Ansible: Difference between revisions

From DWIKI
 
(63 intermediate revisions by the same user not shown)
Line 6: Line 6:
*[http://cloudacademy.com/blog/going-deeper-into-ansible-playbooks/ Going Deeper into Ansible Playbooks]
*[http://cloudacademy.com/blog/going-deeper-into-ansible-playbooks/ Going Deeper into Ansible Playbooks]
*[https://serversforhackers.com/an-ansible-tutorial An Ansible Tutorial]
*[https://serversforhackers.com/an-ansible-tutorial An Ansible Tutorial]
*[https://www.cyberciti.biz/faq/how-to-install-and-configure-latest-version-of-ansible-on-ubuntu-linux/ How to Install and Configure latest version of Ansible on Ubuntu Linux]
*[https://networklore.com/ansible-getting-started/ Getting started with Ansible]
*[https://ansible-tips-and-tricks.readthedocs.io/en/latest/os-dependent-tasks/variables/ Tips and tricks]
*[https://www.ansible.com/products/awx-project AWX]
*[https://galaxy.ansible.com Ansible Galaxy]
*[https://linuxacademy.com/blog/red-hat/ansible-roles-explained/ Ansible roles explained]
*[https://docs.ansible.com/ansible/latest/user_guide/playbooks_async.html Timeouts]
*[https://manintheit.org/ansible/ansible-sample-scripts/ Ansible sample scripts]
*[https://gist.github.com/mgedmin/5f8ac034df0c371444be module for postfix]
*[https://docs.ansible.com/ansible/latest/collections/ Ansible collections]


=Tools=
*[https://molecule.readthedocs.io/en/latest/ Molecule] for testing roles
*ansible-lint
*ansible-console
*ansible-inventory


{{See also|Puppet|Saltstack}}
=Docs=
*[https://howto.cactus.de/index.php/Ansible_Howto Ansible Howto]
*[https://docs.ansible.com/ansible/latest/collections/ansible/builtin/ Ansible builtin modules]
*[http://ansible-docs.readthedocs.io/zh/stable-2.0/rst/playbooks_conditionals.html Conditionals]
*[https://docs.ansible.com/ansible/2.5/user_guide/playbooks_async.html Parallel!]
==Ansible style guides==
*[https://docs.ansible.com/ansible/2.6/dev_guide/style_guide/index.html Style guide]
*[https://redhat-cop.github.io/automation-good-practices/ Ansible good practices]
 
*[https://spacelift.io/blog/ansible-variables Ansible variables]
 
 
==Lineinfile==
*[https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html Lineinfile module]
 
=Some terms=
 
=Inventories=
*[http://docs.ansible.com/ansible/latest/intro_dynamic_inventory.html Dynamic Inventory]
*[https://www.jeffgeerling.com/blog/creating-custom-dynamic-inventories-ansible Creating custom dynamic inventories]
*[*[https://www.digitalocean.com/community/tutorials/how-to-set-up-ansible-inventories  Set up ansible inventories]
 
=Alternatives=
*[[Puppet]]
*[[Saltstack]]


=Quickstart=
=Quickstart=
Line 74: Line 114:
  </pre>
  </pre>


=FAQ=
 
==Show all host variables==
== comment out a line ==
- name: remove java line from rclocal
  lineinfile:
    dest: /etc/rc.local
    regexp: '^(java.*)$'
    line: '# \1'
    backrefs: yes
 
 
=HOWTO=
==Add user to group==
name: add user to bargroup
  user:
    name: foo
    groups: bargroup
    append: yes
 
 
==Run command==
 
 
==Cronjobs and ssh passphrases==
See https://gist.github.com/Justintime50/297d0d36da40834b037a65998d2149ca
 
= FAQ =
 
==Connect to a different port==
Try
--extra-vars="ansible_port=2345"
 
==Error messages==
===ERROR! conflicting action statements: debug, msg===
'''indentation'''
 
 
 
===Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.===
Try
ANSIBLE_HOST_KEY_CHECKING=False playbook ...
 
 
 
===Platform linux on host backup01 is using the discovered Python interpreter at /usr/bin/python3===
one hack is adding to ~/.ansible.cfg:
[defaults]
interpreter_python=auto_silent 
 
but better fix it.HOW??
 
 
===The error was: 'item' is undefined"===
wrong indentation for with_items
 
==ansible-lint==
===Use shell only when shell functionality is required===
 
 
== roles for multiple distributions ==
 
  include_vars with "distro-{{ansible_distro_name}}.yml"
 
== Escape single quote ==
 
'foo ''bar'' '
 
==Syntax Error while loading YAML. did not find expected key==
Check indentation
 
 
&nbsp;
 
== Newlines in output ==
 
instead of all those '\n':
 
In ansible.cfg:
 
stdout_callback = yaml
 
== Ad-hoc commands ==
 
[http://docs.ansible.com/ansible/latest/intro_adhoc.html http://docs.ansible.com/ansible/latest/intro_adhoc.html]
 
== check python code ==
 
ansible-test sanity --test pep8 mycode.py
 
== Command/shell output on single line ==
 
ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml
 
== Storing passwords ==
 
[http://docs.ansible.com/ansible/2.4/vault.html http://docs.ansible.com/ansible/2.4/vault.html]
 
== Show all host variables ==
 
  ansible -m setup <hostname>
  ansible -m setup <hostname>


==Syntax highlighting for ansible==
== Show all OS/versions ==
 
ansible all -m setup -a "filter=ansible_distribution*"
 
== Syntax highlighting for ansible ==


*https://github.com/chase/vim-ansible-yaml
*[https://github.com/chase/vim-ansible-yaml https://github.com/chase/vim-ansible-yaml]


Drop the files in ~/vim/bundle and in .vimrc:
Drop the files in ~/vim/bundle and in .vimrc:
  call pathogen#infect()
  call pathogen#infect()
  call pathogen#helptags()
  call pathogen#helptags()
Or maybe better:
*[https://github.com/pearofducks/ansible-vim https://github.com/pearofducks/ansible-vim]
== Retry ==
--limit @/home/ansible/ssh.retry
==Error messages==
===ERROR! 'when' is not a valid attribute for a Play===
=== ERROR! this task 'import_playbook' has extra params ===
meh
&nbsp;
=== /usr/bin/chattr: Clearing extent flag not supported ===
Probably trying to make a backup of a symlink
== Escape curly braces ==
{{ '{' }}
== Check file for string ==
  tasks:
    - name: grep line
      shell: "grep -q swap /etc/fstab"
      failed_when: false
      register: grepped
    - name: show grep
      debug:
        msg: "exists"
      when: grepped.rc == 0
     
     
== Error messages ==
=== msg: The PyMySQL (Python 2.7 and Python 3.X) or MySQL-python (Python 2.X) module is required ===
Means you need to install for example python2-PyMySQL on that host
==Ansible-lint messages==
===Commands should not change things if nothing needs doing===
Ignore, or use
changed_when: false
===Shells that use pipes should set the pipefail option===
shell: |
  set -o pipefail
  some command
=Tips & tricks=
==Includes only when on host group==
  - block:
    - include: foo.yml
    - include: bar.yml
  when: "'foobar' in group_names"
== Show info/facts of a host ==
ansible somehost -m setup
ansible somehost -m ansible.builtin.setup
==Show distribution and version==
  - name: show some host info
    debug:
      msg: Dist {{ ansible_distribution }} {{ ansible_distribution_version }}
[[Category:Configuration management]]

Latest revision as of 14:55, 25 October 2024

Configuration management

Links

Tools

  • Molecule for testing roles
  • ansible-lint
  • ansible-console
  • ansible-inventory

Docs

Ansible style guides


Lineinfile

Some terms

Inventories

Alternatives

Quickstart

On server as root create key:

ssh-keygen

(go for defaults) and then get content of ~/.ssh/id_rsa.pub in your copypastebuffer

On 'clients' edit /etc/ssh/sshd_config to

PermitRootLogin without-password

and restart sshd

Edit/create ~root/.ssh/authorized_keys and add:

from="ip.of.ansible.server" <paste public key here>

Scripts/playbooks

Maintain useraccounts

 ---

 - name: remove users
  user: name=exuser state=absent force=yes groups=''
  with_dict: accounts
  tags:
    - delusers

 - name: sync group
  group:
    name: sync
    gid: 999
    state: "present"

 - name: fix homedir rights
  lineinfile: dest=/etc/login.defs regexp=^UMASK line="UMASK 007"

 - name: useraccounts
  user:
    name: "{{ item.key }}"
    comment: "{{ item.value.name }}"
    uid: "{{ item.value.uid }}"
    state: "present"
    shell: "/bin/bash"
    groups: sudo
  with_dict: accounts
  tags:
    - accounts

 - name: userpasswords
  user:
    name: "{{ item.key }}"
    password: "{{ lookup('csvfile',item.key + ' file=/etc/shadow delimiter=: col=1' ) }}"
  with_dict: accounts

#ssh keys
 - name: userkeys
  authorized_key: user={{ item.key }} key="{{ lookup('file','/home/' + item.key + '/.ssh/authorized_keys' ) }}" exclusive=yes
  with_dict: accounts
  tags:
    - keys

 - name: nofoobar
  user: name=foobar state=absent remove=yes
  tags:
    - foobar
 


comment out a line

- name: remove java line from rclocal
  lineinfile:
    dest: /etc/rc.local
    regexp: '^(java.*)$'
    line: '# \1'
    backrefs: yes


HOWTO

Add user to group

name: add user to bargroup
 user:
   name: foo
   groups: bargroup
   append: yes


Run command

Cronjobs and ssh passphrases

See https://gist.github.com/Justintime50/297d0d36da40834b037a65998d2149ca

FAQ

Connect to a different port

Try

--extra-vars="ansible_port=2345"

Error messages

ERROR! conflicting action statements: debug, msg

indentation


Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.

Try

ANSIBLE_HOST_KEY_CHECKING=False playbook ...


Platform linux on host backup01 is using the discovered Python interpreter at /usr/bin/python3

one hack is adding to ~/.ansible.cfg:

[defaults]
interpreter_python=auto_silent  

but better fix it.HOW??


The error was: 'item' is undefined"

wrong indentation for with_items

ansible-lint

Use shell only when shell functionality is required

roles for multiple distributions

 include_vars with "distro-Template:Ansible distro name.yml"

Escape single quote

'foo bar '

Syntax Error while loading YAML. did not find expected key

Check indentation


 

Newlines in output

instead of all those '\n':

In ansible.cfg:

stdout_callback = yaml

Ad-hoc commands

http://docs.ansible.com/ansible/latest/intro_adhoc.html

check python code

ansible-test sanity --test pep8 mycode.py

Command/shell output on single line

ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml

Storing passwords

http://docs.ansible.com/ansible/2.4/vault.html

Show all host variables

ansible -m setup <hostname>

Show all OS/versions

ansible all -m setup -a "filter=ansible_distribution*"

Syntax highlighting for ansible

Drop the files in ~/vim/bundle and in .vimrc:

call pathogen#infect()
call pathogen#helptags()

Or maybe better:

Retry

--limit @/home/ansible/ssh.retry


Error messages

ERROR! 'when' is not a valid attribute for a Play

ERROR! this task 'import_playbook' has extra params

meh

 

/usr/bin/chattr: Clearing extent flag not supported

Probably trying to make a backup of a symlink

Escape curly braces

{{ '{' }}

Check file for string

 tasks:
   - name: grep line
     shell: "grep -q swap /etc/fstab"
     failed_when: false
     register: grepped
   - name: show grep
     debug:
       msg: "exists"
     when: grepped.rc == 0
      
     

Error messages

msg: The PyMySQL (Python 2.7 and Python 3.X) or MySQL-python (Python 2.X) module is required

Means you need to install for example python2-PyMySQL on that host


Ansible-lint messages

Commands should not change things if nothing needs doing

Ignore, or use

changed_when: false

Shells that use pipes should set the pipefail option

shell: |
  set -o pipefail
  some command

Tips & tricks

Includes only when on host group

  - block:
    - include: foo.yml 
    - include: bar.yml
  when: "'foobar' in group_names"


Show info/facts of a host

ansible somehost -m setup
ansible somehost -m ansible.builtin.setup

Show distribution and version

 - name: show some host info
   debug:
     msg: Dist Template:Ansible distribution Template:Ansible distribution version