Ansible

Links

• https://docs.ansible.com/ansible/playbooks_best_practices.html
• https://docs.ansible.com/ansible/faq.html
• https://docs.ansible.com/
• https://docs.ansible.com/ansible/modules_by_category.html
• http://ryaneschinger.com/blog/securing-a-server-with-ansible/
• http://blog.toast38coza.me/custom-ansible-module-hello-world/

Befehl ausführen

• https://docs.ansible.com/ansible/intro_adhoc.html

  ansible production -m command -a uptime
  ansible testserver -m fetch -a 'src=filepath dest=filename flat=yes'

Debugging

• ansible bruce.home -m debug -a "msg=test"

• Displaying Ansible Facts

- name: Play to get the gathre facts content
  hosts: DEV1
  tasks:
  - name: print ansible_facts
    debug:
     var: ansible_facts["kernal"]

Playbook

• Playbook nur auf einem Host ausfuehren:

ansible-playbook -l hosts playbook.yml
ansible-playbook --limit hosts playbook.yml
ansible-playbook --syntax-check playbook.yml

Roles

• https://stackoverflow.com/questions/22649333/ansible-notify-handlers-in-another-role
• nginx: https://github.com/jdauphant/ansible-role-nginx/blob/master/tasks/configuration.yml

Use su

become: yes
become_user: username
#su: yes
#su_user: username

Vault Secrets

• https://docs.ansible.com/ansible/playbooks_vault.html#decrypting-encrypted-files

ansible-vault encrypt secrets.yaml
ansible-vault decrypt secrets.yaml
EDITOR=vim ansible-vault edit secrets.yml
ansible-playbook playbook.yaml --ask-vault-password
ansible-playbook playbook.yaml --ask-password-file FILES

• Read password from a file or script:

ansible-playbook --vault-password-file /path/to/my/vault-password-file site.yml
ansible-playbook --vault-password-file my-vault-password-client.py

- name: Load Secrets
  include_vars:
    file: secrets.yaml
    name: secrets

Lokal ausführen

ansible-playbook -i "localhost," -c local workstation.yml

User sudo with a password

• ansible-playbook site.yml --ask-sudo-pass

Loops

• https://docs.ansible.com/ansible/playbooks_loops.html

Playbook Examples

Variablen

• https://docs.ansible.com/ansible/playbooks_variables.html

- debug:
  args:
    msg: 'System {{ ansible_distribution_release }}'

ansible host -m setup

• Debug Messages:

name: Ansible check directory exists
stat:
  path: /etc/pihole
register: folderstat
debug:
  msg: "{{ folderstat }}"

• Conditionals:

• set_fact: test=false
  when: folderstat.stat.exists == false

Commandline

• ansible group -m ping
  ansible group -m command -a "sudo touch /tmp/ansible.txt" --ask-sudo-pass

Variables

• Add variables from another file:

- name: Include vm variables
  include_vars:
    file: vars/vms.yml
    name: vms

• Rename variable:

set_fact:
  vm: "{{ vms.all.hosts[fqdn] }}"

Docker

• https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html

- name: Create a data container
  community.docker.docker_container:
    name: mydata
    image: busybox
    volumes:
      - /data