Day04 - harishgorla5/Ansible GitHub Wiki
π§βπ« Ansible Vault, Tags, Error Handling & Final Project
π 1. Ansible Vault β Secure Sensitive Data
β What is Ansible Vault?
Ansible Vault lets you encrypt secrets like passwords, API tokens, and keys β so they donβt appear in plain text in your playbooks or variables.
πΈ Create an Encrypted File
ansible-vault create secrets.yml
Enter your secret content:
db_password: SuperSecure123
πΈ Use Encrypted Vars in Playbook
vars_files:
- secrets.yml
tasks:
- name: Show password
debug:
msg: "Password is {{ db_password }}"
πΈ Commands
| Command | Description |
|---|---|
ansible-vault edit file.yml |
Edit encrypted file |
ansible-vault view file.yml |
View contents |
ansible-vault encrypt file.yml |
Encrypt existing file |
ansible-vault decrypt file.yml |
Decrypt a file |
π Run Playbook with Vault
If using a password file:
ansible-playbook play.yml --vault-password-file pass.txt
π·οΈ 2. Tags β Run Specific Parts of a Playbook
β Use Case:
Run only selected tasks instead of the full playbook.
πΈ Example:
tasks:
- name: Install Apache
yum:
name: httpd
state: present
tags: apache
- name: Install MariaDB
yum:
name: mariadb-server
state: present
tags: db
πΈ Run with Tag
ansible-playbook setup.yml --tags apache
Skip a tag:
ansible-playbook setup.yml --skip-tags db
π 3. Error Handling in Ansible
By default, if a task fails, Ansible stops execution.
πΈ Ignore Task Failure
- name: Try to stop nginx
service:
name: nginx
state: stopped
ignore_errors: true
πΈ Block / Rescue / Always (like try/catch/finally)
tasks:
- block:
- name: Install app
command: /usr/bin/install_app
rescue:
- name: Send failure notification
debug:
msg: "Installation failed!"
always:
- name: Always cleanup temp files
file:
path: /tmp/install.log
state: absent
π§ͺ 4. Final Project β Combine All Concepts
𧩠Goal:
Build a real-world multi-role, dynamic, secure automation with:
- Apache and MariaDB roles
- Encrypted DB password
- Custom homepage with template
- Use tags and error handling
π Directory Structure:
project/
βββ inventory
βββ vault_pass.txt
βββ secrets.yml (encrypted)
βββ site.yml
βββ roles/
β βββ apache/
β β βββ tasks/main.yml
β β βββ templates/index.html.j2
β βββ mariadb/
β βββ tasks/main.yml
β βββ templates/my.cnf.j2
πΈ secrets.yml (Encrypted)
db_root_password: MyS3cr3t!
πΈ site.yml
- name: Web Role
hosts: web
become: true
roles:
- apache
- name: DB Role
hosts: db
become: true
vars_files:
- secrets.yml
roles:
- mariadb
πΈ roles/apache/tasks/main.yml
- name: Install Apache
yum:
name: httpd
state: present
tags: apache
- name: Deploy homepage
template:
src: index.html.j2
dest: /var/www/html/index.html
notify: Restart Apache
handlers:
- name: Restart Apache
service:
name: httpd
state: restarted
πΈ roles/mariadb/tasks/main.yml
- block:
- name: Install MariaDB
yum:
name: mariadb-server
state: present
- name: Configure DB
template:
src: my.cnf.j2
dest: /etc/my.cnf
- name: Set root password
mysql_user:
name: root
password: "{{ db_root_password }}"
login_unix_socket: /var/lib/mysql/mysql.sock
rescue:
- name: Log DB setup failure
debug:
msg: "MariaDB setup failed!"
β Summary (End of Course)
| Topic | Mastered |
|---|---|
| Vault | β |
| Tags | β |
| Error Handling | β |
| Roles, Templates, Variables | β |
| Project Use Case | β |