Ansible: Difference between revisions
From DWIKI
Tag: wikieditor |
m →Tools |
||
| (13 intermediate revisions by the same user not shown) | |||
| Line 17: | Line 17: | ||
=Tools= | =Tools= | ||
*[https://enroll.sh/ Enroll] | |||
*[https://molecule.readthedocs.io/en/latest/ Molecule] for testing roles | *[https://molecule.readthedocs.io/en/latest/ Molecule] for testing roles | ||
*ansible-lint | *ansible-lint | ||
| Line 34: | Line 35: | ||
*[https://spacelift.io/blog/ansible-variables Ansible variables] | *[https://spacelift.io/blog/ansible-variables Ansible variables] | ||
*[https://docs.ansible.com/projects/ansible/latest/reference_appendices/config.html#the-configuration-file ansible.cfg configuration file] | |||
==Lineinfile== | ==Lineinfile== | ||
*[https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html Lineinfile module] | *[https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html Lineinfile module] | ||
| Line 42: | Line 43: | ||
*[https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html ansible.builtin.file] | *[https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html ansible.builtin.file] | ||
*[https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html ansible.builtin.apt] | *[https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html ansible.builtin.apt] | ||
*[https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html ansible.builtin.lineinfile] | |||
=Some terms= | =Some terms= | ||
| Line 47: | Line 49: | ||
=Inventories= | =Inventories= | ||
*[https://spacelift.io/blog/ansible-inventory] | |||
*[http://docs.ansible.com/ansible/latest/intro_dynamic_inventory.html Dynamic Inventory] | *[http://docs.ansible.com/ansible/latest/intro_dynamic_inventory.html Dynamic Inventory] | ||
*[https://www.jeffgeerling.com/blog/creating-custom-dynamic-inventories-ansible Creating custom dynamic inventories] | *[https://www.jeffgeerling.com/blog/creating-custom-dynamic-inventories-ansible Creating custom dynamic inventories] | ||
*[https://www.digitalocean.com/community/tutorials/how-to-set-up-ansible-inventories Set up ansible inventories] | |||
=Alternatives= | =Alternatives= | ||
| Line 142: | Line 145: | ||
==Cronjobs and ssh passphrases== | ==Cronjobs and ssh passphrases== | ||
See https://gist.github.com/Justintime50/297d0d36da40834b037a65998d2149ca | See [https://gist.github.com/Justintime50/297d0d36da40834b037a65998d2149ca Use Your SSH Agent in a Crontab ( keychain)] | ||
= FAQ = | = FAQ = | ||
==Notify multiple handlers== | |||
notify: | |||
- Call Handler1 | |||
- Call Handler2 | |||
==Print hostname in debug msg == | ==Print hostname in debug msg == | ||
| Line 155: | Line 163: | ||
==Error messages== | ==Error messages== | ||
===ERROR! conflicting action statements: debug, msg=== | ===Parse errors=== | ||
====ERROR! unexpected parameter type in action: <type 'bool'>==== | |||
====ERROR! conflicting action statements: debug, msg==== | |||
'''indentation''' | '''indentation''' | ||
===[WARNING]: Unable to parse <some hostname> as an inventory source=== | ====[WARNING]: Unable to parse <some hostname> as an inventory source==== | ||
Append a comma | Append a comma | ||
ansible-playbook myplay.yml -i myhostname, | ansible-playbook myplay.yml -i myhostname, | ||
===sftp transfer mechanism failed=== | |||
?? | |||
===Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.=== | ===Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.=== | ||
Please add this host's fingerprint to your known_hosts file to manage this host. | |||
Try | Try | ||
ANSIBLE_HOST_KEY_CHECKING=False playbook ... | ANSIBLE_HOST_KEY_CHECKING=False playbook ... | ||
Or just ssh to the host and accept key | |||
===Platform linux on host backup01 is using the discovered Python interpreter at /usr/bin/python3=== | ===Platform linux on host backup01 is using the discovered Python interpreter at /usr/bin/python3=== | ||
| Line 185: | Line 200: | ||
To connect without public key in authorized keys try | To connect without public key in authorized keys try | ||
--ask-pass | --ask-pass | ||
===SSH Connection timed out during banner exchange=== | |||
See: | |||
*[https://oneuptime.com/blog/post/2026-02-21-how-to-configure-ansible-ssh-connection-keepalive/view How to Configure Ansible SSH Connection Keepalive ] | |||
So far working for me: | |||
[ssh_connection] | |||
ssh_args = -o ServerAliveInterval=5 | |||
retries = 5 | |||
==ansible-lint== | ==ansible-lint== | ||
| Line 201: | Line 224: | ||
Check indentation | Check indentation | ||
== Newlines in output == | == Newlines in output == | ||
| Line 266: | Line 287: | ||
Probably trying to make a backup of a symlink | Probably trying to make a backup of a symlink | ||
===Missing sudo password=== | |||
set NOPASSWD in sudo config | |||
== Escape curly braces == | == Escape curly braces == | ||
| Line 322: | Line 347: | ||
[[Category:Configuration management]] | [[Category:Configuration management]] | ||
[[Category:Ansible]] | |||
Latest revision as of 10:46, 3 June 2026
Configuration management
Links
- Homepage
- Adding iptables Rules With Ansible
- Going Deeper into Ansible Playbooks
- An Ansible Tutorial
- How to Install and Configure latest version of Ansible on Ubuntu Linux
- Getting started with Ansible
- Tips and tricks
- AWX
- Ansible Galaxy
- Timeouts
- Ansible sample scripts
- module for postfix
- Ansible collections
Tools
Docs
Ansible style guides
Lineinfile
Popular modules
Some terms
Inventories
Alternatives
Quickstart
On server as root create key:
ssh-keygen
(go for defaults) and then get content of ~/.ssh/id_rsa.pub in your copypastebuffer
On 'clients' edit /etc/ssh/sshd_config to
PermitRootLogin without-password
and restart sshd
Edit/create ~root/.ssh/authorized_keys and add:
from="ip.of.ansible.server" <paste public key here>
Scripts/playbooks
Maintain useraccounts
---
- name: remove users
user: name=exuser state=absent force=yes groups=''
with_dict: accounts
tags:
- delusers
- name: sync group
group:
name: sync
gid: 999
state: "present"
- name: fix homedir rights
lineinfile: dest=/etc/login.defs regexp=^UMASK line="UMASK 007"
- name: useraccounts
user:
name: "{{ item.key }}"
comment: "{{ item.value.name }}"
uid: "{{ item.value.uid }}"
state: "present"
shell: "/bin/bash"
groups: sudo
with_dict: accounts
tags:
- accounts
- name: userpasswords
user:
name: "{{ item.key }}"
password: "{{ lookup('csvfile',item.key + ' file=/etc/shadow delimiter=: col=1' ) }}"
with_dict: accounts
#ssh keys
- name: userkeys
authorized_key: user={{ item.key }} key="{{ lookup('file','/home/' + item.key + '/.ssh/authorized_keys' ) }}" exclusive=yes
with_dict: accounts
tags:
- keys
- name: nofoobar
user: name=foobar state=absent remove=yes
tags:
- foobar
comment out a line
- name: remove java line from rclocal
lineinfile:
dest: /etc/rc.local
regexp: '^(java.*)$'
line: '# \1'
backrefs: yes
HOWTO
Add user to group
name: add user to bargroup user: name: foo groups: bargroup append: yes
Run command
Cronjobs and ssh passphrases
See Use Your SSH Agent in a Crontab ( keychain)
FAQ
Notify multiple handlers
notify: - Call Handler1 - Call Handler2
Print hostname in debug msg
debug: msg: "Something to report in Template:Inventory hostname"
Connect to a different port
Try
--extra-vars="ansible_port=2345"
Error messages
Parse errors
ERROR! unexpected parameter type in action: <type 'bool'>
ERROR! conflicting action statements: debug, msg
indentation
[WARNING]: Unable to parse <some hostname> as an inventory source
Append a comma
ansible-playbook myplay.yml -i myhostname,
sftp transfer mechanism failed
??
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.
Please add this host's fingerprint to your known_hosts file to manage this host.
Try
ANSIBLE_HOST_KEY_CHECKING=False playbook ...
Or just ssh to the host and accept key
Platform linux on host backup01 is using the discovered Python interpreter at /usr/bin/python3
one hack is adding to ~/.ansible.cfg:
[defaults] interpreter_python=auto_silent
Or fix on that system:
update-alternatives --install /usr/bin/python python /usr/bin/python3 1
The error was: 'item' is undefined"
wrong indentation for with_items
Failed to connect to the host via ssh: Permission denied (publickey,password)
To connect without public key in authorized keys try
--ask-pass
SSH Connection timed out during banner exchange
See:
So far working for me:
[ssh_connection] ssh_args = -o ServerAliveInterval=5 retries = 5
ansible-lint
Use shell only when shell functionality is required
roles for multiple distributions
include_vars with "distro-Template:Ansible distro name.yml"
Escape single quote
'foo bar '
Syntax Error while loading YAML. did not find expected key
Check indentation
Newlines in output
instead of all those '\n':
In ansible.cfg:
stdout_callback = yaml
Ad-hoc commands
http://docs.ansible.com/ansible/latest/intro_adhoc.html
check python code
ansible-test sanity --test pep8 mycode.py
Command/shell output on single line
ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml
Storing passwords
http://docs.ansible.com/ansible/2.4/vault.html
Show all host variables
ansible -m setup <hostname>
Show all OS/versions
ansible all -m setup -a "filter=ansible_distribution*"
Syntax highlighting for ansible
Drop the files in ~/vim/bundle and in .vimrc:
call pathogen#infect() call pathogen#helptags()
Or maybe better:
Retry
--limit @/home/ansible/ssh.retry
Error messages
ERROR! 'when' is not a valid attribute for a Play
ERROR! this task 'import_playbook' has extra params
meh
/usr/bin/chattr: Clearing extent flag not supported
Probably trying to make a backup of a symlink
Missing sudo password
set NOPASSWD in sudo config
Escape curly braces
{{ '{' }}
Check file for string
tasks:
- name: grep line
shell: "grep -q swap /etc/fstab"
failed_when: false
register: grepped
- name: show grep
debug:
msg: "exists"
when: grepped.rc == 0
Error messages
msg: The PyMySQL (Python 2.7 and Python 3.X) or MySQL-python (Python 2.X) module is required
Means you need to install for example python2-PyMySQL on that host
Ansible-lint messages
Commands should not change things if nothing needs doing
Ignore, or use
changed_when: false
Shells that use pipes should set the pipefail option
shell: | set -o pipefail some command
Tips & tricks
Includes only when on host group
- block:
- include: foo.yml
- include: bar.yml
when: "'foobar' in group_names"
Show info/facts of a host
ansible somehost -m setup ansible somehost -m ansible.builtin.setup
Show distribution and version
- name: show some host info
debug:
msg: Dist Template:Ansible distribution Template:Ansible distribution version
