[RHCE] 09 – Manage content

      Ankush More

      09_01 Using Templates in Ansible

      Directory Structure

      # filepath: /scripts/setup_templates.sh
mkdir templates group_vars

      Basic Template Example

      # filepath: templates/httpd.conf.j2
ServerRoot "/etc/httpd"
Listen {{ http_port }}
ServerAdmin {{ admin_email }}
DocumentRoot {{ doc_root }}

<Directory {{ doc_root }}>
    AllowOverride {{ allow_override | default('None') }}
    Require all granted
</Directory>

      Variables File

      # filepath: group_vars/webservers.yml
---
http_port: 80
admin_email: admin@example.com
doc_root: /var/www/html

      Template Deployment

      # filepath: playbooks/deploy_config.yml
---
- name: Deploy Configuration Files
  hosts: webservers
  become: true
  tasks:
    - name: Deploy Apache config
      template:
        src: templates/httpd.conf.j2
        dest: /etc/httpd/conf/httpd.conf
        owner: root
        group: root
        mode: '0644'
        validate: '/usr/sbin/httpd -t -f %s'
      notify: restart apache

  handlers:
    - name: restart apache
      service:
        name: httpd
        state: restarted

      Advanced Template

      # filepath: templates/vhost.conf.j2
{% for vhost in virtual_hosts %}
<VirtualHost *:{{ http_port }}>
    ServerName {{ vhost.name }}
    DocumentRoot {{ vhost.docroot }}
    
    {% if vhost.ssl | default(false) %}
    SSLEngine on
    SSLCertificateFile {{ vhost.ssl_cert }}
    SSLCertificateKeyFile {{ vhost.ssl_key }}
    {% endif %}
    
    ErrorLog logs/{{ vhost.name }}-error_log
    CustomLog logs/{{ vhost.name }}-access_log combined
</VirtualHost>
{% endfor %}

      09_02 Using Ansible Vault

      Basic Vault Commands

      # filepath: /scripts/vault_commands.sh
# Create encrypted file
ansible-vault create secrets.yml

# Edit encrypted file
ansible-vault edit secrets.yml

# Encrypt existing file
ansible-vault encrypt vars/credentials.yml

# View encrypted file
ansible-vault view secrets.yml

      Encrypted Variables File

      # filepath: /vars/secrets.yml
---
mysql_root_password: supersecret123
api_key: ab12cd34ef56
ssl_private_key: |
  -----BEGIN PRIVATE KEY-----
  MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJ...
  -----END PRIVATE KEY-----

      Using Encrypted Variables

      # filepath: /playbooks/secure_deploy.yml
---
- name: Secure Deployment
  hosts: webservers
  vars_files:
    - /vars/secrets.yml
  
  tasks:
    - name: Configure MySQL root password
      mysql_user:
        name: root
        password: "{{ mysql_root_password }}"
        host: localhost
        
    - name: Deploy API configuration
      template:
        src: api_config.j2
        dest: /etc/api/config.json
        mode: '0600'

      Password File Setup

      # filepath: /scripts/setup_vault.sh
# Create vault password file
$vaultPassword = "your-secure-password"
echo $vaultPassword > ~/.vault_password
chmod 600 ~/.vault_password

# Use password file
ansible-playbook secure_deploy.yml --vault-password-file ~/.vault_password

      Multiple Vault IDs

      # filepath: /playbooks/multi_vault.yml
---
- name: Multi-Environment Deployment
  hosts: all
  vars_files:
    - "vars/secrets_{{ env }}.yml"
  
  tasks:
    - name: Deploy environment config
      template:
        src: env_config.j2
        dest: /app/config.yml
        mode: '0640'

      Remember to never commit unencrypted sensitive data or vault passwords to version control.

      Discover more from Altgr Blog

      Subscribe to get the latest posts sent to your email.

      Related Posts

      Leave a Reply

      Your email address will not be published. Required fields are marked *