Ansible is an open sourace automation tool or platform that can be used for configuration management, automation related to sysadmin tasks, application deployment and even for IAC at some extent.
Ansible uses stateless protocol i.e it does not need to maintain server information and current session
Ansible directory structure:
more specifically
| Ansible Architecture | Agentless |
|---|---|
| To communicate with nodes Ansible uses | ssh protocol |
| Ansible playbook uses | YAML syntax |
What is Roles?
Each role is designed to achieve some desired result, So if you want to group multiple task at one place and you want to make them reusable, role is a way to do that.
it is a collection of tasks, templates, files, modules, etc
what is playbook?
Playbooks are written in YAML file, basically it is a way to excute roles and command in scripted way to all the servers or server group that is defined in invenotry file
Idempotency:
it is very good feature that ansible supports, basically it will not changed anything if server is already in desired state
Ansible galaxy:
It is like community or hub you can say where you can find the contents related to ansible like to install and configure httpd, nginx, etc
Modules:
When ansible connects to nodes over ssh there is a program called modules that get pushed along with it, basically it helps ansible to install, deleted, modifiy, etc and get removed when everything is done
what is ansible Ad-Hoc command?
Ad-Hoc commands are way to execute some commands on servers without writting any playbooks
Some Important ansible Ad-Hoc commands
To check whether you are able to ping servers or not
ansible all -m pingWhenever you want to implement some play conditionally, this setup modules can help you, it gives information about servers or server group.
ansible all -m setupSome more commands following:
ansible all -m shell -a 'fdisk -l' -u ec2-user --become -Kansible all -m shell -a 'df -h' --becomeansible all -a "uptime"ansible all -m copy -a 'src=/home/ec2-user/nginx/nginx.yml dest=/home/remote-user/nginx/ owner=root mode=0644' -u root --become -Kansible node1 -m fetch -a 'src=/etc/sudoers.d/nginx.yml dest=/home/ec2-user/nginx/ flat=yes'ansible all -m apt -a 'name=httpd state=latest' --becomeansible all -m apt -a 'name=httpd state=absent purge=yes' --becomeansible all -m service -a 'name=httpd state=started enabled=yes' --becomeansible all -m service -a 'name=httpd state=stopped' --becomeCreating new directory
ansible abc -m file -a "dest = /home/ec2-user/new mode = 777 owner = ec2-user group = ec2-user state = directory"Deleting whole directory and files
ansible abc -m file -a "dest = /home/ec2-user/new state = absent"Frequently used tasks in Ansible
---
#Install and configure httpd
- name: Install and configure httpd
hosts: worker
gather_facts: true
remote_user: root
role:
- ../roles/install-and-configure-httpd
- ../roles/restart-httpd-service
#update hostsfile
- name: update hosts file
hosts: master
gather_facts: true
remote_user: root
role:
- ../roles/update-hosts-file
- name: Run shell script
shell: |
chmod -R 755 /home/ec2-user/shell-script
register: user
ignore_errors: true
- debug: var=user.stdout - name: Run shell script
shell: |
chmod -R 755 /home/ec2-user/shell-script
register: user
ignore_errors: true
- debug: var=user.stdout when: user.stdout|int == 1- name: check if user exist
set_fact:
message: "{% if user.stdout|int == 1 %} 'ansible User was created OK' {% else %} 'ansible user was not created' {% endif %}"
- debug: var=message - name: download rpm file
get_url:
url: "{{ansible_rpm_url}}"
force: yes
dest: /tmp/ansible-2.7.2.noarch.rpm
timeout: 60
retries: 5
delay: 10- name: configure httpd
template:
src: httpd.conf.j2
dest: /etc/httpd/httpd.conf
become: true- name: Make sure following items directory exists
file: path={{item}} state=directory
with_items:
- /opt/httpd
- /etc/httpd
- /home/.httpd
- name: Create dir
file: path={{item}} state=directory owner=ec2-user group=ec2-user mode=0755 with_items: - /home/abc - /home/cde - name: include roles
include_tasks: ../../../../test-roles/roles/fix-bug.yaml
- name: include roles include_tasks: ../../../../test-roles/roles/fix-bug.yaml
when: fix_bug- name: replace regex value in scripts
replace:
path: /tmp/install-httpd.sh
regexp: '@directory_path@'
replace: "'{{document_directory}}'"- name: create users
user:
name: pankaj
shell: /bin/bash
groups: dev,sysadmin
append: yes- name: relaod and restart httpd
systemd:
state: restarted
name: httpd
enabled: yes
root@DESKTOP-3J3M43J:~# cat component-name/roles/init-httpd/handlers/main.yaml
- name: restart httpd
service:
name: httpd
enabled: yes
daemon_reload: yes
state: restarted- pause
minutes: 1
- debug
msg: welcome
run_once: true- name: add line in file
lineinfile:
path: "/etc/httpd/conf/httpd.conf"
inserafter: ^\[Documentroot\]$
line: "Documentroot: /var/lib/httpd"
notify: httpd restart- name: pip install ansible
command: "/usr/bin/pip install ansible"
become_user: "{{some_user}}"#!/usr/bin
How to use Jinja2 Template in Ansible Playbook
- jinja2 is python based templating language.
- we use it mostly when we want to keep some configuration files or any file dynamic.
- When configuration changes are mostly dynamic you don't know the value before running the playbook then we use this template.
- We just keep the variable of Ansible-playbook in this jinja template which can get replaced while running the playbook.
- We can use loops and conditional statement to transform the data according to our requirement..
- It comes with .j2 extension.
- It is very easy to use.
Tags:
{# #} When you want to comment something to describe the tasks.
{% %} In control statement such as if-else, for loops we use this Tag.
{{ }} This tag will replace the variable name with the actual value.
[pankaj@host]$ ansible-playbook ansible-playbook-example.yaml
Thank you for reading!!
.jpg)
0 Comments