Advanced Features in Ansible Playbooks

There are a number of features unique to Ansible playbooks which provide robust functionality. This exercise explores many of these features in a practical scenario of deploying a web server. Most notably, this exercise deals with confidential data in an Ansible vault and working with tags in Ansible playbooks.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Use ansible-vault to protect the confidential information.

Use ansible-vault to encrypt /home/ansible/confidential to protect the confidential information stored within using the password "I love ansible".

Run ansible-vault encrypt /home/ansible/confidential and supply the password "I love ansible".

Create a playbook that deploys httpd on webservers.

Create a playbook in /home/ansible/webserver.yml that deploys httpd on webservers. It should be tagged with base-install and contain a handler that restarts the httpd daemon that is flagged by both installation and service manipulation for httpd.

Create the file /home/ansible/webserver.yml and add the following content:

- hosts: webservers
  become: yes
  vars_files:
    - /home/ansible/confidential
  tasks:
    - name: install httpd
      yum:
        name: httpd
        state: latest
      notify: httpd service
      tags:
        - base-install
  handlers:
    - name: Restart and enable httpd
      service:
        name: httpd
        state: restarted
        enabled: yes
      listen: httpd service

Deploy the templates stored on the control node to the webservers group.

Configure /home/ansible/webserver.yml to deploy the templates /home/ansible/vhost.conf.j2 and /home/ansible/htpasswd.j2 stored on the control node to the webservers group. httpd must restart on config change. The tasks should be tagged vhost.

Add the following text to /home/ansible/webserver.yml just before the handler section:

    - name: configure virtual host
      template:
        src: /home/ansible/vhost.conf.j2
        dest: /etc/httpd/conf.d/vhost.conf
      notify: httpd service
      tags:
        - vhost
    - name: configure site auth
      template:
        src: /home/ansible/htpasswd.j2
        dest: /etc/httpd/conf/htpasswd
      notify: httpd service
      tags:
        - vhost

Asynchronously execute data-job on webservers.

Configure /home/ansible/webserver.yml to asynchronously execute /opt/data-job.sh located on webservers with a timeout of 600 seconds and no polling. The task should be tagged with data-job.

Add the following text to /home/ansible/webserver.yml just before the handler section:

name: run data job
command: /opt/data-job.sh
async: 600
poll: 0
tags:
- data-job

Execute playbook to verify your playbook works correctly.

Execute playbook /home/ansible/webserver.yml to verify your playbook works correctly.

Run ansible-playbook --ask-vault-pass /home/ansible/webserver.yml from the control node providing the vault password "I love ansible".

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Advanced Features in Ansible Playbooks

About this Hands-on Lab

Learning Objectives

Additional Resources

What are Hands-on Labs

Newsletter