5. Playbooks¶
5.1. Concepts¶
5.2. Run¶
ansible <inventory> -m ...ansible-playbookAnsible Tower
5.3. Playbook¶
- name: "Install Nginx"
become: yes
yum:
name: nginx
state: latest
- name: "Update Nginx config"
become: yes
copy:
src: ./data/nginx/nginx.conf
dest: /etc/nginx/nginx.conf
notify:
- restart nginx
- name: Create sites-available directory
become: yes
file: path=/etc/nginx/sites-available state=directory
- name: Create sites-enabled directory
become: yes
file: path=/etc/nginx/sites-enabled state=directory
- name: "Update Nginx default config"
become: yes
copy:
src: ./data/nginx/default
dest: /etc/nginx/sites-available/default
notify:
- restart nginx
- name: "Enable Nginx site config"
become: yes
file:
src: /etc/nginx/sites-available/default
dest: /etc/nginx/sites-enabled/default
state: link
notify:
- restart nginx
- name: Set httpd_can_network_connect flag on and keep it persistent across reboots
become: yes
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
notify:
- restart nginx
- name: restart nginx
service: name=nginx state=restarted
- hosts: webservers
user: root
become: yes
tasks:
- name: add nginx ppa
action: apt_repository repo=ppa:nginx/stable state=present
- name: install common packages needed for python application development
action: apt pkg={{item}} state=installed
with_items:
- libpq-dev
- libmysqlclient-dev
- libxml2-dev
- libxslt1-dev
- mysql-client
- python-dev
- python-setuptools
- python-mysqldb
- build-essential
- git
- nginx
- name: install pip
action: easy_install name=pip
- name: install various libraries with pip
action: pip name={{item}} state=present
with_items:
- uwsgi
handlers:
- name: restart nginx
service: name=nginx state=restarted
5.4. Plays¶
Variables in playbook can be used in templates
Use extension
.j2forJinja2templates
- name: install and start apache
hosts: web
remote_user: myuser
become_method: sudo
become_user: root
vars:
http_port: 80
max_clients: 200
tasks:
- name: install httpd
apt: name=apache2 state=latest
- name: write apache config file
template: src=srv/httpd.j2 dest=/etc/httpd.conf
- name: start httpd
service: name=httpd state=running
handlers:
- name: restart http
service: name=httpd state=restarted
5.5. Tasks¶
- hosts: dbservers
tasks:
- name: allow access from 10.0.0.1
iptables:
chain: INPUT
jump: ACCEPT
source: 10.0.0.1
5.6. Ansible Lint¶
$ pip3 install ansible-lint
$ ansible-lint .
Usage: ansible-lint playbook.yml|roledirectory ...
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-L list all the rules
-q quieter, although not silent output
-p parseable output in the format of pep8
-r RULESDIR specify one or more rules directories using one or
more -r arguments. Any -r flags override the default
rules in ['/path/to/ansible-
lint/lib/ansiblelint/rules'], unless -R is also used.
-R Use default rules ['/path/to/ansible-
lint/lib/ansiblelint/rules'] in addition to any extra
rules directories specified with -r. There is no need
to specify this if no -r flags are used
-t TAGS only check rules whose id/tags match these values
-T list all the tags
-x SKIP_LIST only check rules whose id/tags do not match these
values
--exclude=EXCLUDE_PATHS
path to directories or files to skip. This option is
repeatable.
--force-color Try force colored output (relying on ansible's code)
--nocolor disable colored output
-c /path/to/file Specify configuration file to use. Defaults to
".ansible-lint"
exclude_paths:
- ./my/excluded/directory/
- ./my/other/excluded/directory/
- ./last/excluded/directory/
parseable: true
quiet: true
rulesdir:
- ./rule/directory/
skip_list:
- skip_this_tag
- and_this_one_too
- skip_this_id
- '401'
tags:
- run_this_tag
use_default_rules: true
verbosity: 1