288 Ansible Cheatsheet - 1559151848
288 Ansible Cheatsheet - 1559151848
288 Ansible Cheatsheet - 1559151848
Stosh Oldham
stosh@linuxacademy.com
Ansible ad-hoc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Ansible Playbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Ansible Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Ansible Facts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Debugging in Ansible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
• Once the EPEL repository is configured, your package manager installs Ansible and manage depen-
dencies.
• Configuration Files:
• /etc/ansible/ansible.cfg:
• The primary Ansible configuration file.
• Notable configurations include:
• Default inventory configuration.
• Default remote user.
• /etc/ansible/hosts:
• Default Ansible Inventory File.
• An inventory is a list of hosts that Ansible manages.
• Inventory location may be specified as follows:
• Default: /etc/ansible/hosts.
• Specified by CLI: ansible -i <filename>.
• Can be set in ansible.cfg.
• Example Inventory file:
mail.example.com ansible_port=5556 ansible_host=192.168.0.10
[webservers]
httpd1.example.com
httpd2.example.com
[labservers]
lab[01:99]
• The first line defines a host mail.example.com.
• Two variables are affiliated with the host, ansible_port and ansible_host.
• The group’s web servers and lab servers are defined in this example.
• Note the lab servers group has 99 hosts in it that are defined via a pattern.
• The expression lab[01:03] is the same as specifying lab01, lab02, lab03.
• While it is possible to connect to a remote host with Ansible using password authentication
using -k (note lowercase), it is not a common practice as it can incur significant overhead
concerning manual intervention.
1
Ansible Quick Start Linux Academy
• Ansible is best implemented using a common user across all Ansible controlled systems.
• The ssh-keygen and ssh-copy-id command can facilitate creating a pre-shared key for user
authentication.
• /etc/sudoers may be edited to allow your selected user to sudo any command without a pass-
word for the most automated configuration using the line ansible ALL=(ALL) NOPASSWD: ALL.
• It is also possible to prompt for a sudo password at runtime using -K(note uppercase) if desired;
this can become a challenge when executing against many systems.
• A module index is provided at docs.ansible.com that provides detailed information on each mod-
ule.
Ansible ad-hoc
• Ansible ad-hoc commands are analogous to bash commands.
• ping
• setup
• yum "name=\<NAME> state=\<STATE>"
• service "name=\<NAME> state=\<STATE>"
• copy "src=\<SOURCE_PATH> dest=\<ABSOLUTE_DESTINATION_PATH>"
2
Ansible Quick Start Linux Academy
Ansible Playbooks
• Basic Ansible Playbook structure:
• Sample playbook:
- hosts: webservers
become: yes
tasks:
- name: ensure apache is at the latest version
yum:
name: httpd
state: latest
- name: write the apache config file
template:
src: /srv/httpd.j2
dest: /etc/httpd.conf
- hosts: databases
remote_user: root
tasks:
- name: ensure postgresql is at the latest version
yum:
name: postgresql
state: latest
- name: ensure that postgresql is started
service:
name: postgresql
state: started
• The first play installs a package (using the yum module) and creates a configuration file from a
template (using the template module):
3
Ansible Quick Start Linux Academy
• Retry file:
• If a playbook fails, a retry file is generated containing the list of hosts where the play failed
• A file called \<playbook-name>.retry is created upon a playbook failure.
• The file may be specified using --limit with the same playbook to reattempt the playbook at
a later time.
• Plays should be safe to run repeatedly against the same target without ill effect.
Ansible Variables
• Variable names should be letters, numbers, and underscores.
• foobar
• foo_bar
• foo5
• foo-bar
• 1foobar
• foo.bar
• Variables are passed in via the command line using the --extra-vars or -e flag or are defined within
a playbook:
4
Ansible Quick Start Linux Academy
hosts: webservers
become: yes
vars:
target_service: httpd
target_state: started
tasks:
- name: Ensure target service is at target state
service:
name: "{{ target_service }}"
state: "{{ target_state }}"
• It is good practice to wrap variable names or statements containing variable names in weak quotes:
Ansible Facts
• Ansible facts are simply various properties regarding a given remote system.
• The filter parameter takes regex to allow you to prune fact output.
• The keyword gather_facts may be set in a playbook to change fact gathering behavior.
• Facts may be filtered using the setup module ad-hoc by passing a value for the filter parameter.
• Ansible command output may be directed to a file using the --tree outputfile flag which may be
helpful when working with facts.
5
Ansible Quick Start Linux Academy
Debugging in Ansible
• The debug module may be used to help troubleshoot plays:
- debug:
msg: "System {{ inventory_hostname }} has uuid {{ ansible_product_uuid }}"
- hosts: all
tasks:
- shell: cat /etc/motd
register: motd_contents
- shell: echo "motd contains the word hi"
when: motd_contents.stdout.find('hi') != -1
• By only executing certain tasks during a change, plays are more efficient.
• No matter how many times a handler is flagged in a play, it is only ran once during a play’s final
phase.
• Example:
6
Ansible Quick Start Linux Academy
• The calls made in the notify section correspond to handler definitions within the play.
• Example:
handlers:
- name: restart cache service
service:
name: memcached
state: restarted
listen: "restart memcached"
- name: restart web services
service:
name: apache
state: restarted
listen: "restart apache"