4. Ansible Playbooks - Basics
In this lab we’ll get used to writing and running Ansible playbooks.
Create a playbook
webserver.yml which does the following:
httpdon the nodes in the
httpdand ensure the service starts on boot. Ensure that the Linux firewall is also started and enabled.
- Ensure port 80 is open on the firewall.
TipCheck what the options
firewalldmodule mean and do.
- Run the playbook. After completion, test if the
httpd.serviceis running and enabled on
Solution Task 1
Below is a possible solution for your playbook:
Run your playbook with:
httpd.service on group
The ports for ssh, dhcp and cockpit are opened by default in the firewalld. It is best, especially for documentation, to open the ports explicitly in a basic settings file.
- Create a folder
inventoryand move your inventory
- Configure Ansible to use
/home/ansible/techlab/inventory/hostsas the default inventory. Do this using a configuration file in the
- Run the playbook again without using the
-iflag to see if the configuration works.
Solution Task 2
Copy the default ansible.cfg to your directory:
ansible.cfg file. Uncomment and edit the “inventory” entry to use your file:
[defaults] # some basic default values... inventory = /home/ansible/techlab/inventory/hosts # <-- edit this line #library = /usr/share/my_modules/
- Intentionally add errors to your playbook and have a look at the output. You should get a feeling for Ansible’s error messages:
- Add a wrong indentation. Remember that this is a common mistake!
- Use a tab character for identation. Some editors do that automatically.
- Add a wrong parameter name.
- Remove the mistakes.
Solution Task 3
Wrong parameter name:
- Create a playbook
- The playbook
tempfolder.ymlshould create a temporary folder
/var/tempfolderon all servers except those in the group
TipTake a look at the user guide and find out how to use more complex inventory patterns. See Ansible Docs - User Guide
- The folder has to have the sticky bit set, so that only the owner (set owner/group to
ansible) of the content (or root) can delete the files.
- Run the playbook and then check if the sticky bit was set using an ad hoc command.
Solution Task 4
ansible-doc file doesn’t provide any information about setting special permissions like sticky bit (
man chmod will help you though). Remember to use a leading 0 before the actual permissions.