Ansible playbooks are YAML files that define what tasks should be run on remote hosts. They are kind of like "Ansible Scripts" although that is not quite accurate.
Four files are required to run an Ansible playbook:
Before attempting to run a playbook, make sure your Python virtual environment is setup and activated. See PAM CDM Installation for more information.
This playbook is useful to check that Ansible can communicate with all hosts in the inventory file. It does not deploy any PAM components or perform any host configuration. It just connects to each host via SSH, runs some simple commands, and displays the results.
ansible-playbook -i mypam.ini -e @mypam.vars -e @mypam.vault --ask-vault-pass playbooks/hello.yml
If the Ansible inventory includes a host in the pam_apache group, this playbook will install
and configure Apache on that host. Otherwise it won't do anything meaningful.
ansible-playbook -i mypam.ini -e @mypam.vars -e @mypam.vault --ask-vault-pass playbooks/install_apache.yml
If the Ansible inventory includes a host in the pam_postgres group, this playbook will install
and configure PostgreSQL on that host. Otherwise it won't do anything meaningful.
ansible-playbook -i mypam.ini -e @mypam.vars -e @mypam.vault --ask-vault-pass playbooks/install_postgres.yml
This playbook will install and configure PAM in the following sequence:
pam_master inventory group.pam_master inventory group.pam_remote, pam_session, and pam_worker inventory groups.ansible-playbook -i mypam.ini -e @mypam.vars -e @mypam.vault --ask-vault-pass playbooks/install_pam.yml
This playbook is a shortcut for running the following playbooks in sequence:
ansible-playbook -i mypam.ini -e @mypam.vars -e @mypam.vault --ask-vault-pass playbooks/install_all.yml
PAM Ansible playbooks are designed to only install PAM (or Apache, or PostgreSQL) if it is not already installed on the host. After the first playbook execution completes successfully, subsequent executions should not make any further changes.