -c local

# Other Dockerfile directives are still valid
EXPOSE 22 3000 80
ENTRYPOINT ["/usr/local/bin/apachectl", "-DFOREGROUND"]

Local

On the localhost:

ansible-playbook playbook.yml --connection=local
# or
ansible-playbook playbook.yml -i hosts.ini

with

localhost ansible_connection=local

see Ansible - Connection

Documentation / Reference





Discover More
Card Puncher Data Processing
Ansible - Connection

Connection parameters to hosts are given through variable. You can define the running user with the help of this two variable: ansible_user ( in a inventory file) remote_user in a Playbook ansible_userremote_userbecomeansible/ansible/issues/2004520045...
Card Puncher Data Processing
Ansible - Facts (Remote System Env)

Facts are variable that contains environment information from the remote systems (ie current host (inventory_hostname)) ansible_facts contains any facts gathered or cached for the inventory_hostname...
Card Puncher Data Processing
Ansible - Function

function in Ansible are tasks that includes other playbook and can pass variable. Include_tasks is done at runtime while import_tasks is done at start time If you have a conditional (such as...
Card Puncher Data Processing
Ansible - Group (Host Properties)

A host can have one or more group (tag). A group may have also have a group. See Groups don’t really survive outside of inventory and host matching because variables are defined to a specific host...
Card Puncher Data Processing
Ansible - Host (system)

A host may have zero or more than one group (ie webserver and a dbserver). In a inventory file as playbook variable. Example Variable that are defined on the group level can be defined:...
Card Puncher Data Processing
Ansible - Inventory

inventory is a file that define the following entity: the hosts the group of host the child relationship between group and variables (connection variable,...). The preferred practice in Ansible...
Card Puncher Data Processing
Ansible - Role

Roles is the reusable unit of Ansible. You may think of it as a function. It: helps make playbook content self-contained works well with things like git submodules for sharing content with others....
Card Puncher Data Processing
Ansible - ansible-pull

ansible-pull is command line client that runs playbook in a pull way (ie on the localhost) whereas ansible-playbook will run them in a push way. It is a small script that will checkout a repo of configuration...
Card Puncher Data Processing
Ansible PlayBook - Task

A task is a call to an ansible module with arguments located in a play list. Variables can be used in arguments to modules. Tasks are executed top to bottom one at a time, against matched by the...
Linux - secure linux (SELinux)

SELinux is a kernel-level policy mechanisms. Alternatively, this can be done during the installation. Manually: Disable secure linux by editing the /etc/selinux/config file, making sure the SELINUX...



Share this page:
Follow us:
Task Runner