- Lab
- A Cloud Guru
Advanced Features in Ansible Playbooks
There are a number of features unique to Ansible playbooks which provide robust functionality. This exercise explores many of these features in a practical scenario of deploying a web server. Most notably, this exercise deals with confidential data in an Ansible vault and working with tags in Ansible playbooks.
Path Info
Table of Contents
-
Challenge
Use ansible-vault to protect the confidential information.
Use
ansible-vaultto encrypt/home/ansible/confidentialto protect the confidential information stored within using the password "I love ansible".Run
ansible-vault encrypt /home/ansible/confidentialand supply the password "I love ansible". -
Challenge
Create a playbook that deploys httpd on webservers.
Create a playbook in
/home/ansible/webserver.ymlthat deployshttpdon webservers. It should be tagged withbase-installand contain a handler that restarts thehttpddaemon that is flagged by both installation and service manipulation forhttpd.Create the file
/home/ansible/webserver.ymland add the following content:- hosts: webservers become: yes vars_files: - /home/ansible/confidential tasks: - name: install httpd yum: name: httpd state: latest notify: httpd service tags: - base-install handlers: - name: Restart and enable httpd service: name: httpd state: restarted enabled: yes listen: httpd service -
Challenge
Deploy the templates stored on the control node to the webservers group.
Configure
/home/ansible/webserver.ymlto deploy the templates/home/ansible/vhost.conf.j2and/home/ansible/htpasswd.j2stored on the control node to the webservers group.httpdmust restart on config change. The tasks should be taggedvhost.Add the following text to
/home/ansible/webserver.ymljust before the handler section:- name: configure virtual host template: src: /home/ansible/vhost.conf.j2 dest: /etc/httpd/conf.d/vhost.conf notify: httpd service tags: - vhost - name: configure site auth template: src: /home/ansible/htpasswd.j2 dest: /etc/httpd/conf/htpasswd notify: httpd service tags: - vhost -
Challenge
Asynchronously execute data-job on webservers.
Configure
/home/ansible/webserver.ymlto asynchronously execute/opt/data-job.shlocated on webservers with a timeout of 600 seconds and no polling. The task should be tagged withdata-job.Add the following text to
/home/ansible/webserver.ymljust before the handler section: - name: run data job command: /opt/data-job.sh async: 600 poll: 0 tags: - data-job -
Challenge
Execute playbook to verify your playbook works correctly.
Execute playbook
/home/ansible/webserver.ymlto verify your playbook works correctly.Run
ansible-playbook --ask-vault-pass /home/ansible/webserver.ymlfrom the control node providing the vault password "I love ansible".
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
