Preparation Set 1
Package Installation
Control Node
[devops@control ~]$ sudo yum -y install ansible-core
[devops@control ~]$ sudo yum -y install epel-release
[devops@control ~]$ sudo yum -y install ansibleHost Machines
[devops@host1 ~]$ rpm -q python3
[devops@host2 ~]$ rpm -q python3
[devops@host3 ~]$ rpm -q python3
[devops@host4 ~]$ rpm -q python3 Creating ansible.cfg (configuration file)
[devops@control playbooks]$ pwd
/home/devops/playbooks
[devops@control playbooks]$ vim ansible.cfg
[defaults]
inventory=/home/devops/playbooks/inventory
remote_user=devops
roles_path=/home/devops/playbooks/roles:/usr/share/ansible/roles
collections_path=/home/devops/playbooks/collections:/usr/share/ansible/collections
[privilege_escalation]
become=trueCreating inventory file
[devops@control playbooks]$ vim /home/devops/playbooks/inventory
[devops@control playbooks]$ cat /home/devops/playbooks/inventory
[testservers]
192.168.208.181
192.168.208.182
[devsystems]
192.168.208.183
[research]
192.168.208.184
[testdev:children]
testservers
devsystems
# Test the hosts available
[devops@control playbooks]$ ansible testservers --list-hosts
hosts (2):
192.168.208.181
192.168.208.182
[devops@control playbooks]$ ansible devsystems --list-hosts
hosts (1):
192.168.208.183
[devops@control playbooks]$ ansible research --list-hosts
hosts (1):
192.168.208.184
[devops@control playbooks]$ ansible testdev --list-hosts
hosts (3):
192.168.208.181
192.168.208.182
192.168.208.183Setting up indentation Properties
# to remember (afys atse)
[devops@control ~]$ vi .vimrc
[devops@control ~]$ cat .vimrc
autocmd FileType yaml setlocal ai ts=2 sw=2 etSystem Roles
[devops@control playbooks]$ sudo yum -y install rhel-system-roles
[devops@control playbooks]$ ls /usr/share/ansible/roles/
linux-system-roles.ad_integration rhel-system-roles.ad_integration
linux-system-roles.aide rhel-system-roles.aide
linux-system-roles.bootloader rhel-system-roles.bootloader
... ...Viewing Collections
[devops@control playbooks]$ ls /usr/share/ansible/collections/
ansible_collectionsCreting folder for roles & collections
[devops@control playbooks]$ mkdir -p /home/devops/playbooks/roles
[devops@control playbooks]$ mkdir -p /home/devops/playbooks/collectionsInstalling collection
ansible-galaxy collection install -p /home/devops/playbooks/collections http://..../...tar.gz
ansible-galaxy collection listCreate a playbook configuring yum repo
[devops@control playbooks]$ pwd
/home/devops/playbooks
[devops@control playbooks]$ vi yumrepo.yml
# Copy Example number 2 from
# [devops@control ~]$ ansible-doc yum_repository
# Copy Example number 1 from
# [devops@control ~]$ ansible-doc rpm_key
[devops@control playbooks]$ cat yumrepo.yml
- name: playbook to configure yum repository
hosts: testservers
tasks:
- name: Adding yum repo for baseos
ansible.builtin.yum_repository:
name: BaseOS
description: BaseOS repo
file: test
baseurl: http://192.168.208.137/softwares/BaseOS
gpgcheck: yes
- name: Adding yum repo for appstream
ansible.builtin.yum_repository:
name: AppStream
description: Appsream repo
file: test
baseurl: http://192.168.208.137/softwares/BaseOS
gpgcheck: yes
- name: Import Rpm key
ansible.builtin.rpm_key:
state: present
key: http://192.168.208.137/softwares/gpgkey
# Check syntax
[devops@control playbooks]$ ansible-playbook --syntax-check yumrepo.yml
playbook: yumrepo.yml
# share ssh key
[devops@control playbooks]$ ssh-copy-id devops@192.168.208.181
[devops@control playbooks]$ ssh-copy-id devops@192.168.208.182
# Run the playbook
[devops@control playbooks]$ ansible-playbook yumrepo.yml
# Checking the the host machine
[devops@host1 yum.repos.d]$ cat test.repo
[BaseOS]
baseurl = http://192.168.208.137/softwares/BaseOS
gpgcheck = 1
name = BaseOS repo
[AppStream]
baseurl = http://192.168.208.137/softwares/BaseOS
gpgcheck = 1
name = Appsream repoTask 6: Install a package , package group , upgrade package using playbook
[devops@control playbooks]$ vi pkg.yml
[devops@control playbooks]$ cat pkg.yml
- name: Playbook to install required package
hosts: devsystems
tasks:
- name: Install the list of given packages
ansible.builtin.yum:
name:
- samba
- mysql
- vsftpd
state: present
- name: Install the 'Security tools' package group
ansible.builtin.yum:
name: "@Security Tools"
state: present
- name: Upgrade samba packages
ansible.builtin.yum:
name: 'samba'
state: latest
[devops@control playbooks]$ ansible-playbook --syntax-check pkg.yml
playbook: pkg.yml
[devops@control playbooks]$ ansible-playbook pkg.yml
# Checkin in devsystems if installed
[devops@host3 ~]$ rpm -q vsftpd
vsftpd-3.0.5-6.el9.aarch64
[devops@host3 ~]$ rpm -q samba
samba-4.21.3-2.el9.aarch64
[devops@host3 ~]$ rpm -q mysql
mysql-8.0.36-1.el9.aarch64
[devops@host3 ~]$ yum group list
Last metadata expiration check: 0:32:53 ago on Wed 22 Jan 2025 10:29:19 AM +0545.
Available Environment Groups:
Server
Minimal Install
Custom Operating System
Installed Environment Groups:
Server with GUI
Installed Groups:
Container Management
Headless Management
Security Tools
Available Groups:
Legacy UNIX Compatibility
Console Internet Tools
Development Tools
.NET Development
Graphical Administration Tools
Network Servers
RPM Development Tools
Scientific Support
Smart Card Support
System ToolsTask 7: Create a playbook to Deploy Apache Web Server
Method I: Creating index page and copying
# ansible-doc firewalld
# ansible-doc service
# Create index.html file
[devops@control playbooks]$ cat index.html
<h1>This is test web page for ansible! </h1>
# Create Playbook file
[devops@control playbooks]$ cat webdeploy.yml
- name: Playbook to deploy apache webserver in testdev
hosts: testdev
tasks:
- name: Install the latest version of Apache and firewalld
ansible.builtin.yum:
name:
- httpd
- firewalld
state: latest
- name: Start service httpd, if not started
ansible.builtin.service:
name: httpd
state: started
enabled: yes
- name: Start service firewall, if not started
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
- name: permit traffic in default zone for https service
ansible.posix.firewalld:
service: http
permanent: true
state: enabled
immediate: true
- name: Copy index.html page
ansible.builtin.copy:
src: /home/devops/playbooks/index.html
dest: /var/www/html/index.html
[devops@control playbooks]$ ansible-playbook --syntax-check webdeploy.yml
playbook: webdeploy.yml
[devops@control playbooks]$ ansible-playbook webdeploy.yml Method II: Copy Inline file
# ansible-doc copy
[devops@control playbooks]$ vim 1webdeploy.yml
[devops@control playbooks]$ cat 1webdeploy.yml
- name: Playbook to deploy apache webserver in testdev
hosts: testdev
tasks:
- name: Install the latest version of Apache and firewalld
ansible.builtin.yum:
name:
- httpd
- firewalld
state: latest
- name: Start service httpd, if not started
ansible.builtin.service:
name: httpd
state: started
enabled: yes
- name: Start service firewall, if not started
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
- name: permit traffic in default zone for https service
ansible.posix.firewalld:
service: http
permanent: true
state: enabled
immediate: true
- name: Copy using inline content
ansible.builtin.copy:
content: '<h1>Ansible Created index.html file !</h1>'
dest: /var/www/html/index.html
[devops@control playbooks]$ ansible-playbook --syntax-check 1webdeploy.yml
playbook: 1webdeploy.yml
[devops@control playbooks]$ ansible-playbook 1webdeploy.yml Method III: Create file using lineinfile
# ansible-doc lineinfile
[devops@control playbooks]$ vim 2webdeploy.yml
[devops@control playbooks]$ cat 2webdeploy.yml
- name: Playbook to deploy apache webserver in testdev
hosts: testdev
tasks:
- name: Install the latest version of Apache and firewalld
ansible.builtin.yum:
name:
- httpd
- firewalld
state: latest
- name: Start service httpd, if not started
ansible.builtin.service:
name: httpd
state: started
enabled: yes
- name: Start service firewall, if not started
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
- name: permit traffic in default zone for https service
ansible.posix.firewalld:
service: http
permanent: true
state: enabled
immediate: true
- name: Create a index.html file
ansible.builtin.lineinfile:
path: /var/www/html/index.html
line: <h1>A newly created Ansible file!</h1>
create: yes
[devops@control playbooks]$ ansible-playbook --syntax-check 2webdeploy.yml
playbook: 2webdeploy.yml
[devops@control playbooks]$ ansible-playbook 2webdeploy.yml Method IV: Create directory and symbolic link
[devops@control playbooks]$ cat 3webdeploy.yml
- name: Playbook to deploy apache webserver in testdev
hosts: testdev
tasks:
- name: Install the latest version of Apache and firewalld
ansible.builtin.yum:
name:
- httpd
- firewalld
state: latest
- name: Start service httpd, if not started
ansible.builtin.service:
name: httpd
state: started
enabled: yes
- name: Start service firewall, if not started
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
- name: permit traffic in default zone for https service
ansible.posix.firewalld:
service: http
permanent: true
state: enabled
immediate: true
- name: Create a directory if it does not exist
ansible.builtin.file:
path: /webdoc
state: directory
mode: '3775'
owner: devops
group: devops
setype: httpd_sys_content_t
- name: Create a symbolic link
ansible.builtin.file:
src: /webdoc
dest: /var/www/html/webdoc
state: link
- name: Creating index file
ansible.builtin.lineinfile:
path: /webdoc/index.html
line: Testing
create: yes
setype: httpd_sys_content_tCreate a playbook to schedule cron job on the remote host
# Only works using sudo because privilege_escalation true
[devops@control playbooks]$ cat cronschedule.yml
- name: Playbook to schedule cron jobs
hosts: all
tasks:
- name: Schedule a job that runs at 9:30 am
ansible.builtin.cron:
name: Check logged in users
minute: "30"
hour: "9"
job: "who"
[devops@control playbooks]$ ansible-playbook --syntax-check cronschedule.yml
playbook: cronschedule.yml
[devops@control playbooks]$ ansible-playbook cronschedule.yml
# For a specific user devops
[devops@control playbooks]$ cat cronschedule.yml
- name: Playbook to schedule cron jobs
hosts: all
tasks:
- name: Schedule a job that runs every 5 minutes
ansible.builtin.cron:
name: Check memory
minute: "*/5"
job: "df -h"
user: devops
[devops@control playbooks]$ ansible-playbook --syntax-check cronschedule.yml
playbook: cronschedule.yml
[devops@control playbooks]$ ansible-playbook cronschedule.yml Using system roles
Use timesync system role to synchronize time of the remote host with the given NTP server
# Search /Example Playbook in README.md and copy
[devops@control rhel-system-roles.timesync]$ pwd
/usr/share/ansible/roles/rhel-system-roles.timesync
[devops@control rhel-system-roles.timesync]$ less README.md
# Paste and modify in the playbook
[devops@control playbooks]$ vim timesync.yml
[devops@control playbooks]$ cat timesync.yml
- name: Playbook to sync the host with NTP server
hosts: testservers
vars:
timesync_ntp_servers:
- hostname: time.google.com
iburst: true
roles:
- rhel-system-roles.timesync
[devops@control playbooks]$ ansible-playbook --syntax-check timesync.yml
playbook: timesync.yml
[devops@control playbooks]$ ansible-playbook timesync.yml Creating a playbook when (if)
Creating multiple play
[devops@control playbooks]$ vim infofile.yml
[devops@control playbooks]$ cat infofile.yml
- name: Playbook to create info file
hosts: testservers
tasks:
- name: Create info file in testservers
ansible.builtin.copy:
content: "This is info for testserver"
dest: /tmp/info
- name: Playbook to create info file
hosts: devsystems
tasks:
- name: Create info file in testservers
ansible.builtin.copy:
content: "This is info for devsystems"
dest: /tmp/info
- name: Playbook to create info file
hosts: research
tasks:
- name: Create info file in testservers
ansible.builtin.copy:
content: "This is info for research"
dest: /tmp/info
[devops@control playbooks]$ ansible-playbook --syntax-check infofile.yml
[devops@control playbooks]$ ansible-playbook infofile.yml Creating a single play with when condition
[devops@control playbooks]$ cat 1infofile.yml
- name: Playbook to create info file
hosts: all
tasks:
- name: Create info file in testservers
ansible.builtin.copy:
content: "This is info for testserver using when condition\n"
dest: /tmp/new_info
when: inventory_hostname in groups['testservers']
- name: Create info file in devsystems
ansible.builtin.copy:
content: "This is info for devsystems using when condition\n"
dest: /tmp/new_info
when: inventory_hostname in groups['devsystems']
- name: Create info file in research
ansible.builtin.copy:
content: "This is info for research using when condition\n"
dest: /tmp/new_info
when: inventory_hostname in groups['research']
[devops@control playbooks]$ ansible-playbook 1infofile.yml Ansible Vault
# To create a file
[devops@control playbooks]$ ansible-vault create userpass.yml
# To View the file
[devops@control playbooks]$ ansible-vault view userpass.yml
Vault password:
- hr_pass: redhat123
- admin_pass: redhat456
# To change the password of the file
[devops@control playbooks]$ ansible-vault rekey userpass.yml
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successfulCreate a playbook to create users with given information
[devops@control playbooks]$ cat userdata.yml
newusers:
- name: ramesh
jobrole: hr
- name: ribik
jobrole: admin
- name: anjit
jobrole: hr
[devops@control playbooks]$ ansible-vault view userpass.yml
Vault password:
- hr_pass: redhat123
- admin_pass: redhat456
[devops@control playbooks]$ cat usercreate.yml
- name: playbook to create some new users
hosts: testservers
vars_files:
- userdata.yml
- userpass.yml
tasks:
- name: Create hrgrp Group
ansible.builtin.group:
name: hrgrp
state: present
- name: Create admingrp Group
ansible.builtin.group:
name: admingrp
state: present
- name: Add users with hr job role
ansible.builtin.user:
name: "{{ item.name }}"
group: hrgrp
password: "{{ hr_pass|password_hash('sha512') }}"
with_items: "{{ newusers }}"
when: item.jobrole == "hr"
- name: Add users with admin job role
ansible.builtin.user:
name: "{{ item.name }}"
group: admingrp
password: "{{ admin_pass|password_hash('sha512') }}"
with_items: "{{ newusers }}"
when: item.jobrole == "admin"
[devops@control playbooks]$
[devops@control playbooks]$ ansible-playbook --vault-password-file=pass --syntax-check usercreate.yml
playbook: usercreate.yml
[devops@control playbooks]$ ansible-playbook --vault-password-file=pass usercreate.yml Viewing
[devops@control playbooks]$ ansible testservers -m setup -a 'filter=fqdn'
192.168.208.181 | SUCCESS => {
"ansible_facts": {
"ansible_fqdn": "li1047-197.members.linode.com",
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
192.168.208.182 | SUCCESS => {
"ansible_facts": {
"ansible_fqdn": "li972-44.members.linode.com",
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
[devops@control playbooks]$ ansible testservers -m setup -a 'filter=*hostname*'
192.168.208.182 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "host2",
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
192.168.208.181 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "host1",
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}Create playbook to deploy apache web service on the testservers using ansible facts
# Viewing the values
[devops@control playbooks]$ ansible testservers -m setup -a "filter=*cpu*"
192.168.208.182 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 2,
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
192.168.208.181 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 2,
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
[devops@control playbooks]$ ansible testservers -m setup -a "filter=*fqdn*"
192.168.208.182 | SUCCESS => {
"ansible_facts": {
"ansible_fqdn": "li40-174.members.linode.com",
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
192.168.208.181 | SUCCESS => {
"ansible_facts": {
"ansible_fqdn": "li974-235.members.linode.com",
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
[devops@control playbooks]$ ansible testservers -m setup -a "filter=*hostname*"
192.168.208.182 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "host2",
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
192.168.208.181 | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "host1",
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
[devops@control playbooks]$ anisble testservers -m setup -a "filter=*ipv4*"
bash: anisble: command not found...
Similar command is: 'ansible'
[devops@control playbooks]$ ansible testservers -m setup -a "filter=*ipv4*"
192.168.208.181 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.208.181",
"192.168.208.150"
],
"ansible_default_ipv4": {
"address": "192.168.208.150",
"alias": "ens160",
"broadcast": "192.168.208.255",
"gateway": "192.168.208.2",
"interface": "ens160",
"macaddress": "00:0c:29:4f:c4:72",
"mtu": 1500,
"netmask": "255.255.255.0",
"network": "192.168.208.0",
"prefix": "24",
"type": "ether"
},
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
192.168.208.182 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.208.182",
"192.168.208.151"
],
"ansible_default_ipv4": {
"address": "192.168.208.151",
"alias": "ens160",
"broadcast": "192.168.208.255",
"gateway": "192.168.208.2",
"interface": "ens160",
"macaddress": "00:0c:29:17:5b:64",
"mtu": 1500,
"netmask": "255.255.255.0",
"network": "192.168.208.0",
"prefix": "24",
"type": "ether"
},
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false
}
# Creating index.html.j2 file
[devops@control playbooks]$ vim index.html.j2
[devops@control playbooks]$ cat index.html.j2
<h1>The Total Number of CPU in this machine is : {{ ansible_processor_vcpus }} </h1>
<h1>Full Hostname of this machine is : {{ ansible_hostname }} </h1>
<h1>Ip address of this machine is : {{ ansible_facts['default_ipv4']['address'] }} </h1>
# Creating yml file
[devops@control playbooks]$ cat webdeploy_facts.yml
- name: Deploy apache webserver using ansible facts
hosts: testservers
tasks:
- name: Install the latest version of Apache
ansible.builtin.yum:
name:
- httpd
- firewalld
state: latest
- name: Start service httpd, if not started
ansible.builtin.service:
name: httpd
state: started
enabled: yes
- name: Start service firewalld, if not started
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
- name: permit traffic in default zone for https service
ansible.posix.firewalld:
service: https
permanent: true
state: enabled
immediate: true
- name: Copy index.html.j2
ansible.builtin.template:
src: /home/devops/playbooks/index.html.j2
dest: /var/www/html/index.html
[devops@control playbooks]$ ansible-playbook webdeploy_facts.yml
# Testing
[devops@host1 html]$ curl 192.168.208.181
<h1>The Total Number of CPU in this machine is : 2 </h1>
<h1>Full Hostname of this machine is : host1 </h1>
<h1>Ip address of this machine is : 192.168.208.150 </h1>
[devops@host2 ~]$ curl 192.168.208.182
<h1>The Total Number of CPU in this machine is : 2 </h1>
<h1>Full Hostname of this machine is : host2 </h1>
<h1>Ip address of this machine is : 192.168.208.151 </h1>---
[devops@control playbooks]$ cat myhosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups['all'] %}
{{ hostvars[host]['ansible_default_ipv4']['address'] }} {{ hostvars[host]['ansible_fqdn'] }} {{ hostvars[host]['ansible_hostname'] }}
{% endfor %}
[devops@control playbooks]$ cat createhost.yml
- name: Playbook to generate hosts file
hosts: all
tasks:
- name: Template to generate host file
ansible.builtin.template:
src: myhosts.j2
dest: /tmp/newhosts
when: inventory_hostname in groups['testservers']
[devops@control playbooks]$ ansible-playbook --syntax-check createhost.yml
playbook: createhost.yml
[devops@control playbooks]$ ansible-playbook createhost.yml Machine Information
[devops@control playbooks]$ cat machinedata.yml
- name: Playbook to collect machine information
hosts: all
ignore_errors: yes
tasks:
- name: Download machineinfo
ansible.builtin.get_url:
url: http://192.168.208.181/machineinfo
dest: /tmp/machineinfo
- name: get hostname info
ansible.builtin.lineinfile:
path: /tmp/machineinfo
regexp: '^hostname='
line: hostname = "{{ansible_hostname| default('Value not available') }}"
- name: get total_sda_size info
ansible.builtin.lineinfile:
path: /tmp/machineinfo
regexp: '^total_sda_size='
line: toal_sda_size = "{{ansible_devices.nvme0n1.size| default('Value not available') }}"
- name: get total_sdb_size info
ansible.builtin.lineinfile:
path: /tmp/machineinfo
regexp: '^total_sdb_size='
line: total_sdb_size = "{{ansible_devices.nvme0n2.size| default('Value not available') }}"
- name: get total_memory info
ansible.builtin.lineinfile:
path: /tmp/machineinfo
regexp: '^total_memory='
line: hostname = "{{ansible_memtotal_mb| default('Value not available') }}"
- name: get BIOS version info
ansible.builtin.lineinfile:
path: /tmp/machineinfo
regexp: '^bios_version='
line: hostname = "{{ansible_bios_version| default('Value not available') }}"
- name: get fullname info
ansible.builtin.lineinfile:
path: /tmp/machineinfo
regexp: '^fullname='
line: hostname = "{{ansible_fqdn| default('Value not available') }}"
[devops@control playbooks]$ ansible-playbook machinedata.yml
# Testing
[devops@host1 ~]$ cat /tmp/machineinfo
hostname = "host1"
toal_sda_size = "25.00 GB"
total_sdb_size = "Value not available"
hostname = "3585"
hostname = "VMW201.00V.21805430.BA64.2305221830"
hostname = "host1.pis.com"
[devops@host2 ~]$ cat /tmp/machineinfo
hostname = "host2"
toal_sda_size = "25.00 GB"
total_sdb_size = "Value not available"
hostname = "3585"
hostname = "VMW201.00V.21805430.BA64.2305221830"
hostname = "host2.pis.com"
[devops@host3 html]$ cat /tmp/machineinfo
hostname = "host3"
toal_sda_size = "25.00 GB"
total_sdb_size = "Value not available"
hostname = "3585"
hostname = "VMW201.00V.21805430.BA64.2305221830"
hostname = "host3.pis.com"
[devops@host4 ~]$ cat /tmp/machineinfo
hostname = "host4"
toal_sda_size = "25.00 GB"
total_sdb_size = "Value not available"
hostname = "3585"
hostname = "VMW201.00V.21805430.BA64.2305221830"
hostname = "host4.pis.com"Deploy mail servers on Testservers using ansible role
# Init mail role folder
[devops@control roles]$ pwd
/home/devops/playbooks/roles
[devops@control roles]$ ansible-galaxy init mailrole
- Role mailrole was created successfully
[devops@control roles]$ ls
mailrole
[devops@control roles]$ cd mailrole/
[devops@control mailrole]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@control mailrole]$ cd tasks/
[devops@control tasks]$ ls
main.yml
[devops@control tasks]$ vi main.yml
[devops@control tasks]$ cat main.yml
- name: Install mail releated packages
ansible.builtin.yum:
name: "{{ item }}"
state: latest
loop: "{{ pkgs }}"
notify:
- restart_postfix
- name: allow smtp and pop packets in firewall
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
state: enabled
immediate: true
loop: "{{ fwll_rule }}"
- name: Start services, if not started
ansible.builtin.service:
name: "{{ item }}"
state: started
enabled: yes
loop: "{{ svc }}"
- name: Create a file matching hostname
ansible.builtin.template:
src: hostinfo.j2
dest: /tmp/hostinfo
- name: Copy static file
ansible.builtin.copy:
src: data
dest: /tmp/data
[devops@control tasks]$ pwd
/home/devops/playbooks/roles/mailrole/tasks
[devops@control tasks]$
[devops@control tasks]$ cd ..
[devops@control mailrole]$ cd templates/
[devops@control templates]$ ls
[devops@control templates]$ vi hostinfo.j2
[devops@control templates]$ cat hostinfo.j2
Welcome to {{ ansible_facts['default_ipv4']['address'] }}
[devops@control templates]$
[devops@control templates]$ cd ..
[devops@control mailrole]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@control mailrole]$ cd files/
[devops@control files]$ vi data
[devops@control files]$ cat data
Mail Server Deployed Successfully !
[devops@control vars]$ pwd
/home/devops/playbooks/roles/mailrole/vars
[devops@control vars]$ ls
main.yml
[devops@control vars]$ vim main.yml
[devops@control vars]$ cat main.yml
---
# vars file for mailrole
pkgs:
- postfix
- dovecot
fwll_rule:
- smtp
- pop3
svc:
- postfix
- dovecot
[devops@control mailrole]$ cd handlers/
[devops@control handlers]$ ls
main.yml
[devops@control handlers]$ vim main.yml
[devops@control handlers]$ cat main.yml
---
# handlers file for mailrole
- name: restart_postfix
ansible.builtin.service:
name: postfix
state: restarted
[devops@control playbooks]$ pwd
/home/devops/playbooks
[devops@control playbooks]$ cat deploymail_role.yml
- name: Deploying mail server on the test machine
hosts: testservers
roles:
- mailrole
[devops@control playbooks]$ ansible-playbook deploymail_role.yml Creating Roles
We will be creating roles in a separate server for making lab setup like examination. In the examination, the instructor will provide the link to the role directory.
# Creating Role2 for database
[devops@control role2]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@control role2]$ cat tasks/main.yml
- name: Install MYSQL db
ansible.builtin.yum:
name: "{{ item }}"
state: latest
loop: "{{ pkg }}"
notify:
- restart_db
[devops@control role2]$ vim main.yml
[devops@control role2]$ cat defaults/main.yml
pkg:
- mariadb-server
- mariadb
[devops@control role2]$ cat handlers/main.yml
- name: restart_db
ansible.builtin.service:
name: mariadb
state: restarted
enabled: yes
[devops@control role2]$
# Creating Role1
[devops@control role1]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@control role1]$ cat defaults/main.yml
---
# defaults file for role1
[devops@control role1]$ cat files/index.html
<h1>This is a web server (role1) !</h1>
[devops@control role1]$ cat templates/home.j2
Welcome to Host : {{ ansible_facts['hostname'] }}
Your Ip Address is : {{ ansible_facts['default_ipv4']['address'] }}
[devops@control role1]$ cat vars/main.yml
---
# vars file for role1
pkgs:
- httpd
- firewalld
svc:
- httpd
- firewalld
firewall_svc:
- http
- https
[devops@control role1]$ cat tasks/main.yml
---
# tasks file for role1
[devops@control roles]$ ansible-galaxy init role1
- name: Install the latest version of Apache
ansible.builtin.yum:
name: "{{ item }}"
state: latest
loop: "{{ pkgs }}"
- name: Start service , if not started
ansible.builtin.service:
name: "{{ item }}"
state: started
enabled: yes
loop: "{{ svc }}"
- name: permit traffic in default zone for https service
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
state: enabled
immediate: true
loop: "{{ firewall_svc }}"
- name: Create a directory if it does not exist
ansible.builtin.file:
path: /var/www/html/role1
state: directory
mode: '0755'
- name: Copy index.html file
ansible.builtin.copy:
src: index.html
dest: /var/www/html/role1/index.html
- name: Template FILE
ansible.builtin.template:
src: home.j2
dest: /var/www/html/role1/home
[devops@host1 downloads]$ pwd
/var/www/html/downloads
[devops@host1 downloads]$ ls
role1.tar.gz role2.tar.gz
[devops@host1 conf]$ sudo vim httpd.conf
<Directory "/var/www/html/downloads">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
[devops@host1 conf]$ sudo service httpd restartIn Control Node
[devops@control playbooks]$ ansible-galaxy role install -r roles/requirements.yml
Starting galaxy role install process
- downloading role from http://192.168.208.181/downloads/role1.tar.gz
- extracting webrole to /home/devops/playbooks/roles/webrole
- webrole was installed successfully
- downloading role from http://192.168.208.181/downloads/role2.tar.gz
- extracting dbrole to /home/devops/playbooks/roles/dbrole
- dbrole was installed successfully
# webrole and dbrole appears
[devops@control roles]$ ls
dbrole mailrole requirements.yml webrole
[devops@control playbooks]$ cat userole.yml
- name: Use webrole to deploy web services on testservers
hosts: testservers
roles:
- webrole
- name: User dbrole to deploy db on devsystems
hosts: devsystems
roles:
- dbrole
[devops@control playbooks]$ ansible-playbook userole.ymlCreate Lvs using playbook
# [devops@control playbooks]$ ansible-doc debug
# [devops@control playbooks]$ ansible-doc lvol
# [devops@control playbooks]$ ansible testservers -m setup -a 'filter=*ansible_lvm*'
[devops@control playbooks]$ vim lvcreate.yml
[devops@control playbooks]$ cat lvcreate.yml
- name: Playbook to create LV
hosts: all
tasks:
- block:
- name: Check VG Status
ansible.builtin.debug:
msg: VG has not been created.
when: ansible_lvm.vgs.testvg is not defined
- name: Create an LV of 3GB
community.general.lvol:
vg: testvg
lv: testlv1
size: "3072"
when: ansible_lvm.vgs.testvg is defined and ansible_lvm.vgs.testvg.free_g > '3072 MiB'
- block:
- name: Check if VG size is not sufficient
ansible.builtin.debug:
msg: LV cannot be created of 3GB .
when: ansible_lvm.vgs.testvg is defined and ansible_lvm.vgs.testvg.free_g < '3072 MiB'
- name: Create an LV of 1GB
community.general.lvol:
vg: testvg
lv: testlv1
size: "1024"
when: ansible_lvm.vgs.testvg is defined and ansible_lvm.vgs.testvg.free_g < '3072 MiB'
[devops@control playbooks]$ ansible-playbook --syntax-check lvcreate.yml
playbook: lvcreate.yml
[devops@control playbooks]$ ansible-playbook lvcreate.yml