Ansible

From DWIKI
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Configuration management

Links

Tools

  • Molecule for testing roles
  • ansible-lint
  • ansible-console
  • ansible-inventory

Docs

Ansible style guides

Some terms

Inventories

Alternatives

Quickstart

On server as root create key:

ssh-keygen

(go for defaults) and then get content of ~/.ssh/id_rsa.pub in your copypastebuffer

On 'clients' edit /etc/ssh/sshd_config to

PermitRootLogin without-password

and restart sshd

Edit/create ~root/.ssh/authorized_keys and add:

from="ip.of.ansible.server" <paste public key here>

Scripts/playbooks

Maintain useraccounts

 ---

 - name: remove users
  user: name=exuser state=absent force=yes groups=''
  with_dict: accounts
  tags:
    - delusers

 - name: sync group
  group:
    name: sync
    gid: 999
    state: "present"

 - name: fix homedir rights
  lineinfile: dest=/etc/login.defs regexp=^UMASK line="UMASK 007"

 - name: useraccounts
  user:
    name: "{{ item.key }}"
    comment: "{{ item.value.name }}"
    uid: "{{ item.value.uid }}"
    state: "present"
    shell: "/bin/bash"
    groups: sudo
  with_dict: accounts
  tags:
    - accounts

 - name: userpasswords
  user:
    name: "{{ item.key }}"
    password: "{{ lookup('csvfile',item.key + ' file=/etc/shadow delimiter=: col=1' ) }}"
  with_dict: accounts

#ssh keys
 - name: userkeys
  authorized_key: user={{ item.key }} key="{{ lookup('file','/home/' + item.key + '/.ssh/authorized_keys' ) }}" exclusive=yes
  with_dict: accounts
  tags:
    - keys

 - name: nofoobar
  user: name=foobar state=absent remove=yes
  tags:
    - foobar
 


comment out a line

- name: remove java line from rclocal
  lineinfile:
    dest: /etc/rc.local
    regexp: '^(java.*)$'
    line: '# \1'
    backrefs: yes


HOWTO

Add user to group

name: add user to bargroup
 user:
   name: foo
   groups: bargroup
   append: yes


Run command

Cronjobs and ssh passphrases

See https://gist.github.com/Justintime50/297d0d36da40834b037a65998d2149ca

FAQ

Error messages

ERROR! conflicting action statements: debug, msg

indentation


Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.

Try

ANSIBLE_HOST_KEY_CHECKING=False playbook ...

ansible-lint

Use shell only when shell functionality is required

roles for multiple distributions

 include_vars with "distro-Template:Ansible distro name.yml"

Escape single quote

'foo bar '

Syntax Error while loading YAML. did not find expected key

Check indentation


 

Newlines in output

instead of all those '\n':

In ansible.cfg:

stdout_callback = yaml

Ad-hoc commands

http://docs.ansible.com/ansible/latest/intro_adhoc.html

check python code

ansible-test sanity --test pep8 mycode.py

Command/shell output on single line

ANSIBLE_STDOUT_CALLBACK=oneline ansible-playbook foo.yml

Storing passwords

http://docs.ansible.com/ansible/2.4/vault.html

Show all host variables

ansible -m setup <hostname>

Show all OS/versions

ansible all -m setup -a "filter=ansible_distribution*"

Syntax highlighting for ansible

Drop the files in ~/vim/bundle and in .vimrc:

call pathogen#infect()
call pathogen#helptags()

Or maybe better:

Retry

--limit @/home/ansible/ssh.retry


Error messages

ERROR! 'when' is not a valid attribute for a Play

ERROR! this task 'import_playbook' has extra params

meh

 

/usr/bin/chattr: Clearing extent flag not supported

Probably trying to make a backup of a symlink

Escape curly braces

{{ '{' }}

Check file for string

 tasks:
   - name: grep line
     shell: "grep -q swap /etc/fstab"
     failed_when: false
     register: grepped
   - name: show grep
     debug:
       msg: "exists"
     when: grepped.rc == 0
      
     

Error messages

msg: The PyMySQL (Python 2.7 and Python 3.X) or MySQL-python (Python 2.X) module is required

Means you need to install for example python2-PyMySQL on that host


Ansible-lint messages

Commands should not change things if nothing needs doing

Ignore, or use

changed_when: false

Tips & tricks

Includes only when on host group

  - block:
    - include: foo.yml 
    - include: bar.yml
  when: "'foobar' in group_names"


Show info/facts of a host

ansible somehost -m setup
ansible somehost -m ansible.builtin.setup

Show distribution and version

 - name: show some host info
   debug:
     msg: Dist Template:Ansible distribution Template:Ansible distribution version