One place for hosting & domains

      How To Use Variables in Ansible Playbooks



      Part of the Series:
      How To Write Ansible Playbooks

      Ansible is a modern configuration management tool that doesn’t require the use of an agent software on remote nodes, using only SSH and Python to communicate and execute commands on managed servers. This series will walk you through the main Ansible features that you can use to write playbooks for server automation. At the end, we’ll see a practical example of how to create a playbook to automate setting up a remote Nginx web server and deploy a static HTML website to it.

      Ansible supports the use of variables to better customize the execution of tasks and playbooks. This way, it’s possible to use the same playbook with different targets and environments.

      Variables can come from different sources, such as the playbook file itself or external variable files that are imported in the playbook. Special precedence rules will apply when working with multiple variable sources that define a variable with the same name.

      To see how variables work in practice, we’ll create a new test playbook that will print the value of two variables, username and home_dir. Create a new file called playbook-02.yml in your ansible-practice directory:

      • nano ~/ansible-practice/playbook-02.yml

      Then add the following lines to the new playbook file:

      ~/ansible-practice/playbook-02.yml

      ---
      - hosts: all
        vars:
          - username: sammy
          - home: /home/sammy   
        tasks:
          - name: print variables
            debug:
              msg: "Username: {{ username }}, Home dir: {{ home }}"
      

      Save and close the file when you’re done editing.

      The vars section of the playbook defines a list of variables that will be injected in the scope of that play. All tasks, as well as any file or template that might be included in the playbook, will have access to these variables.

      To try this playbook on servers from your inventory file, run ansible-playbook with the same connection arguments you’ve used before when running our first example. Again, we’ll be using an inventory file named inventory and the sammy user to connect to the remote servers:

      • ansible-playbook -i inventory playbook-02.yml -u sammy

      You’ll see output like this:

      Output

      PLAY [all] *********************************************************************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************************************************************** ok: [203.0.113.10] TASK [print variables] *********************************************************************************************************************************************************************** ok: [203.0.113.10] => { "msg": "Username: sammy, Home dir: /home/sammy" } PLAY RECAP *********************************************************************************************************************************************************************************** 203.0.113.10 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

      The print variables task will use the debug module to print the values of the two variables we defined in the vars section of the playbook.



      Source link

      How To Access System Information (Facts) in Ansible Playbooks



      Part of the Series:
      How To Write Ansible Playbooks

      Ansible is a modern configuration management tool that doesn’t require the use of an agent software on remote nodes, using only SSH and Python to communicate and execute commands on managed servers. This series will walk you through the main Ansible features that you can use to write playbooks for server automation. At the end, we’ll see a practical example of how to create a playbook to automate setting up a remote Nginx web server and deploy a static HTML website to it.

      By default, before executing the set of tasks defined in a playbook, Ansible will take a few moments to gather information about the systems that are being provisioned. This information, referred to as facts, contain details such as network interfaces and addresses, the operating system running on remote nodes, and available memory, among other things.

      Ansible stores facts in JSON format, with items grouped in nodes. To check what kind of information is available for the systems you’re provisioning, you can run the setup module with an ad hoc command:

      • ansible all -i inventory -m setup -u sammy

      This command will output an extensive JSON containing information about your server. To obtain a subset of that data, you can use the filter parameter and provide a pattern. For instance, if you’d like to obtain information about all IPv4 addresses in the remote nodes, you can use the following command:

      • ansible all -i inventory -m setup -a "filter=*ipv4*" -u sammy

      You’ll see output like this:

      Output

      203.0.113.10 | SUCCESS => { "ansible_facts": { "ansible_all_ipv4_addresses": [ "203.0.113.10", "198.51.100.23" ], "ansible_default_ipv4": { "address": "203.0.113.10", "alias": "eth0", "broadcast": "203.0.113.255", "gateway": "203.0.113.1", "interface": "eth0", "macaddress": "06:c7:91:16:2e:b7", "mtu": 1500, "netmask": "203.0.113.0", "network": "203.0.113.0", "type": "ether" } }, "changed": false }

      Once you have found the facts that will be useful for your play, you can update your playbook accordingly. As an example, the following playbook will print out the IPv4 address of the default network interface. From the previous command output, we can see that this value is available through ansible_default_ipv4.address in the JSON provided by Ansible.

      Create a new file called playbook-03.yml in your ansible-practice directory:

      • nano ~/ansible-practice/playbook-03.yml

      Then add the following lines to the new playbook file:

      ~/ansible-practice/playbook-03.yml

      ---
      - hosts: all
        tasks:
          - name: print facts
            debug:
              msg: "IPv4 address: {{ ansible_default_ipv4.address }}"
      

      Save and close the file when you’re done.

      To try this playbook on servers from your inventory file, run ansible-playbook with the same connection arguments you’ve used before when running our first example. Again, we’ll be using an inventory file named inventory and the sammy user to connect to the remote servers:

      • ansible-playbook -i inventory playbook-03.yml -u sammy

      When you run the playbook, you’ll see your remote server’s IPv4 address in the output as expected:

      Output

      ... TASK [print facts] *************************************************************************************************************************************************************************** ok: [server1] => { "msg": "IPv4 address: 203.0.113.10" } ...

      Facts encapsulate important data that you can leverage to better customize your playbooks. To learn more about all the information you can obtain through facts, please refer to the official Ansible documentation.



      Source link

      Understanding Privilege Escalation in Ansible Playbooks



      Part of the Series:
      How To Write Ansible Playbooks

      Ansible is a modern configuration management tool that doesn’t require the use of an agent software on remote nodes, using only SSH and Python to communicate and execute commands on managed servers. This series will walk you through the main Ansible features that you can use to write playbooks for server automation. At the end, we’ll see a practical example of how to create a playbook to automate setting up a remote Nginx web server and deploy a static HTML website to it.

      Just as with regular commands that you execute on a terminal, some tasks will require special privileges in order for Ansible to execute them successfully on your remote nodes.

      It is important to understand how privilege escalation works in Ansible so that you’re able to execute your tasks with appropriate permissions. By default, tasks will run as the connecting user – this might be either root or any regular user with SSH access to the remote nodes in an inventory file.

      To run a command with extended permissions, such as a command that requires sudo, you’ll need to include a become directive set to yes in your play. This can be done either as a global setting valid to all tasks in that play, or as an individual instruction applied per task. Depending on how your sudo user is set up within the remote nodes, you may also need to provide the user’s sudo password. The following example updates the apt cache, a task that requires root permissions.

      Create a new file called playbook-07.yml in your ansible-practice directory:

      • nano ~/ansible-practice/playbook-07.yml

      Then add the following lines to the new playbook file:

      ~/ansible-practice/playbook-07.yml

      ---
      - hosts: all
        become: yes
        tasks:
          - name: Update apt cache
            apt:
              update_cache: yes
      

      Save and close the file when you’re done.

      To run this playbook, you’ll need to include the -K option within the ansible-playbook command. This will make Ansible prompt you for the sudo password for the specified user.

      • ansible-playbook -i inventory playbook-07.yml -u sammy -K

      You can also change which user you want to switch to while executing a task or play. To do that, set the become_user directive to the name of the remote user you want to switch to. This is useful when you have several tasks in a playbook that rely on sudo, but also a few tasks that should run as your regular user.

      The following example defines that all tasks in this play will be executed with sudo by default. This is set at the play level, right after the hosts definition. The first task creates a file on /tmp using root privileges, since that is the default became_user value. The last task, however, defines its own become_user.

      Create a new file called playbook-08.yml in your ansible-practice directory:

      • nano ~/ansible-practice/playbook-08.yml

      Add the following content to the new playbook file:

      ~/ansible-practice/playbook-08.yml

      ---
      - hosts: all
        become: yes
        vars:
          user: "{{ ansible_env.USER }}"
        tasks:
          - name: Create root file
            file:
              path: /tmp/my_file_root
              state: touch
      
          - name: Create user file
            become_user: "{{ user }}"
            file:
              path: /tmp/my_file_{{ user }}
              state: touch
      
      

      Save and close the file when you’re finished.

      The ansible_env.USER fact contains the username of the connecting user, which can be defined at execution time when running the ansible-playbook command with the -u option. Throughout this guide, we’re connecting as sammy:

      • ansible-playbook -i inventory playbook-08.yml -u sammy -K

      Output

      BECOME password: PLAY [all] ********************************************************************************************** TASK [Gathering Facts] ********************************************************************************** ok: [203.0.113.10] TASK [Create root file] ********************************************************************************* changed: [203.0.113.10] TASK [Create user file] ********************************************************************************* changed: [203.0.113.10] PLAY RECAP ********************************************************************************************** 203.0.113.10 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

      When the playbook is finished running, you can log onto the remote node(s) to verify that two new files were created on /tmp, each with different ownership information:

      Output

      -rw-r--r-- 1 root root 0 Apr 14 13:19 /tmp/my_file_root -rw-r--r-- 1 sammy sudo 0 Apr 14 12:07 /tmp/my_file_sammy

      For more detailed information about privilege escalation in Ansible, please refer to the official documentation.



      Source link