5. Ansible Roles - Basics
During this lab we’ll learn how to write and use Ansible roles.
Task 1
- Create a directory
roles in your techlab folder. - Configure your ansible environment to use the
roles folder as an additional resource for roles.
Solution Task 1
1
2
3
| $ mkdir roles
$ grep roles_path ansible.cfg
roles_path = /home/ansible/techlab/roles
|
Task 2
Write a role httpd in your new roles folder which does the
following:
- Install
httpd, start its service and enable it to run on boot. - Install
firewalld, start its service and allow traffic for the services http and https.
Solution Task 2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| $ cd roles/
$ ansible-galaxy init httpd
$ cat roles/httpd/tasks/main.yml
---
# tasks file for httpd
- name: install packages
ansible.builtin.dnf:
name:
- httpd
- firewalld
state: installed
- name: start services
ansible.builtin.systemd_service:
name: "{{ item }}"
state: started
enabled: true
loop:
- httpd
- firewalld
- name: open firewall for http and https
ansible.posix.firewalld:
service: "{{ item }}"
state: enabled
immediate: true
permanent: true
loop:
- http
- https
|
Task 3
- Modify your playbook
webserver.yml to use your new httpd role. It should be run on all hosts in the web group. - Run your playbook and check if everything went as expected.
Solution Task 3
1
2
3
4
5
6
7
8
| $ cat webserver.yml
---
- hosts: web
become: true
roles:
- httpd
$ ansible-playbook webserver.yml
|
Task 4
- Create a new role called
base.
Its file tasks/main.yml should import the files motd.yml and packages.yml.
(Create both files under tasks/). motd.yml should do the following: Use the variable base_motd_content to change the /etc/motd content to
“This is a server\n”.
Remember to move the template as well as the variable to a correct location in the roles folder.packages.yml should install the packages firewalld, yum-utils, dos2unix, emacs and vim- Write a playbook
prod.yml that applies the role base to all servers
and the role httpd only to the group web.
Solution Task 4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
| $ cd roles/; ansible-galaxy init base;
$ cat roles/base/defaults/main.yml
---
# defaults file for base
base_motd_content: "This is a server\n"
$ ls roles/base/tasks/
main.yml motd.yml packages.yml
$ cat roles/templates/motd.j2
{{ base_motd_content }}
IP ADDRESS: {{ ansible_default_ipv4.address }}
OS: {{ ansible_os_family }}
$ cat roles/base/tasks/motd.yml
---
- name: put motd template
ansible.builtin.template:
src: templates/motd.j2
dest: /etc/motd
mode: "0644"
$ cat roles/base/tasks/packages.yml
---
- name: install packages
ansible.builtin.dnf:
name:
- firewalld
- yum-utils
- dos2unix
- emacs
- vim
state: installed
$ cat roles/base/tasks/main.yml
---
# tasks file for base
- name: set custom text
ansible.builtin.include_tasks: motd.yml
tags: motd
- name: install packages
ansible.builtin.include_tasks: packages.yml
tags: packages
$ cat prod.yml
---
- hosts: all
become: true
roles:
- base
- hosts: web
become: true
roles:
- httpd
|
Note
Take notice of the different content of /etc/motd on the control node!
Task 5
- Rewrite the
httpd role to apply the base role each time it is used in a playbook.
Use a dependency in the meta/main.yml file. - Remove the play to run
base role on all hosts in the prod.yml playbook.
Run the playbook and see if role base was applied on hosts in the web group as well.
Solution Task 5
1
2
3
4
5
6
7
8
9
10
11
12
| $ cat roles/httpd/meta/main.yml
---
dependencies:
- base
$ cat prod.yml
---
- hosts: web
become: true
roles:
- httpd
$ ansible-playbook prod.yml
|
All done?