top of page
Search
annabellgulssov

Ansible Playbook Example-1: Learn the Basics of Ansible Playbooks with this Tutorial



In this post, we are going to see how to use conditional statements of Ansible such as when, changed_when, failed_when and where to use them appropriately and how it works. By these conditional modules, Ansible provides a way for us to define when should ansible run a certain task or consider the executed task as Success or failure.




Ansible Playbook Example-1



In the following playbook, we have used a when statement and a command to execute. The Command will only execute when the defined condition is satisfied, which is exactly when the Operating system of the host is Debian


Ansible failed_when and changed_when statements are similar to ansible when statement. The only difference is that It will mark the task as failed or Success[changed], when the condition defined, is met or satisfied.


'; if (startsWith(current_url_path, "/ansible-core/")) msg += 'You are reading documentation for Ansible Core, which contains no plugins except for those in ansible.builtin. For documentation of the Ansible package, go to the latest documentation.'; else if (startsWithOneOf(current_url_path, ["/ansible/latest/", "/ansible/7/"])) /* temp extra banner to advertise AnsibeFest2021 */ banner += extra_banner; msg += 'You are reading the latest (stable) community version of the Ansible documentation. If you are a Red Hat customer, refer to the Ansible Automation Platform Life Cycle page for subscription details.'; else if (startsWith(current_url_path, "/ansible/2.9/")) msg += 'You are reading the latest Red Hat released version of the Ansible documentation. Community users can use this version, or select latest from the version selector to the left for the most recent community version.'; else if (startsWith(current_url_path, "/ansible/devel/")) /* temp extra banner to advertise AnsibleFest2021 */ banner += extra_banner; /* temp banner to advertise survey important = true; msg += 'Please take our Docs survey before December 31 to help us improve Ansible documentation.'; */ msg += 'You are reading the devel version of the Ansible documentation - this version is not guaranteed stable. Use the version selection to the left if you want the latest (stable) released version.'; else msg += 'You are reading an older version of the Ansible documentation. Use the version selection to the left if you want the latest (stable) released version.'; msg += '


The simplest inventory is a single file with a list of hosts and groups. The default location for this file is /etc/ansible/hosts.You can specify a different inventory file at the command line using the -i option or in configuration using inventory.


Ansible Inventory plugins support a range of formats and sources to make your inventory flexible and customizable. As your inventory expands, you may need more than a single file to organize your hosts and groups. Here are three options beyond the /etc/ansible/hosts file:- You can create a directory with multiple inventory files. See Organizing inventory in a directory. These can use different formats (YAML, ini, and so on).- You can pull inventory dynamically. For example, you can use a dynamic inventory plugin to list resources in one or more cloud providers. See Working with dynamic inventory.- You can use multiple sources for inventory, including both dynamic inventory and static files. See Passing multiple inventory sources.


For example, if you group hosts in your inventory by datacenter, and each datacenter uses its own NTP server and database server, you can create a file called /etc/ansible/group_vars/raleigh to store the variables for the raleigh group:


For ansible-playbook you can also add group_vars/ and host_vars/ directories to your playbook directory. Other Ansible commands (for example, ansible, ansible-console, and so on) will only look for group_vars/ and host_vars/ in the inventory directory. If you want other commands to load group and host variables from a playbook directory, you must provide the --playbook-dir option on the command line.If you load inventory files from both the playbook directory and the inventory directory, variables in the playbook directory will override variables set in the inventory directory.


You can change this behavior by setting the group variable ansible_group_priority to change the merge order for groups of the same level (after the parent/child order is resolved). The larger the number, the later it will be merged, giving it higher priority. This variable defaults to 1 if not set. For example:


Equivalent to ansible_sudo_password or ansible_su_password, allows you to set the privilege escalation password (never store this variable in plain text; always use a vault. See Keep vaulted variables safely visible)


This sets the shell the ansible controller will use on the target machine,overrides executable in ansible.cfg which defaults to/bin/sh. You should really only change it if is not possibleto use /bin/sh (in other words, if /bin/sh is not installed on the targetmachine or cannot be run from sudo.).


As stated in the previous section, Ansible executes playbooks over SSH but it is not limited to this connection type.With the host specific parameter ansible_connection=, the connection type can be changed.The following non-SSH based connectors are available:


In the previous section you already saw an example for using groups inorder to cluster hosts that have the same function. This allows you,for instance, to define firewall rules inside a playbook or roleaffecting only database servers:


If you use ssh-agent, you do not need the ansible_password lines. If you use ssh keys, but not ssh-agent, and you have multiple keys, specify the key to use for each connection in the [group:vars] section with ansible_ssh_private_key_file=/path/to/correct/key. For more information on ansible_ssh_ options see Connecting to hosts: behavioral inventory parameters.


Certain network platforms, such as Arista EOS and Cisco IOS, have the concept of different privilege modes. Certain network modules, such as those that modify system state including users, will only work in high privilege states. Ansible supports become when using connection: ansible.netcommon.network_cli. This allows privileges to be raised for the specific tasks that need them. Adding become: yes and become_method: enable informs Ansible to go into privilege mode before executing the task, as shown here:


If you have two or more network platforms in your environment, you can use the platform-independent modules to simplify your playbooks. You can use platform-independent modules such as ansible.netcommon.cli_command or ansible.netcommon.cli_config in place of the platform-specific modules such as arista.eos.eos_config, cisco.ios.ios_config, and junipernetworks.junos.junos_config. This reduces the number of tasks and conditionals you need in your playbooks.


This example assumes three platforms, Arista EOS, Cisco NXOS, and Juniper JunOS. Without the platform-independent modules, a sample playbook might contain the following three tasks with platform-specific commands:


The arista.eos.eos_config and vyos.vyos.vyos_config modules have a backup: option that when set will cause the module to create a full backup of the current running-config from the remote device before any changes are made. The backup file is written to the backup folder in the playbook root directory. If the directory does not exist, it is created.


If you receive an connection error please double check the inventory and playbook for typos or missing lines. If the issue still occurs follow the debug steps in Network Debug and Troubleshooting Guide.


Networking platforms use their specific *_config platform module for easy backups within Ansible. For this playbook we are running the Ansible Playbook against a Cisco NX-OS platform, so we are using the nxos_config module. Using this module, set the backup parameter to yes. This is how the playbook looked using the connection: local and provider method in Ansible 2.4:


As you can see above we can tie inventory parameters to a particular host, or to the entire group. The old playbook is named backup-oldmethod.yml, and the new playbook is named backup.yml. The playbook now runs with the ansible-playbook command:


The above works with network_cli and netconf connection plugins. The template module runs locally while the nxos_config module runs against the specified hosts. However, the *os_config modules, including nxos_config, can take jinja2 files directly, without the need to use the template module. Below is an example of what the playbook would look like: 2ff7e9595c


0 views0 comments

Recent Posts

See All

Comments


bottom of page