4. [Training] - Ansible

To understand how BlueBanquise works, it is essential to learn basis of Ansible.

This section tries to provide key knowledge to at least be able to manipulate and edit the stack to your needs.

Note that if you are new to cluster management system administration, a full manual tutorial is available on github.

4.1. Install Ansible

There are multiple ways to install Ansible. Everything is described on the main Ansible documentation

If you wish only to learn Ansible, simplest way is to use pip (or pip3)

If you wish to install Ansible on a production system, use your operating system packages manager.

4.2. Minimal inventory

Now that Ansible is installed on your system, edit /etc/hosts file, and add “management1” on localhost line:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 management1
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Then, create some needed directories and files:

mkdir /etc/ansible/inventory
mkdir /etc/ansible/inventory/group_vars
mkdir /etc/ansible/inventory/group_vars/all
mkdir /etc/ansible/roles
mkdir /etc/ansible/playbooks

And edit /etc/ansible/ansible.cfg line to fix /etc/ansible/inventory as default inventory folder:

[defaults]
inventory      = /etc/ansible/inventory

Also set, in this same file /etc/ansible/ansible.cfg, the roles_path value to /etc/ansible/roles:

roles_path    = /etc/ansible/roles

Finally, add management1 host into the inventory. Create a file called /etc/ansible/inventory/myhost.yml with the following content:

management1

Our very basic Ansible configuration is done. But one thing remains: we need to ensure our host (management1) can ssh to itself without password, as Ansible relies fully on the ssh to connect to remote hosts.

Let’s generate a ssh key (press enter multiple time):

ssh-keygen -N ""

Ensure you can ssh on management1 using a password:

[root@management1 ]# ssh management1
The authenticity of host 'management1 (10.10.0.1)' can't be established.
ECDSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ECDSA key fingerprint is MD5:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'management1,10.10.0.1' (ECDSA) to the list of known hosts.
root@management1's password:
[root@management1 ~]#

If ok, then deploy ssh public key to allow password less authentication, and ensure you can now ssh with the key:

[root@management1 ~]# ssh-copy-id management1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
root@management1's password:
Number of key(s) added: 1
[root@management1 ~]# ssh management1
[root@management1 ~]#

Finally, check Ansible can connect to management1, and report hosts is up:

[root@management1 ~]# ansible all -m ping
management1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
[root@management1 ~]#

Let’s see the available and useful commands now.

4.3. Ansible commands

4.3.1. ansible

The ansible command provides few interesting features.

4.3.1.1. Version

First command is to check current Ansible version. It should be >= 2.9.13:

ansible --version

4.3.1.2. Ping an host or all hosts

Use the following command to check if Ansible can contact a specific registered host:

ansible management1 -m ping

Or all hosts:

ansible all -m ping

Also, it is possible to gather facts. Facts are dynamic variables, accessible only when Ansible is running on the target. Facts provides live information about the target: it’s running kernel, it’s Linux distribution, network or cpu information, etc.

ansible -m setup --tree /dev/shm/ management1

Then, open file /dev/shm/management1 to check its content and the result of facts gathering.

4.3.2. ansible-inventory

Ansible inventory command is extremely useful and will be massively used on this documentation.

This command allows to gather information from your inventory and check the expected output.

4.3.2.1. Groups and hosts

The command:

ansible-inventory --graph

Provide information about groups and hosts inside each group:

@all:
  |--@ungrouped:
  |  |--management1

It is possible to see here that management1 is member of group @ungrouped, which is part of group @all. More will be seen later in this documentation.

4.3.2.2. Host variables

To output variables for a specific host, and check for example your variable precedence mechanism provided what is expected, use:

ansible-inventory --yaml --host management1

For now, there are no available variables in the inventories, so output will be {}.

4.3.3. ansible-playbook

This command is used to run playbooks, and ask Ansible to execute tasks on desired host(s). This is the most used command when using BlueBanquise.

Important parameters are:

  • -e or –extra-vars, which allows to provide additional variables for execution (keep in mind that variables set here win the whole precedence)

  • -t or –tags, which allows to execute only specific tasks or part of tasks (seen later)

  • -s or –skip-tags, which allows to not execute some specific tasks or part of tasks (seen later)

  • –list-tasks, which allows to list all tasks related to roles used in the playbook, and order they will be executed

  • –start-at-task, which allows to start/restart playbook at a desired task (to be combined with –list-tasks)

  • –list-tags, which allows to list all tags seen during this playbook execution

  • –limit, which limit the playbook execution to a specific list of hosts (if using a group has default host for example)

4.3.4. Debug

All of these commands accept verbose flags with -v, -vv, -vvv, etc. The more v, the more verbose.

Also, it is possible to execute all of them with the variable ANSIBLE_DEBUG=1 set, which will dramatically increase output information (but unfortunately not always relevant to our needs…).

For example, a very verbose execution would be:

ANSIBLE_DEBUG=1 ansible -m ping management1 -vvv

4.4. Variables and groups

Now that all important commands have been seen, it is time to add some variables inside the inventory, and play with groups.

4.4.1. Adding variables

We are going to add few variables, at different positions in the inventories.

Create file /etc/ansible/inventory/group_vars/all/my_ship.yml with the following content:

destination: Deliani
my_ship:
  model: USP Talon Light Fighter
  price: 6000 # in cr
  equipment:
    generator: Advanced MicroFusion
    shield: Structural Integrity Field
    front_gun: Pulse-Cannon
    sidekicks:
      - Plasma Storm
      - Zica SuperCharger

Now, ensure management1 can see these variables:

[root@ ~]# ansible-inventory --yaml --host management1
destination: Deliani
my_ship:
  equipment:
    front_gun: Pulse-Cannon
    generator: Advanced MicroFusion
    shield: Structural Integrity Field
    sidekicks:
    - Plasma Storm
    - Zica SuperCharger
  model: USP Talon Light Fighter
  price: 6000
[root@ ~]#

Nice, we can now use these variables for management1 when working on it.

Let’s add 2 other hosts: login1 and nfs1.

Edit file /etc/ansible/inventory/myhost.yml to obtain:

management1
login1
nfs1

And now let’s check login1 (when will exist) can also access these variables:

[root@ ~]# ansible-inventory --yaml --host login1
destination: Deliani
my_ship:
  equipment:
    front_gun: Pulse-Cannon
    generator: Advanced MicroFusion
    shield: Structural Integrity Field
    sidekicks:
    - Plasma Storm
    - Zica SuperCharger
  model: USP Talon Light Fighter
  price: 6000
[root@ ~]#

Perfect. It is time to play with groups, before coming back to variables to work on variables precedence.

4.4.2. Configuring groups

Lets check current groups:

[root@ ~]# ansible-inventory --graph
@all:
  |--@ungrouped:
  |  |--login1
  |  |--management1
  |  |--nfs1
[root@ ~]#

All our hosts belong to the ungrouped group and to the all group. But we want to be able to assign specific variables to each kind of equipment. We need to create groups.

There are two ways to create groups. In YAML, directly in the hosts files, or using specific Ansible syntax in separate files. Both are useful, and we will combine them.

4.4.2.1. In YAML

Edit again the /etc/ansible/inventory/myhost.yml file, and this time let’s use real YAML:

master:
  hosts:
    management1:
slaves:
  hosts:
    login1:
    nfs1:

Now, let’s check again groups:

[root@ ~]# ansible-inventory --graph
@all:
  |--@master:
  |  |--management1
  |--@slaves:
  |  |--login1
  |  |--nfs1
  |--@ungrouped:
[root@ ~]#

We can see that management1 is now member of group master, and that login1 and nfs1 are member of group slaves.

The special string hosts in this file define that the string above is a group, and that strings bellow are hosts member of this group.

It is also possible to set groups in a group in this same file. Edit it again:

my_nodes:
  children:
    master:
      hosts:
        management1:
    slaves:
      hosts:
        login1:
        nfs1:

And result:

[root@ ~]# ansible-inventory --graph
@all:
  |--@my_nodes:
  |  |--@master:
  |  |  |--management1
  |  |--@slaves:
  |  |  |--login1
  |  |  |--nfs1
  |--@ungrouped:
[root@ ~]#

The children string define that the string above is a group that contains bellow group(s).

4.4.2.2. In Ansible syntax

The second way to create groups is to use the Ansible native syntax, which can be simpler in some cases.

Create a file /etc/ansible/inventory/mygroups and set the following content:

[colors:children]
blue
red

[blue]
management1
login1

[red]
nfs1

And check the result:

[root@ ~]# ansible-inventory --graph
@all:
  |--@colors:
  |  |--@blue:
  |  |  |--login1
  |  |  |--management1
  |  |--@red:
  |  |  |--nfs1
  |--@my_nodes:
  |  |--@master:
  |  |  |--management1
  |  |--@slaves:
  |  |  |--login1
  |  |  |--nfs1
  |--@ungrouped:
[root@ ~]#

Same concept applies here, with different syntax.

Note that a host can be part of multiple groups.

You can find more information and examples here on intro_inventory .

4.4.3. Variables precedence

Time to use all these groups and make full usage of the inventory structure.

If you remember precedence system in Vocabulary section (more here on Ansible dedicated page ) group_vars/all is in position 4 in the precedence. This is where we set our spaceship variables.

Let’s say now we wish to change our ship destination for management1 node only.

Check current destination for all hosts:

[root@ ~]# ansible-inventory --yaml --host management1 | grep destination
  destination: Deliani
[root@ ~]# ansible-inventory --yaml --host login1 | grep destination
  destination: Deliani
[root@ ~]# ansible-inventory --yaml --host nfs1 | grep destination
  destination: Deliani
[root@ ~]#

We can redefine the variable in group_vars/all (that apply to all hosts in the @all group, so everyone), but we only want to impact management1 node.

In the precedence list, you can see that inventory host_vars are in position 9, so they will win against position 4 of group_vars/all. Let’s use this.

Edit file /etc/ansible/inventory/myhost.yml and add a destination variable under management1:

my_nodes:
  children:
    master:
      hosts:
        management1:
          destination: Ixmucane
    slaves:
      hosts:
        login1:
        nfs1:

And check destinations again:

[root@ ~]# ansible-inventory --yaml --host management1 | grep destination
  destination: Ixmucane
[root@ ~]# ansible-inventory --yaml --host login1 | grep destination
  destination: Deliani
[root@ ~]# ansible-inventory --yaml --host nfs1 | grep destination
  destination: Deliani
[root@ ~]#

Perfect.

Note

We could also have used a file in inventory/host_vars/management1/new_values.. Setting a variable in the host definition file above the host is equivalent to using host_vars folder. But host_vars folder is difficult to use when having a very large number of hosts, which is why in BlueBanquise we are often using directly the host file.

Let’s say now we want to change the model of spaceship of all the slave nodes. So not a single host, but all slave members hosts.

We are going to use level 6 in variables precedence: group_vars/. Create a directory called slave (same name than the group we want to work with) in group_vars:

mkdir /etc/ansible/inventory/group_vars/slaves

Then, create file /etc/ansible/inventory/group_vars/slaves/myship.yml with the following content:

my_ship:
  equipment:
    front_gun: Pulse-Cannon
    generator: Advanced MicroFusion
    shield: Structural Integrity Field
    sidekicks:
    - Plasma Storm
    - Zica SuperCharger
  model: Gencore Maelstrom
  price: 6000

And check variables of hosts:

[root@ ~]# ansible-inventory --yaml --host management1 | grep model
  model: USP Talon Light Fighter
[root@ ~]# ansible-inventory --yaml --host login1 | grep model
  model: Gencore Maelstrom
[root@ ~]# ansible-inventory --yaml --host nfs1 | grep model
  model: Gencore Maelstrom
[root@ ~]#

Note

We had to add the whole dictionary in group_vars/slaves/myship.yml. This is due to the replace hash_behaviour of Ansible, as the merge version is deprecated. If you wish to avoid having to replace all variables like here, try to avoid massive dictionaries when not needed.

Perfect. Remember the pizza in Vocabulary section. Ansible just flatten the whole inventory, using precedence, and you obtain variables.

Last point for this part, remember that in variable’s precedence, extra_vars is level 22 and always win, so adding extra vars when executing Ansible later will allow us to force variables at execution time for testing purposes or just because we need it.

4.5. Roles and playbooks

Time to apply some configuration on our target host.

We are going to create a role that install a web server package, create a very basic web page with our ship’s information, and start the web server service.

4.5.1. Role

Create a role called “shipyard”, with needed folders:

mkdir /etc/ansible/roles/shipyard
mkdir /etc/ansible/roles/shipyard/tasks
mkdir /etc/ansible/roles/shipyard/templates

Tasks folder contains tasks to perform, and main.yml file inside will be the starting point for Ansible. Templates folder will contain our templates (configuration files) in Jinja2 language.

4.5.1.1. Task

Create file /etc/ansible/roles/shipyard/tasks/main.yml with the following content:

---

- name: Package
  package:
    name: httpd
    state: present

- name: Template >> /var/www/html/index.html
  template:
    src: index.html.j2
    dest: /var/www/html/index.html
    owner: root
    group: root
    mode: 0644
  tags:
    - templates

- name: Start services
  service:
    name: httpd
    state: started
    enabled: yes

Content is pretty simple:

  • Ansible installs httpd package (or do nothing if present)

  • Then Ansible render the template index.html.j2 and write the result in /var/www/html/index.html

  • Then Ansible ensure httpd service is started and enabled at boot

You can find all Ansible modules here in the official documentation.

4.5.1.2. Template

Templates are probably the key feature of Ansible and all automation tools.

The idea is simple: you provide Ansible with a copy of your desired configuration file, with variables to be dynamically replaced in order to fill on the fly some parts of the file.

Let’s do this with a simple html page, and first with a static page.

Create the template /etc/ansible/roles/shipyard/templates/index.html.j2 with the following static content:

<html>
<header>
  <title>This is title</title>
</header>
<body>
  Hello world
</body>
</html>

The current template is static, we will make it dynamic later.

4.5.2. Playbook

Lets create our playbook, which will contains a list of roles to apply on management1 host.

Create file /etc/ansible/playbooks/myplaybook.yml with the following content:

---
- name: myplaybook
  hosts: "management1"
  roles:
    - role: shipyard
      tags: shipyard

Simply put, target of the playbook is host management1, and role to apply is shipyard.

Skip the tags for now.

Note

Hosts can be a list of hosts (comma separated: management1,login1,nfs1), or a group of hosts (all, slaves, color, etc.).

Now, execute the playbook, and let Ansible do its job:

ansible-playbook /path/to/myplaybook.yml

Note that you need to provide full path to the playbook, as there are no default folder for playbooks in Ansible. Also note that if your shell is currently in the playbook folder, you can skip full path as relative path are accepted.

If all goes well, you should now have the file /var/www/html/index.html generated on management1, and using a web browser you can check the result.

Note that if you cannot reach the web browser, for example you are working in a VM or a server without screen attached, you can use ssh forwarding. From you current computer, open a new terminal and use:

ssh root@my_vm_or_my_server -L 9999:localhost:80

And then open a local web browser and open http://localhost:9999 . Check the web for more on ssh port forwarding.

_images/capture_index_1.png

But this is not very interesting, let’s add some dynamic part into our template.

4.5.3. Jinja2

Edit file /etc/ansible/roles/shipyard/templates/index.html.j2 to make it this way:

<html>
<header>
  <title>Shipyard</title>
</header>
<body>
  <h1>I am {{inventory_hostname}} << this is me, the current target</h1>
  <h2>Variables access</h2>
  Ship list: {{groups['all']}} << this is an access to a group members list <br>
  management1 ship model: {{hostvars['management1']['my_ship']['model']}} << this is an access to an host specific variable <br>
  login1 ship model: {{hostvars['login1']['my_ship']['model']}} <br>
  nfs1 ship model: {{hostvars['nfs1']['my_ship']['model']}} <br>
  My ship model: {{hostvars[inventory_hostname]['my_ship']['model']}} <br>
  Or a better way to get my ship model: {{my_ship.model}} <br>
  <h2>Loops</h2>
  {% for ship in groups['all'] %}
  Ship {{ship}} is in the shipyard, and has destination {{hostvars[ship]['destination']}}. <br>
  {% endfor %}
</body>
</html>

And let’s re-execute the playbook. But we have already installed the package and started the service, so let’s ask Ansible to only work on the tags ‘templates’ to fasten the execution (this tag was defined in the tasks/mail.yml file previously seen):

ansible-playbook myplaybook.yml -t templates

And check again our web page.

_images/capture_index_2.png

You can see multiple things:

  • We executed the task on management1, so inventory_hostname variable content is ‘management1’. This is an Ansible reserved variable that contains the target hostname.

  • groups[‘mygroup’] allows to get a list with all the hosts member of the group.

  • hostvars[‘myhost’] allows to access variables of this host, using the variable precedence mechanism.

  • hostvars[inventory_hostname] is equivalent to a direct variables access has we are accessing our current target variables.

Now regarding to Jinja2:

  • {{ }} allows to insert a variable in the destination file.

  • {% %} are Jinja2 instructions (for, if, etc.).

  • {# #} are Jinja2 commentaries.

  • The remaining is put in the destination file “as is”.

You can experiment with this template to understand the whole mechanism. The whole Jinja2 documentation can be found here: Jinja2 template designer

You should now understand the very basis of Ansible.

Please note also that Ansible provides some built in filters, to be used with Jinja2. A list can be found here: Ansible Filters

Time to investigate tasks advanced elements.

4.5.4. Task again

As discussed before, all task available modules can be found in the Ansible modules documentation .

Each of these modules can be combined with general tasks actions. But first, let’s define the basic debug module and registers, that will allow us to play more easily with tasks.

At this point, use previously created task, or create a new role to add following tasks.

4.5.4.1. Debug module

This is a very simple module, to display a message in the shell.

For example:

- name: My message module
  debug:
    msg: "Hello world ! I am the debug module. You will use me a lot."

You can also display variables this way:

- name: My message module
  debug:
    msg: "Hello world ! I am host {{ inventory_hostname }}"

4.5.4.2. Registers

Create a file /tmp/valkyrie, and add the string “lenneth” inside, using:

echo "lenneth" > /tmp/valkyrie

Now, lets use a register to gather this content. Registers are a way to gather data about executed modules. Input data, output data, etc. A good usage example is combining registers with templates. Register can inform later tasks that a template was updated or not, and trigger other tasks if needed.

One of the possible usages is registers combined with shell or commands, to gather very specific data from the system.

Try:

- name: Get output from a shell command
  shell: "cat /tmp/valkyrie"
  register: my_result
  ignore_errors: True

- name: Display content of the register
  debug:
    msg: "{{ my_result }}"

And when running, output is:

TASK [debug : Get output from a shell command] *******************************
changed: [management1]

TASK [debug : My message module] *********************************************
ok: [management1] =>
  msg:
    changed: true
    cmd: cat /tmp/valkyrie
    delta: '0:00:00.016261'
    end: '2020-04-17 14:46:04.490684'
    failed: false
    rc: 0
    start: '2020-04-17 14:46:04.474423'
    stderr: ''
    stderr_lines: []
    stdout: lenneth
    stdout_lines:
    - lenneth

So, you can use the register to get status (changed: true, so something happens), to get return code (rc: 0 here), stderr and stdout, if it failed, etc.

For example:

- name: My message module
  debug:
    msg: "{{ my_result.stdout }}"

Will display “lenneth”.

We are going to use register and debug module to learn generic tasks actions.

4.5.4.3. Loops

It is possible to make modules iterate. All possibilities are available here in loop documentation .

BlueBanquise rely on two methods: with_items and loop. with_items is considered deprecated by the Ansible team. loop, the replacement, is progressively being added into the stack.

A first loop example can be:

- name: My message module
  debug:
    msg: "Values: {{ item }}"
  loop:
     - Blue
     - Red
     - Green
     - Yellow

This will execute this module 4 times, with each time an element of the list given as item. When using loops in ansible, the variable item stores the value of the current loop index.

It is also possible to provide the loop with a list from the inventory, like the one we wrote before:

- name: My message module
  debug:
    msg: "Values: {{ item }}"
  loop: "{{ my_ship.equipment.sidekicks }}"

Loop action can accept advanced filters or patterns. Refer to the Ansible documentation.

with_items works the same way:

- name: My message module
  debug:
    msg: "Values: {{ item }}"
  with_items:
     - Blue
     - Red
     - Green
     - Yellow

- name: My message module
  debug:
    msg: "Values: {{ item }}"
  with_items: "{{ my_ship.equipment.sidekicks }}"

4.5.4.4. Conditionals

Conditionals are used to skip some modules when not required or optional (or just don’t meet a specific condition). All information can be found in conditionals documentation .

Let’s re-use our previous register, and display a message only if content is “lenneth”:

- name: Get output from a shell command
  shell: "cat /tmp/valkyrie"
  register: my_result
  ignore_errors: True

- name: Display content of the register
  debug:
    msg: "Profile"
  when:
    - my_result.stdout == "lenneth"

If content is not “lenneth”, you will see:

TASK [debug : Display content of the register] *******************************
skipping: [management1]

So this part of the task was skipped, because our my_result.stdout does not meet the condition.

Now, let’s combine loop and conditions.

Fill /tmp/valkyrie file with multiple lines:

echo "freya" > /tmp/valkyrie
echo "lenneth" >> /tmp/valkyrie
echo "odin" >> /tmp/valkyrie
echo "loki" >> /tmp/valkyrie

We are now going to use the stdout_lines of our register, as it is a list containing line by line the output of stdout, so here the content of our file.

- name: Get output from a shell command
  shell: "cat /tmp/valkyrie"
  register: my_result
  ignore_errors: True

- name: Display content of the register
  debug:
    msg: "Profile"
  loop: "{{my_result.stdout_lines}}"
  when:
    - item == "lenneth"

And result should be:

TASK [debug : Display content of the register] *******************************
skipping: [management1] => (item=freya)
ok: [management1] => (item=lenneth) =>
  msg: Profile
skipping: [management1] => (item=odin)
skipping: [management1] => (item=loki)

Note that all the items are displayed here.

Last part is to combine conditions. It is possible to stack conditions, considering that the list is interpreted as AND conditions by Ansible.

For example:

- name: Get output from a shell command
  shell: "cat /tmp/valkyrie"
  register: my_result
  ignore_errors: True

- name: Display content of the register
  debug:
    msg: "Profile"
  loop: "{{my_result.stdout_lines}}"
  when:
    - item == "lenneth"
    - sys_admin_is_master == "yes"  # <<< this is added as an AND with other conditions

Now execute playbook with an additional variable as extra vars, first with “no”, then with “yes”:

ansible-playbook ... -e sys_admin_is_master=no
ansible-playbook ... -e sys_admin_is_master=yes

First time, you get:

TASK [debug : Display content of the register] *******************************
skipping: [management1] => (item=freya)
skipping: [management1] => (item=lenneth)
skipping: [management1] => (item=odin)
skipping: [management1] => (item=loki)

And second time:

TASK [debug : Display content of the register] *******************************
skipping: [management1] => (item=freya)
ok: [management1] => (item=lenneth) =>
  msg: Profile
skipping: [management1] => (item=odin)
skipping: [management1] => (item=loki)

So it acted as a logical AND.

4.5.4.5. Tags

Tags act like the name: they tag part of the task, or role, so you can execute only this part, or skip it.

For example:

- name: Display content of the register
  debug:
    msg: "Les sanglots longs"
  tags:
    - first

- name: Display content of the register
  debug:
    msg: "des violons de l'automne"
  tags:
    - second

And at execution, use --tags first,second to execute both, --tags second to execute second only, or --skip-tags first that will skip the first one.

4.5.4.6. Notify

Sometime, you may wish that some actions take place at the end of each role, if a module returned a changed status. Best example: your role is dedicated to a service, and Ansible generate the configuration file using a template. You may want that this service is restarted if Ansible detect changes in the file when executing.

Notify will be your friend for such cases.

Create a new directory at root of your role, called handlers, and then inside a file called main.yml, with the following content:

- name: There was a change
  debug:
    msg: "THE FILE WAS CHANGED!! HOW DARE YOU!!"

Note that the name of this task (There was a change) is important and will be targeted by the notify.

Create also a template, called our_file.j2 in templates folder (like handlers above), with the following content:

{{ my_value }}

Now, in the main task, use this code:

- name: Display message
  debug:
    msg: "Hello world"

- name: Template /tmp/out
  template:
    src: "our_file.j2"
    dest: /tmp/out
    owner: root
    group: root
    mode: 0644
  notify: There was a change

- name: Display another message
  debug:
    msg: "Hello world again. How do you do by the way ?"

And execute adding an extra var:

ansible-playbook ... -e my_value=kirk

First time execution, of course, you will see both:

TASK [debug : Template /tmp/out] *********************************************
changed: [management1]

...

RUNNING HANDLER [debug : There was a change] *********************************
ok: [management1] =>
  msg: THE FILE WAS CHANGED!! HOW DARE YOU!!

As expected, because there was a change, so the handler was called at the end of the role.

Now do the exact same command again.

TASK [debug : Template /tmp/out] *********************************************
ok: [management1]

Handler was not activated, because there was no changes.

Last test, change captain of the enterprise (Kirk is on a mission).

ansible-playbook ... -e my_value=spock

And again:

TASK [debug : Template /tmp/out] *********************************************
changed: [management1]

...

RUNNING HANDLER [debug : There was a change] *********************************
ok: [management1] =>
  msg: THE FILE WAS CHANGED!! HOW DARE YOU!!

Handler was activated.

4.5.4.7. Other useful modules

A full list of all Ansible modules can be found on the Ansible documentation .

However, lets review the most commonly used modules:

4.5.4.7.1. Package

This module simply installs a list of packages. It can be used instead of the yum or dnf modules, as it covers both.

Example:

- name: Install wget package
  package:
    name: wget
    state: present

- name: Install a list of packages
  package:
    name: "{{ my_packages_list }}"
    state: present
4.5.4.7.2. Service

Manage services, to start/stop/restart, enable/disable.

Example:

- name: Start and enable httpd service
  service:
    name: httpd
    enabled: yes
    state: started
4.5.4.7.3. File

This module allows to create folders.

Example:

- name: Create custom folders
  file:
    path: "{{ item }}"
    state: directory
    mode: 0755
  loop:
   - /etc/my_folder
   - /var/lib/my_other_folder
4.5.4.7.4. Copy

Act like template, but simply copy file, no rendering. Files to be copied must be put into a files folder, at root of the role.

For example, create file my_role/files/slurm.conf

- name: Copy slurm static file
  copy:
    src: slurm.conf
    dest: /etc/slurm/slurm.conf
    mode: 0644
    owner: slurm
    group: slurm
4.5.4.7.5. Lineinfile

This module allows to manipulate files, using regex. For example, set a value to 0 in a file.

Example:

- name: Add mymanagement string to localhost in /etc/hosts
  lineinfile:
    path: /etc/hosts
    regexp: '^127\.0\.0\.1'
    line: 127.0.0.1 localhost mymanagement
4.5.4.7.6. Include_vars

Allow to include vars from a file. Mostly used to allow compatibility with multiple architectures / OS versions, etc. To be used when “defaults” cannot be used. Vars file must be placed in a dedicated vars folder at root of the role (myrole/vars/myvars.yml).

Example:

- name: Include vars from file "myvars.yml"
  include_vars: myvars.yml
4.5.4.7.7. Include_tasks

Allows to split the main.yml task file into multiple chunks (using or not conditionals).

Example:

- name: Include addon tasks
  include_tasks: addon.yml
  when: my_role_addon == true
4.5.4.7.8. Command and shell

Sometime, you need to do things manually. Two modules allows that: command and shell.

  • Command is to be used when you need to execute a very basic command.

  • Shell is to be used when you need to execute a command inside a shell (to benefit from it).

When using pipes, or output redirections, shell is preferred for example.

- name: Store content of a file into a register
  command: cat /etc/myfile
  register: myfile_content

- name: Execute a script, pipe it, and stdout goes to log.txt on the remote host
  shell: myscript.sh | grep -E "in|out">> log.txt

You can find a lot more on the web regarding Ansible. However, this small guide should have provided you the very basis of Ansible.

If you feel something is missing in this quick Ansible training, please do not hesitate to ask us to add elements.

Time to move on to BlueBanquise stack itself, and bootstrap first management server.