Preparation Set 1
Package Installation
Control Node
[devops@control ~]$ sudo yum -y install ansible-core [devops@control ~]$ sudo yum -y install epel-release [devops@control ~]$ sudo yum -y install ansible
Host Machines
[devops@host1 ~]$ rpm -q python3 [devops@host2 ~]$ rpm -q python3 [devops@host3 ~]$ rpm -q python3 [devops@host4 ~]$ rpm -q python3
Creating ansible.cfg (configuration file)
[devops@control playbooks]$ pwd /home/devops/playbooks [devops@control playbooks]$ vim ansible.cfg [defaults] inventory=/home/devops/playbooks/inventory remote_user=devops roles_path=/home/devops/playbooks/roles:/usr/share/ansible/roles collections_path=/home/devops/playbooks/collections:/usr/share/ansible/collections [privilege_escalation] become=true
Creating inventory file
[devops@control playbooks]$ vim /home/devops/playbooks/inventory [devops@control playbooks]$ cat /home/devops/playbooks/inventory [testservers] 192.168.208.181 192.168.208.182 [devsystems] 192.168.208.183 [research] 192.168.208.184 [testdev:children] testservers devsystems # Test the hosts available [devops@control playbooks]$ ansible testservers --list-hosts hosts (2): 192.168.208.181 192.168.208.182 [devops@control playbooks]$ ansible devsystems --list-hosts hosts (1): 192.168.208.183 [devops@control playbooks]$ ansible research --list-hosts hosts (1): 192.168.208.184 [devops@control playbooks]$ ansible testdev --list-hosts hosts (3): 192.168.208.181 192.168.208.182 192.168.208.183
Setting up indentation Properties
# to remember (afys atse) [devops@control ~]$ vi .vimrc [devops@control ~]$ cat .vimrc autocmd FileType yaml setlocal ai ts=2 sw=2 et
System Roles
[devops@control playbooks]$ sudo yum -y install rhel-system-roles [devops@control playbooks]$ ls /usr/share/ansible/roles/ linux-system-roles.ad_integration rhel-system-roles.ad_integration linux-system-roles.aide rhel-system-roles.aide linux-system-roles.bootloader rhel-system-roles.bootloader ... ...
Viewing Collections
[devops@control playbooks]$ ls /usr/share/ansible/collections/ ansible_collections
Creting folder for roles & collections
[devops@control playbooks]$ mkdir -p /home/devops/playbooks/roles [devops@control playbooks]$ mkdir -p /home/devops/playbooks/collections
Installing collection
ansible-galaxy collection install -p /home/devops/playbooks/collections http://..../...tar.gz ansible-galaxy collection list
Create a playbook configuring yum repo
[devops@control playbooks]$ pwd /home/devops/playbooks [devops@control playbooks]$ vi yumrepo.yml # Copy Example number 2 from # [devops@control ~]$ ansible-doc yum_repository # Copy Example number 1 from # [devops@control ~]$ ansible-doc rpm_key [devops@control playbooks]$ cat yumrepo.yml - name: playbook to configure yum repository hosts: testservers tasks: - name: Adding yum repo for baseos ansible.builtin.yum_repository: name: BaseOS description: BaseOS repo file: test baseurl: http://192.168.208.137/softwares/BaseOS gpgcheck: yes - name: Adding yum repo for appstream ansible.builtin.yum_repository: name: AppStream description: Appsream repo file: test baseurl: http://192.168.208.137/softwares/BaseOS gpgcheck: yes - name: Import Rpm key ansible.builtin.rpm_key: state: present key: http://192.168.208.137/softwares/gpgkey # Check syntax [devops@control playbooks]$ ansible-playbook --syntax-check yumrepo.yml playbook: yumrepo.yml # share ssh key [devops@control playbooks]$ ssh-copy-id devops@192.168.208.181 [devops@control playbooks]$ ssh-copy-id devops@192.168.208.182 # Run the playbook [devops@control playbooks]$ ansible-playbook yumrepo.yml # Checking the the host machine [devops@host1 yum.repos.d]$ cat test.repo [BaseOS] baseurl = http://192.168.208.137/softwares/BaseOS gpgcheck = 1 name = BaseOS repo [AppStream] baseurl = http://192.168.208.137/softwares/BaseOS gpgcheck = 1 name = Appsream repo
Task 6: Install a package , package group , upgrade package using playbook
[devops@control playbooks]$ vi pkg.yml [devops@control playbooks]$ cat pkg.yml - name: Playbook to install required package hosts: devsystems tasks: - name: Install the list of given packages ansible.builtin.yum: name: - samba - mysql - vsftpd state: present - name: Install the 'Security tools' package group ansible.builtin.yum: name: "@Security Tools" state: present - name: Upgrade samba packages ansible.builtin.yum: name: 'samba' state: latest [devops@control playbooks]$ ansible-playbook --syntax-check pkg.yml playbook: pkg.yml [devops@control playbooks]$ ansible-playbook pkg.yml # Checkin in devsystems if installed [devops@host3 ~]$ rpm -q vsftpd vsftpd-3.0.5-6.el9.aarch64 [devops@host3 ~]$ rpm -q samba samba-4.21.3-2.el9.aarch64 [devops@host3 ~]$ rpm -q mysql mysql-8.0.36-1.el9.aarch64 [devops@host3 ~]$ yum group list Last metadata expiration check: 0:32:53 ago on Wed 22 Jan 2025 10:29:19 AM +0545. Available Environment Groups: Server Minimal Install Custom Operating System Installed Environment Groups: Server with GUI Installed Groups: Container Management Headless Management Security Tools Available Groups: Legacy UNIX Compatibility Console Internet Tools Development Tools .NET Development Graphical Administration Tools Network Servers RPM Development Tools Scientific Support Smart Card Support System Tools
Task 7: Create a playbook to Deploy Apache Web Server
Method I: Creating index page and copying
# ansible-doc firewalld # ansible-doc service # Create index.html file [devops@control playbooks]$ cat index.html <h1>This is test web page for ansible! </h1> # Create Playbook file [devops@control playbooks]$ cat webdeploy.yml - name: Playbook to deploy apache webserver in testdev hosts: testdev tasks: - name: Install the latest version of Apache and firewalld ansible.builtin.yum: name: - httpd - firewalld state: latest - name: Start service httpd, if not started ansible.builtin.service: name: httpd state: started enabled: yes - name: Start service firewall, if not started ansible.builtin.service: name: firewalld state: started enabled: yes - name: permit traffic in default zone for https service ansible.posix.firewalld: service: http permanent: true state: enabled immediate: true - name: Copy index.html page ansible.builtin.copy: src: /home/devops/playbooks/index.html dest: /var/www/html/index.html [devops@control playbooks]$ ansible-playbook --syntax-check webdeploy.yml playbook: webdeploy.yml [devops@control playbooks]$ ansible-playbook webdeploy.yml
Method II: Copy Inline file
# ansible-doc copy [devops@control playbooks]$ vim 1webdeploy.yml [devops@control playbooks]$ cat 1webdeploy.yml - name: Playbook to deploy apache webserver in testdev hosts: testdev tasks: - name: Install the latest version of Apache and firewalld ansible.builtin.yum: name: - httpd - firewalld state: latest - name: Start service httpd, if not started ansible.builtin.service: name: httpd state: started enabled: yes - name: Start service firewall, if not started ansible.builtin.service: name: firewalld state: started enabled: yes - name: permit traffic in default zone for https service ansible.posix.firewalld: service: http permanent: true state: enabled immediate: true - name: Copy using inline content ansible.builtin.copy: content: '<h1>Ansible Created index.html file !</h1>' dest: /var/www/html/index.html [devops@control playbooks]$ ansible-playbook --syntax-check 1webdeploy.yml playbook: 1webdeploy.yml [devops@control playbooks]$ ansible-playbook 1webdeploy.yml
Method III: Create file using lineinfile
# ansible-doc lineinfile [devops@control playbooks]$ vim 2webdeploy.yml [devops@control playbooks]$ cat 2webdeploy.yml - name: Playbook to deploy apache webserver in testdev hosts: testdev tasks: - name: Install the latest version of Apache and firewalld ansible.builtin.yum: name: - httpd - firewalld state: latest - name: Start service httpd, if not started ansible.builtin.service: name: httpd state: started enabled: yes - name: Start service firewall, if not started ansible.builtin.service: name: firewalld state: started enabled: yes - name: permit traffic in default zone for https service ansible.posix.firewalld: service: http permanent: true state: enabled immediate: true - name: Create a index.html file ansible.builtin.lineinfile: path: /var/www/html/index.html line: <h1>A newly created Ansible file!</h1> create: yes [devops@control playbooks]$ ansible-playbook --syntax-check 2webdeploy.yml playbook: 2webdeploy.yml [devops@control playbooks]$ ansible-playbook 2webdeploy.yml
Method IV: Create directory and symbolic link
[devops@control playbooks]$ cat 3webdeploy.yml - name: Playbook to deploy apache webserver in testdev hosts: testdev tasks: - name: Install the latest version of Apache and firewalld ansible.builtin.yum: name: - httpd - firewalld state: latest - name: Start service httpd, if not started ansible.builtin.service: name: httpd state: started enabled: yes - name: Start service firewall, if not started ansible.builtin.service: name: firewalld state: started enabled: yes - name: permit traffic in default zone for https service ansible.posix.firewalld: service: http permanent: true state: enabled immediate: true - name: Create a directory if it does not exist ansible.builtin.file: path: /webdoc state: directory mode: '3775' owner: devops group: devops setype: httpd_sys_content_t - name: Create a symbolic link ansible.builtin.file: src: /webdoc dest: /var/www/html/webdoc state: link - name: Creating index file ansible.builtin.lineinfile: path: /webdoc/index.html line: Testing create: yes setype: httpd_sys_content_t
Create a playbook to schedule cron job on the remote host
# Only works using sudo because privilege_escalation true [devops@control playbooks]$ cat cronschedule.yml - name: Playbook to schedule cron jobs hosts: all tasks: - name: Schedule a job that runs at 9:30 am ansible.builtin.cron: name: Check logged in users minute: "30" hour: "9" job: "who" [devops@control playbooks]$ ansible-playbook --syntax-check cronschedule.yml playbook: cronschedule.yml [devops@control playbooks]$ ansible-playbook cronschedule.yml # For a specific user devops [devops@control playbooks]$ cat cronschedule.yml - name: Playbook to schedule cron jobs hosts: all tasks: - name: Schedule a job that runs every 5 minutes ansible.builtin.cron: name: Check memory minute: "*/5" job: "df -h" user: devops [devops@control playbooks]$ ansible-playbook --syntax-check cronschedule.yml playbook: cronschedule.yml [devops@control playbooks]$ ansible-playbook cronschedule.yml
Using system roles
Use timesync system role to synchronize time of the remote host with the given NTP server
# Search /Example Playbook in README.md and copy [devops@control rhel-system-roles.timesync]$ pwd /usr/share/ansible/roles/rhel-system-roles.timesync [devops@control rhel-system-roles.timesync]$ less README.md # Paste and modify in the playbook [devops@control playbooks]$ vim timesync.yml [devops@control playbooks]$ cat timesync.yml - name: Playbook to sync the host with NTP server hosts: testservers vars: timesync_ntp_servers: - hostname: time.google.com iburst: true roles: - rhel-system-roles.timesync [devops@control playbooks]$ ansible-playbook --syntax-check timesync.yml playbook: timesync.yml [devops@control playbooks]$ ansible-playbook timesync.yml
Creating a playbook when (if)
Creating multiple play
[devops@control playbooks]$ vim infofile.yml [devops@control playbooks]$ cat infofile.yml - name: Playbook to create info file hosts: testservers tasks: - name: Create info file in testservers ansible.builtin.copy: content: "This is info for testserver" dest: /tmp/info - name: Playbook to create info file hosts: devsystems tasks: - name: Create info file in testservers ansible.builtin.copy: content: "This is info for devsystems" dest: /tmp/info - name: Playbook to create info file hosts: research tasks: - name: Create info file in testservers ansible.builtin.copy: content: "This is info for research" dest: /tmp/info [devops@control playbooks]$ ansible-playbook --syntax-check infofile.yml [devops@control playbooks]$ ansible-playbook infofile.yml
Creating a single play with when condition
[devops@control playbooks]$ cat 1infofile.yml - name: Playbook to create info file hosts: all tasks: - name: Create info file in testservers ansible.builtin.copy: content: "This is info for testserver using when condition\n" dest: /tmp/new_info when: inventory_hostname in groups['testservers'] - name: Create info file in devsystems ansible.builtin.copy: content: "This is info for devsystems using when condition\n" dest: /tmp/new_info when: inventory_hostname in groups['devsystems'] - name: Create info file in research ansible.builtin.copy: content: "This is info for research using when condition\n" dest: /tmp/new_info when: inventory_hostname in groups['research'] [devops@control playbooks]$ ansible-playbook 1infofile.yml
Ansible Vault
# To create a file [devops@control playbooks]$ ansible-vault create userpass.yml # To View the file [devops@control playbooks]$ ansible-vault view userpass.yml Vault password: - hr_pass: redhat123 - admin_pass: redhat456 # To change the password of the file [devops@control playbooks]$ ansible-vault rekey userpass.yml Vault password: New Vault password: Confirm New Vault password: Rekey successful
Create a playbook to create users with given information
[devops@control playbooks]$ cat userdata.yml newusers: - name: ramesh jobrole: hr - name: ribik jobrole: admin - name: anjit jobrole: hr [devops@control playbooks]$ ansible-vault view userpass.yml Vault password: - hr_pass: redhat123 - admin_pass: redhat456 [devops@control playbooks]$ cat usercreate.yml - name: playbook to create some new users hosts: testservers vars_files: - userdata.yml - userpass.yml tasks: - name: Create hrgrp Group ansible.builtin.group: name: hrgrp state: present - name: Create admingrp Group ansible.builtin.group: name: admingrp state: present - name: Add users with hr job role ansible.builtin.user: name: "{{ item.name }}" group: hrgrp password: "{{ hr_pass|password_hash('sha512') }}" with_items: "{{ newusers }}" when: item.jobrole == "hr" - name: Add users with admin job role ansible.builtin.user: name: "{{ item.name }}" group: admingrp password: "{{ admin_pass|password_hash('sha512') }}" with_items: "{{ newusers }}" when: item.jobrole == "admin" [devops@control playbooks]$ [devops@control playbooks]$ ansible-playbook --vault-password-file=pass --syntax-check usercreate.yml playbook: usercreate.yml [devops@control playbooks]$ ansible-playbook --vault-password-file=pass usercreate.yml
Viewing
[devops@control playbooks]$ ansible testservers -m setup -a 'filter=fqdn' 192.168.208.181 | SUCCESS => { "ansible_facts": { "ansible_fqdn": "li1047-197.members.linode.com", "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } 192.168.208.182 | SUCCESS => { "ansible_facts": { "ansible_fqdn": "li972-44.members.linode.com", "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } [devops@control playbooks]$ ansible testservers -m setup -a 'filter=*hostname*' 192.168.208.182 | SUCCESS => { "ansible_facts": { "ansible_hostname": "host2", "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } 192.168.208.181 | SUCCESS => { "ansible_facts": { "ansible_hostname": "host1", "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false }
Create playbook to deploy apache web service on the testservers using ansible facts
# Viewing the values [devops@control playbooks]$ ansible testservers -m setup -a "filter=*cpu*" 192.168.208.182 | SUCCESS => { "ansible_facts": { "ansible_processor_vcpus": 2, "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } 192.168.208.181 | SUCCESS => { "ansible_facts": { "ansible_processor_vcpus": 2, "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } [devops@control playbooks]$ ansible testservers -m setup -a "filter=*fqdn*" 192.168.208.182 | SUCCESS => { "ansible_facts": { "ansible_fqdn": "li40-174.members.linode.com", "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } 192.168.208.181 | SUCCESS => { "ansible_facts": { "ansible_fqdn": "li974-235.members.linode.com", "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } [devops@control playbooks]$ ansible testservers -m setup -a "filter=*hostname*" 192.168.208.182 | SUCCESS => { "ansible_facts": { "ansible_hostname": "host2", "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } 192.168.208.181 | SUCCESS => { "ansible_facts": { "ansible_hostname": "host1", "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } [devops@control playbooks]$ anisble testservers -m setup -a "filter=*ipv4*" bash: anisble: command not found... Similar command is: 'ansible' [devops@control playbooks]$ ansible testservers -m setup -a "filter=*ipv4*" 192.168.208.181 | SUCCESS => { "ansible_facts": { "ansible_all_ipv4_addresses": [ "192.168.208.181", "192.168.208.150" ], "ansible_default_ipv4": { "address": "192.168.208.150", "alias": "ens160", "broadcast": "192.168.208.255", "gateway": "192.168.208.2", "interface": "ens160", "macaddress": "00:0c:29:4f:c4:72", "mtu": 1500, "netmask": "255.255.255.0", "network": "192.168.208.0", "prefix": "24", "type": "ether" }, "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } 192.168.208.182 | SUCCESS => { "ansible_facts": { "ansible_all_ipv4_addresses": [ "192.168.208.182", "192.168.208.151" ], "ansible_default_ipv4": { "address": "192.168.208.151", "alias": "ens160", "broadcast": "192.168.208.255", "gateway": "192.168.208.2", "interface": "ens160", "macaddress": "00:0c:29:17:5b:64", "mtu": 1500, "netmask": "255.255.255.0", "network": "192.168.208.0", "prefix": "24", "type": "ether" }, "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false } # Creating index.html.j2 file [devops@control playbooks]$ vim index.html.j2 [devops@control playbooks]$ cat index.html.j2 <h1>The Total Number of CPU in this machine is : {{ ansible_processor_vcpus }} </h1> <h1>Full Hostname of this machine is : {{ ansible_hostname }} </h1> <h1>Ip address of this machine is : {{ ansible_facts['default_ipv4']['address'] }} </h1> # Creating yml file [devops@control playbooks]$ cat webdeploy_facts.yml - name: Deploy apache webserver using ansible facts hosts: testservers tasks: - name: Install the latest version of Apache ansible.builtin.yum: name: - httpd - firewalld state: latest - name: Start service httpd, if not started ansible.builtin.service: name: httpd state: started enabled: yes - name: Start service firewalld, if not started ansible.builtin.service: name: firewalld state: started enabled: yes - name: permit traffic in default zone for https service ansible.posix.firewalld: service: https permanent: true state: enabled immediate: true - name: Copy index.html.j2 ansible.builtin.template: src: /home/devops/playbooks/index.html.j2 dest: /var/www/html/index.html [devops@control playbooks]$ ansible-playbook webdeploy_facts.yml # Testing [devops@host1 html]$ curl 192.168.208.181 <h1>The Total Number of CPU in this machine is : 2 </h1> <h1>Full Hostname of this machine is : host1 </h1> <h1>Ip address of this machine is : 192.168.208.150 </h1> [devops@host2 ~]$ curl 192.168.208.182 <h1>The Total Number of CPU in this machine is : 2 </h1> <h1>Full Hostname of this machine is : host2 </h1> <h1>Ip address of this machine is : 192.168.208.151 </h1>
---
[devops@control playbooks]$ cat myhosts.j2 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 {% for host in groups['all'] %} {{ hostvars[host]['ansible_default_ipv4']['address'] }} {{ hostvars[host]['ansible_fqdn'] }} {{ hostvars[host]['ansible_hostname'] }} {% endfor %} [devops@control playbooks]$ cat createhost.yml - name: Playbook to generate hosts file hosts: all tasks: - name: Template to generate host file ansible.builtin.template: src: myhosts.j2 dest: /tmp/newhosts when: inventory_hostname in groups['testservers'] [devops@control playbooks]$ ansible-playbook --syntax-check createhost.yml playbook: createhost.yml [devops@control playbooks]$ ansible-playbook createhost.yml
Machine Information
[devops@control playbooks]$ cat machinedata.yml - name: Playbook to collect machine information hosts: all ignore_errors: yes tasks: - name: Download machineinfo ansible.builtin.get_url: url: http://192.168.208.181/machineinfo dest: /tmp/machineinfo - name: get hostname info ansible.builtin.lineinfile: path: /tmp/machineinfo regexp: '^hostname=' line: hostname = "{{ansible_hostname| default('Value not available') }}" - name: get total_sda_size info ansible.builtin.lineinfile: path: /tmp/machineinfo regexp: '^total_sda_size=' line: toal_sda_size = "{{ansible_devices.nvme0n1.size| default('Value not available') }}" - name: get total_sdb_size info ansible.builtin.lineinfile: path: /tmp/machineinfo regexp: '^total_sdb_size=' line: total_sdb_size = "{{ansible_devices.nvme0n2.size| default('Value not available') }}" - name: get total_memory info ansible.builtin.lineinfile: path: /tmp/machineinfo regexp: '^total_memory=' line: hostname = "{{ansible_memtotal_mb| default('Value not available') }}" - name: get BIOS version info ansible.builtin.lineinfile: path: /tmp/machineinfo regexp: '^bios_version=' line: hostname = "{{ansible_bios_version| default('Value not available') }}" - name: get fullname info ansible.builtin.lineinfile: path: /tmp/machineinfo regexp: '^fullname=' line: hostname = "{{ansible_fqdn| default('Value not available') }}" [devops@control playbooks]$ ansible-playbook machinedata.yml # Testing [devops@host1 ~]$ cat /tmp/machineinfo hostname = "host1" toal_sda_size = "25.00 GB" total_sdb_size = "Value not available" hostname = "3585" hostname = "VMW201.00V.21805430.BA64.2305221830" hostname = "host1.pis.com" [devops@host2 ~]$ cat /tmp/machineinfo hostname = "host2" toal_sda_size = "25.00 GB" total_sdb_size = "Value not available" hostname = "3585" hostname = "VMW201.00V.21805430.BA64.2305221830" hostname = "host2.pis.com" [devops@host3 html]$ cat /tmp/machineinfo hostname = "host3" toal_sda_size = "25.00 GB" total_sdb_size = "Value not available" hostname = "3585" hostname = "VMW201.00V.21805430.BA64.2305221830" hostname = "host3.pis.com" [devops@host4 ~]$ cat /tmp/machineinfo hostname = "host4" toal_sda_size = "25.00 GB" total_sdb_size = "Value not available" hostname = "3585" hostname = "VMW201.00V.21805430.BA64.2305221830" hostname = "host4.pis.com"
Deploy mail servers on Testservers using ansible role
# Init mail role folder [devops@control roles]$ pwd /home/devops/playbooks/roles [devops@control roles]$ ansible-galaxy init mailrole - Role mailrole was created successfully [devops@control roles]$ ls mailrole [devops@control roles]$ cd mailrole/ [devops@control mailrole]$ ls defaults files handlers meta README.md tasks templates tests vars [devops@control mailrole]$ cd tasks/ [devops@control tasks]$ ls main.yml [devops@control tasks]$ vi main.yml [devops@control tasks]$ cat main.yml - name: Install mail releated packages ansible.builtin.yum: name: "{{ item }}" state: latest loop: "{{ pkgs }}" notify: - restart_postfix - name: allow smtp and pop packets in firewall ansible.posix.firewalld: service: "{{ item }}" permanent: true state: enabled immediate: true loop: "{{ fwll_rule }}" - name: Start services, if not started ansible.builtin.service: name: "{{ item }}" state: started enabled: yes loop: "{{ svc }}" - name: Create a file matching hostname ansible.builtin.template: src: hostinfo.j2 dest: /tmp/hostinfo - name: Copy static file ansible.builtin.copy: src: data dest: /tmp/data [devops@control tasks]$ pwd /home/devops/playbooks/roles/mailrole/tasks [devops@control tasks]$ [devops@control tasks]$ cd .. [devops@control mailrole]$ cd templates/ [devops@control templates]$ ls [devops@control templates]$ vi hostinfo.j2 [devops@control templates]$ cat hostinfo.j2 Welcome to {{ ansible_facts['default_ipv4']['address'] }} [devops@control templates]$ [devops@control templates]$ cd .. [devops@control mailrole]$ ls defaults files handlers meta README.md tasks templates tests vars [devops@control mailrole]$ cd files/ [devops@control files]$ vi data [devops@control files]$ cat data Mail Server Deployed Successfully ! [devops@control vars]$ pwd /home/devops/playbooks/roles/mailrole/vars [devops@control vars]$ ls main.yml [devops@control vars]$ vim main.yml [devops@control vars]$ cat main.yml --- # vars file for mailrole pkgs: - postfix - dovecot fwll_rule: - smtp - pop3 svc: - postfix - dovecot [devops@control mailrole]$ cd handlers/ [devops@control handlers]$ ls main.yml [devops@control handlers]$ vim main.yml [devops@control handlers]$ cat main.yml --- # handlers file for mailrole - name: restart_postfix ansible.builtin.service: name: postfix state: restarted [devops@control playbooks]$ pwd /home/devops/playbooks [devops@control playbooks]$ cat deploymail_role.yml - name: Deploying mail server on the test machine hosts: testservers roles: - mailrole [devops@control playbooks]$ ansible-playbook deploymail_role.yml
Creating Roles
We will be creating roles in a separate server for making lab setup like examination. In the examination, the instructor will provide the link to the role directory.
# Creating Role2 for database [devops@control role2]$ ls defaults files handlers meta README.md tasks templates tests vars [devops@control role2]$ cat tasks/main.yml - name: Install MYSQL db ansible.builtin.yum: name: "{{ item }}" state: latest loop: "{{ pkg }}" notify: - restart_db [devops@control role2]$ vim main.yml [devops@control role2]$ cat defaults/main.yml pkg: - mariadb-server - mariadb [devops@control role2]$ cat handlers/main.yml - name: restart_db ansible.builtin.service: name: mariadb state: restarted enabled: yes [devops@control role2]$ # Creating Role1 [devops@control role1]$ ls defaults files handlers meta README.md tasks templates tests vars [devops@control role1]$ cat defaults/main.yml --- # defaults file for role1 [devops@control role1]$ cat files/index.html <h1>This is a web server (role1) !</h1> [devops@control role1]$ cat templates/home.j2 Welcome to Host : {{ ansible_facts['hostname'] }} Your Ip Address is : {{ ansible_facts['default_ipv4']['address'] }} [devops@control role1]$ cat vars/main.yml --- # vars file for role1 pkgs: - httpd - firewalld svc: - httpd - firewalld firewall_svc: - http - https [devops@control role1]$ cat tasks/main.yml --- # tasks file for role1 [devops@control roles]$ ansible-galaxy init role1 - name: Install the latest version of Apache ansible.builtin.yum: name: "{{ item }}" state: latest loop: "{{ pkgs }}" - name: Start service , if not started ansible.builtin.service: name: "{{ item }}" state: started enabled: yes loop: "{{ svc }}" - name: permit traffic in default zone for https service ansible.posix.firewalld: service: "{{ item }}" permanent: true state: enabled immediate: true loop: "{{ firewall_svc }}" - name: Create a directory if it does not exist ansible.builtin.file: path: /var/www/html/role1 state: directory mode: '0755' - name: Copy index.html file ansible.builtin.copy: src: index.html dest: /var/www/html/role1/index.html - name: Template FILE ansible.builtin.template: src: home.j2 dest: /var/www/html/role1/home [devops@host1 downloads]$ pwd /var/www/html/downloads [devops@host1 downloads]$ ls role1.tar.gz role2.tar.gz [devops@host1 conf]$ sudo vim httpd.conf <Directory "/var/www/html/downloads"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> [devops@host1 conf]$ sudo service httpd restart
In Control Node
[devops@control playbooks]$ ansible-galaxy role install -r roles/requirements.yml Starting galaxy role install process - downloading role from http://192.168.208.181/downloads/role1.tar.gz - extracting webrole to /home/devops/playbooks/roles/webrole - webrole was installed successfully - downloading role from http://192.168.208.181/downloads/role2.tar.gz - extracting dbrole to /home/devops/playbooks/roles/dbrole - dbrole was installed successfully # webrole and dbrole appears [devops@control roles]$ ls dbrole mailrole requirements.yml webrole [devops@control playbooks]$ cat userole.yml - name: Use webrole to deploy web services on testservers hosts: testservers roles: - webrole - name: User dbrole to deploy db on devsystems hosts: devsystems roles: - dbrole [devops@control playbooks]$ ansible-playbook userole.yml
Create Lvs using playbook
# [devops@control playbooks]$ ansible-doc debug # [devops@control playbooks]$ ansible-doc lvol # [devops@control playbooks]$ ansible testservers -m setup -a 'filter=*ansible_lvm*' [devops@control playbooks]$ vim lvcreate.yml [devops@control playbooks]$ cat lvcreate.yml - name: Playbook to create LV hosts: all tasks: - block: - name: Check VG Status ansible.builtin.debug: msg: VG has not been created. when: ansible_lvm.vgs.testvg is not defined - name: Create an LV of 3GB community.general.lvol: vg: testvg lv: testlv1 size: "3072" when: ansible_lvm.vgs.testvg is defined and ansible_lvm.vgs.testvg.free_g > '3072 MiB' - block: - name: Check if VG size is not sufficient ansible.builtin.debug: msg: LV cannot be created of 3GB . when: ansible_lvm.vgs.testvg is defined and ansible_lvm.vgs.testvg.free_g < '3072 MiB' - name: Create an LV of 1GB community.general.lvol: vg: testvg lv: testlv1 size: "1024" when: ansible_lvm.vgs.testvg is defined and ansible_lvm.vgs.testvg.free_g < '3072 MiB' [devops@control playbooks]$ ansible-playbook --syntax-check lvcreate.yml playbook: lvcreate.yml [devops@control playbooks]$ ansible-playbook lvcreate.yml