Ansible: My Playbook


Posted:   |  More posts about ansible WIP devops sysadmin

This is my first playbook that I manage to get it working. It's an achievement for me as it showed that I started to get the concept around ansible:-

- hosts: $hosts
  tasks:
    - name: Add main user
      user: name=kamal
            home=/home/kamal
            groups=sudo
            shell=/bin/bash

    - name: Set up authorized key for kamal
      authorized_key: user=kamal
                      state=present
                      key="{{ item }}"
      with_file:
        - /home/kamal/.ssh/id_rsa-do.pub

    - name: Upgrade apt packages
      apt: upgrade=yes
           update_cache=yes

    - name: Install common packages
      apt: pkg={{ item }}
      with_items:
        - build-essential
        - python-apt
        - telnet
        - vim

    - name: Set vim as default
      command: update-alternatives --set editor /usr/bin/vim.basic

    - name: Set up sudo
      action: template src=etc/sudoers.d/custom dest=/etc/sudoers.d/custom
                owner=root group=root mode=0440

    - name: Set up ssh
      action: template src=etc/ssh/sshd_config dest=/etc/ssh/sshd_config
                owner=root group=root mode=0644
      notify:
        - Restart sshd

    - name: Install nginx
      apt: name=nginx

    - name: Start nginx
      command: service nginx start

    #- include: playbooks/nginx.yml

  handlers:
    - name: Restart sshd
      action: service name=ssh state=reloaded

The next step is to make it more generic by parameterized certain such as username and file name:-

- hosts: $hosts
  gather_facts: no
  tasks:
    - name: Add main user
      user: name=$remote_username
            home=/home/{{ remote_username }}
            groups=sudo
            shell=/bin/bash

    - name: Set up authorized key for {{ remote_username }}
      authorized_key: user=$remote_username
                      state=present
                      key="{{ item }}"
      with_file:
        - '{{ ssh_public_key }}'

    - name: Upgrade apt packages
      apt: upgrade=yes
           update_cache=yes

    - name: Install common packages
      apt: pkg={{ item }}
      with_items:
        - build-essential
        - python-apt
        - telnet
        - vim

    - name: Set vim as default
      command: update-alternatives --set editor /usr/bin/vim.basic

    - name: Set up sudo
      action: template src=etc/sudoers.d/custom dest=/etc/sudoers.d/custom
                owner=root group=root mode=0440

    - name: Set up ssh
      action: template src=etc/ssh/sshd_config dest=/etc/ssh/sshd_config
                owner=root group=root mode=0644
      notify:
        - Restart sshd

    - name: Install nginx
      apt: name=nginx

    - name: Start nginx
      command: service nginx start

  handlers:
    - name: Restart sshd
      action: service name=ssh state=reloaded

Finally, I managed to modularized by splitting the tasks into separate files:-

- hosts: $hosts
  gather_facts: no
  tasks:
    - include: playbooks/base.yml
    - include: playbooks/admin_user.yml
    - include: playbooks/nginx.yml

  handlers:
    - include: playbooks/handlers.yml

With the included files look like:-

# base.yml
- name: Upgrade apt packages
  apt: upgrade=yes
       update_cache=yes

- name: Install common packages
  apt: pkg={{ item }}
  with_items:
    - build-essential
    - python-apt
    - telnet
    - vim

- name: Set vim as default
  command: update-alternatives --set editor /usr/bin/vim.basic

- name: Set up sudo
  action: template src=etc/sudoers.d/custom dest=/etc/sudoers.d/custom
            owner=root group=root mode=0440

- name: Set up ssh
  action: template src=etc/ssh/sshd_config dest=/etc/ssh/sshd_config
            owner=root group=root mode=0644
  notify:
    - Restart sshd
# admin_user.yml
- name: Add main user
  user: name=$remote_username
        home=/home/{{ remote_username }}
        groups=sudo
        shell=/bin/bash

- name: Set up authorized key for {{ remote_username }}
  authorized_key: user=$remote_username
                  state=present
                  key="{{ item }}"
  with_file:
    - '{{ ssh_public_key }}'
# nginx.yml
- name: Ensure nginx is installed
  apt: pkg=nginx-full state=present
  tags: nginx

- name: Ensure nginx is started
  service: name=nginx state=started
  tags: nginx
Comments powered by Disqus

About me

Web developer in Malaysia. Currently work at MARIMORE Inc building internet services using Python and Django web framework.

ImportError is an error message emitted by Python when it failed to load certain module as requested by programmer. It's a very common error when someone new to the language trying it out. This website on the same theme, will try provide help for newcomers on any technologies to overcome their first hurdle.

Try most of the examples you may find here on Digital Ocean cloud service. They provide excellent VPS at a very cheaper price. Using this referral link you'll get USD10 credits upon sign up. That's enough to run single VPS with 1GB RAM for a month.

Others

I can also be found at the following sites:-

  • http://k4ml.blogspot.com/
  • http://k4ml.github.io/
  • http://metak4ml.blogspot.com/
  • http://www.mydev.my/
  • http://github.com/k4ml/

Disclaimers

The postings on this site are my own and don't necessarily represent my employer's positions, strategies or opinions.

Share