Curso - De Ansible Desde Cero Full -mega-

Creamos install_nginx.yml:

---
- name: Playbook principal para servidores web
  hosts: webservers
  become: yes  # Ejecutar como sudo

tasks:
- name: Asegurar que Nginx esté instalado
apt:
name: nginx
state: present
update_cache: yes


- name: Iniciar y habilitar el servicio
  service:
    name: nginx
    state: started
    enabled: yes

Para ejecutarlo:

ansible-playbook -i hosts.ini install_nginx.yml

By dawn, Marcos had written his first playbook. It was ugly, full of mistakes, and used shell modules where he should have used copy or template. But it worked. It patched all 47 servers in the time it used to take him to patch two. Curso de Ansible desde Cero Full -Mega-

He named the file la_revancha.yml—"the revenge."

Over the next week, he devoured the "Full -Mega-" course. He watched the "Roles" chapter twice. He learned about Ansible Vault to protect his secrets. He built a dynamic inventory that knew which servers were production and which were testing without him having to type a single IP.

His phone stopped ringing at 3 AM. The inventory system became boringly stable. His boss, a woman who had forgotten his name, suddenly noticed that uptime was at 99.99%.

"What changed?" she asked in a Monday meeting.

Marcos smiled. "Automation."

He didn't tell her about the curse.

1. Inventario estático (inventory.ini)

[webservers]
web1 ansible_host=192.168.1.10
web2 ansible_host=192.168.1.11

[all:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=~/.ssh/key.pem

2. Comandos ad-hoc

ansible all -i inventory.ini -m ping
ansible webservers -m apt -a "name=nginx state=present" --become

Recursos:

1. Variables

vars:
  package_name: nginx

2. Facts (información del sistema)

- debug:
    var: ansible_facts['os_family']

3. Condicionales

- name: Install apache for RedHat
  apt:
    name: httpd
  when: ansible_facts['os_family'] == "RedHat"

Recursos:

[webservers]
web1 ansible_host=10.0.0.1 env=produccion
web2 ansible_host=10.0.0.2 env=testing

ansible-playbook deploy_db.yml --ask-vault-pass

O usando un archivo de clave (más seguro para CI/CD):

ansible-playbook deploy_db.yml --vault-password-file .vault_pass.txt

Nunca, bajo ninguna circunstancia, subas contraseñas o claves SSH en texto plano a GitHub. Usa Ansible Vault.

Scroll to Top