Ansible
From DWIKI
Configuration management
Links
- Homepage
- Adding iptables Rules With Ansible
- Going Deeper into Ansible Playbooks
- An Ansible Tutorial
- How to Install and Configure latest version of Ansible on Ubuntu Linux
- Getting started with Ansible
- Tips and tricks
- AWX
- Ansible Galaxy
- Ansible roles explained
- Timeouts
- Ansible sample scripts
Tools
- Molecule for testing roles
- ansible-lint
Docs
Some terms
Inventories
Alternatives
Quickstart
On server as root create key:
ssh-keygen
(go for defaults) and then get content of ~/.ssh/id_rsa.pub in your copypastebuffer
On 'clients' edit /etc/ssh/sshd_config to
PermitRootLogin without-password
and restart sshd
Edit/create ~root/.ssh/authorized_keys and add:
from="ip.of.ansible.server" <paste public key here>
Scripts/playbooks
Maintain useraccounts
---
- name: remove users
user: name=exuser state=absent force=yes groups=''
with_dict: accounts
tags:
- delusers
- name: sync group
group:
name: sync
gid: 999
state: "present"
- name: fix homedir rights
lineinfile: dest=/etc/login.defs regexp=^UMASK line="UMASK 007"
- name: useraccounts
user:
name: "{{ item.key }}"
comment: "{{ item.value.name }}"
uid: "{{ item.value.uid }}"
state: "present"
shell: "/bin/bash"
groups: sudo
with_dict: accounts
tags:
- accounts
- name: userpasswords
user:
name: "{{ item.key }}"
password: "{{ lookup('csvfile',item.key + ' file=/etc/shadow delimiter=: col=1' ) }}"
with_dict: accounts
#ssh keys
- name: userkeys
authorized_key: user={{ item.key }} key="{{ lookup('file','/home/' + item.key + '/.ssh/authorized_keys' ) }}" exclusive=yes
with_dict: accounts
tags:
- keys
- name: nofoobar
user: name=foobar state=absent remove=yes
tags:
- foobar
FAQ
roles for multiple distributions
include_vars with "distro-Template:Ansible distro name.yml"
Escape single quote
'foo bar '
Newlines in output
instead of all those '\n':
In ansible.cfg:
stdout_callback = yaml
Ad-hoc commands
http://docs.ansible.com/ansible/latest/intro_adhoc.html
check python code
ansible-test sanity --test pep8 mycode.py
Command/shell output on single line
ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml
Storing passwords
http://docs.ansible.com/ansible/2.4/vault.html
Show all host variables
ansible -m setup <hostname>
Show all OS/versions
ansible all -m setup -a "filter=ansible_distribution*"
Syntax highlighting for ansible
Drop the files in ~/vim/bundle and in .vimrc:
call pathogen#infect() call pathogen#helptags()
Or maybe better:
Retry
--limit @/home/ansible/ssh.retry
ERROR! this task 'import_playbook' has extra params
meh
/usr/bin/chattr: Clearing extent flag not supported
Probably trying to make a backup of a symlink
Escape curly braces
{{ '{' }}
Check file for string
tasks:
- name: grep line
shell: "grep -q swap /etc/fstab"
failed_when: false
register: grepped
- name: show grep
debug:
msg: "exists"
when: grepped.rc == 0
Tips & tricks
Includes only when on host group
- block:
- include: foo.yml
- include: bar.yml
when: "'foobar' in group_names"
Show info/facts of a host
ansible somehost -m setup ansible somehost -m ansible.builtin.setup
Show distribution and version
- name: show some host info
debug:
msg: Dist Template:Ansible distribution Template:Ansible distribution version
