Shashikant shah

Monday, 19 October 2020

What is Templates and Vault. part 6

 What is templates ?

Ansible is used to manage configurations of multiple servers and environments. But these configuration files can vary for each cluster or remote server. But apart from a few parameters, all other settings will be the same.

Creating static files for each of these configurations is not an efficient solution. It will take a lot of time, and every time a new cluster is added, then you have to add more files. If there is an efficient way to manage these dynamic values, it would be beneficial. This is where Ansible template modules come into play.

A template is a file that contains all your configuration parameters, but the dynamic values are given as variables in the Ansible. During the playbook execution, it depends on the conditions such as which cluster you are using, and the variables will be replaced with the relevant values.  The template files will usually have the .j2 extension, which denotes the Jinja2 templating engine used.

1.  {{ }}  : These double curly braces are the widely used tags in a template file and they are used for embedding variables and ultimately printing their value during code execution. For example, a simple syntax using the double curly braces is as shown: The

 {{ webserver }} is running on  {{ nginx-version }}

2.  {%  %} : These are mostly used for control statements such as loops and if-else statements.

3.  {#  #} : These denote comments that describe a task.

We need to have two parameters when using the Ansible Template module, such as:

  • src: The source of the template file. It can be a relative and absolute path.
  • dest: Dest is the destination path on the remote server.

Template Module Attributes.

Here are some other parameters which can be used to change some default behavior of the template module:

  • Force: If the destination file already exists, then the Force parameter will decide whether it should be replaced or not. By default, the value is yes.
  • Backup: If you want a backup file to be created in the destination directory, you should set the value of the backup parameter to yes. By default, the value is no. and the backup file will be created every time there is a change in the destination directory.
  • owner – The owner of the file on the remote hosts.
  • group – The group of the file on the remote hosts.
  • mode – The file permission mode on the remote hosts.

Example 1 :-

We are using the template module on the example1.j2 file that replaces the default variables with values given in the playbook.

---
- hosts: jenkins
  vars:
    variable1: 'Hello...!!!'
    variable2: 'My first playbook using template'
  tasks:
    - name: Basic Template Example
      template:
        src: example1.j2
        dest: /tmp/output.txt
# vim example1.j2
{{ variable1 }}
No effects on this line
{{ variable2 }}

Check remote server change :-

# ansible jenkins -a "cat /tmp/output.txt" 





Example 2 :-
---
- hosts: jenkins
  become: yes
  tasks:
    - name: install index.html file
      template:
        src: index.html.j2
        dest: /var/www/html/index.html
        mode: 0777
 
# vim index.html.j2
<html>
<center>
   <h1> The hostname of this webserver is {{ ansible_hostname }}</h1>
   <h3> It is running on {{ ansible_os_family }}system </h3>
</center>
</html>

# ansible-playbook tmp.yml








Example 3 :-

---
- hosts: all
  vars:
    list1: ['Apple','Banana','Cat', 'Dog']
  tasks:
    - name: Template Loop example.
    - template:
        src: example2.j2
        dest: /home/knoldus/Documents/Ansible/output.txt

# vim example2.j2

Example of template module loop with a list.
{% for item in list1 %}
  {{ item }}
{% endfor %}

Multiple Files in Ansible

---
- hosts: all
  tasks:
    - name: Template with_items example.
      template:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
      with_items:
        - {src: 'example.j2',dest: '/tmp/output.txt'}
        - {src: 'example1.j2',dest: '/tmp/output1.txt'}
        - {src: 'example2.j2',dest: '/tmp/output2.txt'}

########## template create variable for status #####

anisble_project




What is Ansible Vault ?

Ansible Vault encrypts variables and files so you can protect sensitive content such as passwords or keys rather than leaving it visible as plaintext in playbooks or roles. You can then place encrypted content under source control and share it more safely.

Using Ansible Vault

The simple use of the Ansible vault is to encrypt variables files. It can encrypt any YAML file, but the most common files to encrypt are:

1.    A role's defaults/ main.yml file

2.    A role's vars/main.yml file

3.    Files within the group_vars directory

4.    Any other file used to store variables

1. How to Create an Encrypted File in Ansible

# ansible-vault create filename

2. How to View an Encrypted File in Ansible.
# ansible-vault view mysecrets.yml

3. How to Edit an Encrypted File in Ansible.
# ansible-vault edit mysecrets.yml
 
4. How to Change Ansible Vault Password.
# ansible-vault rekey mysecrets.yml

5. How to Encrypt an exist File in Ansible.
# ansible-vault encrypt classified.txt

6. How to Decrypt an Encrypted File.
# ansible-vault decrypt classified.txt
 
7. Using Ansible playbook with vault password file.















# echo "shashi@123" > pass.txt
# ansible-vault edit --vault-id=pass.txt hosts
 
# ansible-vault encrypt /etc/ansible/hosts
# ansible all --list-hosts --vault-password-file=pass.txt
# ansible-playbook secret.yml --vault-password-file=pass.txt




No comments:

Post a Comment