In previous lessons we created the folder structure and files for our new common Ansible role. Now it's time to add that role to our playbook and execute the playbook.

Adding the role to our Ansible Playbook

To get started, you'll be modifying the playbook located at ~/first_playbook.yml. Open this playbook in a text editor:

nano ~/first_playbook.yml

Add the common role to this playbook and remove our previously defined tasks. The playbook should now look like this:

---
- hosts: all
  become: yes
  roles:
    - common

Here, the playbook is configured to run on all hosts, and it includes the common role which we created in earlier lessons.

As always, make sure you run the ansible-playbook command from the home directory where we have been creating the role folders and files, where our inventory and ansible.cfg files are located as that is quite important.

Running the Playbook

Finally, execute the playbook to apply the common role to your servers. Run the following command:

ansible-playbook first_playbook.yml

This command will start the Ansible playbook, applying the common role across all specified hosts. When we execute this playbook, we will see an error output like so:

This error occurs because we haven't defined our user password yet. You'll learn about how to securely store passwords with Ansible Vault and become password files later, for now, let's configure Ansible to simply prompt for the sudo / become password.

But first, how do we figure out if this is even possible? By reviewing the help files, of course!

If you run ansible-playbook --help, you will see an option for -K, --ask-become-pass. We could pass this to our command to have Ansible prompt us for the become password.

ansible-playbook first_playbook.yml --ask-become-pass

Alternatively, If we cat our ansible.cfg.example file, and grep for become we can see the setting to configure Ansible to ask us for the become password by default:

cat ansible.cfg.example | grep become

So we have the option to either update our ~/ansible.cfg file, or pass --ask-become-pass every time we run our Ansible playbook like so:

Instead of typing that argument every time we execute our playbook, let's add that setting to our config file by opening it with nano:

nano ansible.cfg

We need to add the [privilege_escalation] header, then set become_ask_pass to true in our config file. I know we need to set the header because it is included in the ansible.cfg.example file above the become_ask_pass setting. The final config should look like this:

[defaults]
# Specify our default inventory file
inventory = ~/inventory

[privilege_escalation]
# Ask for sudo pass
become_ask_pass = True

When I make either of those changes, I can now successfully run the playbook without needing to specify those parameters.

ansible-playbook first_playbook.yml

This time since we are running updates, this playbook run will take quite a bit longer depending on how many packages need to be updated on your system. It would be normal for this run to take up to 10 minutes to finish on servers that have already been updated recently, and even longer on servers that are further behind on updates.

You will learn how to store these passwords (while encrypting them) with password files and Ansible Vault in future lectures so we don't have to enter a become password for each run, but for now, this gets the job done.

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

Sign In Get Instant Access