Playbooks against Remote Hosts

Connect to remote Linux and Windows hosts using Ansible playbooks.

We'll cover the following

Let’s look at how you can codify the ad-hoc command to connect to the Linux instance or virtual machine.

Connect to remote Linux host

You will learn how to convert the following ad-hoc command to an Ansible playbook:

Press + to interact
ansible all -i <Public Ip Address>, -m ping \
-e "ansible_user=ansible ansible_password=<Password> ansible_ssh_common_args='-o StrictHostKeyChecking=no'"

Create the playbook

Create the playbook in these steps:

  1. Create a ping.yml file.
  2. Add the hosts line to use the host pattern of all.
Press + to interact
---
- hosts: all
  1. Create a vars list and define the connection variables. Replace <Password> with your password.
Press + to interact
vars:
    ansible_user: ansible
    ansible_password: <Password>
    ansible_ssh_common_args: '-o StrictHostKeyChecking=no'

Defining the variables in the playbooks prevents you from defining them at run time.

At the moment, the password is in cleartext. This is obviously bad. Ansible has a feature that allows you to encrypt variables, which will be covered later.

  1. Add a tasks list.
Press + to interact
tasks:
- name: run ping
  ping:

Run the playbook

The final form of the ping.yml file looks like the one below. You can execute the playbook by clicking on the Run button.

---
- hosts: all
  gather_facts: false

  vars:
    ansible_user: ansible
    ansible_password: <Password>
    ansible_ssh_common_args: '-o StrictHostKeyChecking=no'

  tasks:
  - name: run ping
    ping:
Execute ping.yml

Once the environment is set up, execute the following command in the terminal:

Press + to interact
# Replace the password with the <Public IP Address>
# with the Linux Instance or VM IP Address
ansible-playbook ping.yml -i <Public IP Address>,

Replace <Public IP Address> with the address of the Linux remote host. Ensure that there is a , at the end of the IP address to indicate that this is a host list.

Add a prompt

The ping.yml playbook can be used to ping any Linux host by providing a different host list. However, since the username and password are hardcoded in the playbook, that user must exist on every host with the same password.

To increase the repeatability of the playbook, you can use vars_prompt to prompt for the username and password.

  1. Create a playbook called ping_prompts.yml.
  2. Add a vars_prompt for the ssh user and ssh password.
Press + to interact
---
- hosts: all 
  vars_prompt:
    - name: user
    prompt: "Enter ssh user"
    - name: password
    prompt: "Enter password for ssh user"
  1. Update vars with the variables defined by the prompts.
Press + to interact
vars:
    ansible_user: "{{ user }}"
    ansible_password: "{{ password }}"
    ansible_ssh_common_args: '-o StrictHostKeyChecking=no'

Ansible variables are enclosed in double-quotes and curly braces "{{ var }}".

  1. Review and execute the final form below by clicking on the Run button.
---
- hosts: all
  gather_facts: false

  vars_prompt:
    - name: user
    prompt: "Enter ssh user"
    - name: password
    prompt: "Enter password for ssh user"

  vars:
    ansible_user: "{{ user }}"
    ansible_password: "{{ password }}"
    ansible_ssh_common_args: '-o StrictHostKeyChecking=no'

  tasks:
  - name: run ping
    ping:
Execute ping_prompts.yml

Once the environment is set up, execute the following command in the terminal:

Press + to interact
ansible-playbook ping_prompts.yml -i <Public Ip Address>,
  1. When prompted, enter the username and password.

Default username
The username is ansible by default.

An added benefit of using a vars_prompt for the password is that you are far less likely to commit a password to source control, which would be bad.

Try it now

Practice converting Windows ad-hoc ping command to a playbook.

Convert to a Windows ping playbook

The command to connect to the remote Windows host is given below. Write your code in the win_ping.yml file.

Press + to interact
ansible all -i <Public Ip Address>, -m win_ping 
-e "ansible_user=ansible ansible_password=<Password> ansible_winrm_server_cert_validation=ignore ansible_connection=winrm"

Solution
The solution to this challenge is provided in the Solution directory. Try it yourself first and compare your solution with the provided solution.

---
    - hosts: all
      gather_facts: false
    
      vars_prompt:
        - name: username
          prompt: "Enter local username"
          private: no
        - name: password
          prompt: "Enter password"
    
      vars:
        ansible_user: "{{ username }}"
        ansible_password: "{{ password }}"
        ansible_connection: winrm
        ansible_winrm_transport: ntlm
        ansible_winrm_server_cert_validation: ignore
    
      tasks:
      - name: run win_ping
        win_ping:
win_ping.yml

In this lesson, we introduced vars and vars_prompt and converted the ad-hoc commands to playbooks to make them repeatable.

Get hands-on with 1300+ tech skills courses.