Ansible Sample Scripts
Hello Folks! In this post I will share you some playbooks. Actually, I wrote it before some purposes. You can change it and tweak it :). 1- Apache2 Virtual Host deployment. It deploys new Virtual Host configuration, enables configuration and checks syntax. If it is everything is all right then restarts an apache2, otherwise rollback.
#apache2-vhost.yml
---
- hosts: lubuntu
tasks:
- name: copy vhost-lapiba.conf
template: src=/home/ansible/ansible/templates/lapiba-vhost.conf dest=/etc/apache2/sites-available/lapiba-vhost.conf
notify:
- restart apache2
- name: enable lapiba-vhost
shell: /usr/sbin/a2ensite lapiba-vhost.conf
- name: check lapiba-vhost configuration
register: result
shell: /usr/sbin/apache2ctl configtest
ignore_errors: True
- name: Disable-lapiba-vhost when error occurs
shell: /usr/sbin/a2dissite lapiba-vhost.conf
when: result|failed
- name: remove lapiba-vhost
file: dest=/etc/apache2/sites-available/lapiba-vhost.conf state=absent
when: result|failed
- name: Creates directory
file: path=/var/www/lapiba state=directory
when: result|success
- name: put html files.
template: src=/home/ansible/ansible/templates/index.html dest=/var/www/lapiba
when: result|success
handlers:
- name: restart apache2
service: name=apache2 state=restarted
when: result|success
1.1 Apache Virtual Host Configuration Minimalist Virtual Host configuration for testing purpose.
<VirtualHost *:80>
DocumentRoot "/var/www/lapiba"
ServerName lapiba
# Other directives here
</VirtualHost>
1.2 Sample index.html for lapiba
Sample index.html for testing virtual host. Do not forget to add lapiba in your DNS A record or /etc/hosts file.
<h1> Hello from LAPIBA<h1>
<h2>Ansible is everywhere</h2>
2 Sample Conditional Script It pings google.com, if it cannot ping 10.10.10.1 in three times.
---
- hosts: rhce
tasks:
- name: Echo
shell: ping -c3 10.10.10.1
register: result
ignore_errors: True
- name: Ping google.com
shell: ping -c3 google.com
when: result|failed
#result|failed or success
3. Ansible Copy playbook It copies from localhost file /tmp/copy.me to remote host /tmp/hello.me
---
- hosts: rhce
tasks:
- name: Copying copy.me file to /tmp/hello.me
copy: src=/tmp/copy.me dest=/tmp/hello.me
4. Install httpd on CentOS 7 It installs latest version of httpd, allows connections(temporary) to port 80 and starts the httpd process on the remote machine.
---
- hosts: rhce
tasks:
- name: Install httpd
yum: name=httpd state=latest
- name: Copy index.html file to /var/www/html
copy: src=/home/ansible/ansible/index.html dest=/var/www/html mode=0644 owner=root
notify: restart httpd
- name: open port 80
shell: firewall-cmd --add-service=http
handlers:
- name: restart httpd
service: name=httpd state=restarted
5. Replace the line
It replaces the line GSSAPIAuthentication yeswith #GSSAPIAuthentcation no on the remote host.
---
- hosts: rhce
tasks:
- replace:
dest: /etc/ssh/gokay.me
regexp: "GSSAPIAuthentication yes"
replace: '#GSSAPIAuthentcation no'
6- Notify and Handlers
… handlers are only fired when certain tasks report changes, and are run at the end of each play:
---
- hosts: lubuntu
tasks:
- name: "copy msg.html"
template: src=/home/ansible/ansible/templates/template.html dest=/var/www/html/msg.html
notify:
- restart apache2
handlers:
- name: restart apache2
service: name=apache2 state=restarted
7. Remove a file It removes a file on the remote machine.
---
- hosts: all
tasks:
- name: Removing hello.me
file: dest =/tmp/hello.me state=absent
8- Catching an Error with an Ansible Something you suppose an error may not be an error for ansible. So, It is a good way to catch an error manually. It will failed when no package found.(dadhaproxy in this case.)
---
- hosts: rhce
tasks:
- name: search for package
shell: yum search dadhaproxy
register: result
failed_when: "'No matches' in result.stdout"
9. Replace the line Granular way It is granular way of replacing the lines. Lets assume that you have different flavors of Linux and each configuration different than other distribution. And you need an OS specific settings ? this playbooks for you, then. :)
---
#for ubuntu run it like below without ssh keys.
#ansible-playbook -l ubuntu -i hosts playbooks/ssh\_modify.yml -K -s
- hosts: all
tasks:
- set_fact:
sshd_ciphers: 'Pseudo Ciphers no ciphers'
sshd_macs: 'CentOS MACs Pseudo'
when: ansible_distribution=="CentOS"
- set_fact:
sshd_ciphers: 'Ciphers for ubuntu'
sshd_macs: 'Ubuntu Macs Pseudo'
when: ansible_distribution=="Ubuntu"
- name: Update ciphers
lineinfile:
dest: /etc/ssh/sshd_template
state: present
regexp: '^Ciphers '
line: 'Ciphers {{ hostvars[ansible_hostname]["sshd_ciphers"]}}'
tags:
- cip
- name: Update MACs
lineinfile:
dest: /etc/ssh/sshd_template
state: present
regexp: '^MACs '
line: 'MACs {{ hostvars[ansible_hostname]["sshd_macs"]}}'
tags:
- mac
10- Debugging Sometimes debugging is good way to troubleshoot an issue. Below debug saved my time. :)
---
- hosts: lubuntu
tasks:
- name: check lapiba-vhost configuration
shell: /usr/sbin/apache2ctl configtest
register: result
ignore_errors: True
- debug:
msg: Message "{{ result }}"
- name: ping
ping:
when: result|failed
11- Validation with an Ansible It is good way to validate configuration before, restarting service otherwise you can lock yourself out.
---
- hosts: rhce
tasks:
- template:
src: /home/ansible/ansible/templates/sshd_config
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: '0600'
validate: /usr/sbin/sshd -t -f %s
backup: yes
12 Chek for Specific Update (YUM) You can check specific RHEL advisory package and can update it.
---
- hosts: all
tasks:
- name: "INFO Checking curl security vulnerabiliy"
shell: yum list-security --advisory RHSA-2017:0847
register: result
changed_when: "'RHSA-2017:0847' in result.stdout"
tags:
- check
- name: "UPDATE curl security vulnerabiliy"
shell: yum update -y --advisory RHSA-2017:0847
tags:
- update