Ansible tutorial
This tutorial presents presents Ansible step-by-step. step-by-step. You'll You'll need to have a (virtual or physical) physical) machine to act as an Ansible node. A Vagrant environment environment is provided for going through this tutorial. Ansible is a conguration management softare that lets you control and congure nodes from another machine. !hat ma"es it di#erent from other management softare is that Ansible uses (potentially e$isting) %%& infrastructure hile others (hef uppet ...) need a specic *+ infrastructur infrastructure e to be set up. Ansible also emphasises push mode here conguration is pushed from a master machine (a master machine is only a machine here you can %%& to nodes from) to nodes hile most other , typically do it the other ay around (nodes pull their cong at times from a master machine). This mode is really really interesting interesting since you do not need to have a 'publicly' 'publicly' accessible 'master' to be able to congure remote remote nodes it's the nodes that need to be accessible (e'll see later that 'hidden' nodes can pull their conguration too) and most of the time they are. rere/uisites for Ansible
You need the folloing python modules You modules on your machine (the machine machine you run ansible on) •
python-yaml
•
python-0in0a1
2n 3ebian45buntu run sudo apt-get install python-yaml python-0in0a1 python-parami"o python-crypto !e're also assuming you have a "eypair in your 64.ssh directory. +nstalling Ansible 7rom source
Ansible devel branch is alays usable so e'll run straight from a git chec"out. You You might need to install git for this (sudo apt-get install git on 3ebian45buntu). git clone git44github.com4ansible4ansible.git git44github.com4ansible4ansible.git cd .4ansible cd .4ansible
At this point e can load the Ansible environment environment source .4hac"ing4env .4hac"ing4env-setup -setup
7rom a deb pac"age
!hen running from an installed pac"age this is absolutely not necessary. necessary. +f you prefer running from a 3ebian pac"age Ansible provides a ma"e target to build it. You need a fe pac"ages to build the deb sudo apt-get install ma"e fa"eroot cdbs python-support git clone git44github.com4ansible4ansible.git git44github.com4ansible4ansible.git cd .4ansible cd .4ansible ma"e deb sudo dp"g -i ..4ansible89.98all.deb (version may vary)
!e'll assume you're using the deb pac"ages in the rest of this tutorial. loning the tutorial git clone https44github.com4leu https44github.com4leucos4ansible-tuto cos4ansible-tuto.git .git cd ansible-tuto cd ansible-tuto
5sing Vagrant ith the tutorial
+t's highly recommended to use Vagrant Vagrant to follo this tutorial. +f you don't have it already setting up should be /uite easy and is described in step-::4;
Terminology T erminology •
•
•
•
command or action action ansible module li"e module li"e 0ust a shell command. +ntro in step-:1 step-:1.. tas" it's combine an action (a module and its arguments) ith a name and optionally some other "eyords (li"e looping directives). playboo" an yaml le contains roles e$ecuted in se/uence and eventually individual playboo" tas"s. +ntro in step-:= step-:=.. role an organisational unit grouping tas"s together in order to install a piece of softare. role +ntro in step-91 step-91..
>ust in case you ant to s"ip to a specic specic step here is a topic table of contents. •
::. Vagrant %etup
At this point e can load the Ansible environment environment source .4hac"ing4env .4hac"ing4env-setup -setup
7rom a deb pac"age
!hen running from an installed pac"age this is absolutely not necessary. necessary. +f you prefer running from a 3ebian pac"age Ansible provides a ma"e target to build it. You need a fe pac"ages to build the deb sudo apt-get install ma"e fa"eroot cdbs python-support git clone git44github.com4ansible4ansible.git git44github.com4ansible4ansible.git cd .4ansible cd .4ansible ma"e deb sudo dp"g -i ..4ansible89.98all.deb (version may vary)
!e'll assume you're using the deb pac"ages in the rest of this tutorial. loning the tutorial git clone https44github.com4leu https44github.com4leucos4ansible-tuto cos4ansible-tuto.git .git cd ansible-tuto cd ansible-tuto
5sing Vagrant ith the tutorial
+t's highly recommended to use Vagrant Vagrant to follo this tutorial. +f you don't have it already setting up should be /uite easy and is described in step-::4;
Terminology T erminology •
•
•
•
command or action action ansible module li"e module li"e 0ust a shell command. +ntro in step-:1 step-:1.. tas" it's combine an action (a module and its arguments) ith a name and optionally some other "eyords (li"e looping directives). playboo" an yaml le contains roles e$ecuted in se/uence and eventually individual playboo" tas"s. +ntro in step-:= step-:=.. role an organisational unit grouping tas"s together in order to install a piece of softare. role +ntro in step-91 step-91..
>ust in case you ant to s"ip to a specic specic step here is a topic table of contents. •
::. Vagrant %etup
•
:9. ?asic inventory
•
:1. 7irst modules and facts
•
:@. roups and variables
•
:=. layboo"s
•
:B. layboo"s pushing les on nodes
•
:C. layboo"s and failures
•
:D. layboo" conditional conditionals s
•
:E. it module
•
:F. <$tending to several hosts
•
9:. Templates
•
99. Variables again
•
91. ,igrating to roles
•
9@. 5sing tags
•
9=. ;oles dependencies (T?3)
•
9B. 3ebugging (T?3)
•
FF. The end
::. Vagrant %etup +nstalling Vagrant
+n order to run Vagrant Vagrant you need •
Virtual?o$ installed
•
;uby installed (should be on your system already)
•
Vagrant 9.9G installed (see http44docs.vagrantup.com4v14installation4inde$.html ).
This should be all it ta"es ta"es to set up Vagrant. Vagrant.
Ho bootstrap your virtual machines ith the folloing command. Hote that you do not need to donload any Ibo$I manually. This tutorial already includes a Vagrantle to get you up and running and ill get one for you if needed. vagrant up
and go grab yourself a co#ee (note that if you use vagrant-hostmaster you'll need to type your passord since it needs to sudo as root). +f something goes rong refer to Vagrant's etting %tarted uide. autionary tale about Hetor",anager
2n some systems Hetor",anager ill ta"e over vbo$net interfaces and mess everything up. +f you're in this case you should prevent Hetor",anager from trying to autocongure vbo$net interfaces. >ust edit4etc4Hetor",anager4Hetor",anager.conf (or hatever the Hetor",anager cong is on your system) and add in section J"eyleK unmanaged-devicesLmac,A8278V?2MH
Then destroy Vagrant machines restart Hetor",anager and try again. Adding your %%& "eys on the virtual machines
To follo this tutorial you'll need to have your "eys in V,s root's authoriOed8"eys. !hile this is not absolutely necessary (Ansible can use sudo passord authentication etc...) it ill ma"e things ay easier. Ansible is perfect for this and e ill use it for the 0ob. &oever + on't e$plain hat's happening for no. >ust trust me. ansible-playboo" -c parami"o -i step-::4hosts step-::4setup.yml --as"-pass --become
!hen as"ed for passord enter vagrant . +f you get Ionnections refusedI errors please chec" the reall settings of your machine. To polish things up it's better to have an ssh-agent running and add your "eys to it (sshadd). NOTE: !e are assuming that you're using Ansible version v1 on your local machine. +f not you should upgrade ansible to v1 before using this repository
To chec" your ansible version use the command ansible --version . The output should be similar to the above P ansible --version ansible 1.:.:.1
cong le L 4etc4ansible4ansible.cfg congured module search path L 3efault 4o overrides
Ho head to the rst step in step-:9.
:9. ?asic inventory +nventory
?efore continuing you need an inventory le. The default place for such a le is 4etc4ansible4hosts. &oever you can congure ansible to loo" somehere else use an environment variable (AH%+?Q<8&2%T%) or use the -i Rag in ansible commands an provide the inventory path. !e've created an inventory le for you in the directory that loo"s li"e this host:.e$ample.org ansible8hostL9F1.9CE.@@.9: ansible8userLroot host9.e$ample.org ansible8hostL9F1.9CE.@@.99 ansible8userLroot host1.e$ample.org ansible8hostL9F1.9CE.@@.91 ansible8userLroot ansible8host is
a special variable that sets the + ansible ill use hen trying to connect to this host. +t's not necessary here if you use the vagrant-hostmaster gem. Also you'll have to change the +s if you have set up your on virtual machines ith di#erent addresses. ansible8user is
another special variable that tells ansible to connect as this user hen using ssh. ?y default ansible ould use your current username or use another default provided in 64.ansible.cfg (remote8user). Testing
Ho that ansible is installed let's chec" everything or"s properly. ansible -m ping all -i step-:94hosts
!hat ansible ill try to do here is 0ust e$ecuting the ping module (more on modules later) on each host. The output should loo" li"e this host:.e$ample.org S success U IchangedI false IpingI IpongI host9.e$ample.org S success U IchangedI false IpingI IpongI
host1.e$ample.org S success U IchangedI false IpingI IpongI
ood All @ hosts are alive and "ic"ing and ansible can tal" to them. Ho head to ne$t step in directory step-:1.
:1. 7irst modules and facts
Talking with nodes Ho e're good to go. Qet's play ith the command e sa in the previous chapter ansible. This command is the rst one of three that ansible provides hich interact ith nodes.
Doing something useful +n the previous command -m ping means Iuse module pingI. This module is one of many available ith ansible. ping module is really simple it doesn't need any arguments. ,odules that ta"e arguments pass them via -a sitch. Qet's see a fe other modules.
Shell module This module lets you e$ecute a shell command on the remote host ansible -i step-:14hosts -m shell -a 'uname -a' host:.e$ample.org
2utput should loo" li"e host:.e$ample.org S success S rcL: Qinu$ host:.e$ample.org @.1.:-1@-generic-pae W@C-5buntu %, Tue Apr 9: 119F:F 5T 1:91 iCEC iCEC i@EC H54Qinu$
Copy module Ho surprise ith this module you can copy a le from the controlling machine to the node. Qets say e ant to copy our 4etc4motd to 4tmp of our target node ansible -i step-:14hosts -m copy -a 'srcL4etc4motd destL4tmp4' host:.e$ample.org
2utput should loo" similar to
host:.e$ample.org S success U IchangedI true IdestI I4tmp4motdI IgroupI IrootI ImdBsumI Id=9dEcdFEf::b1:=eFE::FFEecfE=1DeI ImodeI I:C==I IonerI IrootI IsiOeI : IsrcI I4root4.ansible4tmp4ansible-9@C1F9:=DB.F-1=CF@D:E9DBD19E4motdI IstateI IleI
Ansible (more accurately copy module e$ecuted on the node) replied bac" a bunch of useful information in >%2H format. !e'll see ho that can be used later. !e'll see other useful modules belo. Ansible has a huge module list that covers almost anything you can do on a system. +f you can't nd the right module riting one is pretty easy (it doesn't even have to be ython it 0ust needs to spea" >%2H).
Many hosts, same command 2" the above stu# is fun but e have many nodes to manage. Qet's try that on other hosts too. Qets say e ant to get some facts about the node and for instance "no hich 5buntu version e have deployed on nodes it's pretty easy ansible -i step-:14hosts -m shell -a 'grep 3+%T;+?8;
return
host1.e$ample.org S success S rcL: 3+%T;+?8;
Many more facts That as easy. &oever +t ould /uic"ly become cumbersome if e anted more information (ip addresses ;A, siOe etc...). The solution comes from another really handy module (eirdly) called setup it specialiOes in node's facts gathering. Try it out ansible -i step-:14hosts -m setup host:.e$ample.org
replies ith lots of information Iansible8factsI U Iansible8all8ipv=8addressesI J I9F1.9CE.:.C:I K Iansible8all8ipvC8addressesI JK Iansible8architectureI I$EC8C=I
Iansible8bios8dateI I:94:941::DI Iansible8bios8versionI I?ochsI ---snip--Iansible8virtualiOation8roleI IguestI Iansible8virtualiOation8typeI I"vmI IchangedI false Iverbose8overrideI true
+t's been truncated for brevity but you can nd many interesting bits in the returned data. You may also lter returned "eys in case you're loo"ing for something specic. 7or instance let's say you ant to "no ho much memory you have on all your hosts easy ith ansible -i step-:14hosts -m setup -a 'lterLansible8memtotal8mb' all host1.e$ample.org S success U Iansible8factsI U Iansible8memtotal8mbI 9ED IchangedI false Iverbose8overrideI true host9.e$ample.org S success U Iansible8factsI U Iansible8memtotal8mbI 9ED IchangedI false Iverbose8overrideI true host:.e$ample.org S success U Iansible8factsI U Iansible8memtotal8mbI 9ED IchangedI false Iverbose8overrideI true
Hotice that hosts replied in di#erent order compared to the previous output. This is because ansible paralleliOes communications ith hosts ?T! hen using the setup module you can use X in the lterL e$pression. +t ill act li"e a shell glob.
Selecting hosts !e sa that all means 'all hosts' but ansible provides a lot of other ays to select hosts •
host:.e$ample.orghost9.e$ample.org ould
run on host:.e$ample.org and
host9.e$ample.org •
hostX.e$ample.org ould
run on all hosts starting ith 'host' and ending ith '.e$ample.org' (0ust li"e a shell glob too)
There are other ays that involve groups e'll see that in step-:@.
:@. roups and variables
rouping hosts &osts in inventory can be grouped arbitrarily. 7or instance you could have a debian group a eb-servers group a production group etc... JdebianK host:.e$ample.org host9.e$ample.org host1.e$ample.org
This can even be e$pressed shorter JdebianK hostJ:1K.e$ample.org
+f you ish to use child groups 0ust dene a JgroupnamechildrenK and add child groups in it. 7or instance let's say e have various Ravors of linu$ running e could organiOe our inventory li"e this JubuntuK host:.e$ample.org JdebianK hostJ91K.e$ample.org Jlinu$childrenK ubuntu debian
rouping of course leverages conguration mutualiOation.
Setting !aria"les You can assign variables to hosts in several places inventory le host vars les group vars les etc... + usually set most of my variables in group4host vars les (more on that later). &oever + often use some variables directly in the inventory le such as ansible8host hich sets the + address for the host. Ansible by default resolves hosts' name hen it attempts to connect via %%&. ?ut hen you're bootstrapping a host it might not have its denitive ip address yet. ansible8host comes in handy here. !hen using ansible-playboo" command (not the regular ansible command) variables can also be set ith --e$tra-vars (or -e) command line sitch. ansible-playboo" command ill be covered in the ne$t step. ansible8port as you can guess has the same function regarding the ssh port ansible ill try to connect at. JubuntuK host:.e$ample.org ansible8hostL9F1.9CE.:.91 ansible8portL1111
Ansible ill loo" for additional variables denitions in group and host variable les. These les ill be searched in directories group8vars and host8vars belo the directory here the main inventory le is located.
The les ill be searched by name. 7or instance using the previously mentioned inventory le host:.e$ample.org variables ill be searched in those les •
group8vars4linu$
•
group8vars4ubuntu
•
host8vars4host:.e$ample.org
+t doesn't matter if those les do not e$ist but if they do ansible ill use them. Ho that e "no the basics of modules inventories and variables let's e$plore the real poer of Ansible ith playboo"s. &ead to step-:=.
:=. layboo"s Ansible playboo"s
layboo" concept is very simple it's 0ust a series of ansible commands (tas"s) li"e the ones e used ith the ansible Q+ tool. These tas"s are targeted at a specic set of hosts4groups. The necessary les for this step should have appeared magically and you don't even have to type them. Apache e$ample (a.".a. Ansible's I&ello !orldI)
!e assume e have the folloing inventory le (let's name it hosts) JebK host9.e$ample.org
and all hosts are debian-li"e. Hote remember you can (and in our e$ercise e do) use ansible8host to set the real + of the host. You can also change the inventory and use a real hostname. +n any case use a non-critical machine to play ith +n the real hosts le e also have ansible8userLroot to cope ith potential di#erent ansible default congurations. Qets build a playboo" that ill install apache on machines in the eb group. - hosts eb tas"s - name +nstalls apache eb server apt p"gLapache1 stateLinstalled update8cacheLtrue
!e 0ust need to say hat e ant to do using the right ansible modules. &ere e're using the apt module that can install debian pac"ages. !e also as" this module to update the pac"age cache. !e also added a name for this tas". !hile this is not necessary it's very informative hen the playboo" runs so it's highly recommended. All in all this as /uite easy You can run the playboo" (lets call it apache.yml) ansible-playboo" -i step-:=4hosts -l host9.e$ample.org step-:=4apache.yml
&ere step-:=4hosts is the inventory le -l limits the run only to host9.e$ample.org and apache.yml is our playboo". !hen you run the above command you should see something li"e QAY JebK XXXXXXXXXXXXXXXXXXXXX AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* J+nstalls apache eb serverK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK QAY ;<A XXXXXXXXXXXXXXXXXXXXX host9.e$ample.org o"L1
changedL9
unreachableL:
failedL:
Hote You might see a co passing by if you have cosay installed. You can get rid of it ith e$port AH%+?Q<8H22!%LI9I if you don't li"e it. Qet's analyse the output one line at a time. QAY JebK XXXXXXXXXXXXXXXXXXXXX
Ansible tells us it's running the play on hosts eb. A play is a suite of ansible instructions related to a host. +f e'd have another -host blah line in our playboo" it ould sho up too (but after the rst play has completed). AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK
;emember hen e used the setup module ?efore each play ansible runs it on necessary hosts to gather facts. +f this is not re/uired because you don't need any info from the host you can 0ust add gather8facts no belo the host entry (same level as tas"s). TA%* J+nstalls apache eb serverK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK
He$t the real stu# our (rst and only) tas" is run and because it says changed e "no that it changed something on host9.e$ample.org. QAY ;<A XXXXXXXXXXXXXXXXXXXXX host9.e$ample.org o"L1
changedL9
unreachableL:
failedL:
7inally ansible outputs a recap of hat happened to tas"s have been run and one of them changed something on the host (our apache tas" setup module doesn't change anything). Ho let's try to run it again and see hat happens P ansible-playboo" -i step-:=4hosts -l host9.e$ample.org step-:=4apache.yml QAY JebK XXXXXXXXXXXXXXXXXXXXX AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* J+nstalls apache eb serverK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK QAY ;<A XXXXXXXXXXXXXXXXXXXXX host9.e$ample.org o"L1
changedL:
unreachableL:
failedL:
Ho changed is ':'. This is absolutely normal and is one of the core feature of ansible the playboo" ill act only if there is something to do. +t's called idempotency and means that you can run your playboo" as many times as you ant you ill alays end up in the same state (ell unless you do craOy things ith the shell module of course but this is beyond ansible's control). ;ening things
%ure our playboo" can install apache server but it could be a bit more complete. +t could add a virtualhost ensure apache is restarted. +t could even deploy our eb site from a git repository. Qets Ima"e it soI &ead to ne$t step in step-:B.
:B. layboo"s pushing les on nodes ;ening apache setup
!e've installed apache no lets set up our virtualhost. ;ening the playboo"
!e need 0ust one virtualhost on our server but e ant to replace the default one ith something more specic. %o e'll have to remove the current (presumably default) virtualhost send our virtualhost activate it and restart apache. Qet's create a directory called les and add our virtualhost conguration for host9.e$ample.org hich e'll call aesome-app ZVirtual&ost XE: 3ocument;oot 4var44aesome-app 2ptions -+nde$es
Ho a /uic" update to our apache playboo" and e're set - hosts eb tas"s - name +nstalls apache eb server apt p"gLapache1 stateLinstalled update8cacheLtrue - name ush default virtual host conguration copy srcLles4aesome-app destL4etc4apache14sites-available4aesome-app modeL:C=: - name 3isable the default virtualhost le destL4etc4apache14sites-enabled4default stateLabsent notify - restart apache - name 3isable the default ssl virtualhost le destL4etc4apache14sites-enabled4default-ssl stateLabsent notify - restart apache - name Activates our virtualhost le srcL4etc4apache14sites-available4aesome-app destL4etc4apache14sites-enabled4aesome-app stateLlin" notify - restart apache handlers - name restart apache service nameLapache1 stateLrestarted
&ere e go P ansible-playboo" -i step-:B4hosts -l host9.e$ample.org step-:B4apache.yml QAY JebK XXXXXXXXXXXXXXXXXXXXX AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* J+nstalls apache eb serverK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK
TA%* Jush default virtual host congurationK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* J3isable the default virtualhostK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* J3isable the default ssl virtualhostK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* JActivates our virtualhostK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK H2T+7+<3 Jrestart apacheK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK QAY ;<A XXXXXXXXXXXXXXXXXXXXX host9.e$ample.org o"LD
changedLB
unreachableL:
failedL:
retty cool !ell thin"ing about it e're getting ahead of ourselves here. %houldn't e chec" that the cong is o" before restarting apache This ay e on't end up interrupting the service if our conguration le is incorrect. Qets do that in step-:C.
:C. layboo"s and failures ;estarting hen cong is correct
!e've installed apache pushed our virtualhost and restarted the server. ?ut hat if e anted the playboo" to restart the server only if the cong is correct Qet's do that. ?ailing out hen things go rong
Ansible has a nifty feature it ill stop all processing if something goes rong. !e'll ta"e advantage of this feature to stop our playboo" if the cong le is not valid. Qet's change our aesome-app virtual host conguration le and brea" it ZVirtual&ost XE: ;ocument3oot 4var44aesome-app 2ptions -+nde$es
As said hen a tas" fails processing stops. %o e'll ensure that the conguration is valid before restarting the server. !e also start by adding our virtualhost before removing the
default virtualhost so a subse/uent restart (possibly done directly on the server) on't brea" apache. Hote that e should have done this in the rst place. %ince e ran our playboo" already the default virtualhost is already deactivated. Hevermind this playboo" might be used on other innocent hosts so let's protect them. - hosts eb tas"s - name +nstalls apache eb server apt p"gLapache1 stateLinstalled update8cacheLtrue - name ush future default virtual host conguration copy srcLles4aesome-app destL4etc4apache14sites-available4 modeL:C=: - name Activates our virtualhost command a1ensite aesome-app - name hec" that our cong is valid command apache1ctl congtest - name 3eactivates the default virtualhost command a1dissite default - name 3eactivates the default ssl virtualhost command a1dissite default-ssl notify - restart apache handlers - name restart apache service nameLapache1 stateLrestarted
&ere e go P ansible-playboo" -i step-:C4hosts -l host9.e$ample.org step-:C4apache.yml QAY JebK XXXXXXXXXXXXXXXXXXXXX AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* J+nstalls apache eb serverK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* Jush future default virtual host congurationK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* JActivates our virtualhostK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* Jhec" that our cong is validK XXXXXXXXXXXXXXXXXXXXX failed Jhost9.e$ample.orgK L UIchangedI true IcmdI JIapache1ctlI IcongtestIK IdeltaI I:::::.:=B:=CI IendI I1:9@-:@-:E 9C:F@1.::1:C@I IrcI 9 IstartI I1:9@-:@-:E 9C:F@9.FBD:9DI stderr %ynta$ error on line 1 of 4etc4apache14sites-enabled4aesome-app +nvalid command ';ocument3oot' perhaps misspelled or dened by a module not included in the server conguration stdout Action 'congtest' failed.
The Apache error log may have more information. 7ATAQ all hosts have already failed -- aborting QAY ;<A XXXXXXXXXXXXXXXXXXXXX host9.e$ample.org o"L=
changedL1
unreachableL:
failedL9
As you can see since apache1ctl returns ith an e$it code of 9 hen it fails ansible is aare of it and stops processing. reat ,mmh not so great in fact... 2ur virtual host has been added anyay. Any subse/uent apache restart ill complain about our cong and bail out. %o e need a ay to catch failures and revert bac". Qet's do that in step-:D.
:D. layboo" conditionals 5sing conditionals
!e've installed apache pushed our virtualhost and restarted the server. ?ut e ant to revert things to a stable state if something goes rong. ;everting hen things go rong
A ord of arning there's no magic here. The previous error as not ansible's fault. +t's not a bac"up system and it can't rollbac" all things. +t's your 0ob to ma"e sure your playboo"s are safe. Ansible 0ust doesn't "no ho to revert the e#ects of a1ensite aesome-app. ?ut if e care to do it it's ell ithin our reach. As said hen a tas" fails processing stops... unless e accept failure (and e should). This is hat e'll do continue processing if there is a failure but only to revert hat e've done. - hosts eb tas"s - name +nstalls apache eb server apt p"gLapache1 stateLinstalled update8cacheLtrue - name ush future default virtual host conguration copy srcLles4aesome-app destL4etc4apache14sites-available4 modeL:C=: - name Activates our virtualhost command a1ensite aesome-app - name hec" that our cong is valid command apache1ctl congtest
register result ignore8errors True - name ;olling bac" - ;estoring old default virtualhost command a1ensite default hen resultSfailed - name ;olling bac" - ;emoving our virtualhost command a1dissite aesome-app hen resultSfailed - name ;olling bac" -
The register "eyord records output from the apache1ctl congtest command (e$it status stdout stderr ...) and hen resultSfailed chec"s if the registered variable ( result) contains a failed status. &ere e go P ansible-playboo" -i step-:D4hosts -l host9.e$ample.org step-:D4apache.yml QAY JebK XXXXXXXXXXXXXXXXXXXXX AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* J+nstalls apache eb serverK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* Jush future default virtual host congurationK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* JActivates our virtualhostK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* Jhec" that our cong is validK XXXXXXXXXXXXXXXXXXXXX failed Jhost9.e$ample.orgK L UIchangedI true IcmdI JIapache1ctlI IcongtestIK IdeltaI I:::::.:B9ED=I IendI I1:9@-:@-9: 9:B:9D.D9=9:BI IrcI 9 IstartI I1:9@-:@-9: 9:B:9D.CC11@9I stderr %ynta$ error on line 1 of 4etc4apache14sites-enabled4aesome-app +nvalid command ';ocument3oot' perhaps misspelled or dened by a module not included in the server conguration stdout Action 'congtest' failed. The Apache error log may have more information. ...ignoring
TA%* J;olling bac" - ;estoring old default virtualhostK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* J;olling bac" - ;emoving our virtualhostK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* J;olling bac" -
changedL=
unreachableL:
failedL9
%eemed to or" as e$pected. Qet's try to restart apache to see if it really or"ed P ansible -i step-:D4hosts -m service -a 'nameLapache1 stateLrestarted' host9.e$ample.org host9.e$ample.org S success U IchangedI true InameI Iapache1I IstateI IstartedI
2" no our apache is safe from misconguration here. !hile this sounds li"e a lot of or" it isn't. ;emember you can use variables almost everyhere so it's easy to ma"e this a general playboo" for apache and use it everyhere to deploy your virtualhosts. !rite it once use it everyhere. !e'll do that in step F but for no let's deploy our eb site using git in step-:E.
:E. it module 3eploying our ebsite from git
!e've installed apache pushed our virtualhost and restarted the server safely. Ho e'll use the git module to deploy our application. The git module
!ell this is a "ind of brea". Hothing necessarily ne here. The git module is 0ust another module. ?ut e'll try it out 0ust for fun. And e'll be familiar ith it hen it comes to ansible-pull later on. 2ur virtualhost is set but e need a fe changes to nish our deployment. 7irst e're deploying a & application. %o e need to install the libapache1-mod-phpB pac"age. %econd e have to install git since the git module (used to clone our application's git repository) uses it.
!e could do it li"e this ... - name +nstalls apache eb server apt p"gLapache1 stateLinstalled update8cacheLtrue - name +nstalls phpB module apt p"gLlibapache1-mod-phpB stateLinstalled - name +nstalls git apt p"gLgit stateLinstalled ...
but Ansible provides a more readable ay to rite this. Ansible can loop over a series of items and use each item in an action li"e this - hosts eb tas"s - name 5pdates apt cache apt update8cacheLtrue - name +nstalls necessary pac"ages apt p"gLUU item stateLlatest ith8items - apache1 - libapache1-mod-phpB - git - name ush future default virtual host conguration copy srcLles4aesome-app destL4etc4apache14sites-available4 modeL:C=: - name Activates our virtualhost command a1ensite aesome-app - name hec" that our cong is valid command apache1ctl congtest register result ignore8errors True - name ;olling bac" - ;estoring old default virtualhost command a1ensite default hen resultSfailed - name ;olling bac" - ;emoving out virtualhost command a1dissite aesome-app hen resultSfailed - name ;olling bac" -
notify - restart apache handlers - name restart apache service nameLapache1 stateLrestarted
&ere e go P ansible-playboo" -i step-:E4hosts -l host9.e$ample.org step-:E4apache.yml QAY JebK XXXXXXXXXXXXXXXXXXXXX AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* J5pdates apt cacheK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* J+nstalls necessary pac"agesK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK L (itemLapache1libapache1-mod-phpBgit) TA%* Jush future default virtual host congurationK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* JActivates our virtualhostK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* Jhec" that our cong is validK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK TA%* J;olling bac" - ;estoring old default virtualhostK XXXXXXXXXXXXXXXXXXXXX s"ipping Jhost9.e$ample.orgK TA%* J;olling bac" - ;emoving out virtualhostK XXXXXXXXXXXXXXXXXXXXX s"ipping Jhost9.e$ample.orgK TA%* J;olling bac" -
unreachableL:
failedL:
You can no brose to http449F1.9CE.@@.99 and it should display a "itten and the server hostname.
Hote the tags deploy line allos you to e$ecute 0ust a part of the playboo". Qet's say you push a ne version for your site. You ant to speed up and e$ecute only the part that ta"es care of deployment. Tags allos you to do it. 2f course IdeployI is 0ust a string it doesn't have any specic meaning and can be anything. Qet's see ho to use it P ansible-playboo" -i step-:E4hosts -l host9.e$ample.org step-:E4apache.yml -t deploy M99 forarding re/uest failed on channel : QAY JebK XXXXXXXXXXXXXXXXXXXXX AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK TA%* J3eploy our aesome applicationK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK QAY ;<A XXXXXXXXXXXXXXXXXXXXX host9.e$ample.org o"L1
changedL9
unreachableL:
failedL:
2" let's deploy another eb server in step-:F.
:F. <$tending to several hosts Adding another !ebserver
!e have one eb server. Ho e ant to. 5pdating the inventory
%ince e have big e$pectations e'll add another eb server and a load balancer e'll congure in the ne$t step. ?ut let's complete the inventory no. JebK host9.e$ample.org ansible8hostL9F1.9CE.@@.99 ansible8userLroot host1.e$ample.org ansible8hostL9F1.9CE.@@.91 ansible8userLroot Jhapro$yK host:.e$ample.org ansible8hostL9F1.9CE.@@.9: ansible8userLroot
;emember e're specifying ansible8host here because the host has a di#erent + than e$pected (or can't be resolved). You could add these hosts in your 4etc4hosts and not have to orry or use real host names (hich is hat you ould do in a classic situation). ?uilding another eb server
!e didn't do all this or" for nothing. 3eploying another eb server is dead simple P ansible-playboo" -i step-:F4hosts step-:F4apache.yml QAY JebK XXXXXXXXXXXXXXXXXXXXX
AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost1.e$ample.orgK o" Jhost9.e$ample.orgK TA%* J5pdates apt cacheK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK o" Jhost1.e$ample.orgK TA%* J+nstalls necessary pac"agesK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK L (itemLapache1libapache1-mod-phpBgit) changed Jhost1.e$ample.orgK L (itemLapache1libapache1-mod-phpBgit) TA%* Jush future default virtual host congurationK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK changed Jhost1.e$ample.orgK TA%* JActivates our virtualhostK XXXXXXXXXXXXXXXXXXXXX changed Jhost1.e$ample.orgK changed Jhost9.e$ample.orgK TA%* Jhec" that our cong is validK XXXXXXXXXXXXXXXXXXXXX changed Jhost1.e$ample.orgK changed Jhost9.e$ample.orgK TA%* J;olling bac" - ;estoring old default virtualhostK XXXXXXXXXXXXXXXXXXXXX s"ipping Jhost9.e$ample.orgK s"ipping Jhost1.e$ample.orgK TA%* J;olling bac" - ;emoving out virtualhostK XXXXXXXXXXXXXXXXXXXXX s"ipping Jhost9.e$ample.orgK s"ipping Jhost1.e$ample.orgK TA%* J;olling bac" -
unreachableL: unreachableL:
failedL: failedL:
All e had to do as remove -l host9.e$ample.org from our command line. ;emember -l is a sitch that limits the playboo" run on specic hosts. Ho that e don't limit anymore it ill run on all hosts here the playboo" is intended to run on (i.e. eb).
+f e had other servers in group eb but anted to limit the playboo" to a subset e could have used for instance -l rsthostsecondhost... . Ho that e have this nice farm of eb servers let's turn it into a cluster by putting a load balancer in front of them in step-9:.
9:. Templates Templates
!e'll use the hapro$y as loadbalancer. 2f course install is 0ust li"e e did for apache. ?ut no conguration is a bit more tric"y since e need to list all eb servers in hapro$y's conguration. &o can e do that &Aro$y conguration template
Ansible uses >in0a1 a templating engine for ython. !hen you rite >in0a1 templates you can use any variable dened by Ansible. 7or instance if you ant to output the inventory8name of the host the template is currently built for you 0ust can rite UU inventory8hostname in the >in0a template. 2r if you need the + of the rst ethernet interface (hich ansible "nos than"s to the setup module) you 0ust rite UU ansible8eth9J'ipv='KJ'address'K in your template. >in0a1 templates also support conditionals for-loops etc... Qet's ma"e a templates4 directory and create a >in0a template inside. !e'll call it hapro$y.cfg.01. !e use the .01 e$tension by convention to ma"e it obvious that this is a >in0a1 template but this is not necessary. global daemon ma$conn 1BC defaults mode http timeout connect B:::ms timeout client B::::ms timeout server B::::ms listen cluster bind UU ansible8eth9J'ipv='KJ'address'K E: mode http stats enable balance roundrobin U[ for bac"end in groupsJ'eb'K [ server UU hostvarsJbac"endKJ'ansible8hostname'K UU hostvarsJbac"endKJ'ansible8eth9'KJ'ipv='K J'address'K chec" port E:
U[ endfor [ option httpch" &
!e have many ne things going on here. 7irst UU ansible8eth9J'ipv='KJ'address'K ill be replaced by the + of the load balancer on eth9. Then e have a loop. This loop is used to build the bac"end servers list. +t ill loop over every host listed in the JebK group (and put this host in the bac"end variable). 7or each of the hosts it ill render a line using host's facts. All hosts' facts are e$posed in the hostvars variable so it's easy to access another host variables (li"e its hostname or in this case +). !e could have ritten the host list by hand since e have only 1 of them. ?ut e're hoping that the server ill be very successful and that e'll need a hundred of them. Thus adding servers to the conguration or sapping some out boils don to adding or removing hosts from the JebK group. &Aro$y playboo"
!e've done the most di\cult part of the 0ob. !riting a playboo" to install and congure &Apro$y is a breeOe - hosts hapro$y tas"s - name +nstalls hapro$y load balancer apt p"gLhapro$y stateLinstalled update8cacheLyes - name ushes conguration template srcLtemplates4hapro$y.cfg.01 destL4etc4hapro$y4hapro$y.cfg modeL:C=: onerLroot groupLroot notify - restart hapro$y - name %ets default starting Rag to 9 lineinle destL4etc4default4hapro$y rege$pLI]
Qoo"s familiar isn't it The only ne module here is template hich has the same arguments as copy. !e also restrict this playboo" to the group hapro$y. And no... let's try this out. %ince our inventory contains only hosts necessary for the cluster e don't need to limit the host list and can even run both playboo"s. !ell to tell the truth e must run both of them at the same time since the hapro$y playboo" re/uires facts from the to ebservers. +n step-99 e'll sho ho to avoid this.
P ansible-playboo" -i step-9:4hosts step-9:4apache.yml step-9:4hapro$y.yml QAY JebK XXXXXXXXXXXXXXXXXXXXX AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK o" Jhost1.e$ample.orgK TA%* J5pdates apt cacheK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK o" Jhost1.e$ample.orgK TA%* J+nstalls necessary pac"agesK XXXXXXXXXXXXXXXXXXXXX o" Jhost9.e$ample.orgK L (itemLapache1libapache1-mod-phpBgit) o" Jhost1.e$ample.orgK L (itemLapache1libapache1-mod-phpBgit) TA%* Jush future default virtual host congurationK XXXXXXXXXXXXXXXXXXXXX o" Jhost1.e$ample.orgK o" Jhost9.e$ample.orgK TA%* JActivates our virtualhostK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK changed Jhost1.e$ample.orgK TA%* Jhec" that our cong is validK XXXXXXXXXXXXXXXXXXXXX changed Jhost9.e$ample.orgK changed Jhost1.e$ample.orgK TA%* J;olling bac" - ;estoring old default virtualhostK XXXXXXXXXXXXXXXXXXXXX s"ipping Jhost9.e$ample.orgK s"ipping Jhost1.e$ample.orgK TA%* J;olling bac" - ;emoving out virtualhostK XXXXXXXXXXXXXXXXXXXXX s"ipping Jhost9.e$ample.orgK s"ipping Jhost1.e$ample.orgK TA%* J;olling bac" -
unreachableL: unreachableL:
failedL: failedL:
QAY Jhapro$yK XXXXXXXXXXXXXXXXXXXXX AT&<;+H 7AT% XXXXXXXXXXXXXXXXXXXXX o" Jhost:.e$ample.orgK TA%* J+nstalls hapro$y load balancerK XXXXXXXXXXXXXXXXXXXXX changed Jhost:.e$ample.orgK TA%* Jushes congurationK XXXXXXXXXXXXXXXXXXXXX changed Jhost:.e$ample.orgK TA%* J%ets default starting Rag to 9K XXXXXXXXXXXXXXXXXXXXX changed Jhost:.e$ample.orgK H2T+7+<3 Jrestart hapro$yK XXXXXXXXXXXXXXXXXXXXX changed Jhost:.e$ample.orgK QAY ;<A XXXXXXXXXXXXXXXXXXXXX host:.e$ample.org o"LB
changedL=
unreachableL:
failedL:
Qoo"s good. Ho head to http449F1.9CE.@@.9:4 and see the result. Your cluster is deployed you can even pee" at &Aro$y's statistics at http449F1.9CE.@@.9:4hapro$ystats. Ho on to the ne$t chapter about IVariables againI in step-99.
99. Variables again Variables again
%o e've setup our loadbalancer and it or"s /uite ell. !e grabbed variables from facts and used them to build the conguration. ?ut Ansible also supports other "inds of variables. !e already sa ansible8host in inventory but no e'll use variables dened in host8vars and group8vars les. 7ine tuning our &Aro$y conguration
&Aro$y usually chec"s if the bac"ends are alive. !hen a bac"end seems dead it is removed from the bac"end pool and &Apro$y doesn't send re/uests to it anymore. ?ac"ends can also have di#erent eights (beteen : and 1BC). The higher the eight the higher number of connections the bac"end ill receive compared to other bac"ends. +t's useful to spread tra\c more appropriately if nodes are not e/ually poerful. !e'll use variables to congure all these parameters. roup vars
The chec" interval ill be set in a group8vars le for hapro$y. This ill ensure all hapro$ies ill inherit from it. !e 0ust need to create the le group8vars4hapro$y belo the inventory directory. The le has to be named after the group you ant to dene the variables for. +f e anted to dene variables for the eb group the le ould be named group8vars4eb. hapro$y8chec"8interval @::: hapro$y8stats8soc"et 4tmp4soc"
The name is arbitrary. ,eaningful names are recommended of course but there is no re/uired synta$. You could even use comple$ variables (a.".a. ython dict) li"e this hapro$y chec"8interval @::: stats8soc"et 4tmp4soc"
This is 0ust a matter of taste. omple$ vars can help group stu# logically. They can also under some circumstances merge subse/uently dened "eys (note hoever that this is not the default ansible behaviour). 7or no e'll 0ust use simple variables. &osts vars
&osts vars follo e$actly the same rules but live in les under host8vars directory. Qet's dene eights for our bac"ends in host8vars4host9.e$ample.com hapro$y8bac"end8eight 9::
and host8vars4host1.e$ample.com hapro$y8bac"end8eight 9B:
+f e'd dene hapro$y8bac"end8eight in group8vars4eb it ould be used as a 'default' variables dened in host8vars les overrides varibles dened in group8vars. 5pdating the template
The template must be updated to use these variables. global daemon ma$conn 1BC U[ if hapro$y8stats8soc"et [ stats soc"et UU hapro$y8stats8soc"et U[ endif [ defaults mode http timeout connect B:::ms timeout client B::::ms
timeout server B::::ms listen cluster bind UU ansible8eth9J'ipv='KJ'address'K E: mode http stats enable balance roundrobin U[ for bac"end in groupsJ'eb'K [ server UU hostvarsJbac"endKJ'ansible8hostname'K UU hostvarsJbac"endKJ'ansible8eth9'KJ'ipv='K J'address'K chec" inter UU hapro$y8chec"8interval eight UU hostvarsJbac"endK J'hapro$y8bac"end8eight'K port E: U[ endfor [ option httpch" &
Hote that e also introduced an U[ if ... bloc". This bloc" enclosed ill only be rendered if the test is true. %o if e denehapro$y8stats8soc"et somehere for our loadbalancer (e might even use the --e$tra-varsLIhapro$y8stats8soc"etsL4tmp4soc"I at the command line) the enclosed line ill appear in the generated conguration le (note that the suggested setup is highly insecure). Qet's go ansible-playboo" -i step-994hosts step-994hapro$y.yml
Hote that hile e could it's not necessary to run the apache playboo" since nothing changed but e had to cheat a bit for that. &ere is the updated hapro$y playboo" - hosts eb - hosts hapro$y tas"s - name +nstalls hapro$y load balancer apt p"gLhapro$y stateLinstalled update8cacheLyes - name ushes conguration template srcLtemplates4hapro$y.cfg.01 destL4etc4hapro$y4hapro$y.cfg modeL:C=: onerLroot groupLroot notify - restart hapro$y - name %ets default starting Rag to 9 lineinle destL4etc4default4hapro$y rege$pLI]
%ee !e added an empty play for eb hosts at the top. +t does nothing. ?ut it's here because it ill trigger facts gathering on hosts in group eb. This is re/uired because the hapro$y playboo" needs to pic" facts from hosts in this group. +f e don't do this ansible ill complain saying that ansible8eth9 "ey doesn't e$ist. Ho on to the ne$t chapter about I,igrating to ;olesI in step-91.
91. ,igrating to roles ,igrating to roles
Ho that our playboo" is done let's refactor everything !e'll replace our plays ith roles. ;oles are 0ust a ne ay of organiOing les but bring interesting features. + on't go into great lengths here since they're listed in Ansible's documentation but my favorite is probably roles dependencies role ? can depend on another role A. Thus hen applying role ? role A ill automatically be applied too. !e'll see this in the ne$t chapter but for no let's refactor our playboo" to use roles. ;oles structures
;oles add a bit of ImagicI to Ansible they assume a specic le organiOation. !hile there is a suggested layout regarding roles you can organiOe things the ay you ant using includes. &oever role's conventions help building modular playboo"s and house"eeping ill be much simpler. ;ubyists ould call this Iconvention over congurationI. The le layout for roles loo"s li"e this roles S S8some8role S S8defaults S S S S8main.yml S S8... S S8les S S S S8le9 S S8... S S8handlers S S S S8main.yml S S8some8other8le.yml S S8 ... S S8meta S S S S8main.yml S S8some8other8le.yml S S8 ... S S8tas"s S S S S8main.yml S S8some8other8le.yml S S8 ...
S S8templates S S S S8template9.01 S S8... S S8vars S S8main.yml S8some8other8le.yml S8 ...
^uite simple. The les named main.yml are not mandatory. &oever hen they e$ist roles ill add them to the play automatically. You can use this le to include other tas"s handlers ... in the play. !e'll see that in a minute. Hote that there is also a vars and a meta directory. vars is used hen you ant to put a bunch of variables regarding the roles. &oever + don't li"e setting vars in roles (or plays) directly. + thin" variables belong to conguration hile plays are the structure. +n other ords + see plays and roles as a factory and data as inputs to this factory. %o + really prefer to have IdataI (e.g. variables) outside roles and play. This ay + can share my roles more easily ithout orrying about e$posing too much about my servers. ?ut that's 0ust a personal preference. Ansible 0ust lets you do it the ay you ant. ?ut you have some vars that you hardly ant to change. 7or instance if you have a role for ngin$ that pulls the .deb pac"age from a A you might ant to add the A address in vars4main.yml. +t is something that you can congure but that ill be mostly static FF[ of the time. 5sing vars ill let you pull out this information out of your role ma"ing it more generic. ?ut really this is a matter of taste. &oever for real vars (e.g. things you ould li"e to use in a conguration le generated by a template) you can set defaults for roles and this is a recommended practice. 5sing sane defaults ensures your role alays or". 7or instance you could set the number of pre-for"ed servers for your apache server. The best place to put the defaults is... you guessed it the defaultsdirectory. The meta directory is here you can add dependencies and it's really a neat feature. !e'll see that later. Hote that roles sit in the roles directory hich is also cool since it ill reduce top level ansible playboo" clutter. ?ut you can congure Ansible to use an alternate directory to store role (see roles8path variable in ansible.cfg). This ay you can setup a 'central place ' for all your roles and use them in all your playboo"s. reating the Apache role
2" no that e "no the re/uired layout e can create our apache role from our apache playboo".
The steps re/uired are really simple •
create the roles directory and apache role layout
•
e$tract the apache handler into roles4apache4handlers4main.yml
•
move the apache conguration le aesome-app into roles4apache4les4
•
create a role playboo"
reating the role layout
This is hat has been done to convert step-99 apache les into a role m"dir -p step-914roles4apache4Utas"shandlersles
Ho e need to copy the tas"s from apache.yml to main.yml so this le loo"s li"e this - name 5pdates apt cache apt update8cacheLtrue - name +nstalls necessary pac"ages apt p"gLUU item stateLlatest ith8items - apache1 - libapache1-mod-phpB - git ... - name 3eactivates the default ssl virtualhost command a1dissite default-ssl notify - restart apache
The le is not fully reproduced but it is e$actly the content of apache.yml beteen tas"s and handlers. Hote that e also have to remove references to les4 and templates4 directories in tas"s. %ince e're using the roles structure Ansible ill loo" for them in the right directories. <$tracting the handler
!e can e$tract the handlers part and create step-914roles4apache4handlers4main.yml - name restart apache service nameLapache1 stateLrestarted
,oving the conguration le
As simple as
cp step-994les4aesome-app step-914roles4apache4les4
At this point the apache role is fully or"ing but e need a ay to invo"e it. reate a role playboo"
Qet's create a top level playboo" that e'll use to map hosts and host groups to roles. !e'll call it site.yml since our goal is to have our site-ide conguration in it. !hile e're at it e'll include hapro$y in it too - hosts eb roles - U role apache - hosts hapro$y roles - U role hapro$y
That asn't too hard. Ho let's create the hapro$y role m"dir -p step-914roles4hapro$y4Utas"shandlerstemplates cp step-994templates4hapro$y.cfg.01 step-914roles4hapro$y4templates4
then e$tract the handler and remove reference to templates4. !e can try out our ne playboo" ith ansible-playboo" -i step-914hosts step-914site.yml
+f eveything goes ell e should end up ith a happy IQAY ;<AI li"e this one host:.e$ample.org host9.e$ample.org host1.e$ample.org
o"LB changedL1 unreachableL: failedL: o"L9: changedLB unreachableL: failedL: o"L9: changedLB unreachableL: failedL:
You may have noticed that running all roles in site.yml can ta"e a long time. !hat if you only anted to push changes to eb This is also easy ith the limit Rag ansible-playboo" -i step-914hosts -l eb step-914site.yml
This concludes our migration to roles. +t as /uite easy and adds a bunch of features to our playboo" that e'll use in a future step. +n step-9@ e ill see ho e can use tags to select hich parts of our playboo" e ant to run.
9@. 5sing tags
