Lesson 3.1: Writing and Running Playbooks

Configuring YUM Repositories Using Ansible Playbook

This Ansible playbook automates the setup of BaseOS and AppStream YUM repositories on managed hosts. It ensures that each node has access to essential software packages by defining repository details, enabling GPG checks, and importing the required GPG key for package security. The playbook is structured as follows:

  • Adds the BaseOS repository with the specified baseurl and GPG key.
  • Adds the AppStream repository for additional software packages.
  • Imports the GPG key from the specified URL to ensure package authenticity.

Before execution, a syntax check ansible-playbook --syntax-check yum-repos.yml verifies correctness. Running the playbook ansible-playbook yum-repos.yml applies the configuration across all managed hosts, ensuring a consistent and secure package management setup.

ansible.builtin.rpm_key is an Ansible module used to manage RPM GPG keys on Red Hat-based systems (RHEL, CentOS, Fedora, etc.). It allows you to import, remove, or verify GPG keys, which are used to authenticate RPM packages before installation. We use ansible-doc rpm_key to retrieve documentation about the rpm_key module, including its description, parameters, and usage examples.

[devops@ansible-server ansible]$ vim yum-repos.yml
[devops@ansible-server ansible]$ cat yum-repos.yml 
- name: Playbook to create BaseOs and AppStream repos
  hosts: all
  tasks:
  - name: Add BaseOS repository
    ansible.builtin.yum_repository:
      name: BaseOS
      description: Base OS Repo
      baseurl: http://192.168.208.100/softwares/BaseOS
      file: external_repos
      enabled: yes
      gpgcheck: yes
      gpgkey: http://192.168.208.100/softwares/RPM-GPG-KEY-centosofficial
  - name: Add AppStream repository
    ansible.builtin.yum_repository:
      name: AppStream
      description: AppStream Repo
      baseurl: http://192.168.208.100/softwares/AppStream
      file: external_repos
      enabled: yes
      gpgcheck: yes
      gpgkey: http://192.168.208.100/softwares/RPM-GPG-KEY-centosofficial
  - name: Import a key from a url
    ansible.builtin.rpm_key:
      state: present
      key: http://192.168.208.100/softwares/RPM-GPG-KEY-centosofficial
[devops@ansible-server ansible]$ ansible-playbook --syntax-check yum-repos.yml 
 
playbook: yum-repos.yml
[devops@ansible-server ansible]$ ansible-playbook yum-repos.yml

Ansible Playbook for Package Installation and Updates

This task requires creating a playbook /home/devops/ansible/packages.yml to manage package installations across different host groups. The playbook will:

  • Install PHP and MariaDB packages on hosts in the dev, test, and prod groups.
  • Install the Development tools package group on hosts in the dev group only.
  • Update all installed packages to their latest versions on hosts in the dev group only. This ensures that each environment has the necessary software while keeping development systems up to date.
[devops@ansible-server ansible]$ cat packages.yml 
- name: Playbook to manage package installations
  hosts: all
  tasks:
  - name: Install the latest version of PHP and mariadb
    ansible.builtin.yum:
      name: "{{ item }}"
      state: latest
    loop:
    - php
    - mariadb
    when: inventory_hostname in groups['dev'] or inventory_hostname in groups['test'] or inventory_hostname in groups['prod']
 
  - name: Install the 'Development tools' package group
    ansible.builtin.yum:
      name: "@Development tools"
      state: present
    when: inventory_hostname in groups['dev']
 
  - name: Upgrade all packages
    ansible.builtin.yum:
      name: '*'
      state: latest
    when: inventory_hostname in groups['dev']
 
[devops@ansible-server ansible]$ ansible-playbook --syntax-check packages.yml 
 
playbook: packages.yml
[devops@ansible-server ansible]$ ansible-playbook packages.yml

Configuring Time Synchronization Using RHEL System Roles in Ansible

This task involves installing the RHEL system roles package and creating an Ansible playbook (/home/devops/ansible/timesync.yml) to manage time synchronization across all managed hosts. The playbook:

  • Uses the timesync role from RHEL system roles to configure NTP settings.
  • Sets the time server to time.google.com for accurate synchronization.
  • Enables the iburst parameter, allowing faster clock adjustments when servers first connect
[devops@ansible-server ansible]$ cat timesync.yml 
- name: Manage timesync
  hosts: all
  vars:
    timesync_ntp_servers:
      - hostname: time.google.com
        iburst: true
  roles:
    - /usr/share/ansible/roles/rhel-system-roles.timesync
[devops@ansible-server ansible]$ ansible-playbook timesync.yml
All systems normal

© 2025 2023 Sanjeeb KC. All rights reserved.