0%

0/1 Lessons

Course Introduction

• 16min

0 / 3 lessons complete

IT Lab Setup

• 20min

0 / 3 lessons complete

Installing Ansible

• 35min

0 / 3 lessons complete

Managing your Ansible Inventory

• 2hr 7min

0 / 8 lessons complete

Ansible Basics

• 1hr 43min

0 / 9 lessons complete

Ansible Roles

• 1hr 46min

0 / 8 lessons complete

Ansible Galaxy

• 1hr 33min

0 / 6 lessons complete

Ansible Facts, Variables, Passwords and Templates

• 1hr 51min

0 / 9 lessons complete

Advanced Ansible Playbook Creation

• 1hr 41min

0 / 8 lessons complete

Course Conclusion

• 11min

0 / 1 lessons complete

Ansible Loops

Instructions

Q&A (0)

Notes (0)

Resources (0)

Saving Progress...

Resources

There are no resources for this lesson.

Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.

Create note

In this lesson, you will learn how to effectively use Ansible loops in Ansible. Loops are useful for automating repetitive tasks. By the end of this lesson, you will be able to utilize loops in your Ansible playbooks.

We'll start by adding a list of users and passwords to our secret.yml file for secure storage, then we'll create a new playbook that will loop over the list and create the user accounts with their respective passwords.

Adding a List of Users To Our Ansible Vault File

You already have an Ansible Vault file at ~/secret.yml. This file will store user passwords securely. We will edit this file to add user information.

    ansible-vault edit ~/secret.yml
      users:
        - username: user1
          password: password1
        - username: user2
          password: password2
        - username: user3
          password: password3
        - username: user4
          password: password4
        - username: user5
          password: password5

      Note that we are using insecure passwords for each user, you are free to change this how you see fit. Save and close the file with the :wq key sequence.

      Creating the Playbook

      Let’s create a playbook called loops_test.yml. This playbook will loop through the user information stored in the Ansible Vault to create user accounts on your managed node.

           nano loops_test.yml
             ---
             - name: Create multiple users
               hosts: managed-node-1
               become: yes
               vars_files:
                 - ~/secret.yml
               tasks:
                 - name: Create user accounts
                   user:
                     name: "{{ item.username }}"
                     password: "{{ item.password | password_hash('sha512') }}"
                     state: present
                   loop: "{{ users }}"

          The loop in this playbook is defined by loop: "{{ users }}". This line is crucial because it tells Ansible to repeat the task for each item within the users variable. The users variable is expected to be a list where each item represents a user account's details.

          Each iteration of the loop picks up an item from the users list. In the context of this task, each item would typically contain a username and a password.

          Now, within the task, we reference elements of the current item using the {{ item }} notation. For instance, {{ item.username }} retrieves the username of the current item in the loop, and {{ item.password ... fetches the password.

          |: This is a pipe character used in Jinja2 to apply a filter to the variable on its left. Filters are functions that transform the variable in some way.

          password_hash('sha512'): This is a Jinja2 filter provided by Ansible that takes a plain text string and returns a hashed version of the string. The argument 'sha512' indicates that the SHA-512 hashing algorithm should be used. Hashing is a one-way function, making it a secure way to store passwords.

          The loop runs the user module for each item in the users list. It creates a user account with the specified username and password for each item. What's clever here is how Ansible handles each account creation as a separate task, but it's all written in a concise, easy-to-manage way thanks to the loop.

          This loop structure is a powerful feature in Ansible, allowing us to manage multiple items with a single task definition. It's a fundamental concept for efficient playbook writing, reducing repetition and enhancing readability.

          Executing the Playbook

          Run the playbook with the following command:

          ansible-playbook loops_test.yml

          Verifying the Task

          To ensure the users have been created, you can log into managed-node-1 and check the user list:

          getent passwd

          The new usernames should appear in the list.

          Conclusion

          You've successfully created a playbook that uses Ansible loops to automate the creation of user accounts, leveraging an existing Ansible Vault file for secure data handling. This approach exemplifies how Ansible's automation capabilities can be combined with security best practices.

          Server Academy Members Only

          Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

          0 0 votes
          Lesson Rating
          Subscribe
          Notify of
          profile avatar
          0 Comments
          Inline Feedbacks
          View all comments