Working with Ansible Roles

1.5 hours
  • 7 Learning Objectives

About this Hands-on Lab

Working with Ansible roles is a key concept covered on the Red Hat Certified Ansible Specialist Exam (EX407). This should not be a surprise, considering how much functionality roles provide. This exercise covers how to create a role and how to use roles within a playbook. In order to complete this exercise, you will need to have basic proficiency with several common Ansible modules and using Ansible playbooks. After completing this learning activity, you will better understand how to work with Ansible roles.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a Role Called baseline in /etc/ansible/roles

Run the following commands to create the structure needed for the role:

  • sudo mkdir /etc/ansible/roles/baseline && sudo chown ansible.ansible /etc/ansible/roles/baseline
  • mkdir /etc/ansible/roles/baseline/{templates,tasks,files}
  • echo "---" > /etc/ansible/roles/baseline/tasks/main.yml
Configure the Role to Deploy the /etc/motd Template
  • cp /home/ansible/resources/motd.j2 /etc/ansible/roles/baseline/templates
  • Create a file called /etc/ansible/roles/baseline/tasks/deploy_motd.yml with the following content:


    • template:
      src: motd.j2
      dest: /etc/motd
  • Edit /etc/ansible/roles/baseline/tasks/main.yml to include the following lines at the bottom of the file:

    • name: configure motd
      import_tasks: deploy_motd.yml
Configure the Role to Install the Latest Nagios Client
  • Create a file called /etc/ansible/roles/baseline/tasks/deploy_nagios.yml with the following content:


    • yum: name=nrpe state=latest
  • Edit /etc/ansible/roles/baseline/tasks/main.yml to include the following lines at the bottom of
    the file (take care with the formatting.):

    • name: deploy nagios client
      import_tasks: deploy_nagios.yml
Configure the Role to Add an Entry to /etc/hosts for the Nagios Server
  • Create a file called /etc/ansible/roles/baseline/tasks/edit_hosts.yml with the following content, substituting <<PROVIDED>PROVIDED> with the IP specified in /home/ansible/resources/nagios_info.txt:

    ---
    - lineinfile:
        line: "<<PROVIDED>PROVIDED> nagios.example.com"
        path: /etc/hosts
    • Edit /etc/ansible/roles/baseline/tasks/main.yml to include the following lines at the bottom of the file:

      - name: edit hosts file
        import_tasks: edit_hosts.yml
Configure the Role to Create the noc User and Deploy the Provided Public Key for the noc User on Target Systems
  • Copy the file /home/ansible/resources/authorized_keys to /etc/ansible/roles/baseline/files/.
  • Create a file called /etc/ansible/roles/baseline/tasks/deploy_noc_user.yml with the following content:


    • user: name=noc
    • file:
      state: directory
      path: /home/noc/.ssh
      mode: 0600
      owner: noc
      group: noc
    • copy:
      src: authorized_keys
      dest: /home/noc/.ssh/authorized_keys
      mode: 0600
      owner: noc
      group: noc
  • Edit /etc/ansible/roles/baseline/tasks/main.yml to include the following lines at the bottom of the file:

        - name: set up noc user and key
          import_tasks: deploy_noc_user.yml
Edit web.yml to Deploy the baseline Role

Edit /home/ansible/resources/web.yml to the following:

---
- hosts: webservers
  become: yes
  roles:
    - baseline
  tasks:
    - name: install httpd
      yum: name=httpd state=latest
    - name: start and enable httpd
      service: name=httpd state=started enabled=yes
Run Your Playbook Using the Default Inventory

Run ansible-playbook /home/ansible/resources/web.yml.

Additional Resources

You have just started a new job as the operations lead at a small company. There is currently no formal server baseline, and it makes for a mixed configuration environment that is consuming more support and maintenance than it should. You have decided to create a baseline process using Ansible by creating a baseline role. You have noted the following commonalities that should be included in the baseline role:

  • Set /etc/motd based on a template.
  • Install the latest Nagios client.
  • Add the Nagios server to /etc/hosts.
  • Create a noc user.
  • Import the noc user's public key (copy authorized keys to /home/noc/.ssh/authorized_keys).

The role should be called "baseline" and should reside in /etc/ansible/roles on the ansible control node.

You will test your role on some newly requested webservers. A playbook called web.yml has been provided for you and deploys httpd to all servers in the web group (defined in your default inventory). You will need to edit the playbook to deploy the baseline role to the servers in the web group as well.

You will find the motd template, Nagios server IP information, the noc user's public key, and the web.yml playbook in /home/ansible/resources on the ansible control node.

Summary tasks list:

  • Create the necessary directories and files for the baseline role.
  • Configure the role to deploy the /etc/motd template.
  • Configure the role to install the latest Nagios client.
  • Configure the role to add an entry to /etc/hosts for the Nagios server.
  • Configure the role to create the noc user and deploy the provided public key for the noc user on target systems (copy authorized_keys to /home/noc/.ssh/authorized_keys with the owner and group owner set as noc and the mode as 0600).
  • Edit web.yml to deploy the baseline role in addition to what it already does.
  • Verify that your role works by deploying web.yml with Ansible.

Important notes:

  • For your convenience, Ansible is already installed on the control node.
  • The user ansible is on all servers with the appropriate shared keys for access to necessary servers from the control node.
  • The ansible user has sudo access with no password. It uses the same password as cloud_user.
  • All the necessary Ansible inventories have been created for you.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?