Ansible

# include order
./ansible.cfg
~/.ansible.cfg
/etc/ansible/ansible.cfg
 
[defaults]
retry_files_enabled = False
stdout_callback = debug
bin_ansible_callbacks = True
ansible_python_interpreter = /usr/bin/python
host_key_checking = False
inventory = hosts
forks = 99
retry_files_enabled = false
roles_path = ./my_roles
pipelining = True
scp_if_ssh = True
max_fail_percentage = 0
 
 
cat <<EOF>> ~/.bashrc
export ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/.vault_pass
export ANSIBLE_STDOUT_CALLBACK=debug
export ANSIBLE_HOST_KEY_CHECKING=false
# export ANSIBLE_DEBUG=True
# export ANSIBLE_LOG_PATH=/var/log/ansible.log
# export ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3
EOF
 
DISPLAY_SKIPPED_HOSTS=0

# test me
nixy, dense, or debug.
export ANSIBLE_STDOUT_CALLBACK=debug

[defaults]
log_path=/var/log/ansible.log
#stdout_callback = yaml
stdout_callback = debug
# inventory = ./inventory
host_key_checking = False
retry_files_enabled = False
 
[ssh_connection]
retries=999999

/etc/ansible/ansible.cfg - global default configuration
~/.ansible.cfg - local global configuration
/etc/ansible/hosts - default inventory file

sed -i 's|#host_key_checking = False|host_key_checking = False|g' /etc/ansible/ansible.cfg
 
# /etc/ansible/ansible.cfg or ~/.ansible.cfg file:
[defaults]
host_key_checking = False
 
# variable:
export ANSIBLE_HOST_KEY_CHECKING=False
 
# command line:
ansible-playbook -e 'host_key_checking=False' yourplaybook.yml
ansible-playbook -i myhost, all -a 'uname -a'
 
# set log file
export ANSIBLE_LOG_PATH=~/ansible.log 
 
# format debug output
export ANSIBLE_STDOUT_CALLBACK=debug

for HOST in $(cat /etc/ansible/hosts | grep -v "[\[|#]" | grep -v '^$' | sort -u); do
    ssh-copy-id -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa.pub root@${HOST}
    ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${HOST} apt-get install -y sudo python
done

ansible-playbook /etc/ansible/playbooks/example.yml --limit www.example.com

import - statements are pre-processed at the time playbooks are parsed
include - statements are processed as they encountered during the execution of the playbook

site.yml
webservers.yml
fooservers.yml
roles/
   common/
     files/
     templates/
     tasks/
     handlers/
     vars/
     defaults/
     meta/
   webservers/
     files/
     templates/
     tasks/
     handlers/
     vars/
     defaults/
     meta/

ansible-doc -l
ansible-doc apt -s

ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null
ssh_args = -o ForwardAgent=yes
 
# install python manual
https://www.toptechskills.com/ansible-tutorials-courses/how-to-fix-usr-bin-python-not-found-error-tutorial/
ansible host_name -i inventory_name -m raw -a "apt-get update && apt-get install -y python-minimal"
 
# configure valut
apg -a1 -m32 -n1 > ~/.ansible/.vault_pass.txt
echo "export ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/.vault_pass.txt" >> ~/.bashrc
# check vars
find *_vars -type f -exec cat {} \;
 
# check encryption
find -name "*.enc.*" -exec cat {} \;
 
# find encrypted values
find -name *.enc.* -exec ansible-vault view {} \; | grep foo
 
ansible-vault encrypt ~/ansible/host_vars/www.example.com.yml.enc
# https://dantehranian.wordpress.com/2015/07/24/managing-secrets-with-ansible-vault-the-missing-guide-part-1-of-2/

vars:
    list_a:
      - name: user1
        comment: "User 1"
      - name: user2
        comment: "User 2"
    list_b:
      - name: user3
        comment: "User 3"
    # list_user_all: "{{ list_a + list_b }}"
  tasks:
    - name: Merge two lists
      set_fact:
        list_user_all: "{{ list_a + list_a }}"
 
    - name: Print merged lists
      debug:
        var: all_users

opkg install python-light openssh-sftp-server
opkg install python-light python-codecs python-logging python-openssl
opkg install python

role defaults
inventory file or script group vars
inventory group_vars/all
playbook group_vars/all
inventory group_vars/*
playbook group_vars/*
inventory file or script host vars
inventory host_vars/*
playbook host_vars/*
host facts
play vars
play vars_prompt
play vars_files
role vars (defined in role/vars/main.yml)
block vars (only for tasks in block)
task vars (only for the task)
role (and include_role) params
include params
include_vars
set_facts / registered vars
extra vars

#!/usr/bin/env ansible-playbook

ansible --version | grep "python version"
 
virtualenv ansible
source ./ansible/bin/activate
pip install ansible
 
virtualenv -p python3 ansible
source ./ansible/bin/activate
pip install ansible

ansible-playbook roles/hadoop_primary/tasks/main.yml ---start-at-task='start service 1'
# gradually
ansible-playbook roles/hadoop_primary/tasks/main.yml --start-at-task='start service 1' --step

ansible xxx -e 'ansible_python_interpreter=/usr/bin/python3'
 
# /etc/ansible/ansible.cfg
[defaults]
...
ansible_python_interpreter = /usr/bin/python

- hosts: all
  tasks:
    - name: install pip
      apt:
        name: python-pip
      vars:
        ansible_python_interpreter: /usr/bin/python3
 
# in the scope of a playbook
- hosts: test_server
  vars:
    ansible_python_interpreter: /usr/bin/python2
  tasks:
    - name: install pip
      apt:
        name: python-pip
 
# for role
  roles:
    - role: my_role_1
      ansible_python_interpreter: /usr/bin/python3

export ANSIBLE_STDOUT_CALLBACK=debug
ansible-playbook --ask-become-pass ~/dev/ansible/pakonb.yml

rm -r /usr/local/lib/python2.7/dist-packages/ansible*

ansible-playbook playbook.yml --start-at-task="install packages"

openssl passwd -6

# env var
export ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3
 
# /etc/ansible/ansible.cfg
[defaults]
...
ansible_python_interpreter = /usr/bin/python
 
# parameter on command line
ansible my-playbook.yml -e 'ansible_python_interpreter=/usr/bin/python2'

  hosts:
    debian10_python_default:
      ansible_host: 192.168.50.221
python_interpreter_test_defined:
  vars:
    ansible_python_interpreter: /usr/bin/python3
  hosts:
    debian10_python_defined:
      ansible_host: 192.168.50.221
      ansible_python_interpreter: /usr/bin/python2
    debian10_python_auto_legacy:
      ansible_host: 192.168.50.221
      ansible_python_interpreter: auto_legacy

tasks:
  - debug:
      var: ansible_python_interpreter
    tags: always
  - debug:
      var: ansible_python_version
    tags: always

ansible-playbook release.yml --extra-vars "version=1.23.45 other_variable=foo"
ansible-playbook release.yml --extra-vars '{"version":"1.23.45","other_variable":"foo"}'

# role when condition
- hosts: webservers
  roles:
    - { role: some_role, when: "ansible_os_family == 'RedHat'" }

- command: lshw -json -c bus
  register: lshw_json
  changed_when: false      
  check_mode: no
  tags: always

# vars/main.yml
is_env_dev: '{% if (os_env == "dev") %}True{% else %}False{% endif %}'
</strong>
<strong>Links</strong>
https://leucos.github.io/ansible-files-layout
https://galaxy.ansible.com/list#/roles
https://serversforhackers.com/an-ansible-tutorial
https://sysadmincasts.com/episodes/43-19-minutes-with-ansible-part-1-4
https://gist.github.com/andreicristianpetcu/b892338de279af9dac067891579cad7d
https://everythingshouldbevirtual.com/tags/#ansible
https://ansibledaily.com/
https://www.puzzle.ch/de/blog/articles/2020/01/22/10-dinge-ueber-ansible-die-du-vielleicht-noch-nicht-kanntest