Ansible - Roles

 Ansible - 12/23/2020
Roles:

Auto -> Plabook ->
1. Role
2. Galaxy
3. Priviledge Escalation (P.E.)


Code
-> Properly manage, rather keeping all content in one file -> They break down into multiple files
say. for mamagement purpuse ... program is break down into multiple files...
File1
File2
File3
File4 .....

Once all code are completed, put all code into one place and run the program..

This is just a high level overview.

The small individuals file can be of modules if we are talking about python..


We have control node

inventory
[web]
host1
host2

On control Node -> Write playbook
setup.yaml
- host: web  # runnig play on web servers
  includes all the tasks
     -----
     -----
     ------
  define vars
     -------
     -----
     -----
  handlers
     -----
     -----
     -----

Out goal is to deploy on managed nodes

we can have a seperate file
one file for tasks or
one file for handlers...

We bundle all files together which we call it a role.

- You can create a role, that is only use to configure web server.
- Create another role which is used for security realated tasks.


Roles
--------
WebServs
-web
-sec

DBservers
-db
-sec

Some community members are already created roles and shared.
These are pre-created roles. We can download and use.

We can write a file and instruct to apply to all web servers or
db servers.

The name of the community is ansible Galaxy.

google for ansible galaxy

ame ways, docker images are also shared in the community
hub.docker.com  -> Docker Hub

Ansible Galaxy is the public place for ansible Roles...


- We create role inside control node and assign this role to managed node.

Plan
1. Check  your inventory file
2. Configure apache web server..
3.



Configure web server
[root@master wk20-Roles]# cat web.yaml
# cat web.yaml
- hosts: myweb
  vars:
  - p: "httpd"
  - s: "httpd"
  tasks:
  - package:
       name: "{{ p }}"
       state: present
  - service:
      name: "{{ s }}"
      state: started
[root@master wk20-Roles]#



Rather than writing this way, we can write in a better managed way.


# ansible-galary rile list
# ansible-galaxy -role -h

Lets create a role
ansible-galary role init myapache
[root@master wk20-Roles]# ansible-galaxy role init myapache
- Role myapache was created successfully

role is just a directory/folder. here my apache is just s directory

List the roles available on the system
# ansible-galaxy role list
# /usr/share/ansible/roles
[WARNING]: - the configured path /root/.ansible/roles does not exist.

Note: You have to specify the location

[root@master wk20-Roles]# ansible-galaxy role list --roles-path /root/wk20-Roles
# /root/wk20-Roles
- myapache, (unknown version)
# /usr/share/ansible/roles
# /etc/ansible/roles
[WARNING]: - the configured path /root/.ansible/roles does not exist.
[root@master wk20-Roles]#


Lets go ahead a write some code, that is going to be a playbook

Role -> myapache ->

[root@master my-wk20]# pwd
/root/my-wk20
[root@master my-wk20]# ls
setup.yaml
[root@master my-wk20]# cat setup.yaml
# configure apache
- hosts: myweb
  roles:
  - role: "myapache"
  #- role: "sec"        # another role. Role is a list, thats why you have -
[root@master my-wk20]#
# ansible-playbook setup.yaml --roles-path /root/wk20-Roles/
Got error
[root@master my-wk20]# ansible-playbook -h | grep role


# Check your config file
# vi /etc/ansible/ansible.cfg

[defaults]

# some basic default values...

inventory      = /root/myhosts
host_key_checking=false
#ansible-playbook setup.yaml --roles-path /root/wk20-Roles/
roles_path    = /root/wk20-Roles/


[root@master my-wk20]# ansible-playbook setup.yaml
 

This time, you will see diffrent output.
# ap setup.yaml


# ansible roles list


Another play
# cat setup.yaml
# configure apache
- hosts: myweb
  roles:
  - role: "myapache"

- hosts: mylb
  roles:
  - role: "mynewrole"