Example Playbook from Start to Finish
Configuring Ansible
Copy the global config to my home directory. That way, I'll keep my Ansible environment how I like it.
cp /etc/ansible/ansible.cfg ~/.ansible.cfg
# Create a directory to store my inventory
mkdir ~/.ansible
# Create a file to use for inventory later
touch ~/.ansible/inventory/inventory.ini
Modify the local configuration file and define my inventory
nano ~/.ansible.cfg
Add this line to declare my default inventory file. Save the changes and exit.
[defaults]
inventory = $HOME/.ansible/inventory/inventory.ini
Adding Inventory
Edit the inventory file
nano ~/.ansible/inventory/inventory.ini
Add some hosts to the inventory
# Aliases
dc1 192.168.10.5
dc2 192.168.10.6
workstation1 192.168.100.11
workstation2 192.168.100.12
web1 10.10.10.11
web2 10.10.10.12
mail1 10.10.10.15
[windows]
dc1
dc2
workstation1
workstation2
[linux]
web1
web2
mail1
Create Some Group Variables
Create the directories for the group variables
mkdir -p ~/.ansible/inventory/group_vars/{windows,linux}
windows
vault.yml
~/.ansible/inventory/group_vars/windows/vault.yml
---
ansible_user: domain_admin@mydomain.tld
ansible_password: $uper5tr0ng
ansible_connection: winrm
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore
# Use the same user and pass when performing administrative tasks
ansible_become_user: "{{ ansible_user }}"
ansible_become_password: "{{ ansible_password }}"
ansible_become_method: runas
Encrypt the vault file.
ansible-vault encrypt ~/.ansible/inventory/group_vars/windows/vault.yml
vars.yml
~/.ansible/inventory/group_vars/windows/vars.yml
---
ansible_user: "{{ vault_ansible_user }}"
ansible_password: "{{ vault_ansible_password }}"
ansible_connection: "{{ vault_ansible_connection }}"
ansible_winrm_transport: "{{ vault_ansible_winrm_transport }}"
ansible_winrm_server_cert_validation: "{{ vault_ansible_winrm_server_cert_validation }}"
ansible_become_user: "{{ vault_ansible_become_user }}"
ansible_become_password: "{{ vault_ansible_become_password }}"
ansible_become_method: "{{ vault_ansible_become_method }}"
Linux
SSH Private Key
chmod 600 ~/.ansible/ssh-private-key.pem
vault.yml
~/.ansible/inventory/group_vars/linux/vault.yml
---
ansible_user: ansible_svc
ansible_password: $uper5tr0ng
ansible_ssh_private_key_file: ~/.ansible/ssh-private-key.pem
ansible_become_user: "{{ ansible_user }}"
ansible_become_password: "{{ ansible_password }}"
ansible_become_method: sudo
Encrypt the vault file.
ansible-vault encrypt ~/.ansible/inventory/group_vars/linux/vault.yml
vars.yml
---
ansible_user: "{{ vault_ansible_user }}"
ansible_password: "{{ vault_ansible_password }}"
ansible_ssh_private_key_file: "{{ vault_ansible_ssh_private_key_file }}"
ansible_become_user: "{{ vault_ansible_become_user }}"
ansible_become_password: "{{ vault_ansible_become_password }}"
ansible_become_method: "{{ vault_ansible_become_method }}"
Creating and Running a Playbook
Create a directory to store your playbooks.
mkdir ~/ansible-playbooks
Create another directory to store each playbook (just my way of doing things).
mkdir ~/ansible-playbooks/ping-test
touch ~/ansible-playbooks/ping-test/ping-test.yml
Edit your playbook file.
nano ~/ansible-playbooks/ping-test/ping-test.yml
Note that the AnsibleĀ ping
andĀ win_ping
modules are not functionally the same as ICMP pings. These Ansible modules ensure that the Ansible server can authenticate to the host and run tasks.
---
- name: Ping Windows hosts
hosts: windows
tasks:
- name: Ping Windows hosts using win_ping module
win_ping:
- name: Ping Linux Hosts
hosts: linux
tasks:
- name: Ping Linux hosts using ping module
ping:
Run the playbook.
ansible-playbook ~/ansible-playbooks/ping-test/ping-test.yml
Breaking Down a Playbook Run
-
Ansible finds the default inventory file at
~/.ansible/inventory/inventory.ini
-
The playbook references two groups:
- windows
- linux
-
Ansible searches for
group_vars
directories- It discovers group variables at:
~/.ansible/inventory/group_vars/windows/
~/.ansible/inventory/group_vars/linux/
- It discovers group variables at:
-
It reads the
vault.yml
file withansible-vault view ~/.ansible/inventory/group_vars/<group>/vault.yml
-
It populates the template at:
~/.ansible/inventory/group_vars/<group>/vars.yml
-
It evaulates the playbook and runs the tasks in order
- Windows
- Use the connection variables in the inventory and group variables
- Connect to each host in the inventory
- Run the
ping
connectivity task using the credentials specified
- Linux
- Use the connection variables in the inventory and group variables
- Connect to each host in the inventory
- Run the
ping
connectivity task using the credentials specified
- Windows
Note: We don't specify an inventory file in this example, because we are using the default inventory file as specified in ~/.ansible.cfg
. You can specify a custom inventory file with ansible-playbook -i /path/to/custom-inventory
. If you do this, then you'll need to be mindful of any group variables that you expect to run. You can read more about variable precedence here.