Ansible/Playbooks: Difference between revisions

From charlesreid1
Line 5: Line 5:
* [https://charlesreid1.com/wiki/Ansible/Nginx_Playbook#Ansible_Playbook_Example_1:_Nginx_Server_Playbook Example 1: nginx server playbook]
* [https://charlesreid1.com/wiki/Ansible/Nginx_Playbook#Ansible_Playbook_Example_1:_Nginx_Server_Playbook Example 1: nginx server playbook]
* [https://charlesreid1.com/wiki/Ansible/Nginx_Playbook#Ansible_Playbook_Example_2:_Secure_Nginx_Server_Playbook Example 2: secure nginx server playbook]
* [https://charlesreid1.com/wiki/Ansible/Nginx_Playbook#Ansible_Playbook_Example_2:_Secure_Nginx_Server_Playbook Example 2: secure nginx server playbook]
This page walks through a procedure resulting in the following files:
<pre>
    playbooks/ansible.cfg
    playbooks/hosts
    playbooks/Vagrantfile
    playbooks/web-notls.yml
    playbooks/web-tls.yml
    playbooks/files/nginx.key
    playbooks/files/nginx.crt
    playbooks/files/nginx.conf
    playbooks/templates/index.html.j2
    playbooks/templates/nginx.conf.j2
</pre>
==Before you begin: Vagrant configuration==
This assumes we will be setting up a Ubuntu machine using Vagrant. (See [[Vagrant]] page for steps.)
Before starting, we want to remap some ports.
We want to arrange the Vagrant machine so that we map the local port 8080 to the vagrant machine's port 80, and map the local port 8443 to the vagrant machine's port 443.
The Vagrantfile is a Ruby file that specifies how to start up and set up the Vagrant boxes. The Vagrantfile should be modified as follows:
<pre>
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "ubuntu/xenial64"
  config.vm.network "forwarded_port", guest: 80, host: 8080
  config.vm.network "forwarded_port", guest: 443, host: 8443
end
</pre>
Now instruct vagrant to reload from the Vagrantfile:
<pre>
$ vagrant reload
==> default: Forwarding ports...
    default: 80 => 8080 (adapter 1)
    default: 443 => 8443 (adapter 1)
    default: 22 => 2222 (adapter 1)
</pre>
==Creating a simple playbook==
The following simple playbook will set up an nginx web server on our fresh Ubuntu machine.
===The Pieces===
Here are the pieces in our playbook:
* The playbook itself (YAML file)
* nginx configuration file
* nginx HTML templates
* Create Ansible group webservers
===The Playbook: YAML file===
Here is a simple playbook for our secure nginx server:
'''<code>web-notls.yml</code>:'''
<pre>
- name: Configure webserver with nginx
  hosts: webservers
  become: True
  tasks:
    - name: install nginx
      apt: name=nginx update_cache=yes
    - name: copy nginx config file
      copy: src=files/nginx.conf dest=/etc/nginx/sites-available/default
    - name: enable configuration
      file: >
        dest=/etc/nginx/sites-enabled/default
        src=/etc/nginx/sites-available/default
        state=link
    - name: copy index.html
      template: src=templates/index.html.j2 dest=/usr/share/nginx/html/index.html
        mode=0644
    - name: restart nginx
      service: name=nginx state=restarted
</pre>
Required files: <code>/etc/nginx/sites-available/default</code>, <code>/usr/share/nginx/html/index.html</code>
YAML truth-y values: <code>true, True, TRUE, yes, Yes, YES, on, On, ON, y, Y</code>
YAML false-y values: <code>false, False, FALSE, no, No, NO, off, Off, OFF, n, N</code>
===nginx config file===
Here is the corresponding nginx configuration file, which we put in <code>files/nginx.conf</code>:
'''files/nginx.conf:'''
<pre>
server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;
        root /usr/share/nginx/html;
        index index.html index.htm;
        server_name localhost;
        location / {
                try_files $uri $uri/ =404;
        }
}
</pre>
===nginx index html page===
Likewise, we want to create an index page for nginx to serve up, and we want to put template files into the playbook directory, in the templates subdirectory.
(NOTE: .j2 extension means it is a Jinja 2 template)
'''playbooks/templates/index.html.j2'''
<pre>
<html>
  <head>
    <title>Welcome to ansible</title>
  </head>
  <body>
  <h1>nginx, configured by Ansible</h1>
  <p>If you can see this, Ansible successfully installed nginx.</p>
  <p>Running on {{ inventory_hostname }}</p>
  </body>
</html>
</pre>
===Creating webservers Ansible group===
We will create a <code>webservers</code> Ansible group in the inventory file and refer to this group in the Ansible playbook.
In the playbooks/hosts file the "myvagrantbox" line is put under the heading <code>[webservers]</code>:
'''<code>playbooks/hosts</code>'''
<pre>
[webservers]
myvagrantbox ansible_host=127.0.0.1 ansible_port=2222
</pre>
Now test it out: ping the webservers group with a single command:
<pre>
$ ansible webservers -m ping
</pre>
Output:
<pre>
testserver | success >> {
    "changed": false,
    "ping": "pong"
}
</pre>
==Running a simple playbook==
The <code>ansible-playbook</code> command is used to execute playbooks:
<pre>
ansible-playbook web-notls.yml
</pre>
Alternatively, to run a playbook directly, use the shebang line:
<pre>
#!/usr/bin/env ansible-playbook
</pre>
Then execute it directly:
<pre>
./web-notls.yml
</pre>
==Anatomy of example playbook==
Let's examine the example playbook in detail.
===Plays===
A playbook is a list of plays.
Every play has:
* a set of hosts to configure
* a set of tasks to run on those hosts
* the play is the thing that connects hosts to tasks
Optional play settings:
* name - a comment that describes what the play is about
* become - if true, Ansible will run each task by becoming the root user (useful for Ubuntu, where ssh as root is disabled by default)
* vars - list of variables and values
In our example, the play is this entire section:
<pre>
- name: Configure webserver with nginx
  hosts: webservers
  become: True
  tasks:
    - name: install nginx
      apt: name=nginx update_cache=yes
    - name: copy nginx config file
      copy: src=files/nginx.conf dest=/etc/nginx/sites-available/default
    - name: enable configuration
      file: >
        dest=/etc/nginx/sites-enabled/default
        src=/etc/nginx/sites-available/default
        state=link
    - name: copy index.html
      template: src=templates/index.html.j2
              dest=/usr/share/nginx/html/index.html mode=0644
    - name: restart nginx
      service: name=nginx state=restarted
</pre>
===Tasks===
The tasks are the actions that are performed when the play is run.
The first task is to install nginx:
<pre>
- name: install nginx
  apt: name=nginx update_cache=yes
</pre>
This can also be written without the optional name parameter,
<pre>
- apt: name=nginx update_cache=yes
</pre>
Can also fold over multiple lines using <code>></code>:
<pre>
- name: install nginx
  apt: >
      name=nginx
      update_cache=yes
</pre>
Actions in tasks are composed of modules.
===Modules===
There are lots of useful modules that come with Ansible that can be used from playbooks.
* apt - installs/removes packages using aptitude package manager
* copy - copies files from local machine to host
* file - sets attributes of files/symlinks/directories
* service - starts/stops/restarts a service
* template - generates a file from a template and copies it to the hosts


=Flags=
=Flags=

Revision as of 02:25, 7 November 2018

Example: Secure Nginx Server

Ansible/Nginx_Playbook - a page that walks through two example playbooks

Flags

Retrieved from "https://charlesreid1.com/w/index.php?title=Ansible/Playbooks&oldid=25221"