• Control node → server which runs Ansible
• Modules → command executed on client side (found pre-made modules on Ansible website)
• Task → multiple procedures to be completed
• Playbook → automation file (YAML) with step-by-step execution of multiple tasks
• Inventory → hosts file, remote clients where tasks are executed
• Tag → reference to a specific task
• Variable → value reused across tasks
• Role → split playbook into smaller sub-playbooks

Install Ansible

• dnf install epel-release
• dnf install ansible ansible-doc
• ansible --version
• ansible localhost -m ping

Config Files

• /etc/ansible
• /etc/ansible/ansible.cfg
• /etc/ansible/hosts → IP of remote
• /etc/ansible/roles → sub-task

YAML File Syntax

• Sequential → process one at a time
• Indentation is extremely important → use spaces, no tabs
• Empty lines have no value
• Extension: .yml or .yaml
• Execute YAML with absolute path if not in /etc/ansible/
• No need to modify file permission

Example of YAML Playbook

- name: sampleplaybook
  hosts: all or localhost
  become: yes
  become_user: root

  tasks:
    - name: install apache http
      yum:
        name: httpd
        state: present

    - name: 2nd task
      service:
        name: httpd
        state: started

→ More modules at: docs.ansible.com

Ansible Playbook Basics

• ansible-playbook --syntax-check my.yml
• ansible-playbook --check my.yml

Run a Playbook

ansible-playbook /root/ansible/first.yml

Example Output

• Output playbook → debug: msg="hello"

Remote Client Inventory

• Remote client file → /etc/ansible/hosts

[appservers]
app1.example.com
app2.example.com

[webserver]
web1.example.com
web2.example.com

• Header = group client

IP Range Example

192.168.0.[110:119]

Custom Inventory Path

ansible-playbook -i /home/user/ansible/hosts

Inventory Examples

[server]
server1 ansible-ssh-host=192.168.0.20
server2 ansible-ssh-host=192.168.0.21

[appserver]
server1

[webserver]
server2

List Inventory

ansible-inventory --list

• Listing host file

Connect to Remote Host

• Edit inventory:

nano /etc/ansible/hosts

[labclients]
192.168.0.57

• ssh-keygen
• ssh-copy-id 192.168.0.57 → automatic login
• ansible all -m ping → check connection
• ansible -a "uptime" all → check uptime on remote

Playbook Copy File

tasks:
  - name: copy file
    become: true
    copy:
      src: /home/sterne/file
      dest: /tmp
      owner: sterne
      group: sterne
      mode: 0644

• become: true → available for other user

Playbook Change Permission

tasks:
  - name: file perm
    file:
      path: /home/sterne/backup.tar
      mode: a+w

Playbook Install Apache Server / Open Port

• ansible-galaxy collection install ansible.posix

Run Shell Script

tasks:
  - name: run shell script
    shell: "/home/sterne/myscript.sh"

Set Cronjob

tasks:
  - name: "schedule cron"
    cron:
      name: comment for crontab
      minute: "0"
      hour: "10"
      day: "*"
      month: "*"
      weekday: "4"
      user: root
      job: "/home/sterne/myscript"

Create User

tasks:
  - name: create user
    user:
      name: sterne
      home: /home/sterne
      shell: /bin/bash

Change Password

tasks:
  - name: "change pass"
    user:
      name: george
      update_password: always
      password: "{{ newpassword | password_hash('sha512') }}"

Download Permission

tasks:
  - name: download tomcat
    hosts: localhost
    tasks:
      - name: create a directory
        file:
          path: /opt/tomcat
          state: directory
          mode: 0755
          owner: root
          group: root

      - name: get package from url
        url: https://...
        dest: /opt/tomcat
        mode: 0755
        group: sterne
        owner: sterne

Start at a Specific Task

ansible-playbook multiple.yml --start-at-task "task name"

• Pick and choose a step

Ansible Ad-hoc Commands

ansible [target] -m [module] -a "[options]"

Ping Localhost

ansible localhost -m ping

Ansible Ad-hoc File / Package / Service Commands

• ansible all -m file -a "path=/home/... state=touch"

• ansible all -m file -a "path=/home/... state=absent"

• Write / delete a file

• ansible all -m copy -a "src=/... dest=/..."

• Copy a file

• ansible all -m dnf -a "name=telnet state=present"

• Install package

• ansible all -m service -a "name=httpd state=started enabled=yes"

• Start service

• enabled=yes → at startup

• ansible all -m shell -a "systemctl status httpd"

• Check status with shell

• ansible all -m setup

• Get information from remote client

• Example: ansible_os_family == "Ubuntu"

• ansible client1 -a "/sbin/reboot"

• Run command directly

Roles → Grouping Tasks into Smaller Playbook

• Separate long playbook in smaller parts
• /etc/ansible/roles
• Example groups mentioned:
  • fullinstall
  • basicinstall

- name: full install
  hosts: east-webservers
  roles:
    - fullinstall

- name: basic install
  hosts: west-webservers
  roles:
    - basicinstall

Create Roles Structure

cd /etc/ansible/roles

• mkdir [rolenames] → make directory for each role
• Example:

mkdir basicinstall

• Create subdirectory tasks
• Example:

mkdir basicinstall/tasks

• Create yml files in tasks dir

touch basicinstall/tasks/main.yml

Ansible Galaxy

• galaxy.ansible.com → many roles
• ansible-galaxy role install [unclear-role-name]
• Downloaded in [unclear path ending with /ansible/roles]

Tags

• Reference or alias to a task

- name: start httpd
  service:
    name: httpd
    state: started
  tags: s-httpd

• ansible-playbook myplay.yml -t s-httpd

  • Run only a certain part of playbook

• ansible-playbook myplay.yml --list-tag

  • List all tag in a playbook

• ansible-playbook myplay.yml --skip-tags s-httpd

  • Skip a task using a tag

Variables

• Container that hold a defined value repetitively
• Can be defined in inventory files as well

- name: "install some package"
  hosts: all
  vars:
    myvariable: mypackagename
  tasks:
    - name: package install
      dnf:
        name: "{{ myvariable }}"
        state: started

Variable in Hosts

[abc:vars]
myserver=192.168.0.1000

server1 ansible-host=192.168.0.57

Handlers

• Execute at the end of the play
• Use to start, reload, stop service
• Tasks that only run when notified

tasks:
  - name: ensure apache is running
    service:
      name: httpd
      state: started
    notify: restart apache

handlers:
  - name: restart apache
    service:
      name: httpd
      state: restarted

• Activate handlers at the end

Conditions

• Playbook take action on it's own → when

tasks:
  - name: start a service
    when: A == "B"
    service:
      name: servicename
      state: started

Loops

tasks:
  - name: create users
    user:
      name: "{{ item }}"
    loop:
      - jerry
      - kramer
      - george

- name: create users
  hosts: localhost
  vars:
    users: [jerry, kramer, george]

  tasks:
    - name: create user
      user:
        name: "{{ item }}"
      with_items: "{{ users }}"

Ansible Vault → Secure YAML

• ansible-vault create myplayinvault.yml

  • Create a YAML file in the vault
  • Launch vi editor

• ansible-playbook myplayinvault.yml --ask-vault-pass

  • To launch encrypted YAML

• ansible-vault view httpdvault.yml

  • Edit in vi editor

• ansible-vault --help

  • List of options

• ansible-vault encrypt myplay.yml

Encrypt Strings in a Playbook

• ansible-playbook myplay.yml --ask-vault-pass
• ansible-vault encrypt_string httpd
  • Result copied into playbook

- name: test encrypted
  hosts: localhost
  vars:
    secret: !vault |
      $ANSIBLE_VAULT...
      3u33...

  tasks:
    - name: test
      debug:
        var: secret

Ansible AWX

• GUI to manage Ansible
• Node.js in Docker

Ansible Tower

• Commercial / Red Hat

• ansible-config → show configuration

• ansible-connection → connect to client

• ansible-console → launch console

  • help for module

cp /tmp/myfile /home/remoteuser

• Copy file from local to remote

• ansible-doc → manual of plugin / module

ansible-inventory -i hosts --graph

• See a graph of all inventory