4. Ansible Playbooks - Basics

In this lab we’ll get used to writing and running Ansible playbooks.

Task 1

Create a playbook webserver.yml which does the following:

Install httpd on the nodes in the web group.
Start httpd and ensure the service starts on boot. Ensure that the Linux firewall is also started and enabled.
Ensure port 80 is open on the firewall.

Tip

Check what the options immediate and permanent of the firewalld module mean and do.

Run the playbook. After completion, test if the httpd.service is running and enabled on node1.

Solution Task 1

Below is a possible solution for your playbook:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
---
- hosts: web
  become: true
  tasks:
    - name: install httpd
      dnf:
        name: httpd
        state: installed
    - name: start and enable httpd
      service:
        name: httpd
        state: started
        enabled: yes
    - name: start and enable firewalld
      service:
        name: firewalld
        state: started
        enabled: yes
    - name: open firewall for http
      firewalld:
        service: http
        state: enabled
        permanent: yes
        immediate: yes

Run your playbook with:

1
ansible-playbook -i hosts webserver.yml

Check httpd.service on group web:

1
 ansible -i hosts web -b -a "systemctl status httpd"

Hint

The ports for ssh, dhcp and cockpit are opened by default in the firewalld. It is best, especially for documentation, to open the ports explicitly in a basic settings file.

Task 2

Create a folder inventory and move your inventory hosts there.
Configure Ansible to use /home/ansible/techlab/inventory/hosts as the default inventory. Do this using a configuration file in the /home/ansible/techlab/ directory.
Run the playbook again without using the -i flag to see if the configuration works.

Solution Task 2

Copy the default ansible.cfg to your directory:

1
2
3
mkdir /home/ansible/techlab/inventory
mv /home/ansible/techlab/hosts /home/ansible/techlab/inventory/
cp /etc/ansible/ansible.cfg /home/ansible/techlab/

Edit your ansible.cfg file. Uncomment and edit the “inventory” entry to use your file:

[defaults]
# some basic default values...
inventory      = /home/ansible/techlab/inventory/hosts # <-- edit this line
#library        = /usr/share/my_modules/

1
2
3
4
5
6
7
8
9
$ ansible-playbook webserver.yml
PLAY [web] ***********************************************************************

TASK [Gathering Facts] ***********************************************************
ok: [node1]

TASK [install httpd] *************************************************************
ok: [node1]
...

Task 3

Intentionally add errors to your playbook and have a look at the output. You should get a feeling for Ansible’s error messages:
- Add a wrong indentation. Remember that this is a common mistake!
- Use a tab character for identation. Some editors do that automatically.
- Add a wrong parameter name.
- Remove the mistakes.

Solution Task 3

Wrong intendation:

1
2
3
4
5
6
7
8
---
- hosts: web
  become: true
  tasks:
    - name: install httpd
      dnf:
      name: httpd        # <-- wrong intendation
      state: installed   # <-- wrong intendation

Wrong parameter name:

1
2
3
4
5
6
7
8
9
---
- hosts: web
  become: true
  tasks:
    - name: install httpd
      dnf:
        name: httpd
        state: installed
        enabled: yes     # <-- doesn't exist for dnf module

Task 4

Create a playbook tempfolder.yml
The playbook tempfolder.yml should create a temporary folder /var/tempfolder on all servers except those in the group db.

Tip

Take a look at the user guide and find out how to use more complex inventory patterns. See Ansible Docs - User Guide

The folder has to have the sticky bit set, so that only the owner (set owner/group to ansible) of the content (or root) can delete the files.
Run the playbook and then check if the sticky bit was set using an ad hoc command.

Solution Task 4

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
$ cat tempfolder.yml
---
- hosts: all:!db
  become: true
  tasks:
    - name: create temp folder with sticky bit set
      file:
        dest: /var/tempfolder
        mode: "01755"
        owner: ansible
        group: ansible
        state: directory

$ ansible-playbook tempfolder.yml
$ ansible web,controller -b -a "ls -ld /var/tempfolder"

Note

ansible-doc file doesn’t provide any information about setting special permissions like sticky bit (man chmod will help you though). Remember to use a leading 0 before the actual permissions.

All done?

Ansible 101 by Jeff Geerling

4.1 Ansible Playbooks - Variables and Loops

4.2 Ansible Playbooks - Templates

4.3 Ansible Playbooks - Output

4.4 Ansible-Pull

4.5 Task control

Last modified October 14, 2024: use working image in Vagrantfile (#214) (0364944)