Skip to content Introduction
Ansible, a powerful IT automation tool, simplifies complex tasks and enables administrators to manage large-scale deployments efficiently. One of Ansible’s most versatile features is its template module, which allows you to dynamically generate files from templates, adapting to different environments and configurations seamlessly. In this post, we’ll explore the template module in-depth, providing insights on its uses, how it works, and best practices for leveraging this powerful feature.
What is the Template Module?
The template module in Ansible processes files through the Jinja2 templating engine and manages file deployment to remote systems. This module is commonly used for configuring system files, setting up user environments, and any other scenario where you need to generate a customized output based on variable data.
How the Template Module Works
The template module operates by taking a source template file, written in the Jinja2 templating language, and populating it with data from Ansible’s variables. It then generates a finished file for each specified host, tailored to its specific configuration requirements.
Key Features:
- Dynamic Content Generation: Uses Ansible variables and facts collected from systems to create customized configurations.
- Conditional Statements: Incorporates logic within templates, allowing for conditional modifications based on environment or system parameters.
- Loops and Iterations: Supports loops for generating repetitive configurations, such as multiple user accounts or scheduled tasks.
Prerequisites
Common Use Cases
- Configuration Files: Automating the creation of configuration files for software applications based on the environment specifics, such as development, testing, or production.
- User Management: Setting up user-specific configuration files, like
.bashrcor.vimrc, based on predefined templates. - System Initialization: Generating scripts or initialization files required during system startup or software installation processes.
How to Use the Template Module in Ansible
Here’s a basic example of using the Ansible template module:
Step 1: Create Your Jinja2 Template
Create a Jinja2 template file, myconfig.conf.j2, with the following content:
# Example Configuration File
server {
listen {{ ansible_host }};
server_name {{ inventory_hostname }};
root {{ doc_root | default('/var/www/html') }};
location / {
try_files $uri $uri/ =404;
}
}
Step 2: Write Your Ansible Playbook
Create an Ansible playbook, deploy-template.yml, that applies the template:
- name: Deploy Configuration File
hosts: webservers
vars:
doc_root: "/var/www/myapp"
tasks:
- name: Generate configuration file from template
ansible.builtin.template:
src: myconfig.conf.j2
dest: /etc/nginx/sites-available/myconfig.conf
owner: root
group: root
mode: '0644'
Step 3: Run Your Playbook
Execute your playbook with the following command:
ansible-playbook deploy-template.yml
Example 1: Dynamic Hosts File
Objective: Generate a dynamic /etc/hosts file for each server to include custom hostnames and IPs based on inventory data.
Template File (hosts.j2):
127.0.0.1 localhost
{% for host in groups['all'] %}
{{ hostvars[host].ansible_default_ipv4.address }} {{ host }}
{% endfor %}
Playbook (update-hosts.yml):
- name: Update /etc/hosts file
hosts: all
tasks:
- name: Template the /etc/hosts file
ansible.builtin.template:
src: hosts.j2
dest: /etc/hosts
owner: root
group: root
mode: '0644'
Example 2: Automated SSH Configuration
Objective: Customize the SSH configuration for servers to disable password authentication for security enhancement.
Template File (sshd_config.j2):
# Use Ansible managed
Port 22
Protocol 2
PermitRootLogin no
PasswordAuthentication {{ 'yes' if password_auth_enabled | default(false) else 'no' }}
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
Subsystem sftp /usr/lib/openssh/sftp-server
Playbook (configure-ssh.yml):
- name: Configure SSHD
hosts: servers
vars:
password_auth_enabled: false
tasks:
- name: Deploy SSHD configuration
ansible.builtin.template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: '0600'
notify:
- restart sshd
handlers:
- name: restart sshd
ansible.builtin.service:
name: ssh
state: restarted
Example 3: Application Environment Configuration
Objective: Generate a .env file for application environments, injecting sensitive credentials securely and managing different configurations for staging and production environments.
Template File (app.env.j2):
# Application environment configuration
APP_ENV={{ app_environment }}
DB_HOST={{ db_host }}
DB_NAME={{ db_name }}
DB_USER={{ db_user }}
DB_PASS={{ db_password | ansible.builtin.default('') }}
Playbook (deploy-app-env.yml):
- name: Deploy application environment file
hosts: app_servers
vars:
app_environment: production
db_host: db.production.example.com
db_name: myapp_prod
db_user: myapp_user
db_password: "{{ vault_db_password }}"
tasks:
- name: Template .env file
ansible.builtin.template:
src: app.env.j2
dest: /var/www/myapp/.env
owner: www-data
group: www-data
mode: '0600'
Example 4: Automated Cron Job Creation
Objective: Automatically generate cron job files for system maintenance tasks, such as backups and log rotation.
Template File (maintenance.cron.j2):
# Ansible managed: System maintenance jobs
0 1 * * * /usr/bin/apt update && /usr/bin/apt upgrade -y
30 2 * * 7 /usr/sbin/logrotate -s /var/log/logrotate.status /etc/logrotate.conf
@weekly /usr/bin/rsync -a /var/www/html/ /backup/www/
Playbook (setup-cron-jobs.yml):
- name: Setup system maintenance cron jobs
hosts: all
tasks:
- name: Deploy cron jobs for maintenance
ansible.builtin.template:
src: maintenance.cron.j2
dest: /etc/cron.d/maintenance
owner: root
group: root
mode: '0644'
These examples cover a range of use cases from basic system configuration to application-specific settings, showcasing the flexibility and power of Ansible’s template module. Each example is tailored to ensure that you can manage configurations efficiently and securely across a diverse set of environments.
Integrating with Ansible Roles
In larger Ansible projects, templates are often part of roles. Roles in Ansible allow you to organize tasks, including templating tasks, into clean, reusable packages. Here’s an example structure of a role that uses templates:
roles/
└── setup_nginx/
├── templates/
│ └── nginx.conf.j2
├── tasks/
│ └── main.yml
├── vars/
│ └── main.yml
This structure helps in maintaining a modular and organized Ansible playbook.
Best Practices
- Version Control: Keep your templates and playbooks under version control to track changes and revert if necessary.
- Validation: Use tools or manual reviews to validate templates before deployment to avoid syntax errors in critical configuration files.
- Security: Ensure sensitive variables, like passwords or API keys, are encrypted using Ansible Vault or similar tools to prevent exposure.
- Documentation: Document the structure and variables in your templates, especially for complex templates that may be modified by different team members.
Conclusion
The template module in Ansible is a cornerstone for automating the generation of files that need to be customized according to the target environment or system specifics. By harnessing the power of Jinja2 templates and the flexibility of Ansible’s variable system, you can greatly streamline configuration management processes, reduce errors, and ensure consistency across your environments. Whether managing a handful of servers or scaling up to hundreds, the template module proves to be an invaluable tool in any system administrator’s toolkit.
