5. Ansible Roles - Basics

During this lab we’ll learn how to write and use Ansible roles.

Task 1

  • Create a directory roles in your techlab folder.
  • Configure your ansible environment to use the roles folder as an additional resource for roles.
Solution Task 1
1
2
3
$ mkdir roles
$ grep roles_path ansible.cfg
roles_path    = /home/ansible/techlab/roles

Task 2

Write a role httpd in your new roles folder which does the following:

  • Install httpd, start its service and enable it to run on boot.
  • Install firewalld, start its service and allow traffic for the services http and https.
Solution Task 2
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
$ cd roles/
$ ansible-galaxy init httpd

$ cat roles/httpd/tasks/main.yml
---
# tasks file for httpd
- name: install packages
  dnf:
    name:
      - httpd
      - firewalld
    state: installed
- name: start services
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  loop:
    - httpd
    - firewalld
- name: open firewall for http and https
  firewalld:
    service: "{{ item }}"
    state: enabled
    immediate: yes
    permanent: true
  loop:
    - http
    - https

Task 3

  • Modify your playbook webserver.yml to use your new httpd role. It should be run on all hosts in the web group.
  • Run your playbook and check if everything went as expected.
Solution Task 3
1
2
3
4
5
6
7
8
$ cat webserver.yml
---
- hosts: web
  become: true
  roles:
    - httpd

$ ansible-playbook webserver.yml

Task 4

  • Create a new role called base. Its file tasks/main.yml should import the files motd.yml and packages.yml. (Create both files under tasks/).
  • motd.yml should do the following: Use the variable motd_content to change the /etc/motd content to “This is a server\n”. Remember to move the template as well as the variable to a correct location in the roles folder.
  • packages.yml should install the packages firewalld, yum-utils, dos2unix, emacs and vim
  • Write a playbook prod.yml that applies the role base to all servers and the role httpd only to the group web.
Solution Task 4
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
$ cd roles/; ansible-galaxy init base;

$ cat roles/base/defaults/main.yml
---
# defaults file for base
motd_content: "This is a server\n"

$ ls roles/base/tasks/
main.yml      motd.yml      packages.yml

$ cat roles/base/tasks/motd.yml
---
- name: put motd template
  template:
    src: templates/motd.j2
    dest: /etc/motd

$ cat roles/base/tasks/packages.yml
---
- name: install packages
  dnf:
    name:
      - firewalld
      - yum-utils
      - dos2unix
      - emacs
      - vim
    state: installed

$ cat roles/base/tasks/main.yml
---
# tasks file for base
- name: set custom text
  include_tasks: motd.yml
  tags: motd
- name: install packages
  include_tasks: packages.yml
  tags: packages

$ cat prod.yml
---
- hosts: all
  become: true
  roles:
    - base

- hosts: web
  become: true
  roles:
    - httpd

Task 5

  • Rewrite the httpd role to apply the base role each time it is used in a playbook. Use a dependency in the meta/main.yml file.
  • Remove the play to run base role on all hosts in the prod.yml playbook. Run the playbook and see if role base was applied on hosts in the web group as well.
Solution Task 5
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
$ cat roles/httpd/meta/main.yml
---
dependencies:
  - base
$ cat prod.yml
---
- hosts: web
  become: true
  roles:
    - httpd

$ ansible-playbook prod.yml

All done?

Last modified November 14, 2022: add http headers (7f665a8)