Security Automation with Ansible 2
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Ansible roles

While playbooks offer a great way to execute plays in a pre-defined order, there is a brilliant feature on Ansible that takes the whole idea to a completely different level. Roles are a convenient way to bundle tasks, supporting assets such as files and templates, coupled with an automatic set of search paths.

By using a concept most programmers would be familiar with, of including files and folders and ascribing what is being included, a playbook becomes infinitely more readable and understandable. Roles are basically made up of tasks, handlers, and configurations, but by adding an additional layer to how a playbook is structured, we can easily get the big picture overview as well as the low-level details. 

This allows for reusable code and a pision of work in a team tasked with writing playbooks. For example, the database guru writes a role (almost like a partial playbook) for setting up the database and the security guru writes one on hardening such a database.

While it is possible to write a playbook in one very large file, eventually you want to reuse files and start to organize things.

Large and complex playbooks are hard to maintain and it is very difficult to reuse sections of a large playbook. Breaking a playbook into roles allows very efficient code reuse and makes playbooks much easier to understand.

The benefits of using roles while building large playbooks include:

  • Collaborating on writing playbooks
  • Reusing existing roles
  • Roles can be updated, improved upon independently
  • Handling variables, templates, and files is easier

LAMP usually stands for Linux, Apache, MySQL, PHP. A popular combination of software that is used to build applications for the web. Nowadays, another common combination in the PHP world is LEMP, which is Linux, NGINX, MySQL, PHP.

This is an example of what a possible LAMP stack site.yml can look like:

- name: LAMP stack setup on ubuntu 16.04
  hosts: all
  gather_facts: False
  remote_user: "{{remote_username}}"
  become: yes

 roles:
   - common
   - web
   - db
   - php

Note the list of roles. Just by reading the role names we can get an idea of the kind of tasks possibly under that role. 

上一章目录下一章