/docsite/rst/playbooks_intro.rst

https://github.com/ajanthanm/ansible · ReStructuredText · 395 lines · 282 code · 113 blank · 0 comment · 0 complexity · 80a15cabba00f086e78c917c6483e3b5 MD5 · raw file

  1. Intro to Playbooks
  2. ==================
  3. .. _about_playbooks:
  4. About Playbooks
  5. ```````````````
  6. Playbooks are a completely different way to use ansible than in adhoc task execution mode, and are
  7. particularly powerful.
  8. Simply put, playbooks are the basis for a really simple configuration management and multi-machine deployment system,
  9. unlike any that already exist, and one that is very well suited to deploying complex applications.
  10. Playbooks can declare configurations, but they can also orchestrate steps of
  11. any manual ordered process, even as different steps must bounce back and forth
  12. between sets of machines in particular orders. They can launch tasks
  13. synchronously or asynchronously.
  14. While you might run the main /usr/bin/ansible program for ad-hoc
  15. tasks, playbooks are more likely to be kept in source control and used
  16. to push out your configuration or assure the configurations of your
  17. remote systems are in spec.
  18. There are also some full sets of playbooks illustrating a lot of these techniques in the
  19. `ansible-examples repository <https://github.com/ansible/ansible-examples>`_. We'd recommend
  20. looking at these in another tab as you go along.
  21. There are also many jumping off points after you learn playbooks, so hop back to the documentation
  22. index after you're done with this section.
  23. .. _playbook_language_example:
  24. Playbook Language Example
  25. `````````````````````````
  26. Playbooks are expressed in YAML format (see :doc:`YAMLSyntax`) and have a minimum of syntax, which intentionally
  27. tries to not be a programming language or script, but rather a model of a configuration or a process.
  28. Each playbook is composed of one or more 'plays' in a list.
  29. The goal of a play is to map a group of hosts to some well defined roles, represented by
  30. things ansible calls tasks. At a basic level, a task is nothing more than a call
  31. to an ansible module, which you should have learned about in earlier chapters.
  32. By composing a playbook of multiple 'plays', it is possible to
  33. orchestrate multi-machine deployments, running certain steps on all
  34. machines in the webservers group, then certain steps on the database
  35. server group, then more commands back on the webservers group, etc.
  36. "plays" are more or less a sports analogy. You can have quite a lot of plays that affect your systems
  37. to do different things. It's not as if you were just defining one particular state or model, and you
  38. can run different plays at different times.
  39. For starters, here's a playbook that contains just one play::
  40. ---
  41. - hosts: webservers
  42. vars:
  43. http_port: 80
  44. max_clients: 200
  45. remote_user: root
  46. tasks:
  47. - name: ensure apache is at the latest version
  48. yum: pkg=httpd state=latest
  49. - name: write the apache config file
  50. template: src=/srv/httpd.j2 dest=/etc/httpd.conf
  51. notify:
  52. - restart apache
  53. - name: ensure apache is running
  54. service: name=httpd state=started
  55. handlers:
  56. - name: restart apache
  57. service: name=httpd state=restarted
  58. Below, we'll break down what the various features of the playbook language are.
  59. .. _playbook_basics:
  60. Basics
  61. ``````
  62. .. _playbook_hosts_and_users:
  63. Hosts and Users
  64. +++++++++++++++
  65. For each play in a playbook, you get to choose which machines in your infrastructure
  66. to target and what remote user to complete the steps (called tasks) as.
  67. The `hosts` line is a list of one or more groups or host patterns,
  68. separated by colons, as described in the :doc:`intro_patterns`
  69. documentation. The `remote_user` is just the name of the user account::
  70. ---
  71. - hosts: webservers
  72. remote_user: root
  73. .. note::
  74. The `remote_user` parameter was formerly called just `user`. It was renamed in Ansible 1.4 to make it more distinguishable from the `user` module (used to create users on remote systems).
  75. Remote users can also be defined per task::
  76. ---
  77. - hosts: webservers
  78. remote_user: root
  79. tasks:
  80. - name: test connection
  81. ping:
  82. remote_user: yourname
  83. .. note::
  84. The `remote_user` parameter for tasks was added in 1.4.
  85. Support for running things from sudo is also available::
  86. ---
  87. - hosts: webservers
  88. remote_user: yourname
  89. sudo: yes
  90. You can also use sudo on a particular task instead of the whole play::
  91. ---
  92. - hosts: webservers
  93. remote_user: yourname
  94. tasks:
  95. - service: name=nginx state=started
  96. sudo: yes
  97. You can also login as you, and then sudo to different users than root::
  98. ---
  99. - hosts: webservers
  100. remote_user: yourname
  101. sudo: yes
  102. sudo_user: postgres
  103. If you need to specify a password to sudo, run `ansible-playbook` with ``--ask-sudo-pass`` (`-K`).
  104. If you run a sudo playbook and the playbook seems to hang, it's probably stuck at the sudo prompt.
  105. Just `Control-C` to kill it and run it again with `-K`.
  106. .. important::
  107. When using `sudo_user` to a user other than root, the module
  108. arguments are briefly written into a random tempfile in /tmp.
  109. These are deleted immediately after the command is executed. This
  110. only occurs when sudoing from a user like 'bob' to 'timmy', not
  111. when going from 'bob' to 'root', or logging in directly as 'bob' or
  112. 'root'. If this concerns you that this data is briefly readable
  113. (not writable), avoid transferring uncrypted passwords with
  114. `sudo_user` set. In other cases, '/tmp' is not used and this does
  115. not come into play. Ansible also takes care to not log password
  116. parameters.
  117. .. _tasks_list:
  118. Tasks list
  119. ++++++++++
  120. Each play contains a list of tasks. Tasks are executed in order, one
  121. at a time, against all machines matched by the host pattern,
  122. before moving on to the next task. It is important to understand that, within a play,
  123. all hosts are going to get the same task directives. It is the purpose of a play to map
  124. a selection of hosts to tasks.
  125. When running the playbook, which runs top to bottom, hosts with failed tasks are
  126. taken out of the rotation for the entire playbook. If things fail, simply correct the playbook file and rerun.
  127. The goal of each task is to execute a module, with very specific arguments.
  128. Variables, as mentioned above, can be used in arguments to modules.
  129. Modules are 'idempotent', meaning if you run them
  130. again, they will make only the changes they must in order to bring the
  131. system to the desired state. This makes it very safe to rerun
  132. the same playbook multiple times. They won't change things
  133. unless they have to change things.
  134. The `command` and `shell` modules will typically rerun the same command again,
  135. which is totally ok if the command is something like
  136. 'chmod' or 'setsebool', etc. Though there is a 'creates' flag available which can
  137. be used to make these modules also idempotent.
  138. Every task should have a `name`, which is included in the output from
  139. running the playbook. This is output for humans, so it is
  140. nice to have reasonably good descriptions of each task step. If the name
  141. is not provided though, the string fed to 'action' will be used for
  142. output.
  143. Tasks can be declared using the legacy "action: module options" format, but
  144. it is recommended that you use the more conventional "module: options" format.
  145. This recommended format is used throughout the documentation, but you may
  146. encounter the older format in some playbooks.
  147. Here is what a basic task looks like, as with most modules,
  148. the service module takes key=value arguments::
  149. tasks:
  150. - name: make sure apache is running
  151. service: name=httpd state=running
  152. The `command` and `shell` modules are the only modules that just take a list
  153. of arguments and don't use the key=value form. This makes
  154. them work as simply as you would expect::
  155. tasks:
  156. - name: disable selinux
  157. command: /sbin/setenforce 0
  158. The command and shell module care about return codes, so if you have a command
  159. whose successful exit code is not zero, you may wish to do this::
  160. tasks:
  161. - name: run this command and ignore the result
  162. shell: /usr/bin/somecommand || /bin/true
  163. Or this::
  164. tasks:
  165. - name: run this command and ignore the result
  166. shell: /usr/bin/somecommand
  167. ignore_errors: True
  168. If the action line is getting too long for comfort you can break it on
  169. a space and indent any continuation lines::
  170. tasks:
  171. - name: Copy ansible inventory file to client
  172. copy: src=/etc/ansible/hosts dest=/etc/ansible/hosts
  173. owner=root group=root mode=0644
  174. Variables can be used in action lines. Suppose you defined
  175. a variable called 'vhost' in the 'vars' section, you could do this::
  176. tasks:
  177. - name: create a virtual host file for {{ vhost }}
  178. template: src=somefile.j2 dest=/etc/httpd/conf.d/{{ vhost }}
  179. Those same variables are usable in templates, which we'll get to later.
  180. Now in a very basic playbook all the tasks will be listed directly in that play, though it will usually
  181. make more sense to break up tasks using the 'include:' directive. We'll show that a bit later.
  182. .. _action_shorthand:
  183. Action Shorthand
  184. ````````````````
  185. .. versionadded:: 0.8
  186. Ansible prefers listing modules like this in 0.8 and later::
  187. template: src=templates/foo.j2 dest=/etc/foo.conf
  188. You will notice in earlier versions, this was only available as::
  189. action: template src=templates/foo.j2 dest=/etc/foo.conf
  190. The old form continues to work in newer versions without any plan of deprecation.
  191. .. _handlers:
  192. Handlers: Running Operations On Change
  193. ``````````````````````````````````````
  194. As we've mentioned, modules are written to be 'idempotent' and can relay when
  195. they have made a change on the remote system. Playbooks recognize this and
  196. have a basic event system that can be used to respond to change.
  197. These 'notify' actions are triggered at the end of each block of tasks in a playbook, and will only be
  198. triggered once even if notified by multiple different tasks.
  199. For instance, multiple resources may indicate
  200. that apache needs to be restarted because they have changed a config file,
  201. but apache will only be bounced once to avoid unnecessary restarts.
  202. Here's an example of restarting two services when the contents of a file
  203. change, but only if the file changes::
  204. - name: template configuration file
  205. template: src=template.j2 dest=/etc/foo.conf
  206. notify:
  207. - restart memcached
  208. - restart apache
  209. The things listed in the 'notify' section of a task are called
  210. handlers.
  211. Handlers are lists of tasks, not really any different from regular
  212. tasks, that are referenced by name. Handlers are what notifiers
  213. notify. If nothing notifies a handler, it will not run. Regardless
  214. of how many things notify a handler, it will run only once, after all
  215. of the tasks complete in a particular play.
  216. Here's an example handlers section::
  217. handlers:
  218. - name: restart memcached
  219. service: name=memcached state=restarted
  220. - name: restart apache
  221. service: name=apache state=restarted
  222. Handlers are best used to restart services and trigger reboots. You probably
  223. won't need them for much else.
  224. .. note::
  225. Notify handlers are always run in the order written.
  226. Roles are described later on. It's worthwhile to point out that handlers are
  227. automatically processed between 'pre_tasks', 'roles', 'tasks', and 'post_tasks'
  228. sections. If you ever want to flush all the handler commands immediately though,
  229. in 1.2 and later, you can::
  230. tasks:
  231. - shell: some tasks go here
  232. - meta: flush_handlers
  233. - shell: some other tasks
  234. In the above example any queued up handlers would be processed early when the 'meta'
  235. statement was reached. This is a bit of a niche case but can come in handy from
  236. time to time.
  237. .. _executing_a_playbook:
  238. Executing A Playbook
  239. ````````````````````
  240. Now that you've learned playbook syntax, how do you run a playbook? It's simple.
  241. Let's run a playbook using a parallelism level of 10::
  242. ansible-playbook playbook.yml -f 10
  243. .. _ansible-pull:
  244. Ansible-Pull
  245. ````````````
  246. Should you want to invert the architecture of Ansible, so that nodes check in to a central location, instead
  247. of pushing configuration out to them, you can.
  248. Ansible-pull is a small script that will checkout a repo of configuration instructions from git, and then
  249. run ansible-playbook against that content.
  250. Assuming you load balance your checkout location, ansible-pull scales essentially infinitely.
  251. Run ``ansible-pull --help`` for details.
  252. There's also a `clever playbook <https://github.com/ansible/ansible-examples/blob/master/language_features/ansible_pull.yml>`_ available to configure ansible-pull via a crontab from push mode.
  253. .. _tips_and_tricks:
  254. Tips and Tricks
  255. ```````````````
  256. Look at the bottom of the playbook execution for a summary of the nodes that were targeted
  257. and how they performed. General failures and fatal "unreachable" communication attempts are
  258. kept separate in the counts.
  259. If you ever want to see detailed output from successful modules as well as unsuccessful ones,
  260. use the ``--verbose`` flag. This is available in Ansible 0.5 and later.
  261. Ansible playbook output is vastly upgraded if the cowsay
  262. package is installed. Try it!
  263. To see what hosts would be affected by a playbook before you run it, you
  264. can do this::
  265. ansible-playbook playbook.yml --list-hosts
  266. .. seealso::
  267. :doc:`YAMLSyntax`
  268. Learn about YAML syntax
  269. :doc:`playbooks_best_practices`
  270. Various tips about managing playbooks in the real world
  271. :doc:`index`
  272. Hop back to the documentation index for a lot of special topics about playbooks
  273. :doc:`modules`
  274. Learn about available modules
  275. :doc:`developing_modules`
  276. Learn how to extend Ansible by writing your own modules
  277. :doc:`intro_patterns`
  278. Learn about how to select hosts
  279. `Github examples directory <https://github.com/ansible/ansible-examples>`_
  280. Complete end-to-end playbook examples
  281. `Mailing List <http://groups.google.com/group/ansible-project>`_
  282. Questions? Help? Ideas? Stop by the list on Google Groups