Ansible Sample Scripts

Hello Folks!

In this post I will share you some playbooks. Actually, I wrote it before some purposes. You can change it and tweak it :).

1- Apache2 Virtual Host  deployment.

It deploys new Virtual Host configuration, enables configuration and checks syntax. If it is everything is all right then restarts an apache2, otherwise rollback.

#apache2-vhost.yml
---
  - hosts: lubuntu
    tasks:
      - name: copy vhost-lapiba.conf
        template: src=/home/ansible/ansible/templates/lapiba-vhost.conf dest=/etc/apache2/sites-available/lapiba-vhost.conf
        notify:
         - restart apache2
      - name: enable lapiba-vhost
        shell: /usr/sbin/a2ensite lapiba-vhost.conf
      - name: check lapiba-vhost configuration
        register: result
        shell: /usr/sbin/apache2ctl configtest
        ignore_errors: True
      - name: Disable-lapiba-vhost when error occurs
        shell: /usr/sbin/a2dissite lapiba-vhost.conf
        when: result|failed
      - name: remove lapiba-vhost
        file: dest=/etc/apache2/sites-available/lapiba-vhost.conf state=absent
        when: result|failed
      - name: Creates directory
        file: path=/var/www/lapiba state=directory
        when: result|success
      - name: put html files.
        template: src=/home/ansible/ansible/templates/index.html dest=/var/www/lapiba
        when: result|success
    handlers:
     - name: restart apache2
       service: name=apache2 state=restarted
       when: result|success

1.1 Apache Virtual Host Configuration

Minimalist Virtual Host configuration for testing purpose.

<VirtualHost *:80>
DocumentRoot "/var/www/lapiba"
ServerName lapiba
# Other directives here
</VirtualHost>

1.2 Sample index.html for lapiba

Sample index.html for testing virtual host. Do not forget to add labiba in your DNS  A record or /etc/hosts file.

<h1> Hello from LAPIBA<h1>
<h2>Ansible is everywhere</h2>

2 Sample Conditional Script

It pings google.com, if it cannot ping 10.10.10.1 in three times.

---
  - hosts: rhce
    tasks:
      - name: Echo
        shell: ping -c3 10.10.10.1
        register: result
        ignore_errors: True
      - name: Ping google.com
        shell: ping -c3 google.com
        when: result|failed
        #result|failed or success

3. Ansible Copy playbook 

It copies from localhost file /tmp/copy.me to remote host /tmp/hello.me

---
- hosts: rhce
  tasks:
    - name: Copying copy.me file to /tmp/hello.me
      copy: src=/tmp/copy.me dest=/tmp/hello.me

4. Install httpd on CentOS 7

It installs latest version of httpd, allows connections(temporary) to port 80 and starts the httpd process on the remote machine.

---
  - hosts: rhce
    tasks:
      - name: Install httpd
        yum: name=httpd state=latest
      - name: Copy index.html file to /var/www/html
        copy: src=/home/ansible/ansible/index.html dest=/var/www/html mode=0644 owner=root
        notify: restart httpd
      - name: open port 80
        shell: firewall-cmd --add-service=http
    handlers:
      - name: restart httpd
        service: name=httpd state=restarted

5. Replace the line 

It replaces the line GSSAPIAuthentication yes with #GSSAPIAuthentcation no on the remote host.

---
- hosts: rhce
  tasks:
    - replace:
        dest: /etc/ssh/gokay.me
        regexp: "GSSAPIAuthentication yes"
        replace: '#GSSAPIAuthentcation no'

6- Notify and Handlers

… handlers are only fired when certain tasks report changes, and are run at the end of each play:

---
  - hosts: lubuntu
    tasks:
      - name: "copy msg.html"
        template: src=/home/ansible/ansible/templates/template.html dest=/var/www/html/msg.html
        notify:
          - restart apache2
    handlers:
       - name: restart apache2
         service: name=apache2 state=restarted

7. Remove a file

It removes a file on the remote machine.

---
  - hosts: all
    tasks:
      - name: Removing hello.me
        file: dest  =/tmp/hello.me state=absent

8- Catching an Error with an Ansible

Something you suppose an error may not be an error for ansible. So, It is a good way to catch an error manually.  It will failed when no package found.(dadhaproxy in this case.)

---
  - hosts: rhce
    tasks:
      - name: search for package
        shell: yum search dadhaproxy
        register: result
        failed_when: "'No matches' in result.stdout"

9. Replace the line Granular way

It is granular way of replacing the lines. Lets assume that you have different flavors of Linux and each configuration different than other distribution. And you need an OS specific settings ? this playbooks for you, then.  🙂

---
#for ubuntu run it like below without ssh keys.
#ansible-playbook -l ubuntu  -i hosts playbooks/ssh_modify.yml -K -s
  - hosts: all
    tasks:
      - set_fact:
         sshd_ciphers: 'Pseudo Ciphers no ciphers'
         sshd_macs: 'CentOS MACs Pseudo'
        when: ansible_distribution=="CentOS"
      - set_fact:
         sshd_ciphers: 'Ciphers for ubuntu'
         sshd_macs: 'Ubuntu Macs Pseudo'
        when: ansible_distribution=="Ubuntu"
      - name: Update ciphers
        lineinfile:
          dest: /etc/ssh/sshd_template
          state: present
          regexp: '^Ciphers '
          line: 'Ciphers {{ hostvars[ansible_hostname]["sshd_ciphers"] }}'
        tags:
          - cip
      - name: Update MACs
        lineinfile:
          dest: /etc/ssh/sshd_template
          state: present
          regexp: '^MACs '
          line: 'MACs {{ hostvars[ansible_hostname]["sshd_macs"] }}'
        tags:
          - mac

10- Debugging 

Sometimes debugging is good way to troubleshoot an issue. Below debug saved my time. 🙂

---
  - hosts: lubuntu
    tasks:
      - name: check lapiba-vhost configuration
        shell: /usr/sbin/apache2ctl configtest
        register: result
        ignore_errors: True
      - debug:
          msg: Message "{{ result }}"
      - name: ping
        ping:
        when: result|failed

11- Validation with an Ansible

It is good way to validate configuration before, restarting service otherwise you can lock yourself out.

---
  - hosts: rhce
    tasks:
    - template:
        src: /home/ansible/ansible/templates/sshd_config
        dest: /etc/ssh/sshd_config
        owner: root
        group: root
        mode: '0600'
        validate: /usr/sbin/sshd -t -f %s
        backup: yes

 

12 Chek for Specific Update (YUM)

You can check specific RHEL advisory package and can update it.

---
        - hosts: all
          tasks:

                - name: "INFO Checking curl security vulnerabiliy"
                  shell: yum list-security --advisory RHSA-2017:0847
                  register: result
                  changed_when: "'RHSA-2017:0847' in result.stdout"
                  tags:
                   - check

                - name: "UPDATE curl security vulnerabiliy"
                  shell: yum update -y --advisory RHSA-2017:0847
                  tags:
                   - update