Created Sun Jun, 09 2019 at 11:10AM
Below are some notes I've accumulated on while working with Ansible.
Recently, I was working on a project where we were automating a testing environment playbook and had setup a unique vault in a role for this test user. What I found annoying was I could not figure out a way to explicitly set what vault would be used. I ended up setting --extra-vars="@roles/mytest/vars/secure.yml".
---
- hosts: all
become: true
pre_tasks:
- name: start tasks and sent notifiaction to HipChat
hipchat:
color: purple
token: "{{ hipchat_token }}"
room: "{{ hipchat_room }}"
msg: "[Start] Run 'foo/setup.yml' playbook on {{ ansible_nodename }}."
roles:
- chusiang.vim-and-vi-mode
vars:
...
ansible -m ping all
# or
ansible -m shell -a 'uptime' all
-K = ask for sudo password -b = use sudo (assumes no passwd prompt)
ansible -b -K -m user -a 'name=testuser' all
ansible -m shell -a 'getent passwd| grep testuser' all
jcarranza@jaime-ansible:~/src/ansible-staging$ ansible -i inventory/dev --vault-password-file ~/.vault_pass -m shell -a 'uptime' all
ansible -b -K -m user -a 'name=testuser state=absent' all
roles are tasks to be run on hosts such as installing vim, htop or curl.
example of a basic role file: $ansible_path/roles/basic/tasks/main.yml
- name: "Installing Vim"
apt: pkg=vim state=present
- name: "Installing htop"
apt: pkg=htop
- name: "Installing screen"
apt: pkg=screen
- name: "Installing git"
apt: pkg=git
- name: "Installing additional software"
apt: pkg={{ item }} state=present
with_items:
- dnsutils
- git
- vim
- curl
- wget
- rsync
- zsh
*note that present state is default so it's unnecessary.
To start creating a role simply run ansible-galaxy init <rolename> to create the file structure to get started.
playbooks are assignments of roles (tasks like install vim) to hosts or host groups.
sample of $ansible_path/playbook.yml:
---
- hosts: all
become: true
roles:
- basic
*become: true is for sudo.
ansible-playbook -K playbook.ymlinventory file can be called anything. Use 'inventory' or 'hosts'
playbook can be called anything 'playbook.yml' or 'deploy.yml' are decent choices.
group_vars dir will apply whatever is in them as if it were specified in the playbook. e.g. group_vars/all, group_vars/database
host_vars dir can have files inside by hostname e.g. host_vars/sputnik.co file with some instructions for that host.
you can have staging and production directories with their own playbooks.
e.g.
staging/
hosts
group_vars/...
host_vars/...
production/
hosts
group_vars/...
host_vars/...
playbook.yml
which could run ansible-playbook -i staging playbook.yml that might have debug turned on etc..
➜ ansible_tutorial tree
.
├── ansible.cfg
├── hosts
├── playbook.retry
├── playbook.yml
└── roles
├── common
│ └── tasks
│ └── main.yml
└── dev_env
├── meta
│ └── main.yml
├── tasks
│ └── main.yaml
└── templates
├── bash.bashrc
└── zshrc.j2
Create vault password
ansible-vault create vault.yml
encrypting a file
ansible-vault encrypt encrypt_me.txt
changing password of encrypted file
ansible-vault rekey encrypt_me.txt
creating ansible password file
echo 'my_vault_password' > .vault_pass
export ANSIBLE_VAULT_PASSWORD_FILE=./.vault_pass
Replace the contents with the following script:
.vault_pass
#!/usr/bin/env python
import os
print os.environ['VAULT_PASSWORD']
Make the file executable by typing:
chmod +x .vault_pass
You can then set and export the VAULT_PASSWORD environment variable, which will be available for your current session:
export VAULT_PASSWORD=my_vault_password
export ANSIBLE_DEBUG=1