Ansible: Difference between revisions

From DWIKI
mNo edit summary
Line 98: Line 98:
  </pre>
  </pre>


=FAQ=


==roles for multiple distributions==
= FAQ =
 
== roles for multiple distributions ==
 
   include_vars with "distro-{{ansible_distro_name}}.yml"
   include_vars with "distro-{{ansible_distro_name}}.yml"


==Escape single quote==
== Escape single quote ==
 
  'foo ''bar'' '
  'foo ''bar'' '
==Ad-hoc commands==
http://docs.ansible.com/ansible/latest/intro_adhoc.html


==check python code==
 
== Newlines in output ==
instead of all those '\n':
 
In ansible.cfg:
stdout_callback = yaml
 
== Ad-hoc commands ==
 
[http://docs.ansible.com/ansible/latest/intro_adhoc.html http://docs.ansible.com/ansible/latest/intro_adhoc.html]
 
== check python code ==
 
  ansible-test sanity --test pep8 mycode.py
  ansible-test sanity --test pep8 mycode.py


==Command/shell output on single line==
== Command/shell output on single line ==
 
  ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml
  ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml


==Storing passwords==
== Storing passwords ==
http://docs.ansible.com/ansible/2.4/vault.html
 
[http://docs.ansible.com/ansible/2.4/vault.html http://docs.ansible.com/ansible/2.4/vault.html]
 
== Show all host variables ==


==Show all host variables==
  ansible -m setup <hostname>
  ansible -m setup <hostname>


==Show all OS/versions==
== Show all OS/versions ==
 
  ansible all -m setup -a "filter=ansible_distribution*"
  ansible all -m setup -a "filter=ansible_distribution*"


==Syntax highlighting for ansible==
== Syntax highlighting for ansible ==


*https://github.com/chase/vim-ansible-yaml
*[https://github.com/chase/vim-ansible-yaml https://github.com/chase/vim-ansible-yaml]


Drop the files in ~/vim/bundle and in .vimrc:
Drop the files in ~/vim/bundle and in .vimrc:
  call pathogen#infect()
  call pathogen#infect()
  call pathogen#helptags()
  call pathogen#helptags()


Or maybe better:
Or maybe better:
*https://github.com/pearofducks/ansible-vim


==Retry==
*[https://github.com/pearofducks/ansible-vim https://github.com/pearofducks/ansible-vim]
 
== Retry ==
 
  --limit @/home/ansible/ssh.retry
  --limit @/home/ansible/ssh.retry
==ERROR! this task 'import_playbook' has extra params==
 
== ERROR! this task 'import_playbook' has extra params ==
 
meh
meh


&nbsp;
== /usr/bin/chattr: Clearing extent flag not supported ==


==/usr/bin/chattr: Clearing extent flag not supported ==
Probably trying to make a backup of a symlink
Probably trying to make a backup of a symlink


==Escape curly braces==
== Escape curly braces ==
 
  {{ '{' }}
  {{ '{' }}


==Check file for string==
== Check file for string ==
 
   tasks:
   tasks:
     - name: grep line
     - name: grep line

Revision as of 10:54, 26 May 2021

Configuration management

Links

Tools

Docs

Some terms

Inventories

Alternatives

Quickstart

On server as root create key:

ssh-keygen

(go for defaults) and then get content of ~/.ssh/id_rsa.pub in your copypastebuffer

On 'clients' edit /etc/ssh/sshd_config to

PermitRootLogin without-password

and restart sshd

Edit/create ~root/.ssh/authorized_keys and add:

from="ip.of.ansible.server" <paste public key here>

Scripts/playbooks

Maintain useraccounts

 ---

 - name: remove users
  user: name=exuser state=absent force=yes groups=''
  with_dict: accounts
  tags:
    - delusers

 - name: sync group
  group:
    name: sync
    gid: 999
    state: "present"

 - name: fix homedir rights
  lineinfile: dest=/etc/login.defs regexp=^UMASK line="UMASK 007"

 - name: useraccounts
  user:
    name: "{{ item.key }}"
    comment: "{{ item.value.name }}"
    uid: "{{ item.value.uid }}"
    state: "present"
    shell: "/bin/bash"
    groups: sudo
  with_dict: accounts
  tags:
    - accounts

 - name: userpasswords
  user:
    name: "{{ item.key }}"
    password: "{{ lookup('csvfile',item.key + ' file=/etc/shadow delimiter=: col=1' ) }}"
  with_dict: accounts

#ssh keys
 - name: userkeys
  authorized_key: user={{ item.key }} key="{{ lookup('file','/home/' + item.key + '/.ssh/authorized_keys' ) }}" exclusive=yes
  with_dict: accounts
  tags:
    - keys

 - name: nofoobar
  user: name=foobar state=absent remove=yes
  tags:
    - foobar
 


FAQ

roles for multiple distributions

 include_vars with "distro-Template:Ansible distro name.yml"

Escape single quote

'foo bar '


Newlines in output

instead of all those '\n':

In ansible.cfg:

stdout_callback = yaml

Ad-hoc commands

http://docs.ansible.com/ansible/latest/intro_adhoc.html

check python code

ansible-test sanity --test pep8 mycode.py

Command/shell output on single line

ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml

Storing passwords

http://docs.ansible.com/ansible/2.4/vault.html

Show all host variables

ansible -m setup <hostname>

Show all OS/versions

ansible all -m setup -a "filter=ansible_distribution*"

Syntax highlighting for ansible

Drop the files in ~/vim/bundle and in .vimrc:

call pathogen#infect()
call pathogen#helptags()

Or maybe better:

Retry

--limit @/home/ansible/ssh.retry

ERROR! this task 'import_playbook' has extra params

meh

 

/usr/bin/chattr: Clearing extent flag not supported

Probably trying to make a backup of a symlink

Escape curly braces

{{ '{' }}

Check file for string

 tasks:
   - name: grep line
     shell: "grep -q swap /etc/fstab"
     failed_when: false
     register: grepped
   - name: show grep
     debug:
       msg: "exists"
     when: grepped.rc == 0

Tips & tricks

Includes only when on host group

  - block:
    - include: foo.yml 
    - include: bar.yml
  when: "'foobar' in group_names"

Show info/facts of a host

ansible somehost -m setup


Show distribution and version

 - name: show some host info
   debug:
     msg: Dist Template:Ansible distribution Template:Ansible distribution version