Ansible: Difference between revisions
From DWIKI
m (→FAQ) |
mNo edit summary |
||
| Line 98: | Line 98: | ||
</pre> | </pre> | ||
==roles for multiple distributions== | = FAQ = | ||
== roles for multiple distributions == | |||
include_vars with "distro-{{ansible_distro_name}}.yml" | include_vars with "distro-{{ansible_distro_name}}.yml" | ||
==Escape single quote== | == Escape single quote == | ||
'foo ''bar'' ' | 'foo ''bar'' ' | ||
==check python code== | |||
== Newlines in output == | |||
instead of all those '\n': | |||
In ansible.cfg: | |||
stdout_callback = yaml | |||
== Ad-hoc commands == | |||
[http://docs.ansible.com/ansible/latest/intro_adhoc.html http://docs.ansible.com/ansible/latest/intro_adhoc.html] | |||
== check python code == | |||
ansible-test sanity --test pep8 mycode.py | ansible-test sanity --test pep8 mycode.py | ||
==Command/shell output on single line== | == Command/shell output on single line == | ||
ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml | ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml | ||
==Storing passwords== | == Storing passwords == | ||
http://docs.ansible.com/ansible/2.4/vault.html | |||
[http://docs.ansible.com/ansible/2.4/vault.html http://docs.ansible.com/ansible/2.4/vault.html] | |||
== Show all host variables == | |||
ansible -m setup <hostname> | ansible -m setup <hostname> | ||
==Show all OS/versions== | == Show all OS/versions == | ||
ansible all -m setup -a "filter=ansible_distribution*" | ansible all -m setup -a "filter=ansible_distribution*" | ||
==Syntax highlighting for ansible== | == Syntax highlighting for ansible == | ||
*https://github.com/chase/vim-ansible-yaml | *[https://github.com/chase/vim-ansible-yaml https://github.com/chase/vim-ansible-yaml] | ||
Drop the files in ~/vim/bundle and in .vimrc: | Drop the files in ~/vim/bundle and in .vimrc: | ||
call pathogen#infect() | call pathogen#infect() | ||
call pathogen#helptags() | call pathogen#helptags() | ||
Or maybe better: | Or maybe better: | ||
==Retry== | *[https://github.com/pearofducks/ansible-vim https://github.com/pearofducks/ansible-vim] | ||
== Retry == | |||
--limit @/home/ansible/ssh.retry | --limit @/home/ansible/ssh.retry | ||
==ERROR! this task 'import_playbook' has extra params== | |||
== ERROR! this task 'import_playbook' has extra params == | |||
meh | meh | ||
| |||
== /usr/bin/chattr: Clearing extent flag not supported == | |||
Probably trying to make a backup of a symlink | Probably trying to make a backup of a symlink | ||
==Escape curly braces== | == Escape curly braces == | ||
{{ '{' }} | {{ '{' }} | ||
==Check file for string== | == Check file for string == | ||
tasks: | tasks: | ||
- name: grep line | - name: grep line | ||
Revision as of 10:54, 26 May 2021
Configuration management
Links
- Homepage
- Adding iptables Rules With Ansible
- Going Deeper into Ansible Playbooks
- An Ansible Tutorial
- How to Install and Configure latest version of Ansible on Ubuntu Linux
- Getting started with Ansible
- Tips and tricks
- AWX
- Ansible Galaxy
- Ansible roles explained
- Timeouts
- Ansible sample scripts
Tools
- Molecule for testing roles
- ansible-lint
Docs
Some terms
Inventories
Alternatives
Quickstart
On server as root create key:
ssh-keygen
(go for defaults) and then get content of ~/.ssh/id_rsa.pub in your copypastebuffer
On 'clients' edit /etc/ssh/sshd_config to
PermitRootLogin without-password
and restart sshd
Edit/create ~root/.ssh/authorized_keys and add:
from="ip.of.ansible.server" <paste public key here>
Scripts/playbooks
Maintain useraccounts
---
- name: remove users
user: name=exuser state=absent force=yes groups=''
with_dict: accounts
tags:
- delusers
- name: sync group
group:
name: sync
gid: 999
state: "present"
- name: fix homedir rights
lineinfile: dest=/etc/login.defs regexp=^UMASK line="UMASK 007"
- name: useraccounts
user:
name: "{{ item.key }}"
comment: "{{ item.value.name }}"
uid: "{{ item.value.uid }}"
state: "present"
shell: "/bin/bash"
groups: sudo
with_dict: accounts
tags:
- accounts
- name: userpasswords
user:
name: "{{ item.key }}"
password: "{{ lookup('csvfile',item.key + ' file=/etc/shadow delimiter=: col=1' ) }}"
with_dict: accounts
#ssh keys
- name: userkeys
authorized_key: user={{ item.key }} key="{{ lookup('file','/home/' + item.key + '/.ssh/authorized_keys' ) }}" exclusive=yes
with_dict: accounts
tags:
- keys
- name: nofoobar
user: name=foobar state=absent remove=yes
tags:
- foobar
FAQ
roles for multiple distributions
include_vars with "distro-Template:Ansible distro name.yml"
Escape single quote
'foo bar '
Newlines in output
instead of all those '\n':
In ansible.cfg:
stdout_callback = yaml
Ad-hoc commands
http://docs.ansible.com/ansible/latest/intro_adhoc.html
check python code
ansible-test sanity --test pep8 mycode.py
Command/shell output on single line
ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml
Storing passwords
http://docs.ansible.com/ansible/2.4/vault.html
Show all host variables
ansible -m setup <hostname>
Show all OS/versions
ansible all -m setup -a "filter=ansible_distribution*"
Syntax highlighting for ansible
Drop the files in ~/vim/bundle and in .vimrc:
call pathogen#infect() call pathogen#helptags()
Or maybe better:
Retry
--limit @/home/ansible/ssh.retry
ERROR! this task 'import_playbook' has extra params
meh
/usr/bin/chattr: Clearing extent flag not supported
Probably trying to make a backup of a symlink
Escape curly braces
{{ '{' }}
Check file for string
tasks:
- name: grep line
shell: "grep -q swap /etc/fstab"
failed_when: false
register: grepped
- name: show grep
debug:
msg: "exists"
when: grepped.rc == 0
Tips & tricks
Includes only when on host group
- block:
- include: foo.yml
- include: bar.yml
when: "'foobar' in group_names"
Show info/facts of a host
ansible somehost -m setup
Show distribution and version
- name: show some host info
debug:
msg: Dist Template:Ansible distribution Template:Ansible distribution version
