Ansible | panticz.de

Release and maintenance / latest versions
# stable
https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#release-status
# devel
https://docs.ansible.com/ansible/devel/modules/list_of_all_modules.html

Ansible playbook repository
https://github.com/panticz/ansible

Install Ansible
http://www.panticz.de/install-ansible

Configuration
https://docs.ansible.com/ansible/2.4/intro_configuration.html#remote-tmp
https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations
https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg

# include order
./ansible.cfg
~/.ansible.cfg
/etc/ansible/ansible.cfg
 
[defaults]
retry_files_enabled = False
#stdout_callback = debug
stdout_callback = yaml
bin_ansible_callbacks = True
ansible_python_interpreter = /usr/bin/python
host_key_checking = False
 
 
cat <<EOF>> ~/.bashrc
export ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/.vault_pass
export ANSIBLE_STDOUT_CALLBACK=debug
# export ANSIBLE_DEBUG=True
# export ANSIBLE_LOG_PATH=/var/log/ansible.log
EOF
 
DISPLAY_SKIPPED_HOSTS=0

Callback plugin

# test me
nixy, dense, or debug.
export ANSIBLE_STDOUT_CALLBACK=debug

Configuration

[defaults]
log_path=/var/log/ansible.log
#stdout_callback = yaml
stdout_callback = debug
# inventory = ./inventory
host_key_checking = False
retry_files_enabled = False
 
[ssh_connection]
retries=999999

Ansible syntax (YAML)
http://docs.ansible.com/ansible/YAMLSyntax.html

Configuration files
http://docs.ansible.com/ansible/intro_configuration.html#host-key-checking

/etc/ansible/ansible.cfg - global default configuration
~/.ansible.cfg - local global configuration
/etc/ansible/hosts - default inventory file

Ignore host key

sed -i 's|#host_key_checking = False|host_key_checking = False|g' /etc/ansible/ansible.cfg
 
# /etc/ansible/ansible.cfg or ~/.ansible.cfg file:
[defaults]
host_key_checking = False
 
# variable:
export ANSIBLE_HOST_KEY_CHECKING=False
 
# command line:
ansible-playbook -e 'host_key_checking=False' yourplaybook.yml
 
# set log file
export ANSIBLE_LOG_PATH=~/ansible.log 
 
# format debug output
export ANSIBLE_STDOUT_CALLBACK=debug

Copy SSH key to clients and install required applications

for HOST in $(cat /etc/ansible/hosts | grep -v "[\[|#]" | grep -v '^$' | sort -u); do
    ssh-copy-id -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa.pub root@${HOST}
    ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${HOST} apt-get install -y sudo python
done

Run command for specific host

ansible-playbook /etc/ansible/playbooks/example.yml --limit www.example.com

import vs. include

import - statements are pre-processed at the time playbooks are parsed
include - statements are processed as they encountered during the execution of the playbook

Structure

site.yml
webservers.yml
fooservers.yml
roles/
   common/
     files/
     templates/
     tasks/
     handlers/
     vars/
     defaults/
     meta/
   webservers/
     files/
     templates/
     tasks/
     handlers/
     vars/
     defaults/
     meta/

Documentation

ansible-doc -l
ansible-doc apt -s

http://docs.ansible.com/ansible/test_strategies.html
http://docs.ansible.com/ansible/intro_adhoc.html
http://docs.ansible.com/ansible/playbooks_conditionals.html
http://docs.ansible.com/ansible/playbooks_roles.html

Modules
http://docs.ansible.com/ansible/lxc_container_module.html
http://docs.ansible.com/ansible/git_module.html
http://docs.ansible.com/ansible/apt_module.html
http://docs.ansible.com/ansible/cron_module.html
http://docs.ansible.com/ansible/list_of_database_modules.html

Variables
http://docs.ansible.com/ansible/playbooks_variables.html
# scopes
https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-scopes
# Playbook environment variables
https://docs.debops.org/en/master/debops-playbooks/custom-environment.html

# ssh

ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null
ssh_args = -o ForwardAgent=yes
 
# install python manual
ansible host_name -i inventory_name -m raw -a "apt-get update && apt-get install -y python-minimal"
 
# configure valut
apg -a1 -m32 -n1 > ~/.ansible/.vault_pass.txt
echo "export ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/.vault_pass.txt" >> ~/.bashrc
# check vars
find *_vars -type f -exec cat {} \;
 
# check encryption
find -name "*.enc.*" -exec cat {} \;
 
# find encrypted values
find -name *.enc.* -exec ansible-vault view {} \; | grep foo
 
ansible-vault encrypt ~/ansible/host_vars/www.example.com.yml.enc
# https://dantehranian.wordpress.com/2015/07/24/managing-secrets-with-ansible-vault-the-missing-guide-part-1-of-2/

manage OpenWRT with Ansible

opkg install python-light openssh-sftp-server
opkg install python-light python-codecs python-logging python-openssl
opkg install python

Ansible command line options
https://liquidat.wordpress.com/2016/02/29/useful-options-ansible-cli/
ansible-playbook --syntax-check www.example.com.yml
ansible-playbook --list-hosts www.example.com.yml
ansible-playbook --list-tasks www.example.com.yml

Create customized module
http://blog.toast38coza.me/custom-ansible-module-hello-world/

nmcli module - NetworkManager command line tool
https://github.com/alcamie101/ansible-nmcli#examplesnmcli

LXC module
https://github.com/ansible/ansible-modules-extras/tree/devel/cloud/lxc
# Update lxc_container module to latest version
wget -q https://raw.githubusercontent.com/ansible/ansible-modules-extras/devel/cloud/lxc/lxc_container.py -O /usr/lib/python2.7/dist-packages/ansible/modules/cloud/lxc/lxc_container.py

Variables include order

role defaults
inventory file or script group vars
inventory group_vars/all
playbook group_vars/all
inventory group_vars/*
playbook group_vars/*
inventory file or script host vars
inventory host_vars/*
playbook host_vars/*
host facts
play vars
play vars_prompt
play vars_files
role vars (defined in role/vars/main.yml)
block vars (only for tasks in block)
task vars (only for the task)
role (and include_role) params
include params
include_vars
set_facts / registered vars
extra vars

# shebang / execute playbook as script
#!/usr/bin/env ansible-playbook

Virtenv

ansible --version | grep "python version"
 
virtualenv ansible
source ./ansible/bin/activate
pip install ansible
 
virtualenv -p python3 ansible
source ./ansible/bin/activate
pip install ansible

Start job from step

ansible-playbook roles/hadoop_primary/tasks/main.yml --step --start-at-task='start service 1'

Use python3
https://docs.ansible.com/ansible/2.4/python_3_support.html

ansible xxx -e 'ansible_python_interpreter=/usr/bin/python3'
 
# /etc/ansible/ansible.cfg
[defaults]
...
ansible_python_interpreter = /usr/bin/python

Show formated output

export ANSIBLE_STDOUT_CALLBACK=debug
ansible-playbook --ask-become-pass ~/dev/ansible/pakonb.yml

Links
https://leucos.github.io/ansible-files-layout
https://galaxy.ansible.com/list#/roles
https://serversforhackers.com/an-ansible-tutorial
https://sysadmincasts.com/episodes/43-19-minutes-with-ansible-part-1-4
https://gist.github.com/andreicristianpetcu/b892338de279af9dac067891579cad7d
https://everythingshouldbevirtual.com/tags/#ansible
https://ansibledaily.com/