General Information
This page will contain Ansible playbook/role downloads.
In order to install/configure Ansible, see this page first.
Checklist
Example Ansible playbooks/roles are maintained here: https://gitlab.com/whowe/ansible
Snippets of tasks to provide examples of some Ansible modules in action.
Most of these snippets are tasks that span multiple documentation sources or were discovered through searches and trial/error.
Ansible Module Index: https://docs.ansible.com/ansible/2.4/modules_by_category.html
ACL module.
Examples
- name: my_description|ACL of MyApp config dir acl: path: "/etc/myapp" entity: awesome etype: group default: yes permissions: rw state: present
Copy module examples.
Examples
- name: tuning|MyApp kernel tuning copy: src: "sysctl_myapp_{{env}}" dest: "/etc/sysctl.d/55-myapp.conf" owner: root group: root mode: 0600 notify: reload sysctl # Handler file contents (../handlers/main.yml) ##-- Service Reloads --## # Sysctl reload - name: reload sysctl command: sysctl --system
# AutoFS: Config files - name: mounts|Copy Master AutoFS Config copy: src: "autofs_auto.master" dest: "/etc/auto.master.d/master-configs.autofs" owner: root group: root mode: 0644 notify: restart autofs - name: mounts|Copy AutoFS Direct Maps copy: src: "autofs_auto.direct-maps" dest: "/etc/auto.direct-maps" owner: root group: root mode: 0644 notify: restart autofs # Handler file for autofs (../handlers/main.yml) ##-- Service Restarts --## # AutoFS Service - name: restart autofs service: name: autofs state: restarted
Some file module examples.
Examples
- name: my_app|Remove MyApp directories file: path: "{{ item }}" state: absent with_items: - "/opt/MyApp/" - "/var/log/myapp/" - "/usr/local/lib/myapp/"
- name: my_description|Ownership of MyApp Log dir file: path: "/var/log/myapp" owner: myappdaemon group: awesome recurse: yes
# Find all /data* directories - name: my_description|Info Gather find all Data dirs find: paths: "/" patterns: 'data*' recurse: no file_type: directory register: dirs_data # Set ownership of all /data* directories - name: my_description|Ownership of Data dirs file: path: "{{item.path}}" owner: myappdaemon group: awesome recurse: no with_items: "{{dirs_data.files}}"
Using a combination of the command module, registering variables, and the fail module, any command can be checked for a certain return code.
This can be useful for pre-req checks.
Examples
# Info gather for /data1 to see if its a mountpoint - name: pre_reqs|Info gather on /data1 command: mountpoint -q /data1 register: mount_stat failed_when: False changed_when: False # Exit playbook if /data1 is not a configured mountpoint - name: pre_regs|Exit if /data1 is NOT a mountpoint fail: msg: "/data1 is not a mountpoint! Exiting." when: mount_stat.rc != 0
# Info gather for all ip addresses to ensure storage network is setup - name: pre-reqs|Info gather on Storage Network (172.16.1.0/24) shell: ip address show | grep 172.16.1. register: storage_network failed_when: False changed_when: False # Exit playbook if Storage Network interface is not configured - name: pre-reqs|Exit if Storage Network (172.16.1.0/24) interface not found fail: msg: "Storage Network (172.16.1.0/24) interface not found! Exiting." when: storage_network.rc != 0
- name: my_app|Check for myapp RPM shell: rpm -q myapp register: myapp_rpm_exists changed_when: False failed_when: False # EL7: Stop service if RPM exists - name: my_app|Stop service (EL7 if RPM exists) systemd: name: myapp state: stopped when: - myapp_rpm_exists.rc == 0 - ansible_distribution_major_version == "7"
One method of installing pip into a Python environment.
# Check to see if pip exists, store answer in "pip_path" - name: software|Check for pip stat: path: "/usr/bin/pip" register: pip_path # Copy pip script to system if pip did not exist - name: software|No Pip - Copy get-pip.py for pip install copy: src: "python_get-pip.py" dest: "/root/get-pip.py" when: pip_path.stat.exists == False # Install pip into Python site packages if pip did not exist - name: software|No Pip - Install pip using Python (/usr/bin/python) command: "/usr/bin/python /root/get-pip.py" when: pip_path.stat.exists == False # Remove get-pip.py if pip did not exist before - name: software|No Pip - Remove get-pip.py file: path: "/root/get-pip.py" state: absent when: pip_path.stat.exists == False
Installing Python packages via pip.
# Install virtualenv python package - name: software|Install virtualenv python package via pip pip: executable: "/usr/bin/pip" name: "virtualenv"
Running remote scripts and capturing results.
Examples
# Copy calculation script to system - name: script|Copy Calcuation Script to System copy: src: "calc-resources.py" dest: "/home/{{ app_user }}/bin/calc-resources.py" owner: "{{ app_user }}" group: "{{ app_group }}" mode: 0700 tags: calc_resources # Run calculcation script - Mark as changed if std out contains 'Modified' - name: script|Run Resource Calcuation Script become: yes become_method: su become_user: "{{ app_user }}" environment: LOCAL_ENV_VAR_NEEDED_IN_SCRIPT: "/home/{{ app_user }}/bin/myapp/" command: "/home/{{ app_user }}/bin/calc-resources.py" register: resource_calc_result changed_when: "'Modified' in resource_calc_result.stdout" tags: calc_resources # Uncomment debug to see variable contents of 'resource_calc_result' - debug: var: resource_calc_result tags: calc_resources
Manipulating SSH keys on remote hosts.
Examples
- name: ssh-access|Copy a public key to a remote users authorized_keys authorized_key: user: "{{ app_user }}" state: present key: "{{ item }}" with_file: - "ssh_{{ app_user }}-id-rsa.pub"
- name: ssh-access|SSH Key Generation for App User user: name: "{{ app_user }}" generate_ssh_key: yes ssh_key_bits: 2048
# Fetch remote ssh public key - name: ssh-access|Fetching remote ssh public key fetch: src: "/home/{{ app_user }}/.ssh/id_rsa.pub" dest: "/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey" flat: yes # Add fetched key to authorized_keys - name: ssh-access|Add Local SSH Key to authorized_keys authorized_key: user: "{{ app_user }}" state: present key: "{{ lookup('file', '/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey') }}"
# Check each item to see if its in known_hosts, save results to register variable - name: ssh-access|Check to see if host name is in known_hosts shell: "ssh-keygen -f /home/{{ app_user }}/.ssh/known_hosts -F {{ item }}" with_items: - "localhost" - "127.0.0.1" - "{{ ansible_nodename|lower }}" - "{{ ansible_hostname|lower }}" register: ssh_known_host_results changed_when: false ignore_errors: yes # Uncomment debug to see stored object - debug: var: ssh_known_host_results # If the saved results from above do not contain output, add the host to known_hosts - name: ssh-access|Scan public keys (add to known_hosts) shell: "ssh-keyscan {{ item.item }} >> /home/{{ app_user }}/.ssh/known_hosts" when: item.stdout == "" with_items: "{{ ssh_known_host_results.results }}" # Ensure known_hosts is owned by app user and group - name: ssh-access|Ensure known_hosts is owned by the application user file: path: "/home/{{ app_user }}/.ssh/known_hosts" state: file owner: "{{ app_user }}" group: "{{ app_group }}" mode: 0644
Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed.
# Copy myapp tarball if source is newer - name: my_app|MyApp tarball copy copy: src: "myapp_current.tar" dest: "/var/opt/myapp/" owner: root group: root mode: 0755 follow: yes register: myapp_new_archive # Unarchive tarball on remote system if it was changed - name: my_app|MyApp tarball unarchive if newer unarchive: src: "/var/opt/myapp/myapp_current.tar" dest: "/var/opt/myapp/" copy: no when: - myapp_new_archive is changed
The user module.
Examples
# Local "awesome" group - name: my_description|Add users to the local awesome group user: name: "{{item}}" groups: awesome append: yes with_items: "{{awesome_users}}" # Variable file (../vars/main.yml) # Awesome Group Users awesome_users: - yoda - vader - rjones
Only execute certain tasks under certain conditions.
Examples
- import_tasks: mytasks.yml when: - inventory_hostname != "server01" - inventory_hostname != "server02"
- import_tasks: mytasks.yml when: inventory_hostname in groups.special
- import_tasks: mytasks.yml when: inventory_hostname not in groups.special
# Enable and start service (EL7) - name: my_service|Enable and Start Service (EL7) systemd: name: myservice enabled: yes state: started daemon_reload: yes when: ansible_distribution_major_version == "7"
- import_tasks: mytasks.yml when: env == "prod"
Adding a yum repo with the yum_repository module.
Examples
# Apache Cassandra Repo - name: cassandra|Add Repo yum_repository: name: cassandra description: Apache Cassandra baseurl: https://www.apache.org/dist/cassandra/redhat/311x/ enabled: yes gpgcheck: yes repo_gpgcheck: yes gpgkey: https://www.apache.org/dist/cassandra/KEYS