# Playbooks

Describe in more details playbooks.

Show some example playbooks with:

 - user and skel
 - install packages
 - enable service #not on containers
 - lineinfile
 - curl
 - file
 - copy
 - fetch
 
Creating small reports.

More fun with:

  - iterations
  - ignore_errors
  - when
  - with_fileglob and remote_fileglob ;)

In [1]:
cd exercise-06

/notebooks/exercise-06


## Gathering facts

playbooks are groups of tasks we can run with ansible.

A playbook starts with an hosts mark specifying the hosts to run the playbook to.

```
---
- hosts: web
  tasks: 
  ...
```

When run, a playbook gathers facts about hosts (remember the setup module?).

Gathering facts may be time-consuming, so you can disabe that with

```
- hosts: web
  gather_facts: no
  tasks:
  ...
```



In [2]:
!cat debug.yml


- hosts: localhost
  name: those tasks are run on localhost only
  tasks:
  - name: This is the debug module.
    debug: msg="A string"
    
  - name: The debug module can print a variable too
    debug: var=ansible_hostname

  - name: We can iterate too
    debug: msg="{{item}}"
    with_items: "{{ansible_system_capabilities}}"

  - name: and inspect/format variables
    debug: msg="The device is {{item.device}}"
    with_items: >
      {{ansible_mounts}}



In [3]:
!ansible-playbook debug.yml


PLAY [those tasks are run on localhost only] ***********************************

TASK [Gathering Facts] *********************************************************
[0;32mok: [localhost][0m

TASK [This is the debug module.] ***********************************************
[0;32mok: [localhost] => {[0m
[0;32m    "msg": "A string"[0m
[0;32m}[0m

TASK [The debug module can print a variable too] *******************************
[0;32mok: [localhost] => {[0m
[0;32m    "ansible_hostname": "sysadminpy"[0m
[0;32m}[0m

TASK [We can iterate too] ******************************************************
[0;32mok: [localhost] => (item=cap_chown) => {[0m
[0;32m    "item": "cap_chown", [0m
[0;32m    "msg": "cap_chown"[0m
[0;32m}[0m
[0;32mok: [localhost] => (item=cap_dac_override) => {[0m
[0;32m    "item": "cap_dac_override", [0m
[0;32m    "msg": "cap_dac_override"[0m
[0;32m}[0m
[0;32mok: [localhost] => (item=cap_fowner) => {[0m
[0;32m    "item": "cap_fowner", [0m
[0;32m 

## Exercise: 

[modify debug.yml](/edit/notebooks/exercise-06/debug.yml) to disable fact gathering and use the following cell to test it 

In [4]:
!ansible-playbook debug.yml


PLAY [those tasks are run on localhost only] ***********************************

TASK [Gathering Facts] *********************************************************
[0;32mok: [localhost][0m

TASK [This is the debug module.] ***********************************************
[0;32mok: [localhost] => {[0m
[0;32m    "msg": "A string"[0m
[0;32m}[0m

TASK [The debug module can print a variable too] *******************************
[0;32mok: [localhost] => {[0m
[0;32m    "ansible_hostname": "sysadminpy"[0m
[0;32m}[0m

TASK [We can iterate too] ******************************************************
[0;32mok: [localhost] => (item=cap_chown) => {[0m
[0;32m    "item": "cap_chown", [0m
[0;32m    "msg": "cap_chown"[0m
[0;32m}[0m
[0;32mok: [localhost] => (item=cap_dac_override) => {[0m
[0;32m    "item": "cap_dac_override", [0m
[0;32m    "msg": "cap_dac_override"[0m
[0;32m}[0m
[0;32mok: [localhost] => (item=cap_fowner) => {[0m
[0;32m    "item": "cap_fowner", [0m
[0;32m 

### Hints

 - use ansible_facts as possible instead of gathering facts with uname & co
 - test and template your iterations statically instead of continuosly gathering facts
 

In [5]:
!cat process-facts.yml



---
- hosts: localhost
  gather_facts: no
  vars:
  - ansible_mounts:
    - {device: '/dev/mapper/docker-253:2-537280731-eb92264366fcbaf248d3d5a93bbaab17eec130b43ff94e44e11abab77f5f2038',
      fstype: xfs, mount: /, options: 'rw,context="system_u:object_r:svirt_sandbox_file_t:s0:c230,c811",relatime,nouuid,attr2,inode64,logbsize=64k,sunit=128,swidth=128,noquota,bind',
      size_available: 107076997120, size_total: 107320705024, uuid: N/A}
    - {device: /dev/mapper/vg0-home, fstype: xfs, mount: /code, options: 'rw,seclabel,relatime,attr2,inode64,noquota,bind',
      size_available: 18586177536, size_total: 214643507200, uuid: N/A}
    
  tasks:
  - name: Test complex entries processing without gathering facts.
    debug: 
      msg: >
        {{item.device}} {{ (100 * item.size_available/item.size_total) | int }}%
    with_items: >
      {{ansible_mounts}}



In [6]:
!ansible-playbook process-facts.yml | grep msg

    "msg": "/dev/mapper/docker-253:2-537280731-eb92264366fcbaf248d3d5a93bbaab17eec130b43ff94e44e11abab77f5f2038 99%\n"
    "msg": "/dev/mapper/vg0-home 8%\n"


## Packages, User and Files

Creating user and installing packages is easy

```
  - name: Install apache
    apt: item="{{item}}" state=present
    with_items:
    - apache2
    - curl
    
  - name: Remove wget
    apt: item=wget state=absent
```

In [8]:
!cat package-user.yml


- hosts: web
  tasks:
  - name: Install apache and other packages eventually iterating
    apt: name="{{item}}"
    with_items:
    - apache2
    - curl

  - name: Remove wget
    apt: name=wget state=absent

  - name: Create user
    user: 
      name: foo
      groups: adm
      append: yes
      shell: /bin/bash
      skeleton: /root   # duplicate /root/ content for the foo user

  - name: >
      Copy a file to ~foo expandig tilde.
      Do not forget quotes!
    copy:
      src: package-user.yml
      dest: "{{ '~foo' | expanduser }}"

  - name: >
      We can fetch files too (eg. logs):
      - files are dispatched to different directories.
      - we can avoid enforcing checksum as we're messing with 
        containers.
      
    fetch:
      src: /etc/passwd
      dest: /tmp/fetched
      validate_checksum: no


In [9]:
!ansible-playbook package-user.yml



PLAY [web] *********************************************************************

TASK [Gathering Facts] *********************************************************
[0;32mok: [ansible101_web_1][0m

TASK [Install apache and other packages eventually iterating] ******************
[0;32mok: [ansible101_web_1] => (item=[u'apache2', u'curl'])[0m

TASK [Remove wget] *************************************************************
[0;32mok: [ansible101_web_1][0m

TASK [Create user] *************************************************************
[0;32mok: [ansible101_web_1][0m

TASK [Copy a file to ~foo expandig tilde. Do not forget quotes!] ***************
[0;32mok: [ansible101_web_1][0m

TASK [We can fetch files too (eg. logs): - files are dispatched to different directories. - we can avoid enforcing checksum as we're messing with 
  containers.] ***
[0;33mchanged: [ansible101_web_1][0m

PLAY RECAP *********************************************************************
[0;33mansible101_

In [12]:
!tree /tmp/fetched/

/tmp/fetched/
└── ansible101_web_1
    ├── etc
    └── var
        └── log

4 directories, 0 files


## Files and Directories

Creating files and directories. 

lineinfile / blockinfile

with_fileglob

In [11]:
!ansible-playbook -i inventory files-content.yml 



PLAY [A playbook can be made of multiple stanzas. They'll be pipelined.] *******

TASK [Gathering Facts] *********************************************************
[0;32mok: [localhost][0m

TASK [Delete previous template] ************************************************
[0;33mchanged: [localhost][0m

TASK [We're now just showing how to create a file containing a block of lines] ***
[0;33mchanged: [localhost][0m

TASK [Register command output in a variable] ***********************************
[0;33mchanged: [localhost][0m

TASK [Show output] *************************************************************
[0;32mok: [localhost] => {[0m
[0;32m    "o_cat.stdout": "False\n<html> <body> System installed by sysadminpy on {{ ansible_hostname }} </body> </html>\nFalse"[0m
[0;32m}[0m

PLAY [web] *********************************************************************

TASK [Gathering Facts] *********************************************************
[0;32mok: [ansible101_web_1][0m

TASK 

## shell module reloaded

Ansible can be used to reproduce issues and gather command output. 

Though the standard workflow can be done registering output in a temporary variable


In [14]:
!cat shell-output-01.yml

# 
- hosts: localhost
  tasks:
  - name: Run multiple commands via /bin/sh (no bashisms)
    shell: |
      ls -latr /etc/host*
    ignore_errors: yes
    register: o
    
  - name: Show output in a single block...
    debug: var=o.stdout

  - name: ... or one per line
    debug: var=item
    with_items: >
      {{ o.stdout_lines }}



In [15]:
!ansible-playbook shell-output-01.yml


PLAY [localhost] ***************************************************************

TASK [Gathering Facts] *********************************************************
[0;32mok: [localhost][0m

TASK [Run multiple commands via /bin/sh (no bashisms)] *************************
[0;33mchanged: [localhost][0m

TASK [Show output in a single block...] ****************************************
[0;32mok: [localhost] => {[0m
[0;32m    "o.stdout": "-rw-r--r--. 1 root root   9 Aug  7  2006 /etc/host.conf\n-rw-r--r--. 1 root root 172 Jun 29 09:31 /etc/hosts\n-rw-r--r--. 1 root root  11 Jun 29 09:31 /etc/hostname"[0m
[0;32m}[0m

TASK [... or one per line] *****************************************************
[0;32mok: [localhost] => (item=-rw-r--r--. 1 root root   9 Aug  7  2006 /etc/host.conf) => {[0m
[0;32m    "item": "-rw-r--r--. 1 root root   9 Aug  7  2006 /etc/host.conf"[0m
[0;32m}[0m
[0;32mok: [localhost] => (item=-rw-r--r--. 1 root root 172 Jun 29 09:31 /etc/hosts) => {[0m
[0;32

This approach has its limits.

### Exercise:

  - what happens if you processa long pipeline with  [shell-output-01.yml](/edit/notebooks/exercise-07/shell-output-01.yml) ? 
  
Exercise: modify [shell-output-01.yml](/edit/notebooks/exercise-07/shell-output-01.yml) so that:

  - every command stdout/stderr is redirected to a given file
  - before and after every command output print  a header and a footer (eg. the expected output is like
  
```
--- START COMMAND: cat /etc/resolv.conf --
nameserver 172.17.0.1
-- END COMMAND: cat /etc/resolv.conf
```

HINTS:

  - use shell redirection instead of `register`
  - use with_items to process many different commands 
  

## Templates

Creating files from templates.

include template files, enforcing policies

tagging

