Play with Ansible Playbooks

Gineesh Madapparambath

6 years ago

Plays are ordered set of tasks to execute against host selections from your inventory. A playbook is a file containing one or more plays.

See all parts of Automation with Ansible Guides here

Tasks → Plays → Playbook

It is important to learn about the ansible playbook syntax where spacing and indentation is very critical. If you are using visual editors, you can get plugins for ansible as it will help on syntax and options. But if you are using a CLI editor like vim or nano, please make sure you are following correct indentation.

Learn more about customization of vim editor for ansible playbook.

YAML format

Start with — (3 consecutive hyphens) end with … (optional)
A list– begin with dash followed by space
attribute definition
attribute1: value1
attribute2: value2
Comments are preceded by #
Warning: DO NOT use TAB! (unless you configured tab expand)
Multiple Lines:
address: |
             1, Jalan 2,
             Main Block,
             89892 Abc, My.
my_note: >
             This is a single
             line of text.

Refer this guide for some yaml rules.

Your First Playbook

Let’s start writing our playbook; in this case we will add tasks for installing a webserver and enable firewall rules for the same.

Start your playbook

As you can see below, we have started our playbook by “—” and then named it as “Enable Intranet Services“. We have also mentioned hosts as node1.techbeatly.com. (It can be a single node, a group like database server or all nodes.) Since we need privileged permissions we have enabled become: yes. We will add tasks under tasks: section.

---
- name: Enable Intranet Services
  hosts: node1.techbeatly.com
  become: yes
  tasks:

Add our first task to the Play – install packages

Let’s add tasks to install webserver and firewall services.

    - name: Install httpd and firewalld
      yum:
        name: 
          - httpd
          - firewalld
        state: latest

You can see, we have a name for the task (not mandatory but keeping a name is a good practice) and task must be started with a “-“. Here we called the yum module inside the task, added required parameters as list – httpd and firewalld. state means the required state to be achived, in this case we are asking to install the latest package. (It can be present for installing or absent for uninstalling the package)

Add task for enable firewall and http

Next we will add a task for enable and running the firewall service which we have installed in previous play.

    - name: Enable and Run Firewalld
      service: 
        name: firewalld
        enabled: true
        state: started

Above is self explanatory; it is calling the service module, asking to enable firewalld service (make it running every time the system boot), and also start the firewalld service – state : started. (It can be stopped or restarted as you need)

Next we need to enable http traffic over firewall and we will use the firewall module for that. Below task will enable the http traffic over firewall, make the rule permanent and this will effect immediate.

    - name: firewalld permitt httpd service
      firewalld:
        service: http
        permanent: true
        state: enabled
        immediate: yes

Let’s add another task to start and enable httpd service.

    - name: httpd enabled and running
      service:
        name: httpd
        enabled: true
        state: started

Finally we need to add a task to install the very basic index.html file for our web server; we will use the copy module as below.

    - name: Test html page is installed
      copy:
        content: "Welcome to the example.com intranet!\n"
        dest: /var/www/html/index.html

That’s all; we have our first playbook to install a web server, install the firewall service, enable both services and opening firewall port http with very basic index page. Hold on, how we gonna test this webserver ? Come on, we are automating everything, you should add a task to test this, instead of checking this on browser or CLI.

Another play in same playbook for testing our webserver

So, we are just adding another pay (not a task) to differentiate the actual implementing tasks and test tasks. In this case, we know we have run this from localhost and not from the node. So our hosts: localhost as shown below. Since we don’t need privilege to test this, lets add become: no. We will use the uri module to test page by checking the status_code: 200.

- name: Test intranet web server
  hosts: localhost
  become: no
  tasks:
    - name: connect to intranet webserver
      uri: 
        url: http://lab.techbeatly.com
        status_code: 200

Full playbook

So we have the final playbook with two plays and multiple tasks as below.


- name: Enable Intranet Services
  hosts: node1.techbeatly.com
  become: yes
  tasks:
    - name: Install httpd and firewalld
      yum:
        name: 
          - httpd
          - firewalld
        state: latest
    - name: Enable and Run Firewalld
      service: 
        name: firewalld
        enabled: true
        state: started
    - name: firewalld permitt httpd service
      firewalld:
        service: http
        permanent: true
        state: enabled
        immediate: yes
    - name: httpd enabled and running
      service:
        name: httpd
        enabled: true
        state: started
    - name: Test html page is installed
      copy:
        content: "Welcome to the example.com intranet!\n"
        dest: /var/www/html/index.html
- name: Test intranet web server
  hosts: localhost
  become: no
  tasks:
    - name: connect to intranet webserver
      uri: 
        url: http://lab.techbeatly.com
        status_code: 200

Running the playbook

You have to use the ansible-playbook command to run the playbook.

$ ansible-playbook myintranet.yml

There are few options available for ansible-playbook command, like enable or disable privileged mode, add additional variables etc. We will cover that in upcoming sessions.