Ansible is an incredible configuration management and provisioning utility that enables you to automate all the things. In this series, you’ll learn everything you need to know in order to use Ansible for your day-to-day administration duties.
site.yml (text in bold has been added since the previous version)
---
- hosts: all
become: true
pre_tasks:
- name: install updates (CentOS)
tags: always
dnf:
update_only: yes
update_cache: yes
when: ansible_distribution == "CentOS"
- name: install updates (Ubuntu)
tags: always
apt:
upgrade: dist
update_cache: yes
when: ansible_distribution == "Ubuntu"
- hosts: workstations
become: true
tasks:
- name: install unzip
package:
name: unzip
- name: install terraform
unarchive:
src: https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
dest: /usr/local/bin
remote_src: yes
mode: 0755
owner: root
group: root
- hosts: web_servers
become: true
tasks:
- name: install httpd package (CentOS)
tags: apache,centos,httpd
dnf:
name:
- httpd
- php
state: latest
when: ansible_distribution == "CentOS"
- name: start and enable httpd (CentOS)
tags: apache,centos,httpd
service:
name: httpd
state: started
when: ansible_distribution == "CentOS"
- name: install apache2 package (Ubuntu)
tags: apache,apache2,ubuntu
apt:
name:
- apache2
- libapache2-mod-php
state: latest
when: ansible_distribution == "Ubuntu"
- name: copy html file for site
tags: apache,apache,apache2,httpd
copy:
src: default_site.html
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
- hosts: db_servers
become: true
tasks:
- name: install mariadb server package (CentOS)
tags: centos,db,mariadb
dnf:
name: mariadb
state: latest
when: ansible_distribution == "CentOS"
- name: install mariadb server
tags: db,mariadb,ubuntu
apt:
name: mariadb-server
state: latest
when: ansible_distribution == "Ubuntu"
- hosts: file_servers
tags: samba
become: true
tasks:
- name: install samba package
tags: samba
package:
name: samba
state: latest
site.yml (second version, the change is in bold)
---
- hosts: all
become: true
pre_tasks:
- name: install updates (CentOS)
tags: always
dnf:
update_only: yes
update_cache: yes
when: ansible_distribution == "CentOS"
- name: install updates (Ubuntu)
tags: always
apt:
upgrade: dist
update_cache: yes
when: ansible_distribution == "Ubuntu"
- hosts: workstations
become: true
tasks:
- name: install unzip
package:
name: unzip
- name: install terraform
unarchive:
src: https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
dest: /usr/local/bin
remote_src: yes
mode: 0755
owner: root
group: root
- hosts: web_servers
become: true
tasks:
- name: install httpd package (CentOS)
tags: apache,centos,httpd
dnf:
name:
- httpd
- php
state: latest
when: ansible_distribution == "CentOS"
- name: start and enable httpd (CentOS)
tags: apache,centos,httpd
service:
name: httpd
state: started
enabled: yes
when: ansible_distribution == "CentOS"
- name: install apache2 package (Ubuntu)
tags: apache,apache2,ubuntu
apt:
name:
- apache2
- libapache2-mod-php
state: latest
when: ansible_distribution == "Ubuntu"
- name: copy html file for site
tags: apache,apache,apache2,httpd
copy:
src: default_site.html
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
- hosts: db_servers
become: true
tasks:
- name: install mariadb server package (CentOS)
tags: centos,db,mariadb
dnf:
name: mariadb
state: latest
when: ansible_distribution == "CentOS"
- name: install mariadb server
tags: db,mariadb,ubuntu
apt:
name: mariadb-server
state: latest
when: ansible_distribution == "Ubuntu"
- hosts: file_servers
tags: samba
become: true
tasks:
- name: install samba package
tags: samba
package:
name: samba
state: latest
site.yml (added ‘lineinfile’ play)
---
- hosts: all
become: true
pre_tasks:
- name: install updates (CentOS)
tags: always
dnf:
update_only: yes
update_cache: yes
when: ansible_distribution == "CentOS"
- name: install updates (Ubuntu)
tags: always
apt:
upgrade: dist
update_cache: yes
when: ansible_distribution == "Ubuntu"
- hosts: workstations
become: true
tasks:
- name: install unzip
package:
name: unzip
- name: install terraform
unarchive:
src: https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
dest: /usr/local/bin
remote_src: yes
mode: 0755
owner: root
group: root
- hosts: web_servers
become: true
tasks:
- name: install httpd package (CentOS)
tags: apache,centos,httpd
dnf:
name:
- httpd
- php
state: latest
when: ansible_distribution == "CentOS"
- name: start and enable httpd (CentOS)
tags: apache,centos,httpd
service:
name: httpd
state: started
enabled: yes
when: ansible_distribution == "CentOS"
- name: install apache2 package (Ubuntu)
tags: apache,apache2,ubuntu
apt:
name:
- apache2
- libapache2-mod-php
state: latest
when: ansible_distribution == "Ubuntu"
- name: change e-mail address for admin
tags: apache,centos,httpd
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^ServerAdmin'
line: ServerAdmin somebody@somewhere.net
when: ansible_distribution == "CentOS"
register: httpd
- name: restart httpd (CentOS)
tags: apache,centos,httpd
service:
name: httpd
state: restarted
when: httpd.changed
- name: copy html file for site
tags: apache,apache,apache2,httpd
copy:
src: default_site.html
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
- hosts: db_servers
become: true
tasks:
- name: install mariadb server package (CentOS)
tags: centos,db,mariadb
dnf:
name: mariadb
state: latest
when: ansible_distribution == "CentOS"
- name: install mariadb server
tags: db,mariadb,ubuntu
apt:
name: mariadb-server
state: latest
when: ansible_distribution == "Ubuntu"
- hosts: file_servers
tags: samba
become: true
tasks:
- name: install samba package
tags: samba
package:
name: samba
state: latest
Hi, I posted in the topic for the next episode as well as I’m just going through this series. I have a question in case someone knows how to handle this, it’s regarding managing
ufw
to setup some rules to allow ports for ssh, http and https.It seems there’s a community module for
ufw
but I’m not really sure how to install it and whether or not is good practice to use additional modules when writing playbooks that are meant to be shared with others. This is not really the case for me, but I’d like to be able to run this playbook from different machines and installing modules might make things more difficult. Any thoughts on this?As for creating the rules I saw there’s a built-in
iptables
module that I could use instead. Unfortunately I’m not very well versed on iptables. I was hoping someone here could help with this as well. I thought I could manually setupufw
and then use the rules it generated but I’m not sure if this would be a good idea?Thanks!
EDIT 2:
I managed to solve this one using the iptables module. Turns out for a simple configuration update this was very easy to do after reading through the documentation. This is what I’m trying to emulate:
And I manage to do this with the following tasks. Note that I’m running Ansible 2.9 so I have to specify the destination ports individually, but latest version supports passing in a list of ports. Also, the order is very important in this case because the tasks are run in order so the last one is where I overwrite the policy to drop incoming connections.
I’m still curious however about using community modules if anyone can share their experience with using them. Either way hope this helps and please let me know if you see anything to improve with it.
Thank you!