How to Leverage Ansible Variables in Roles and Playbooks

choubertsprojects

VPN offers!

1. NordVPN

2. Surfshark

3. ExpressVPN

Ansible scripts are a great way to automate tasks and deployments. In this blog, we’ll go over some ways you can use Roles and Playbooks with Ansible variables that will help your automation life be easier.

The “ansible convert playbook to role” is a command that can be used in Ansible roles and playbooks to make the code more readable. It will also allow for easier management of roles and playbooks.

How to Leverage Ansible Variables in Roles and Playbooks

Ansible is a popular automation technology that lets you manage hundreds of nodes at once, which may be overwhelming at times. Why not use Ansible variables in roles and playbooks to take use of one of the most useful aspects of Ansible?

For a more successful deployment technique, learn how to create Ansible variables in your playbooks or roles in this article.

Prepare yourself and begin utilizing variables now!

Prerequisites

This guide will walk you through the Ansible variables step by step. If you want to join in, make sure you have the following items:

Related: Ansible Setup Guide (Ubuntu, RHEL, CentOS, macOS)

  • To verify the operation of variables, use a remote Linux PC. The lesson utilizes an inventory group named web and a remote Linux PC called myserver.
  • One or more hosts have already been setup to perform Ansible commands and playbooks, and an inventory file has been created.

Within Ansible Roles, Declaring Ansible Variables

Set up Ansible variables within an Ansible role to begin this lesson. You’ll construct an Ansible role that downloads Apache Tomcat from a remote server using the ansible-playbook command.

Understanding and Configuring Ansible Roles (Tutorial)

1. First, use your chosen SSH client to connect to your Ansible controller server.

2. In your home directory, use the commands below to create a directory called /ansible variable role demo and set it as the working directory. The demo files for this lesson may be found in the /ansible variable role demo directory.

/ansible variable role demo/mkdir ansible variable role demo/cd

3. Now, within the /ansible variable role demo directory, execute the command below to create a new directory called roles. The tomcat role that you need to deploy is located in the /ansible variable role demo/roles directory.

Ansible searches for roles in two places by default: a directory named roles/ inside the directory where the playbook is located, and /etc/Ansible/roles. Declare the pathways using the – role: argument in the playbook if you want to store roles at separate paths.

4. Change to the /ansible variable role demo/roles directory (cd roles) and create the folders needed by the tomcat role using the instructions below.

The p option instructs the mkdir command to create the parent directory (tomcat) as well as subdirectories like tasks and vars. Each of these directories is shared by all Ansible roles and will ultimately include a main.yml file that will be used to deploy the Tomcat role.

Within the role directory, you may name the role anything you like.

mkdir -p tomcat/tasks,vars cd roles

Each folder that the tomcat job requires has a particular purpose:

  • tasks: A role’s task directory includes the tasks that it must complete. All of the tasks will be defined in the main.yml file in the tasks directory.
  • vars: The vars directory includes all of the variables you’ll need in the tasks directory’s main.yml file. In the vars directory, you’ll also define variables in the main.yml file.

5. Create the file /ansible role demo/roles/tomcat/tasks/main.yml and put the code below in it (playbook). The playbook below installs Tomcat on the node where it is being executed.

The tomcat download url and tomcat download location variables give the source and destination for downloading Apache Tomcat, respectively.

You instruct Ansible to evaluate the text as a variable and extend the value by enclosing the variables in two curly brackets ( ). The content is forced to a string by enclosing the curly brackets inside double-quotes.

The settings are defined in the /ansible role demo/roles/tomcat/vars/main.yml file, which you’ll construct next.

# Downloading the tomcat package – name: Download Tomcat # Using the parameters variables get url: url: “tomcat download url” dest: “tomcat download location” # Extracting the tomcat archive – name: Extract tomcat archive unarchive: src: “tomcat download location” dest: /opt/ remote src: yes

6. Finally, copy/paste the following code into a new file called /ansible role demo/roles/tomcat/vars/main.yml.

The tomcat download url and tomcat download location variables in the code below are set by the Ansible role (tomcat). While running the playbook, these variables are accessed from the /ansible role demo/roles/tomcat/tasks/main.yml.

tomcat download location: /opt/apache-tomcat-7.0.61.tar.gz tomcat download url: http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.61/bin/apache-tomcat-7.0.61.tar.gz tomcat download url: http://archive.apache.org/dist/tomcat/tomcat

Using an Ansible Role to Deploy Ansible Variables

Within the tomcat Ansible role, you’ve now set up and configured the Ansible role file structure and files/folders. However, the previously established role will accomplish nothing until you execute the playbook. It’s now time to use the Ansible role!

1. Create a YML file with the name you choose and put the code below into it. The file is titled /ansible role demo/tomcat-download.yml in this case.

The code below uses the remote user (ubuntu) with admin access to deploy the Ansible role (tomcat) that you defined previously to the target server IP (web).

Roles may be used in three different ways: at the play level with the roles option, at the task level with the include role option, and at the import role level with the import role option.

# Defining the remote server where the package will be installed hosts: web remote user: ubuntu # Using Ubuntu as a remote user: genuine roles: – tomcat

2. Verify that all essential files are in the /ansible role demo/ directory using the tree command below.

The primary may be seen in the file structure below. The tasks and vars folders contain yml files.

Validating the file and folder structure in preparation for Ansible deployment Validating the file and folder structure in preparation for Ansible deployment

3. Finally, to deploy the tomcat Ansible role to the target server IP, run the ansible-playbook command. The target server IP is specified in the tomcat-download.yml playbook’s host section (hosts: web).

tomcat-download.yml ansible-playbook

The tomcat Ansible role was successfully installed using the ansible-playbook command, which downloaded and extracted the Apache Tomcat on the remote server.

Playbook execution for the Apache Tomcat role Playbook execution for the Apache Tomcat role

Ansible Variables Declared Directly in the Playbook

You now know how to define Ansible variables inside Ansible roles, which is fantastic! However, the Ansible variables may be declared directly in the Ansible playbook.

Assuming you’re logged onto the Ansible controller host, do the following:

1. Run the following commands to create the /ansible variable playbook directory and set it as the working directory.

/ansible variable playbook/mkdir cd /variable playbook/ansible

2. With your favourite code/text editor, create a file titled /ansible variable playbook/main.yml and copy/paste the code below.

A task in the playbook below produces many files on the remote system with the same name supplied in the variable ATA bloggers names.

—- – title: Using Ansible Variables in the Deployment Playbook directly # Specifying the remote server where the package will be installed hosts: web remote user: ubuntu # Using Remote user as ubuntu become: true gather facts: false # Adding the ATA bloggers names variable [Miranda, Adam Listek, Adam Bertram, June, Arman] ATA bloggers names tasks: – name: Create a list of files with the same names in the variable ATA bloggers names. file: state: item.txt, touch path: /tmp/ # “ATA bloggers names” is the directory for the files loop.

3. Finally, run the playbook (/ansible variable playbook/main.yml) using the ansible-playbook command.

When the command is finished, five files will be generated in the /tmp directory of the remote node.

On the remote node, run the Ansible playbook On the remote node, run the Ansible playbook

You may want to look at the files in the /tmp directory. To list the files in the /tmp directory, use the ls -lh command.

All files produced by an Ansible playbook are listed here. All files produced by an Ansible playbook are listed here.

Using Ansible Vault to encrypt Ansible variables

When you’re hard-coding your passwords, using Ansible variables directly in a playbook is OK, but it’s not ideal. Secure your variables and their values, then use Ansible Vault to store these variables as secrets.

Assuming you’ve already logged onto the Ansible controller host, do the following:

1. Navigate to the /ansible variable playbook directory using the command below.

cd /variable playbook/ansible

2. Remove the following line of code from the /ansible variable playbook/main.yml file.

[Miranda, Adam Listek, Adam Bertram, June, Arman] ATA bloggers names

3. Paste the following text into a new file called authors.enc in the same /ansible variable playbook directory. The.enc file is encoded to prevent unwanted access to the file or to enable data encryption.

[Miranda, Adam Listek, Adam Bertram, June, Arman] ATA bloggers names

4. To encrypt the authors.enc file, use the ansible-vault command.

Only ‘data at rest’ is protected by the ansible-vault command. It is incumbent to the play and plugin creators to prevent secret disclosures after the material has been encrypted (‘data in use’).

encrypt authors.enc using ansible-vault

The variables and values in the authors.enc file are encrypted. The variables and values in the authors.enc file are encrypted.

5. Use the cat command to see whether the ansible-vault command properly encrypted the authors.enc file.

A series of digits appear below, indicating that the file data is encrypted.

Validating the file's content Validating the file’s content

6. Finally, run the playbook (/ansible variable playbook/main.yml) using the command below. The program below adds the playbook’s encrypted variables from the authors.enc file.

main.yml ansible-playbook -e @authors.enc —ask-vault-pass

You can see below that the playbook created the same files from the “Ansible Variables Declared Directly in the Playbook” section (step three).

Encrypted Variables Invoked in the Playbook Encrypted Variables Invoked in the Playbook

Conclusion

You learnt how to specify Ansible variables in Ansible roles and playbooks to aid in deployment effectiveness in this course. You’ve also mentioned encrypting your variables’ files. You wouldn’t have to worry about important information being hard-coded at this stage.

Will you start using Ansible variables in your upcoming deployments now that you have this knowledge? Maybe use Ansible when and other conditionals to give you greater control over your playbooks?

How to Work with When and Other Conditionals in Ansible

Ansible roles and playbooks are two types of configuration management tools that can be used to deploy applications. The “ansible roles vs playbooks” is a question that has been asked many times before, but the answer is not always clear.

Related Tags

  • ansible role required variables
  • ansible roles
  • ansible nested variables
  • ansible-playbook with multiple roles
  • ansible role path variable