Tutorial on using group_vars and host_vars in Ansible for user and firewall configuration

The tutorial explains how to use group_vars and host_vars in Ansible for user and firewall configuration. The first part shows how to create a webservers group and define variables for creating a user using Ansible playbook. The second part demonstrates how to create multiple users using a list and loop in Ansible playbook. The final section explains how to use host_vars to define variables for configuring firewall in Ansible playbook.

Rahul Kundra

Let Me Explain How These Works

Imagine you’re the captain of a spaceship, and you have a crew of different species with unique abilities and preferences. To manage them effectively, you need to keep track of their individual traits as well as group dynamics.

Similarly, in Ansible, host_vars and group_vars are like folders that help you keep track of your devices or servers. The host_vars folder contains YAML files that reference specific devices, just like how you might keep a record of each crew member’s strengths and weaknesses.

On the other hand, group_vars contains YAML files that reference groups of devices or all devices, like how you might track the needs and preferences of different teams on your spaceship.

Creating these folders manually might seem like a hassle, but it’s a crucial step towards efficiently managing your infrastructure. Moreover, the names of the YAML files in group_vars must match the group defined in the inventory, while the YAML files in host_vars must be named exactly as the hosts in the inventory. This ensures that Ansible can identify the relevant files and apply the correct configurations to your devices or servers.

Finally, just like how you might give specific orders to your crew members based on their unique abilities, you can input variables or vars directly into an Ansible playbook. This allows you to customize your configurations and run more complex automation tasks with ease

Now We Learn How To Use group_vars

Steps:

Create a playbook directory

mkdir playbook

Create a group_vars directory inside the playbook directory:

mkdir playbook/group_vars

Create a webservers file inside the group_vars directory:

Create a webservers file inside the group_vars directory:

vim playbook/group_vars/webservers

Define the variables for the user in the webservers file: See Output 1 Below

a: rahul
b: "$6$SomeSalt$C6AGrZ6ty0U6YR5R5h2dL9PjKWT5OL5E5Jgq3qoZjG5ZcYwX9z9GcN05NrzfQlR5ly5ArFvgup/5YDd3q3JjK0"
c: /home/rahul
d: 69809
e: /bin/bash

Note: The b variable is a hashed password, which can be generated using the mkpasswd command. Like this you can define many users

Or you can use this But you Recive a Warning See output 2 below

a: rahul
b: babykund
c: /home/rahul
d: 69809
e: /bin/bash

Create a playbook file named playbook5.yml

vim playbook/playbook5.yml

Define the playbook tasks to create the user:

---
- name: Creating a User with Ansible Playbook
  hosts: webservers
  become: yes
  tasks:
    - name: Create the user
      user:
        name: "{{ a }}"
        password: "{{ b }}"
        home: "{{ c }}"
        uid: "{{ d }}"
        shell: "{{ e }}"

Note: The {{ variable }} syntax is used to substitute the values of the variables defined in the group_vars file.

Run the playbook:

ansible-playbook playbook/playbook5.yml

Output 1

Improvements:

Instead of hardcoding the name of the webservers group in the playbook, we can use a variable to make it more dynamic.

We can prompt for the password of the user instead of hardcoding it in the group_vars file or passing it as a command line argument. This can be done using the vars_prompt section in the playbook.

vim  playbooks/playbook6.yml

---
- name: Creating a User with Ansible Playbook
  hosts: "{{ target_hosts }}"
  become: yes
  vars:
    target_hosts: webservers
  vars_prompt:
    - name: user_password
      prompt: "Enter the password for the new user:"
      private: yes
  tasks:
    - name: Create the user
      user:
        name: "{{ a }}"
        password: "{{ user_password | password_hash('sha512', 'SomeSalt') }}"
        home: "{{ c }}"
        uid: "{{ d }}"
        shell: "{{ e }}"

This Time Ask you password

ansible-playbook playbooks/playbook6.yml

Now We Create multiple users using Ansible playbook by defining a list of users in your playbook variables and then using a loop to iterate over the list and create each user

vim playbook/playbook8.yml

- name: Creating Multiple Users with Ansible Playbook
  hosts: "{{ target_hosts }}"
  become: yes
  vars:
    target_hosts: webservers
    users:
      - name: user1
        password: "{{ user1_password | password_hash('sha512', 'SomeSalt') }}"
        home: /home/user1
        uid: 1001
        shell: /bin/bash
      - name: user2
        password: "{{ user2_password | password_hash('sha512', 'SomeSalt') }}"
        home: /home/user2
        uid: 1002
        shell: /bin/bash
  vars_prompt:
    - name: user1_password
      prompt: "Enter the password for user1:"
      private: yes
    - name: user2_password
      prompt: "Enter the password for user2:"
      private: yes
  tasks:
    - name: Create the users
      user:
        name: "{{ item.name }}"
        password: "{{ item.password }}"
        home: "{{ item.home }}"
        uid: "{{ item.uid }}"
        shell: "{{ item.shell }}"
      loop: "{{ users }}"

Now Run This Playbook

ansible-playbook playbook/playbook7.yml

Output

In this playbook, we have defined a list of users (users) in the playbook variables section. Each user in the list is defined as a dictionary with its own set of attributes like name, password, home, uid, and shell.

We then use a loop to iterate over the users list and create each user using the user module in Ansible. The item variable in the loop represents the current user being processed.

Note that we are also prompting the user to enter a password for each user using the vars_prompt section, so that the password is not hardcoded in the playbook.

You can modify this playbook to add more users to the users list as needed

Now We Learn How To Use host_vars

Steps:

Create a host_vars directory inside the playbook directory.

mkdir playbook/host_vars

Create a file with the IP address of the machine you want to configure inside the host_vars directory. For example:

vim playbook/host_vars/10.0.30.183

And add the following content:

a: firewalld
b: present
c: yes

This will define variables that will be used in the playbook.

Create a playbook file playbook10.yml inside the playbook directory.

vim playbook/playbook10.yml

1. Add the following content to the playbook file:

---
- name: Use hosts scope
  hosts: 10.0.30.183
  become: yes
  tasks:
   - name: Install firewall
     apt:
             name: "{{a}}"
             state: "{{b}}"
             update_cache: "{{c}}"

This playbook will install the firewalld package on the specified machine.

Check the syntax of the playbook file to make sure there are no errors:

ansible-playbook playbook/playbook10.yml --syntax-check

Check what the playbook will do without actually making any changes:

ansible-playbook playbook/playbook10.yml -C

Finally, run the playbook:

ansible-playbook playbook/playbook10.yml

This will install the firewalld package on the specified machine.

Improvements:

• Instead of hardcoding the name of the webservers group, a variable can be used to make it more dynamic.
• Password can be prompted for user creation instead of hardcoding it in group_vars file or passing it as a command line argument using vars_prompt section in the playbook.
• The playbook can be modified to add more users to the users list as needed.
• In host_vars, use descriptive file names instead of IP addresses.
• More variables can be defined in host_vars for configuring firewall, such as ports, services, and rules.

If you enjoyed following and subscribing, you might also enjoy leaving a comment and sharing this content with your friends and family. Thank you for supporting our channel!