Home Programming Getting started with Ansible? How to use PLAYBOOKS in Ansible?

Getting started with Ansible? How to use PLAYBOOKS in Ansible?

0

Playbooks in the Ansible organize huge series of tasks to run, and address comprises particular sets of servers. It’s compulsory to make that, unlike other configuration tools, playbook does not define a state of the machine, with Ansible responsible all the changes that need to be made on its own. Though, playbooks must be designed to be responsive, meaning that they can be run more than once without destructive effects.

A playbook potency have a task that sets up a configuration file for a server and injects a few variables. The playbook must be scripted such that Ansible can take the configuration file responsively, match it to the real file, and create/update it only if necessary. Luckily, many Ansible modules take care of the heavy lifting for that.

we can type script for playbooks to run primary server configurations, add folders or directories and users confirm, definite software sets are installed or uninstalled, move files, etc. A playbook can be launch in a few commands on one set of machines, switch to a different set to run different commands of play books, and then execute back to the original or a different set of machines. It is routine, and tasks are run in order, first to end.

The manual is represented in YAML format and has the fewest syntax to intentionally try a model that is not a programming language or script but a configuration or process.

Each script consists of one or more “plays”.

The goal of drama is to map a group of broadcasters to well-defined roles, expressed in terms of reliable supplication tasks. At a fundamental level, the task is simply a call to a trusted module.

For writing multiple “play” scripts, you can organize a multi-machine deployment, running certain steps on all the machines in a web server group, then execution some steps on the database server group, and then re-performing commands on the web server group, etc. operating.

More or less is a movement equivalence. You can have quite a few different things that affect your system. It’s not like you just define a specific state or model and you can run different games at different times.

Ansible Configuration via Playbooks

The Play manual in Ansible defines a series of operations to run and locate specific server groups. Note that, unlike other configuration tools, the script does not describe the state of the machine and Ansible identifies all changes that need to be made on its own.

However, the script’s design should be idempotent, which means they can run more than once without negative effects. For example, the script might have a task to set up a configuration file for the server and inject some variables. The script should be written so that Ansible can compare the template configuration file with the actual file and create / update it as necessary. Fortunately, many Ansible modules pay a heavy price.

You can write scripts to perform initial server configuration, add users and directories, ensure that certain packages are installed or uninstalled, move files, and more. The script can also run some commands on a group of machines, switch to another group of machines to run different commands, and then switch back to the original or a different set of machines. This is procedural, and the tasks run in the order of up and down.

A playbook is a YAML file, and typically follows this structure:

 Simple Playbook Example YAML file

 Service check

Assign PlayBook task

Each task should have a name, recorded, can help you keep track of progress. After the named line is the module to run, the other properties provide more options, in which case instructing Ansible to use sudo privileges.

Run PlayBook

ansible-playbook myplaybook.yml

Let’s move in further Playbook Steps

we will create Ansibe playbook name example.yml who will perform the steps written below

  • Modify the root user’s password
  • Modify the user remote
  • Set the remote user’s password
  • Upload your SSH workstation’s public key to the remote user
  • Custom add remote users to the sudoers file
  • Set privileges to Disallow root SSH access
  • Set privileges to Disallow SSH password authentication
  • Set privileges to Disallow SSH GSS API authentication

Create Example.yml

For creating Ecample.yml create the directory of files and playbooks,

Mkdir files

Mkdir playbooks

Copy your SSH Public key from your workstation to the files directory:

cp ~/.ssh/id_rsa.pub files/workstation.pub

Create Yml

touch playbooks/example.yml


  • hosts: all

vars:

  • root_password: ‘HASHED_PASSWORD’

  • remote_password: ‘HASHED_PASSWORD’

 

tasks:

  • name: Change root password

user:

name=root

password={{ root_password }}

 

  • name: Add user remote

user:

name=remote

password={{ remote_password }}

 

  • name: Add SSH public key to user remote

authorized_key:

user=remote

key=”{{ lookup(‘file’, “../files/workstation.pub”) }}”

 

  • name: Add remote user to sudoers

 

lineinfile:

“dest=/etc/sudoers

regexp=’^remote ALL’

line=’remote ALL=(ALL) NOPASSWD: ALL’

state=present”

 

  • name: Disallow root SSH access

lineinfile:

dest=/etc/ssh/sshd_config

regexp=”^PermitRootLogin”

line=”PermitRootLogin no”

state=present

notify:

  • restart sshd

 

  • name: Disallow SSH password authentication

lineinfile:

dest=/etc/ssh/sshd_config

regexp=”^PasswordAuthentication”

line=”PasswordAuthentication no”

state=present

notify:

  • restart sshd

 

  • name: Disallow SSH GSS API authentication

lineinfile:

dest=/etc/ssh/sshd_config

regexp=”^GSSAPIAuthentication”

line=”GSSAPIAuthentication no”

state=present

notify:

  • restart sshd

 

handlers:

  • name: restart sshd

service:

name=sshd

state=restarted

Run Some Ansible Commands

In following commands you will get –user remote –sudo added to the command. These command line switches are not needed if the user you are logged in as on your workstation is the same user you created and login with on the target servers.

Commands for List All Hosts in the Inventory File

A quick way to get a list of all the servers Ansible is aware of:

ansible -i hosts all –list-hosts

How to check All Ansible Gathered Facts for a Specific Server

Every time Ansible runs, it collects various kinds of information. This information is used throughout Ansible Playbook process. Run the following command to see what information is specific to a particular server (also known as the fact) Ansible collects:

ansible -i hosts -m setup HOSTNAME

For example, see all gathered facts on server.domainname.com:

ansible -i hosts -m setup server1.example.com –user remote –sudo

Execute Arbitrary Commands On Servers

Execute command on a specific group in your Inventory File:

ansible -i hosts GROUP -m shell -a “uptime”

For example, execute a command on all servers:

ansible -i hosts all -m shell -a “uptime” –user remote –sudo

Another example, execute a command on servers in group chicago:

ansible -i hosts chicago -m shell -a “uptime” –user remote –sudo

Execute a command on one server in your Inventory File:

ansible -i hosts HOSTNAME -m shell -a “uptime”

For example, execute a command on server1.example.com:

ansible -i hosts server1.example.com -m shell -a “uptime” –user remote –sudo

Conclusion

As I describe above, the directory you created to store your Ansible environment is autonomous. You could create another directory to store a completely different Ansible environment.

Though, if you plan on only having one Ansible directory, you can add the ANSIBLE_HOSTS environment variable that points to your Ansible Inventory File to your ~/.bash_profile so you no longer consume to reference it with the -i hosts command line switch in the Ansible commands:

echo “export ANSIBLE_HOSTS=~/Development/ansible-personal-servers/hosts” >> ~/.bash_profile

Close and re-open your terminal application, or re-source .bash_profile with source ~/.bash_profile, for this to take effect.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

5 + eighteen =