In this Part 6 of Ansible Series, we have covered a few Ansible modules in the past topics, we will now go deeper and discover additional modules that are helpful in performing a number of system administration tasks.

You will get a basic idea of each module and look at the options available for accomplishing certain tasks.

1. Managing Software Packages and Repositories in Ansible

When installing packages on Linux systems, different distributions come with different package managers. For RedHat distributions, we have yum & dnf while for Debian flavors, there’s apt.

Ansible comes with a module called package, which eliminates the need for using different package managers for different systems. It automatically uses the corresponding package manager of the host system, thereby making work easier.

Install Software Packages

For example, to install htop in a group of hosts comprising both Debian & RedHat distros use the package module as shown in the install_htop.yml playbook below.

---
- name: Install htop on Ubuntu and CentOS
 hosts: all
 tasks:

- package:
 name: htop
 state: installed

NOTE: Package names may differ from one operating system to another. For example, we have httpd in Redhat distributions and Apache2 for Debian/Ubuntu systems all of which denote the Apache webserver. Therefore, extra caution should be taken when passing these packages. Usually, it’s best to use variables or conditional statements.

2. Managing Services Using Ansible

Next, we have a service module, which is used for managing services on Linux systems. It’s used to start, stop or restart a service. You can also use it to enable a service so that when a system boots, it automatically starts the service.

Start and Enable a Service

For example, to start & enable Apache webserver on RHEL 8, use the service as shown.

---
- name: Start and enable httpd service
 hosts: webservers
 tasks:

- service:
 name: httpd
 state: started
	 enabled: yes

Stop a Service

To stop httpd service, pass the stopped attribute.

---
- name: Stop httpd service
 hosts: webservers
 tasks:

- service:
 name: httpd
 state: stopped

Restart a Service

To restart httpd service, pass the restarted attribute.

---
- name: Restart httpd service
 hosts: webservers
 tasks:

- service:
 name: httpd
 state: restarted

3. Managing Firewall with Ansible

Another important task system administrators undertake is the management of the firewall. In Ansible playbooks, this has been made much easier with firewalld and ufw modules. You can configure the firewall to allow or block a port or service or even a source address.

Let’s jump in and have a look at a few examples:

Open/block Port 80 in firewalld

---
- name: Allow port 80 
 hosts: webservers
 tasks: 
 
 -firewalld:
	port: 80/tcp
 permanent: yes
 state: enabled

In the playbook above, port 80 is allowed across the firewall.

The option permanent: yes enforces the firewall rule and makes it persistent across reboots. However, this rule does not apply immediately. It only comes into effect after a reboot. To enforce the rule immediately, use the option immediate: yes.

To specify the addresses allowed, use the source:0.0.0.0/0 statement.

- firewalld:
 source: 192.168.0.0/24
 zone: public
 state: enabled

To specify a range of ports to be allowed to use the port option as follows:

- firewalld:
 port: 213-567/udp
 permanent: yes
 state: enabled

To block the port change the state option to disabled as shown:

-firewalld:
	port: 80/tcp
 permanent: yes
 state: disabled

Add/Block a Service in firewalld

Apart from adding/blocking a port, you can also apply the same rules to a service. And it’s quite simple. Just use the service module and append the service to be added and ensure that the state option is set to enabled.

- firewalld:
 service: https
 permanent: true
 state: enabled

To block the service set the state option to disabled.

- firewalld:
 service: https
 permanent: true
 state: disabled

4. Archiving Files or Folders with Ansible

Archiving refers to the compression of a file or folder to a format that is easily portable and smaller in size. Ansible ships with a module called archive. Compressing a file is about as easy as it gets. All that is required is to specify the source path of the file and the destination of the compressed file.

Compress a Directory

Consider a playbook compress.yml below.

---
- hosts: webservers
 tasks:

 • name: Compress a folder
archive:
 path: /opt/data/web
 dest: /tmp/web.gz

The above playbook compresses the /opt/data/web directory and saves it to /tmp/web.gz.

Compress a Directory with Format

The default compression format is .gz, however, this can be specified using the format attribute. Sample the next Playbook.

---
- hosts: webservers
 Tasks:

 - name: Create a zip archive 
 archive:
 path: /opt/data/web
 dest: /tmp/web
 format: zip

The playbook above compresses /opt/data/web directory to /tmp/web.zip.

Uncompress a File

You can also uncompress a compressed file using the unarchive attribute. Consider the playbook below.

---
- hosts: webservers
 tasks:

 - name:Uncompress /tmp/web.gz to/opt directory on Ansible controller
 unarchive:
 src: /tmp/web.bz2
 dest: /opt/

The playbook above uncompresses the file /opt/data/web.gz to /opt on the Ansible controller.

Uncompress a File on Remote Node

To specify the remote source system use the remote_src=yes option.

---
- hosts: webservers
 tasks:

 - name:Uncompress /tmp/web.bz2 to/opt on remote host
 unarchive:
 src: /tmp/web.bz2
 dest: /opt/
 remote_src=yes 

The playbook above uncompresses the file /tmp/web.bz2 on the remote node to the /opt/ directory.

5. Schedule Tasks with Ansible

The cron module helps in scheduling jobs in Ansible Playbooks.

Create a Scheduled Task

Consider the playbook below.

---
- hosts: webservers
 tasks:

 - name: Create a scheduled task
 cron:
 name: Run employee attendance
 job: sh /opt/scripts/attendace.sh
 
 month: 4
 day: 5
 hour: 17
 minute: 00

The playbook runs the attendance script on April 5th at 5:00 pm.

Schedule a Script on Specific Date

If you want to schedule this script to run only if the 5th day of April is a Monday, then use the weekday: 1 attribute. 0 denotes Sunday and 6 denotes Saturday according to cron notation.

month: 4
day: 5
hour: 17
minute: 00
weekday: 1

An asterisk (*) in any of these fields indicates any value.

Run a Job on a Date

To run the job on April 5th at 5:00 pm no matter what the weekday is, use the time parameters as shown.

month: 4
day: 5
hour: 17
minute: 00
weekday: *

Execute a Job on Specific Day on Every Month

To execute the cron job on the 5th day of every month at 5:00 pm use the settings below.

month: *
day: 5
hour: 17
minute: 00
weekday: *

Execute a Job on Daily

To execute the cron job daily at 5:00 pm set the time settings as shown:

month: *
day: *
hour: 17
minute: 00
weekday: *

Execute a Job on Every 5 Hours

To execute the cron job every 5 hours, use the step value */5 as shown.

month: *
day: *
hour: */5
minute: *
weekday: *

6. Manage Users and Groups with Ansible

You can also manage users and groups inside Ansible playbooks quite effortlessly.

Create a New User

To create a new user, use the user module as shown.

---
- hosts: webservers
 tasks:

 - name: Create a new user
 user: 
 name: Jack

You can also add additional options such as UID, groups.

- name: Create a new user
 user: 
 name: Jack
 comment: Jack Peters
 uid: 1002
 group: administrators
 shell: /bin/bash

Remove a User

To remove the user, use the remove: yes statement.

- name: Remove the user 'Jack'
 user:
 name: Jack
 state: absent
 remove: yes

Create a New Group

To create a new group, use the group module.

- name: Create a group
 group:
 name: developers

7. Create Files and Directories with Ansible

To create files of directories, use the file module.

Create a New Directory

For example, to create a new directory.

---
- hosts: webservers
 tasks:

 - name: Create a new directory
 file: 
 path: /opt/app
 state: directory

You can add other attributes such as owner, group and file permissions.

- hosts: webservers
 tasks:

 - name: Create a new directory
 file: 
 path: /opt/web
 state: directory
 owner: www-data
 group: www-data
 mode: 0644

Additionally, you can create directories recursively using the recurse: yes statement.

---
- hosts: webservers
 tasks:

 - name: Create directories recursively
 file: 
 path: /opt/web/app
 state: directory
 owner: www-data
 group: www-data
 mode: 0644
recurse: yes

Create a File

To create a file, use the state: touch option.

---
- hosts: webservers
 tasks:

 - name: Create a new file
 file: 
 path: /opt/web/index.html
 state: touch
owner: www-data
 group: www-data
 mode: 0644

8. Managing Storage with Ansible

The lvg module is used to configure LVM volumes and groups.

Create an LVM Volume Group

Consider the playbook below:

---
- hosts: webservers
 tasks: 
 • name: Create lVM volume group
lvg: 
 vg: vg1
 pvs: /dev/sda1
 pesize: 32

This creates a volume group on top of /dev/sda1 partition with a physical extent size of 32 MB.

Once created, use the lvol module to create a logical volume as shown

Create a Logical Volume

---
 - hosts: webservers
 tasks: 

 - name: Create lVM volume
 lvol: 
 vg: vg1
 lv: lvol1
 pvs: /dev/sda1

9. Managing File Systems with Ansible

To create a file system on a block device, use the filesystem module.

Create a Filesystem

The playbook below creates the filesystem type of xfs on the block volume.

---
 - hosts: webservers
 tasks: 

 - name: Create a filesystem
 filesystem:
 
 fstype: xfs
 dev: /dev/vg1/lvol1

Mount a Filesystem

You can next proceed to mount the block volume using the mount module as shown in the playbook below:

---
 - hosts: webservers
 tasks: 

 - name: Mount a filesystem
 mount:
 
 fstype: xfs
 src: /dev/vg1/lvol1
 path: /opt/web
 state: mounted

Conclusion

This concludes the topic. We have covered various system administration tasks that can be accomplished by specific built-in modules in Ansible Playbooks.