Skip to main content

Working with Ansible Roles

Hands-On Lab

 

Photo of Stosh Oldham

Stosh Oldham

Course Development Director in Content

Length

01:30:00

Difficulty

Advanced

Working with Ansible roles is a key concept covered on the Red Hat Certified Ansible Specialist Exam (EX407). This should not be a surprise, considering how much functionality roles provide. This exercise covers how to create a role and how to use roles within a playbook. In order to complete this exercise, you will need to have basic proficiency with several common Ansible modules and using Ansible playbooks. After completing this learning activity, you will better understand how to work with Ansible roles.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Working with Ansible Roles

Introduction

Working with Ansible roles is a key concept covered on the Red Hat Certified Ansible Specialist Exam (EX407). This should not be a surprise, considering how much functionality roles provide. This exercise covers how to create a role and how to use roles within a playbook. In order to complete this exercise, you will need to have basic proficiency with several common Ansible modules and using Ansible playbooks. After completing this learning activity, you will better understand how to work with Ansible roles.

The Scenario

We have just started into the operations lead role at a small company. There is currently no formal server baseline, and that has resulted in a mixed configuration environment that consumes more support and maintenance than it should. We have decided to create a baseline process using Ansible by creating a baseline role. These commonalities should be included in the baseline role:

  • Set /etc/motd based on a template.
  • Install the latest Nagios client.
  • Add the Nagios server to /etc/hosts.
  • Create a noc user.
  • Import the noc user's public key (copy authorized keys to /home/noc/.ssh/authorized_keys).

The role should be called baseline and should reside in /etc/ansible/roles on the ansible control node.

We'll test the role on some newly requested webservers. A playbook called web.yml has been provided, and it deploys httpd to all servers in the web group (defined in our default inventory). We will need to edit the playbook so that it deploys the baseline role to the servers in the web group as well.

We will find the motd template, Nagios server IP information, the noc user's public key, and the web.yml playbook in /home/ansible/resources on the ansible control node.

Summary tasks list:

  • Create the necessary directories and files for the baseline role.
  • Configure the role to deploy the /etc/motd template.
  • Configure the role to install the latest Nagios client.
  • Configure the role to add an entry to /etc/hosts for the Nagios server.
  • Configure the role to create the noc user and deploy the provided public key for the noc user on target systems:
    • Copy authorized_keys to /home/noc/.ssh/authorized_keys with the owner and group owner set as noc and the mode as 0600
  • Edit web.yml to deploy the baseline role in addition to what it already does.
  • Verify that the role works by deploying web.yml with Ansible.

Important notes:

  • For convenience, Ansible is already installed on the control node.
  • The user ansible is on all servers with the appropriate shared keys for access to necessary servers from the control node.
  • The ansible user has sudo access with no password. It uses the same password as cloud_user.
  • All the necessary Ansible inventories have been created.

Logging In

Use the credentials found on the hand-on lab overview page, and log into the Ansible control node as ansible.

Create a Role Called baseline in /etc/ansible/roles

Run the following commands to create the structure needed for the role:

  • sudo mkdir /etc/ansible/roles/baseline && sudo chown ansible.ansible /etc/ansible/roles/baseline
  • mkdir /etc/ansible/roles/baseline/{templates,tasks,files}
  • echo "---" > /etc/ansible/roles/baseline/tasks/main.yml

Configure the Role to Deploy the /etc/motd Template

  • cp /home/ansible/resources/motd.j2 /etc/ansible/roles/baseline/templates
  • Create a file called /etc/ansible/roles/baseline/tasks/deploy_motd.yml with the following content:
    ---
    - template:
       src: motd.j2
       dest: /etc/motd
  • Edit /etc/ansible/roles/baseline/tasks/main.yml to include the following lines at the bottom of the file:
    - name: configure motd
     import_tasks: deploy_motd.yml

Configure the Role to Install the Latest Nagios Client

  • Find the package we need to install by reading a text file in our home directory:

    cat /home/ansible/resources/nagios_info.txt

    That file tells us that the package we need to install is nrpe.x86_64. > We're going to need the IP of the Nagios server that's in the file too. Make note of it.

  • Now we can create a file, that will install the package, called /etc/ansible/roles/baseline/tasks/deploy_nagios.yml with the following content:

    ---
    - yum: name=nrpe state=latest
  • Edit /etc/ansible/roles/baseline/tasks/main.yml to include the following lines at the bottom of the file (take care with the formatting.):

    - name: deploy nagios client
     import_tasks: deploy_nagios.yml

Configure the Role to Add an Entry to /etc/hosts for the Nagios Server

  • Create a file called /etc/ansible/roles/baseline/tasks/edit_hosts.yml with the following content, substituting <<PROVIDED>PROVIDED> with the IP specified in /home/ansible/resources/nagios_info.txt:
    ---
    - lineinfile:
       line: "<<PROVIDED>PROVIDED> nagios.example.com"
       path: /etc/hosts
  • Edit /etc/ansible/roles/baseline/tasks/main.yml to include the following lines at the bottom of the file:
    - name: edit hosts file
     import_tasks: edit_hosts.yml

Configure the Role to Create the noc User and Deploy the Provided Public Key for the noc User on Target Systems

  • Copy the file /home/ansible/resources/authorized_keys to /etc/ansible/roles/baseline/files/.
  • Create a file called /etc/ansible/roles/baseline/tasks/deploy_noc_user.yml with the following content:
    ---
    - user: name=noc
    - file:
        state: directory
        path: /home/noc/.ssh
        mode: 0600
        owner: noc
        group: noc
    - copy:
        src: authorized_keys
        dest: /home/noc/.ssh/authorized_keys
        mode: 0644
        owner: noc
        group: noc
  • Edit /etc/ansible/roles/baseline/tasks/main.yml to include the following lines at the bottom of the file:
    - name: set up noc user and key
     import_tasks: deploy_noc_user.yml

Edit web.yml to Deploy the baseline Role

Edit /home/ansible/resources/web.yml to the following:

---
- hosts: webservers
  become: yes
  roles:
    - baseline
  tasks:
    - name: install httpd
      yum: name=httpd state=latest
    - name: start and enable httpd
      service: name=httpd state=started enabled=yes

Run Your Playbook Using the Default Inventory

Run ansible-playbook /home/ansible/resources/web.yml to deploy the playbook.

Check Our Work

Once the playbook has finished running, let's see if it did everything we expected. Log into one of the nodes (the IP addresses are on the hands-on lab overview page). Right off we should see a new MOTD, so we know that play worked. Run id noc to see if the noc user was set up.

Finally, we can check to see if the nrpe package was installed with sudo yum list nrpe.

Conclusion

All these plays ran, and now we've got a playbook that we can edit when we want to keep things consistent across our webservers. Congratulations!