Ansible Releases and Roles

Overview and Knowledge Transfer

Jörg Kastning

What do we talk about?

What are the differences between ansible and ansible-core?
What are roles and why should we use them?

Ansible Releases

ansible	ansible-core
Includes language, runtime, and selected collections	Includes language, runtime, and buildin plugins
Maintains only one version at a time	Maintains latest version plus two older versions
Uses semantic versioning	Does not use semantic versioning (Don't ask why!)
Flexible release cycle	Flexible release cycle

See Ansible Releases and Maintenance for more information.

What's included in RHEL?

RHEL 7

Ansible Engine 2.9
EoL since Dec 2021
Critical security vulnerabilities may be fixed by the RHEL team until 2024 (EoL RHEL 7)

RHEL 8

ansible-core 2.12
Using Ansible in RHEL 8.6 and later

RHEL 9

ansible-core 2.12
Using Ansible in RHEL 9

Scope of support for the Ansible Core package included in the RHEL 9 and RHEL 8.6 and later AppStream repositories is limited to language, runtime, RHEL System Roles shipped with the major release, or remediation playbooks generated by Insights.

Ansible Roles and RHEL System Roles

Ansible Roles


roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files if warranted
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource
        vars/             #
            main.yml      #  <-- variables associated with this role
        defaults/         #
            main.yml      #  <-- default lower priority variables for this role
        meta/             #
            main.yml      #  <-- role dependencies
        library/          # roles can also include custom modules
        module_utils/     # roles can also include custom module_utils
        lookup_plugins/   # or other types of plugins, like lookup in this case

    webtier/              # same kind of structure as "common" was above, done for the webtier role
    fooapp/               # ""

Docs: https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html

Creating roles with ansible-galaxy


$ ansible-galaxy role init otto_glattermann
- Role otto_glattermann was created successfully
$ tree otto_glattermann/
otto_glattermann/
├── defaults
│   └── main.yml
├── files
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── README.md
├── tasks
│   └── main.yml
├── templates
├── tests
│   ├── inventory
│   └── test.yml
└── vars
    └── main.yml

8 directories, 8 files

Best Practice for Roles

Role names should only contain lowercase word characters (i.e., a-z, 0-9) and ‘_’. Special characters, including ‘.’, ‘-‘, and space should be avoided.
Declare all input variables in defaults/main.yml and explain them in Readme.md.

Why should we use roles?


cat bits_init_baseline.yml
---
- hosts: hostname.example.com
  Vars:
    intitial_pw: "Change1T!"
#  SSH-Pub-Keys for user 'ansibleadm'
   sysadm_ssh_keys:
      - /ssh_pub_keys/alice.pub
      - /ssh_pub_keys/bob.pub
  roles:
    - set_proxy4rhsm
    - register_syspurpose
    - resolv.conf
    - baseline_pkgs
    - chrony
    - postfix
    - firewalld
    - selinux
    - sshmgmt_v1.5
    - init-root-passwd

RHEL System Roles

"RHEL System Roles is a collection of Ansible roles and modules that provide a stable and consistent configuration interface to automate and manage multiple releases of Red Hat Enterprise Linux." These roles are covered by Red Hat Support. See Red Hat Enterprise Linux (RHEL) System Roles for more information.