Build a Site
Build a holistic configuration, a Site, for our environment.
We'll cover the following
Your environment consists of:
- One Nginx server
- One IIS server
As changes flow through your environment, you will be required to run one of the two playbooks:
configure_iis_web_server.ymlconfigure_nginx_web_server.yml
Before you make the change, you have to decide which playbook to run. Making this decision is problematic: it requires manual intervention, and it doesn’t take advantage of Ansible’s idempotency.
Another option is to combine the two playbooks, running them both any time there is a change. What makes this operation safe is that the tasks within the playbooks are themselves idempotent. Luckily, there is a better option to use a site playbook than copying the tasks into a single monolithic playbook.
Site
Site is a term used in Ansible’s documentation to define the holistic configuration of an application, service, or environment.
It is a playbook that determines the configuration by listing the sequence of Ansible automation to run.
In this scenario, you will use a site.yml playbook to import the existing playbooks, allowing you to run both at once.
You will create a site.yml playbook to configure the web servers.
- name: '[Linux] configure nginx'import_playbook: configure_nginx_web_server.yml- name: '[Windows] configure IIS'import_playbook: configure_iis_web_server.yml
Ansible offers two methods for creating reusable playbooks, imports, and includes. To reuse existing playbooks, use Import. Import allows you to
- Link playbooks together.
- Use the linked playbooks independently.
- Preprocess the statements at the time the playbooks are parsed.
Import playbooks
To import playbooks, use import_playbook. Naming the import is optional but encouraged and useful.
Before you can run the playbook, you need to provide the Linux and Windows hosts. Fill in the environment variables, and we will take care of creating the hosts file for you.
Once updated, click on the Run button and wait for the environment to set up.
<!DOCTYPE html> <html> <body> <h1>become Ansible: It's like shoulder surfing a co-worker. </h1> </body> </html>
Execute the site.yml by running the following command in the terminal:
ansible-playbook site.yml -i hosts --ask-vault-pass
When prompted, enter the vault password, ssh username, and ssh password.
Task Failed
TASK [install nginx] fatal: []: FAILED! ⇒ {“msg”: “The powershell shell family is incompatible with the sudo become plugin”} The first time the playbook runs, you’ll see some peculiar behavior.
As the configure_nginx_web_server.yml playbook runs, the first task fails to execute on the Windows host. The playbook attempts to execute on the Windows host because the playbook uses the all host pattern.
When prompted, enter the local username and password.
Task Failed
TASK [Install IIS] fatal: [<LinuxHostDNSname]: UNREACHABLE!
Install IIS fails because it is targeting the Linux host. The playbook didn’t run on the Windows host because Ansible took it out of the host list when it failed on the prior step.
This strange behavior is that the host list in each playbook targets the all group, including both hosts.
To fix this, update each playbook host list to target the appropriate groups.
Open configure_nginx_web_server.yml and replace the all group with linux.
Similarly, open configure_iis_web_server.yml and replace the all group with windows.
<!DOCTYPE html> <html> <body> <h1>become Ansible: It's like shoulder surfing a co-worker. </h1> </body> </html>
Click on the Run button and wait for the environment to set up. Re-execute the site.yml by running the following command in the terminal:
ansible-playbook site.yml -i hosts --ask-vault-pass
The playbook returns ok for all the Linux tasks and changed for the Windows tasks.
Scoping the groups appropriately ensures the playbook was successful. However, being prompted for the username and password twice is tedious.
You can add the ansible_user and ansible_password to the group_var/linux.yml and group_var/windows.yml files.
Open configure_nginx_web_server.yml and remove the var_prompt list, ansible_username, and ansible_password variables.
<!DOCTYPE html> <html> <body> <h1>become Ansible: It's like shoulder surfing a co-worker. </h1> </body> </html>
Similarly, open configure_iis_web_server.yml and remove the var_prompt list, ansible_username, and ansible_password variables.
Update the <Password> with the password created using the ansible-vault command in the group_vars/linux.yml and group_vars/windows.yml files.
Click on the Run button and wait for the environment to set up. Re-execute the site.yml by running the following command in the terminal:
ansible-playbook site.yml -i hosts --ask-vault-pass
Notice there are no username or password prompts.
Using a site.yml simplifies execution. You no longer have to decide which playbook to run. Instead, you apply the configuration against the entire site.
Following are some positive side effects:
- configuration drift is addressed with each run.
- a central location to orchestrate the site’s configuration.
In this lesson, we have introduced a Site to centralize your automation configurations. You used import_playbook to re-use your existing playbooks within the site.yml file.
Get hands-on with 1300+ tech skills courses.