A list of dictionaries! Or, more specifically, a list of plays. A playbook should contain:
- A set of hosts to configure
- A list of tasks to be executed on those hosts
Plays also support optional settings, such as:
name A comment that describes what the play is about; Ansible prints this out when the play starts to run.
become If true, Ansible will run every task by becoming (by default) the root user. This is useful when managing Ubuntu servers, since by default you cannot SSH as the root user.
vars A list of variables and values.
Configures a host to run an Nginx web server. Although a proper website should have Transport Layer Security (TLS) encryption enabled, I am leaving this out for simplicity's sake in my first playbook.
ansible-playbook web-notls-playbook.yml
Any Ansible task that runs has the potential to change the state of the host in some way. Ansible modules will first check to see whether the state of the host needs to be changed before taking any action. If the state of the host matches the arguments of the module, Ansible takes no action on the host and responds with a state of ok. If there is a difference between the state of the host and the arguments to the module, Ansible will change the state of the host and return changed.
PLAY [Configure webserver with nginx] ***************************************************************
TASK [Gathering Facts] ******************************************************************************
ok: [testserver]
TASK [install nginx] ********************************************************************************
ok: [testserver]
TASK [copy nginx config file] ***********************************************************************
changed: [testserver]
TASK [enable configuration] *************************************************************************
ok: [testserver]
TASK [copy index.html] ******************************************************************************
changed: [testserver]
TASK [restart nginx] ********************************************************************************
changed: [testserver]
PLAY RECAP ******************************************************************************************
testserver : ok=6 changed=3 unreachable=0 failed=0
Ansible's detection of state change: The install nginx task was unchanged, which means that, before I ran the playbook, the nginx package had already been installed on the host. The enable configuration task was unchanged, which meant that there was already a configuration file on the server that was identical to the file I was copying over. However, the copy index.html task was changed, which means the index.html file had not been previously copied to the host.
Manually generate a TLS self-signed certificate. The following command generates files nginx.key and nginx.crt in the files directory. The certificate has an expiration date of 10 years (3,650 days) from the day you create it.
req -x509 -nodes -days 3650 -newkey rsa:2048 -subj /CN=localhost -keyout files/nginx.key -out files/nginx.crt
A conditional form that runs only if it has bee notified by a task. A task will fire the notification if Ansible recognizes that the task has changed the state of the system. Tasks may use the notify key, passing the handler's name as the argument, to fire the notification if the condition is met.
Handlers run after all the tasks are run at the end of the play. They run once, even if they are notified multiple times.
Scripts that come packaged with Ansible to perform some action on a host. To show documentation for a particular module:
ansible-doc module-name
apt
Installs or removes packages by using the apt package manager.
copy
Copies a file from local machine to the hosts.
file
Sets the attribute of a file, symlink, or directory.
service
Starts, stops, or restarts a service.
template
Generates a file from a template and copies it to the hosts.