Make web server idempotent with ansible
What is Idempotence ?
In general, Idempotence is “the property of certain operations in mathematics and computer science that can be applied multiple times without changing the result beyond the initial application”.
In Ansible it means after running a playbook to set things to the desired state, further runs of the same playbook should result in no changes till some new changes appear
Understand Handlers?
Handlers are just like normal tasks in an Ansible playbook but they run only when if the Task contains a “notify” directive. It indicates that it changed something. And when any change is detected then it notifies the respective handler and the task completes.
Sometimes you want a task to run only when a change is made on a machine. For example, you may want to restart a service if a task updates the configuration of that service, but not if the configuration is unchanged. Ansible uses handlers to address this use case. Handlers are tasks that only run when notified. Each handler should have a globally unique name.
Task Objective:-
Statement: Restarting HTTPD Service is not idempotence in nature and also consume more resources to suggest a way to rectify this challenge in the ansible playbook
Let’s get Started
First, check your Web server is running or not by using the following command
systemctl status httpdAs you can see my service is running fine
So now, we have to change the Listing port of HTTPD for this purpose we have to change HTTPD’s configurations
so I will make one configuration file in my controller node for the webserver and then using ansible we will configure this setting in the controller node
following is the configuration file
Listen {{ Port }}<VirtualHost {{ansible_facts['default_ipv4']['address']}}:{{Port}}>
DocumentRoot {{ Document_root }}
</VirtualHost>
and my ansible playbook file
you can see in the above file that we have sent the configuration file to the HTTPD configuration folder we will get new settings and if you see closely I used the service module and it is in a state called “restarted” so it will restart service again after changes done
let’s execute it
following is the command to run an ansible playbook
ansible-playbook "playbook-name.yml"
so we also need to configure the firewall so I have added a firewall module also you can see in the above image
our playbook executed successfully, But if you see in the above image I have changed firewall rules this time but not changed anything in the web server configuration but it is restarted again for no reason.
so the webserver got no new settings so it should not restart again so we can say that HTTP's state “restart” is not idempotence in nature.it will be applied in all cases
I will again run that file still restarting it again without any reason
Restarting a webserver again and again without any reason is not good for your business. so we need to achieve idempotency here so that server will restart only if they got new configurations
we can achieve idempotency by using two ansible keywords
- notify
- handlers
notify: we will add this keyword in the template module and we will give the name as “Restart apache” so whenever the config file updated it will notify to handler that some changes are done in HTTPD
handlers: we will add a service module inside handlers with the name “Restart apache ”so notify will send the info that something has changed in the config file and we have to restart the service so they will restart it.
And if no change happens they will skip it.
so we will execute this new playbook
Finally, we see that they are skipped the restart service part because they observe that no new settings are made in HTTPD
Now they restart the service only when they observe any changes in the config files.
Get all SourceCode here:
https://github.com/venkateshpensalwar/ARTH/tree/main/Ansible/Configure%20HTTPD
Conclusion:-
With the help of Ansible handlers and notify, we have made web server service idempotence in nature
ultimately we applied all the necessary concepts in this demo to achieve idempotence.
No comments