Adding Roles to Our Playbook
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
Instructions
Q&A (0)
Notes (0)
Resources (0)
Saving Progress...
Resources
There are no resources for this lesson.
Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.
In previous lessons we created the folder structure and files for our new common Ansible role. Now it's time to add that role to our playbook and execute the playbook.
Adding the role to our Ansible Playbook
To get started, you'll be modifying the playbook located at ~/first_playbook.yml. Open this playbook in a text editor:
nano ~/first_playbook.ymlAdd the common role to this playbook and remove our previously defined tasks. The playbook should now look like this:
---
- hosts: all
become: yes
roles:
- commonNotice that we set become to be yes (equivillent to true). This will require the sudo password for each node. We'll deal with that shortly.
Here, the playbook is configured to run on all hosts, and it includes the common role which we created in earlier lessons.
As always, make sure you run the ansible-playbook command from the home directory where we have been creating the role folders and files, where our inventory and ansible.cfg files are located as that is quite important.
Running the Playbook
Finally, execute the playbook to apply the common role to your servers. Run the following command:
ansible-playbook first_playbook.ymlThis command will start the Ansible playbook, applying the common role across all specified hosts. When we execute this playbook, we will see an error output like so:
This error occurs because we haven't defined our user password yet. You'll learn about how to securely store passwords with Ansible Vault and become password files later, for now, let's configure Ansible to simply prompt for the sudo / become password.
But first, how do we figure out if this is even possible? By reviewing the help files, of course!
If you run ansible-playbook --help, you will see an option for -K, --ask-become-pass. We could pass this to our command to have Ansible prompt us for the become password.
ansible-playbook first_playbook.yml --ask-become-pass
Alternatively, If we cat our ansible.cfg.example file, and grep for become we can see the setting to configure Ansible to ask us for the become password by default:
cat ansible.cfg.example | grep become
So we have the option to either update our ~/ansible.cfg file, or pass --ask-become-pass every time we run our Ansible playbook like so:
Instead of typing that argument every time we execute our playbook, let's add that setting to our config file by opening it with nano:
nano ansible.cfgWe need to add the [privilege_escalation] header, then set become_ask_pass to true in our config file. I know we need to set the header because it is included in the ansible.cfg.example file above the become_ask_pass setting. The final config should look like this:
[defaults]
# Specify our default inventory file
inventory = ~/inventory
[privilege_escalation]
# Ask for sudo pass
become_ask_pass = TrueWhen I make either of those changes, I can now successfully run the playbook without needing to specify those parameters.
ansible-playbook first_playbook.yml
This time since we are running updates, this playbook run will take quite a bit longer depending on how many packages need to be updated on your system. It would be normal for this run to take up to 10 minutes to finish on servers that have already been updated recently, and even longer on servers that are further behind on updates.
You will learn how to store these passwords (while encrypting them) with password files and Ansible Vault in future lectures so we don't have to enter a become password for each run, but for now, this gets the job done.
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.
