Red Hat Enterprise Linux Automation with Ansible
The ansible.builtin Ansible Content Collection provides a number of modules that can be used to modify existing files.
These include lineinfile and blockinfile, among others.
However, they are not always easy to use effectively and correctly.
A much more powerful way to manage files is to template them. With this method, you can write a template configuration file that is automatically customized for the managed host when the file is deployed, using Ansible variables and facts. This can be easier to control and is less error-prone.
Ansible uses the Jinja2 templating system for template files. Ansible also uses Jinja2 syntax to reference variables in playbooks, so you already know a little about how to use it.
Variables and logic expressions are placed between tags, or delimiters.
When a Jinja2 template is evaluated, the expression {{ is replaced with the results of that expression or variable.
Jinja2 templates can also use EXPR }}{% for special control structures or logic that loops over Jinja2 code or perform tests.
You can use the EXPR %}{# syntax to enclose comments that should not appear in the final file.COMMENT #}
In the following example of a Jinja2 template file, the first line includes a comment that is not included in the final file. The variable references in the second line are replaced with the values of the system facts being referenced.
{# /etc/hosts line #}
{{ ansible_facts['default_ipv4']['address'] }} {{ ansible_facts['hostname'] }}A Jinja2 template is composed of multiple elements: data, variables, and expressions.
Those variables and expressions are replaced with their values when the Jinja2 template is rendered.
The variables used in the template can be specified in the vars section of the playbook.
It is possible to use the managed hosts' facts as variables in a template.
Template files are most commonly kept in the templates directory of the project for your playbook, and typically are assigned a .j2 file extension to make it clear that they are Jinja2 template files.
Note
A file containing a Jinja2 template does not need to have any specific file extension (for example, .j2).
However, providing such a file extension might make it easier for you to remember that it is a template file.
The following example shows how to create a template for /etc/ssh/sshd_config with variables and facts retrieved by Ansible from managed hosts.
When the template is deployed by a play, any facts are replaced by their values for the managed host being configured.
# {{ ansible_managed }}
# DO NOT MAKE LOCAL MODIFICATIONS TO THIS FILE BECAUSE THEY WILL BE LOST
Port {{ ssh_port }}
ListenAddress {{ ansible_facts['default_ipv4']['address'] }}
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin {{ root_allowed }}
AllowGroups {{ groups_allowed }}
AuthorizedKeysFile /etc/.rht_authorized_keys .ssh/authorized_keys
PasswordAuthentication {{ passwords_allowed }}
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
UsePrivilegeSeparation sandbox
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-serverJinja2 templates are a powerful tool that you can use to customize configuration files to be deployed on managed hosts.
When the Jinja2 template for a configuration file has been created, it can be deployed to managed hosts by using the ansible.builtin.template module, which supports the transfer of a local file on the control node to the managed hosts.
To use the ansible.builtin.template module, use the following syntax.
The value associated with the src key specifies the source Jinja2 template, and the value associated with the dest key specifies the file to be created on the destination hosts.
tasks:
- name: template render
ansible.builtin.template:
src: /tmp/j2-template.j2
dest: /tmp/dest-config-file.txtNote
The ansible.builtin.template module also allows you to specify the owner (the user that owns the file), group, permissions, and SELinux context of the deployed file, just like the ansible.builtin.file module.
It can also take a validate option to run an arbitrary command (such as visudo
-c) to check the syntax of a file for correctness before templating it into place.
For more details, see ansible-navigator doc ansible.builtin.template.
To avoid having other system administrators modify files that are managed by Ansible, it is a good practice to include a comment at the top of the template to indicate that the file should not be manually edited.
One way to do this is to use the "Ansible managed" string set by the ansible_managed directive.
This is not a normal variable but can be used as one in a template.
You can set the value for ansible_managed in an ansible.cfg file:
ansible_managed = Ansible managed
To include the ansible_managed string inside a Jinja2 template, use the following syntax:
{{ ansible_managed }}You can use Jinja2 control structures in template files to reduce repetitive typing, to enter entries for each host in a play dynamically, or conditionally insert text into a file.
Jinja2 uses the for statement to provide looping functionality.
In the following example, the users variable has a list of values.
The user variable is replaced with all the values in the users variable, one value per line.
{% for user in users %}
{{ user }}
{% endfor %}The following example template uses a for statement and a conditional to run through all the values in the users variable, replacing myuser with each value, unless the value is root.
{# for statement #}
{% for myuser in users if not myuser == "root" %}
User number {{ loop.index }} - {{ myuser }}
{% endfor %}The loop.index variable expands to the index number that the loop is currently on.
It has a value of 1 the first time the loop executes, and it increments by 1 through each iteration.
As another example, this template also uses a for statement.
It assumes a myhosts variable that contains a list of hosts to be managed has been defined by the inventory being used.
If you put the following for statement in a Jinja2 template, all hosts in the myhosts group from the inventory would be listed in the resulting file.
{% for myhost in groups['myhosts'] %}
{{ myhost }}
{% endfor %}For a more practical example, you can use this example to generate an /etc/hosts file from host facts dynamically.
Assume that you have the following playbook:
- name: /etc/hosts is up to date
hosts: all
gather_facts: yes
tasks:
- name: Deploy /etc/hosts
ansible.builtin.template:
src: templates/hosts.j2
dest: /etc/hostsThe following three-line templates/hosts.j2 template constructs the file from all hosts in the group all.
(The middle line is extremely long in the template due to the length of the variable names.)
It iterates over each host in the group to get three facts for the /etc/hosts file.
{% for host in groups['all'] %}
{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['fqdn'] }} {{ hostvars[host]['ansible_facts']['hostname'] }}
{% endfor %}Jinja2 uses the if statement to provide conditional control.
This allows you to put a line in a deployed file if certain conditions are met.
In the following example, the value of the result variable is placed in the deployed file only if the value of the finished variable is True.
{% if finished %}
{{ result }}
{% endif %}Important
You can use Jinja2 loops and conditionals in Ansible templates, but not in Ansible Playbooks.
Jinja2 provides filters which change the output format for template expressions, essentially converting the data in a variable to some other format in the file that results from the template.
For example, filters are available for languages such as YAML and JSON.
The to_json filter formats the expression output using JSON, and the to_yaml filter formats the expression output using YAML.
{{ output | to_json }}
{{ output | to_yaml }}Additional filters are available, such as the to_nice_json and to_nice_yaml filters, which format the expression output in either JSON or YAML human-readable format.
{{ output | to_nice_json }}
{{ output | to_nice_yaml }}Both the from_json and from_yaml filters expect strings in either JSON or YAML format, respectively.
{{ output | from_json }}
{{ output | from_yaml }}Note
Filters are a very powerful concept in Ansible, and are covered in more depth in Chapter 7 of the course Developing Advanced Automation with Red Hat Ansible Automation Platform (DO374).
For more information you can also review "Using filters to manipulate data" in the Ansible User Guide.
