Ninja Docs Help

Ansible

Revision

Date

Description

1.0

24.07.2024

Init Changelog

Introduction

Ansible is a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy. More information on the Ansible website.

Design Principles

  • Have an extremely simple setup process with a minimal learning curve.

  • Manage machines quickly and in parallel.

  • Avoid custom-agents and additional open ports, be agentless by leveraging the existing SSH daemon.

  • Describe infrastructure in a language that is both machine and human friendly.

  • Focus on security and easy auditability/review/rewriting of content.

  • Manage new remote machines instantly, without bootstrapping any software.

  • Allow module development in any dynamic language, not just Python.

  • Be usable as non-root.

  • Be the easiest IT automation system to use, ever.

Use Ansible

You can install a released version of Ansible with pip or a package manager. See installation guide for details on installing Ansible on a variety of platforms.

Power users and developers can run the devel branch, which has the latest features and fixes, directly. Although it is reasonably stable, you are more likely to encounter breaking changes when running the devel branch. We recommend getting involved in the Ansible community if you want to run the devel branch.

Inventory

Inventory file contain list of hosts on which will run playbooks. File this has one of formats below:

Example file content:

all: hosts: children: webservers: hosts: foo.example.com: bar.example.com: http_port: 80 maxRequestsPerChild: 808 www[01:50].example.com: http_port: 80 maxRequestsPerChild: 808 dbservers: hosts: one.example.com: two.example.com: ansible_connection: ssh ansible_user: myuser three.example.com:

Example file content:

[webservers] foo.example.com bar.example.com http_port=80 maxRequestsPerChild=808 www[01:50].example.com http_port=80 maxRequestsPerChild=808 [dbservers] one.example.com two.example.com ansible_connection=ssh ansible_user=myuser three.example.com

As you can see:

  • Hosts can be grouped.

  • To every host you can assign some parameters with its values.

  • You can generate hosts list dynamically.

Playbook

Playbook is a single file or group of files with dependency set up. It is created in YAML format. Playbook contains all task definitions with detailed instructions which will run on inventory. Every task is build by module, which works out-of-the-box in Ansible. Every module has great documentation on Ansible Doc pages.

Modules examples:

  • systemctl

  • yum

  • user

  • template

  • copy

  • shell

Some example Playbooks:

--- - name: Create user hosts: all gather_facts: false become: yes tasks: - name: Create a login user user user: name: user password: '$6$mt5jufjj9ygJElCW$WUdf5yp2XbxM5FJjyCQG8k3Tv50lJ3lwMdoTbpCoavFCzA.HY.Ib6SqX9KuHSUfl/1/FWhUtTRMvsyFm7ssOw1' groups: group state: present shell: /bin/bash system: no createhome: yes uid: 1802 home: /home/user - name: Copy SSH key user become: yes authorized_key: key: "{{ lookup('file', '/root/keys/user.pub') }}" user: "user"
--- - name: Install packages hosts: all gather_facts: false become: yes tasks: - name: Install httpd apt: name: httpd state: present - name: Enable and start httpd systemd: name: httpd state: running enabled: yes
--- - name: Shell hosts: all gather_facts: false become: yes tasks: - name: Get uptime copy: src: files/script.sh dest: /tmp/script.sh mode: 0755 owner: root - name: Execute script shell: "/bin/bash /tmp/script.sh"
--- - name: Execute Command hosts: all gather_facts: false become: yes tasks: - name: Get uptime shell: "uptime >> /tmp/uptime.txt"

Templates

One of most useful part of Ansible are Templates. It allows to define template file, which will take values for defined variables in it from Playbook config and create ready-to-go files during run. Template can be defined once, and you can use it with different values on every host in your inventory.

Example template:

My hostname is {{ inventory_hostname }} {{ message }}

Example Playbook to use template above:

--- - name: Template hosts: all vars: message: "Hello from Ansible" gather_facts: false become: yes tasks: - name: Generate template template: src: templates/config.txt.j2 dest: /tmp/template_result.txt

Template above defines two variables:

  • {{ inventory_hostname }} - refers to Ansible global variable, which takes value from hostname define in Inventory file.

  • {{ message }} - refers to user's variable which value is defined in Playbook configuration in vars section.

Handlers

Handlers are task definitions, which run every time they are notify after others tasks run. Best way to describe how Handler works is by analyzing Playbook example:

--- - name: Handlers hosts: all gather_facts: false become: yes handlers: - name: restart httpd systemd: name: httpd state: restarted tasks: - name: Install httpd apt: name: httpd state: present - name: Enable and start httpd systemd: name: httpd state: running enabled: yes - name: Set configuration file copy: src: files/httpd.txt dest: /tmp/httpd.txt notify: - restart httpd

Let's analyze this code:

  1. We define Handler with name restart httpd, which will restart Apache service using systemd module.

  2. We install Apache on host.

  3. We start Apache service and add it to autostart.

  4. We define and copy config file. But at end of this task, we notify block, which will send information to our Handler that after Playbook full run it should restart Apache service.

Now, when we change something in source file in files/httpd.txt and run Playbook, Ansible will change this config file and because of this change - restart httpd Handler will be notified. But if we run Playbook without any change - nothing will happend.

As default, all handlers are run after successful Playbook run. But if we want to run all Handlers earlier, we should add to our Playbook task below:

- name: Flush handlers meta: flush_handlers

How to run Playbook?

Just run command below (it is basic command, for more options check official docs or command manual):

ansible-playbook -K -i ./invenetory playbook.yaml

Where:

  • -K - Ansible ask us for sudo password (this is optional, only if tasks needs root permissions).

  • i - refers to Inventory file path.

  • playbook.yaml - refers to main YAML file with our Playbook.

Dry run

Sometimes we need to only check what Ansible will do or change when we run our Playbook, but we actually do not want to perform any actions on host. To do that, we can use dry-run option. Ansible will run playbook with defined tasks and shows what it will do.

Flags to use dry-run:

  • --check - main option to run dry-run configuration.

  • --diff - universal option (you can use it on normal run), it will show details about changes.

Ad-hoc commands

Ad-hoc commands allows to run Ansible on Inventory without defining Playbook in YAML file. It is useful, when we need to run some commands on lots of hosts fast. Example of usage ad-hoc command:

ansible -i ./hosts all -a "uptime"
Last modified: 17 February 2025
How-to: Restore Terraform state to a previous version1Password