In this exercise, you will write and use an Ansible playbook to perform administration tasks on a managed host.
Outcomes
You should be able to construct and execute a playbook to manage configuration and perform administration on a managed host.
A developer has asked you to configure Ansible to automate the setup of web servers for your company's intranet web site. The developer is using the host servera to develop the web site and test your Ansible playbook.
A working directory, /home/student/imp-playbook, has been created on workstation for the purpose of managing the managed node, servera. The directory has already been populated with an ansible.cfg configuration file and an inventory inventory file. The managed host, servera, is already defined in this inventory file.
The developer needs the managed host to have the latest versions of the httpd and firewalld packages installed. Also, the httpd and firewalld services need to be enabled and running.
Lastly, firewalld should allow remote systems access to the HTTP service.
Construct a playbook on the control node, workstation, called /home/student/imp-playbook/intranet.yml. Create a play in this playbook that configures the managed host as requested by the developer. Also include a task to create the /var/www/html/index.html file to test the installation. Populate this file with the message 'Welcome to the example.com intranet!'.
The playbook should also contain another play which performs a test from the control node to ensure that the web server is accessible across the network. This play should be comprised of a task which makes an HTTP request to http://servera.lab.example.com/index.html and verifies that the HTTP status return code is 200.
After the playbook is written, verify its syntax and then execute the playbook to implement the configuration. Verify your work by executing lab playbook grade.
Before you begin
Log in as the student user on workstation and run lab playbook setup. This setup script ensures that the managed host, servera, is reachable on the network. It also ensures that the correct Ansible configuration file and inventory are installed on the control node.
[student@workstation ~]$ lab playbook setup
Steps
1. Change directory to the working directory, /home/student/imp-playbook.
[student@workstation ~] cd /home/student/imp-playbook
2. Create a new playbook, /home/student/imp-playbook/intranet.yml, and define a play for the tasks to be performed on the managed host.
2.1. Create and open a new playbook, /home/student/imp-playbook/intranet.yml, and add a line consisting of three dashes to the beginning of the file to indicate the start of the YAML file.
---2.2. Add the following line to the /home/student/imp-playbook/intranet.yml file to denote the start of a play with a name of intranet services.
- name: intranet services
2.3. Add the following line to the /home/student/imp-playbook/intranet.yml file to indicate that the play applies to the servera managed host. Be sure to indent the line with two spaces to indicate that it is contained by the play.
hosts: servera.lab.example.com
2.4. Add the following line to the /home/student/imp-playbook/intranet.yml file to enable privilege escalation. Be sure to indent the line with two spaces to indicate that it is contained by the play.
become: yes
3. Add the following line to the /home/student/imp-playbook/intranet.yml file to define the beginning of the tasks list. Be sure to indent the line with two spaces to indicate that it is contained by the play.
tasks:
4. Add the necessary lines to the /home/student/imp-playbook/intranet.yml file to define the group of package management tasks.
4.1. Add the following line to the /home/student/imp-playbook/intranet.yml file to create a new block for the tasks of ensuring that the latest versions of the necessary packages are installed. Be sure to indent the line with two spaces, a dash, and a space.
This indicates that the block is contained by the play and that it is an item in the tasks list.
- block:
4.2. Add the following lines to the /home/student/imp-playbook/intranet.yml file to create the task for ensuring that the latest version of the httpd package is installed.
Be sure to indent the line with four spaces, a dash, and a space. This indicates that the block is contained by the play and that it is an item in the tasks list.
The first entry provides a descriptive name for the task. The second entry is indented with six spaces and calls the yum module. The remaining entries are indented with eight
spaces and pass the necessary arguments to ensure that the latest version of the httpd package is installed.
- name: latest httpd version installed yum:
name: httpd state: latest
4.3. Add the following lines to the /home/student/imp-playbook/intranet.yml file to create the task for ensuring that the latest version of the firewalld package is installed.
Be sure to indent the line with four spaces, a dash, and a space. This indicates that the block is contained by the play and that it is an item in the tasks list.
The first entry provides a descriptive name for the task. The second entry is indented with six spaces and calls the yum module. The remaining entries are indented with eight spaces and pass the necessary arguments to ensure that the latest version of the firewalld package is installed.
- name: latest firewalld version installed yum:
name: firewalld state: latest
5. Add the necessary lines to the /home/student/imp-playbook/intranet.yml file to define the firewall configuration task.
5.1. Add the following lines to the /home/student/imp-playbook/intranet.yml file to create a new block to configure the firewalld. Be sure to indent the line with two spaces, a dash, and a space. This indicates that the block is contained by the play and that it is an item in the tasks list.
- block:
5.2. Add the following lines to the /home/student/imp-playbook/intranet.yml file to create the task to ensure firewalld opens HTTP service to remote systems. Be sure to indent the line with four spaces, a dash, and a space. This indicates that the block is contained by the play and that it is an item in the tasks list.
The first entry provides a descriptive name for the task. The second entry is indented with six spaces and calls the firewalld module. The remaining entries are indented with eight spaces and pass the necessary arguments to ensure that access to the HTTP service is permanently allowed.
- name: firewalld permits http service firewalld:
service: http permanent: true state: enabled immediate: yes
6. Add the necessary lines to the /home/student/imp-playbook/intranet.yml file to define the service management tasks.
6.1. Add the following lines to the /home/student/imp-playbook/intranet.yml file to create a new block for service management tasks. Be sure to indent the line with two spaces, a dash, and a space. This indicates that the block is contained by the play and that it is an item in the tasks list.
- block:
6.2. Add the following lines to the /home/student/imp-playbook/intranet.yml file to create the task to ensure the httpd service is enabled and running. Be sure to indent the line with four spaces, a dash, and a space. This indicates that the block is contained by the play and that it is an item in the tasks list.
The first entry provides a descriptive name for the task. The second entry is indented with six spaces and calls the service module. The remaining entries are indented with eight spaces and pass the necessary arguments to ensure that the httpd service is enabled and running.
- name: httpd enabled and running service:
name: httpd enabled: true state: started
6.3. Add the following lines to the /home/student/imp-playbook/intranet.yml file to create the task for ensuring that the firewalld service is enabled and running.
Be sure to indent the line with four spaces, a dash, and a space. This indicates that the block is contained by the play and that it is an item in the tasks list.
The first entry provides a descriptive name for the task. The second entry is indented with eight spaces and calls the service module. The remaining entries are indented with ten spaces and pass the necessary arguments to ensure that the firewalld service is enabled and started.
- name: firewalld enabled and running service:
name: firewalld enabled: true state: started
7. Add the necessary lines to the /home/student/imp-playbook/intranet.yml file to define the task for generating web content for testing.
7.1. Add the following lines to the /home/student/imp-playbook/intranet.yml file to create a new block for web content management tasks. Be sure to indent the line with two spaces, a dash, and a space. This indicates that the block is contained by the play and that it is an item in the tasks list.
- block:
7.2. Add the following lines to the /home/student/imp-playbook/intranet.yml file to create the task for populating web content into /var/www/html/index.html.
Be sure to indent the line with four spaces, a dash, and a space. This indicates that the block is contained by the play and that it is an item in the tasks list.
The first entry provides a descriptive name for the task. The second entry is indented with six spaces and calls the copy module. The remaining entries are indented with eight spaces and pass the necessary arguments to populate the web content.
- name: test html page copy:
content: "Welcome to the example.com intranet!\n"
dest: /var/www/html/index.html
8. In /home/student/imp-playbook/intranet.yml, define another play for the tasks to be performed on the control node.
8.1. Add the following line to the /home/student/imp-playbook/intranet.yml file to denote the start of a second play called 'test'.
- name: test
8.2. Add the following line to the /home/student/imp-playbook/intranet.yml file to indicate that the play applies to the localhost managed host. Be sure to indent the line with two spaces to indicate that it is contained by the play.
hosts: localhost
9. Add the following line to the /home/student/imp-playbook/intranet.yml file to define the beginning of the tasks list. Be sure to indent the line with two spaces to indicate that it is contained by the play.
tasks:
10. Add the following lines to the /home/student/imp-playbook/intranet.yml file to create the task for verifying web services from the control node. Be sure to indent the first line with two spaces, a dash, and a space. This indicates that the task is contained by the play and that it is an item in the tasks list.
The first entry provides a descriptive name for the task. The second entry is indented with four spaces and calls the uri module. The remaining entries are indented with six spaces and pass the necessary arguments to execute a query for web content from the control node to the managed host and verify the status code received.
- name: connect to intranet uri:
url: http://servera.lab.example.com status_code: 200
11. Look at the final /home/student/imp-playbook/intranet.yml playbook and verify that it has the following structured content. Save the file.
---- name: intranet services hosts: servera.lab.example.com become: yes
tasks:
- block:
- name: latest httpd version installed yum:
name: httpd state: latest
- name: latest firewalld version installed yum:
name: firewalld state: latest - block:
- name: firewalld permits http service firewalld:
- name: firewalld enabled and running service:
content: "Welcome to the example.com intranet!\n"
dest: /var/www/html/index.html - name: test
hosts: localhost tasks:
- name: connect to intranet uri:
url: http://servera.lab.example.com status_code: 200
12. Verify the syntax of the intranet.yml playbook by executing the ansible-playbook command with the --syntax-check option.
[student@workstation imp-playbook]$ ansible-playbook --syntax-check intranet.yml
playbook: intranet.yml
13. Execute the playbook. Read through the output generated to ensure that all tasks completed successfully.
[student@workstation imp-playbook]$ ansible-playbook intranet.yml
PLAY [intranet services] *******************************************************
TASK [setup] *******************************************************************
ok: [servera.lab.example.com]
TASK [latest httpd version installed] ******************************************
ok: [servera.lab.example.com]
TASK [latest firewalld version installed] **************************************
ok: [servera.lab.example.com]
TASK [firewalld permits http service] ******************************************
ok: [servera.lab.example.com]
TASK [httpd enabled and running] ***********************************************
ok: [servera.lab.example.com]
TASK [firewalld enabled and running] *******************************************
changed: [servera.lab.example.com]
TASK [test html page ] *********************************************************
changed: [servera.lab.example.com]
PLAY [test] ********************************************************************
TASK [setup] *******************************************************************
ok: [localhost]
TASK [connect to intranet] *****************************************************
ok: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 servera.lab.example.com : ok=7 changed=2 unreachable=0 failed=0
14. Run lab playbook grade on workstation to grade your work.
[student@workstation imp-playbook]$ lab playbook grade