An Ansible® playbook is a blueprint of automation tasks—which are complex IT actions executed with limited or no human involvement. Ansible playbooks are executed on a set, group, or classification of hosts, which together make up an Ansible inventory.
Ansible playbooks are essentially frameworks, which are prewritten code developers can use ad-hoc or as starting template. Ansible playbooks are regularly used to automate IT infrastructure (such as operating systems and Kubernetes platforms), networks, security systems, and developer personas (such as Git and Red Hat CodeReady Studio).
Ansible playbooks help IT staff program applications, services, server nodes, or other devices without the manual overhead of creating everything from scratch. And Ansible playbooks—as well as the conditions, variables, and tasks within them—can be saved, shared, or reused indefinitely.
How do Ansible playbooks work?
Ansible modules execute tasks. One or more Ansible tasks can be combined to make a play. Two or more plays can be combined to create an Ansible playbook. Ansible playbooks are lists of tasks that automatically execute against hosts. Groups of hosts form your Ansible inventory.
Each module within an Ansible playbook performs a specific task. Each module contains metadata that determines when and where a task is executed, as well as which user executes it. There are thousands of other Ansible modules that perform all kinds of IT tasks, such as:
Cloud management
oci_vcn creates, deletes, or updates virtual cloud networks in Oracle Cloud Infrastructure environments. Similarly, vmware_cluster adds, removes, or updates VMware vSphere clusters.
User management
selogin maps Linux® operating system (OS) users to SELinux user, and gitlab_user creates, updates, or deletes GitLab users.
Networking
Dozens of modules handle application programming interfaces (APIs); Cisco IOS, NXOS, and IOS XR devices; as well as F5 BIG-IP services.
Security
Openssh_cert generates an OpenSSH host or user certificates, and ipa_config manages global FreeIPA configuration settings.
Communication
mail can automatically send emails based on certain criteria, and snow_record creates, deletes, or updates a single record in ServiceNow.
A practical example of an Ansible playbook
Ansible is capable of communicating with many different device classifications, from cloud-based REST APIs, to Linux and Windows systems, networking hardware, and much more. This is a sample of 2 Ansible modules automatically updating 2 types of servers:
--- name: update web servers
hosts: webservers
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum:
name: httpd
state: latest
- name: write the apache config file
template:
src: /srv/httpd.j2
dest: /etc/httpd.conf
- name: update db servers
hosts: databases
remote_user: root
tasks:
- name: ensure postgresql is at the latest version
yum:
name: postgresql
state: latest
- name: ensure that postgresql is started
service:
name: postgresql
state: startedThe playbook contains 2 plays:
- The first checks whether or not web server software is up to date and runs the update if necessary
- The second checks whether or not database server software is up to date and runs the update if necessary
How do I use Ansible playbooks?
Ansible uses the YAML syntax. Depending on whom you ask, YAML stands for yet another markup language or YAML ain’t markup language (a recursive acronym). There are also 2 different, but perfectly acceptable, YAML file extensions: .yaml or .yml.
There are 2 ways of using Ansible playbooks: From the command line interface (CLI) or using the Red Hat Ansible Automation Platform’s push-button deployments.
From the CLI
After installing the open source Ansible project or Red Hat Ansible Automation Platform (which is as straightforward as typing sudo yum install ansible in the Red Hat Enterprise Linux CLI), all you need to do is use the ansible-playbook command to run Ansible playbooks.
From within the platform
The Red Hat Ansible Automation Platform web-based user interface includes push-button Ansible playbook deployments that are used as part of larger jobs (or job templates). These deployments come with additional safeguards that are particularly helpful to users who are newer to IT automation—or those without as much experience working in the CLI.
