0%

0/1 Lessons

Course Introduction

• 16min

0 / 3 lessons complete

IT Lab Setup

• 20min

0 / 3 lessons complete

Installing Ansible

• 35min

0 / 3 lessons complete

Managing your Ansible Inventory

• 2hr 7min

0 / 8 lessons complete

Ansible Basics

• 1hr 43min

0 / 9 lessons complete

Ansible Roles

• 1hr 46min

0 / 8 lessons complete

Ansible Galaxy

• 1hr 33min

0 / 6 lessons complete

Ansible Facts, Variables, Passwords and Templates

• 1hr 51min

0 / 9 lessons complete

Advanced Ansible Playbook Creation

• 1hr 41min

0 / 8 lessons complete

Course Conclusion

• 11min

0 / 1 lessons complete

Adding Roles to Our Playbook

Instructions

Q&A (0)

Notes (0)

Resources (0)

Saving Progress...

Resources

There are no resources for this lesson.

Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.

Create note

In previous lessons we created the folder structure and files for our new common Ansible role. Now it's time to add that role to our playbook and execute the playbook.

Adding the role to our Ansible Playbook

To get started, you'll be modifying the playbook located at ~/first_playbook.yml. Open this playbook in a text editor:

nano ~/first_playbook.yml

Add the common role to this playbook and remove our previously defined tasks. The playbook should now look like this:

---
- hosts: all
  become: yes
  roles:
    - common

Notice that we set become to be yes (equivillent to true). This will require the sudo password for each node. We'll deal with that shortly.

Here, the playbook is configured to run on all hosts, and it includes the common role which we created in earlier lessons.

As always, make sure you run the ansible-playbook command from the home directory where we have been creating the role folders and files, where our inventory and ansible.cfg files are located as that is quite important.

Running the Playbook

Finally, execute the playbook to apply the common role to your servers. Run the following command:

ansible-playbook first_playbook.yml

This command will start the Ansible playbook, applying the common role across all specified hosts. When we execute this playbook, we will see an error output like so:

Ansible Playbook Error: Missing Sudo Password
Ansible Playbook Error: Missing Sudo Password

This error occurs because we haven't defined our user password yet. You'll learn about how to securely store passwords with Ansible Vault and become password files later, for now, let's configure Ansible to simply prompt for the sudo / become password.

But first, how do we figure out if this is even possible? By reviewing the help files, of course!

If you run ansible-playbook --help, you will see an option for -K, --ask-become-pass. We could pass this to our command to have Ansible prompt us for the become password.

ansible-playbook first_playbook.yml --ask-become-pass
Ansible Playbook while providing sudo password
Ansible Playbook while providing sudo password

Alternatively, If we cat our ansible.cfg.example file, and grep for become we can see the setting to configure Ansible to ask us for the become password by default:

cat ansible.cfg.example | grep become
Ansible Config Become Ask Password Setting
Ansible Config Become Ask Password Setting

So we have the option to either update our ~/ansible.cfg file, or pass --ask-become-pass every time we run our Ansible playbook like so:

Instead of typing that argument every time we execute our playbook, let's add that setting to our config file by opening it with nano:

nano ansible.cfg

We need to add the [privilege_escalation] header, then set become_ask_pass to true in our config file. I know we need to set the header because it is included in the ansible.cfg.example file above the become_ask_pass setting. The final config should look like this:

[defaults]
# Specify our default inventory file
inventory = ~/inventory

[privilege_escalation]
# Ask for sudo pass
become_ask_pass = True

When I make either of those changes, I can now successfully run the playbook without needing to specify those parameters.

ansible-playbook first_playbook.yml
Playbook Run with become_ask_pass in ansible.cfg
Playbook Run with become_ask_pass in ansible.cfg

This time since we are running updates, this playbook run will take quite a bit longer depending on how many packages need to be updated on your system. It would be normal for this run to take up to 10 minutes to finish on servers that have already been updated recently, and even longer on servers that are further behind on updates.

You will learn how to store these passwords (while encrypting them) with password files and Ansible Vault in future lectures so we don't have to enter a become password for each run, but for now, this gets the job done.

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

0 0 votes
Lesson Rating
Subscribe
Notify of
profile avatar
0 Comments
Inline Feedbacks
View all comments