Created Sun Jun, 09 2019 at 11:10AM

Below are some notes I've accumulated on while working with Ansible.

Recently, I was working on a project where we were automating a testing environment playbook and had setup a unique vault in a role for this test user. What I found annoying was I could not figure out a way to explicitly set what vault would be used. I ended up setting --extra-vars="@roles/mytest/vars/secure.yml".

Run tasks before roles

---
- hosts: all
  become: true
  pre_tasks:
    - name: start tasks and sent notifiaction to HipChat
      hipchat:
        color: purple
        token: "{{ hipchat_token }}"
        room: "{{ hipchat_room }}"
        msg: "[Start] Run 'foo/setup.yml' playbook on {{ ansible_nodename }}."

  roles:
    - chusiang.vim-and-vi-mode

  vars:
    ...

To test connectivity is ok between ansible "control" node and targets

ansible -m ping all 
# or 
ansible -m shell -a 'uptime' all 

running root priv commands

-K = ask for sudo password -b = use sudo (assumes no passwd prompt)

add testuser account to all servers

ansible -b -K -m user -a 'name=testuser' all

verify user was added

ansible -m shell -a 'getent passwd| grep testuser' all

running command on all dev nodes

jcarranza@jaime-ansible:~/src/ansible-staging$ ansible -i inventory/dev --vault-password-file ~/.vault_pass -m shell -a 'uptime' all

remove user

ansible -b -K -m user -a 'name=testuser state=absent' all

roles

roles are tasks to be run on hosts such as installing vim, htop or curl.

example of a basic role file: $ansible_path/roles/basic/tasks/main.yml

- name: "Installing Vim"
  apt: pkg=vim state=present

- name: "Installing htop"
  apt: pkg=htop

- name: "Installing screen"
  apt: pkg=screen

- name: "Installing git"
  apt: pkg=git

- name: "Installing additional software"
  apt: pkg={{ item }} state=present
  with_items:
    - dnsutils
    - git
    - vim
    - curl
    - wget
    - rsync
    - zsh

*note that present state is default so it's unnecessary.

playbooks

playbooks are assignments of roles (tasks like install vim) to hosts or host groups.

sample of $ansible_path/playbook.yml:

---
- hosts: all
  become: true
  roles:
    - basic

*become: true is for sudo.

running a playbook

directory structure

inventory file can be called anything. Use 'inventory' or 'hosts'

playbook can be called anything 'playbook.yml' or 'deploy.yml' are decent choices.

group_vars dir will apply whatever is in them as if it were specified in the playbook. e.g. group_vars/all, group_vars/database

host_vars dir can have files inside by hostname e.g. host_vars/sputnik.co file with some instructions for that host.

you can have staging and production directories with their own playbooks.

e.g.

staging/
    hosts
    group_vars/...
    host_vars/...
production/
    hosts
    group_vars/...
    host_vars/...
playbook.yml

which could run ansible-playbook -i staging playbook.yml that might have debug turned on etc..

  ansible_tutorial tree
.
├── ansible.cfg
├── hosts
├── playbook.retry
├── playbook.yml
└── roles
    ├── common
       └── tasks
           └── main.yml
    └── dev_env
        ├── meta
           └── main.yml
        ├── tasks
           └── main.yaml
        └── templates
            ├── bash.bashrc
            └── zshrc.j2

ansible vault

Create vault password ansible-vault create vault.yml

encrypting a file ansible-vault encrypt encrypt_me.txt

changing password of encrypted file ansible-vault rekey encrypt_me.txt

creating ansible password file echo 'my_vault_password' > .vault_pass

export ANSIBLE_VAULT_PASSWORD_FILE=./.vault_pass

Replace the contents with the following script:

.vault_pass

#!/usr/bin/env python

import os
print os.environ['VAULT_PASSWORD']

Make the file executable by typing:

chmod +x .vault_pass You can then set and export the VAULT_PASSWORD environment variable, which will be available for your current session:

export VAULT_PASSWORD=my_vault_password

Troubleshooting a playbook

export ANSIBLE_DEBUG=1