Advanced Features in Ansible Playbooks

1.5 hours
  • 5 Learning Objectives

About this Hands-on Lab

There are a number of features unique to Ansible playbooks which provide robust functionality. This exercise explores many of these features in a practical scenario of deploying a web server. Most notably, this exercise deals with confidential data in an Ansible vault and working with tags in Ansible playbooks.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Use ansible-vault to protect the confidential information.

Use ansible-vault to encrypt /home/ansible/confidential to protect the confidential information stored within using the password "I love ansible".

Run ansible-vault encrypt /home/ansible/confidential and supply the password "I love ansible".

Create a playbook that deploys httpd on webservers.

Create a playbook in /home/ansible/webserver.yml that deploys httpd on webservers. It should be tagged with base-install and contain a handler that restarts the httpd daemon that is flagged by both installation and service manipulation for httpd.

Create the file /home/ansible/webserver.yml and add the following content:

- hosts: webservers
  become: yes
  vars_files:
    - /home/ansible/confidential
  tasks:
    - name: install httpd
      yum:
        name: httpd
        state: latest
      notify: httpd service
      tags:
        - base-install
  handlers:
    - name: Restart and enable httpd
      service:
        name: httpd
        state: restarted
        enabled: yes
      listen: httpd service
Deploy the templates stored on the control node to the webservers group.

Configure /home/ansible/webserver.yml to deploy the templates /home/ansible/vhost.conf.j2 and /home/ansible/htpasswd.j2 stored on the control node to the webservers group. httpd must restart on config change. The tasks should be tagged vhost.

Add the following text to /home/ansible/webserver.yml just before the handler section:

    - name: configure virtual host
      template:
        src: /home/ansible/vhost.conf.j2
        dest: /etc/httpd/conf.d/vhost.conf
      notify: httpd service
      tags:
        - vhost
    - name: configure site auth
      template:
        src: /home/ansible/htpasswd.j2
        dest: /etc/httpd/conf/htpasswd
      notify: httpd service
      tags:
        - vhost
Asynchronously execute data-job on webservers.

Configure /home/ansible/webserver.yml to asynchronously execute /opt/data-job.sh located on webservers with a timeout of 600 seconds and no polling. The task should be tagged with data-job.

Add the following text to /home/ansible/webserver.yml just before the handler section:

  • name: run data job
    command: /opt/data-job.sh
    async: 600
    poll: 0
    tags:

    • data-job
Execute playbook to verify your playbook works correctly.

Execute playbook /home/ansible/webserver.yml to verify your playbook works correctly.

Run ansible-playbook --ask-vault-pass /home/ansible/webserver.yml from the control node providing the vault password "I love ansible".

Additional Resources

You must create a modular playbook used for webserver management. Create a playbook called /home/ansible/webserver.yml that meets the following requirements:

On the host group webservers:

  • Deploy httpd.
  • You can assume all necessary firewall rules have been deployed.
  • Start and enable httpd.
  • Configure virtual host using the provided templates in /home/ansible/vhost.conf.j2 and /home/ansible/htpasswd.j2.
    • Note: The template references a variable defined in /home/ansible/confidential which must be included as a variable file in your playbook.
    • Use ansible vault to secure /home/ansible/confidential with password "I love ansible".
  • Run the data job stored in /opt/data-job.sh on each node in webservers asynchronously, without polling for status.
  • Create tags for the following tasks:
    • base-intall for httpd installation and service configuration.
    • vhost for virtual host deployment.
    • data-job to execute the asynchronous data job.

The Ansible control node has been configured for you and each webserver has already been configured for use with Ansible. The default inventory has been configured to include the webservers group and sample hosts.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?