Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:ansible_playbook_downloads [2018/07/01 00:06] billdozor [File Module] |
linux_wiki:ansible_playbook_downloads [2019/06/24 23:41] billdozor [Playbook Downloads] |
||
---|---|---|---|
Line 15: | Line 15: | ||
====== Playbook Downloads ====== | ====== Playbook Downloads ====== | ||
- | ^ Playbook | + | Example Ansible playbooks/roles are maintained |
- | | Playbook1 Name/Download link | Description goes here. | | + | |
---- | ---- | ||
Line 22: | Line 21: | ||
====== Playbook Snippets ====== | ====== Playbook Snippets ====== | ||
- | Snippets of tasks to provide examples of some commonly used Ansible modules in action. | + | Snippets of tasks to provide examples of some Ansible modules in action. |
+ | |||
+ | Most of these snippets are tasks that span multiple documentation sources or were discovered through searches and trial/ | ||
+ | |||
+ | \\ | ||
+ | Ansible Module Index: https:// | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== ACLs ===== | ||
+ | |||
+ | ACL module. | ||
+ | |||
+ | **Examples** | ||
+ | * Set default group permissions for " | ||
+ | acl: | ||
+ | path: "/ | ||
+ | entity: awesome | ||
+ | etype: group | ||
+ | default: yes | ||
+ | permissions: | ||
+ | state: present</ | ||
---- | ---- | ||
Line 31: | Line 51: | ||
**Examples** | **Examples** | ||
- | * Copy a kernel tuning drop in file and load settings if file changes< | + | * Copy a kernel tuning drop in file and load settings if file changes< |
copy: | copy: | ||
src: " | src: " | ||
Line 45: | Line 65: | ||
- name: reload sysctl | - name: reload sysctl | ||
command: sysctl --system</ | command: sysctl --system</ | ||
+ | |||
+ | * Copy autofs config files and restart autofs< | ||
+ | - name: mounts|Copy Master AutoFS Config | ||
+ | copy: | ||
+ | src: " | ||
+ | dest: "/ | ||
+ | owner: root | ||
+ | group: root | ||
+ | mode: 0644 | ||
+ | notify: restart autofs | ||
+ | |||
+ | - name: mounts|Copy AutoFS Direct Maps | ||
+ | copy: | ||
+ | src: " | ||
+ | dest: "/ | ||
+ | owner: root | ||
+ | group: root | ||
+ | mode: 0644 | ||
+ | notify: restart autofs | ||
+ | | ||
+ | # Handler file for autofs (../ | ||
+ | ##-- Service Restarts --## | ||
+ | # AutoFS Service | ||
+ | - name: restart autofs | ||
+ | service: | ||
+ | name: autofs | ||
+ | state: restarted</ | ||
---- | ---- | ||
Line 53: | Line 100: | ||
**Examples** | **Examples** | ||
- | * Recursively remove a list of directories< | + | * Recursively remove a list of directories< |
file: | file: | ||
path: "{{ item }}" | path: "{{ item }}" | ||
Line 62: | Line 109: | ||
- "/ | - "/ | ||
- | * Recursively set ownership to myappdaemon: | + | * Recursively set ownership to myappdaemon: |
file: | file: | ||
path: "/ | path: "/ | ||
Line 69: | Line 116: | ||
recurse: yes</ | recurse: yes</ | ||
| | ||
- | * Set ownership of all /data* directories for myappdaemon: | + | * Set ownership of all /data* directories for myappdaemon: |
- name: my_description|Info Gather find all Data dirs | - name: my_description|Info Gather find all Data dirs | ||
find: | find: | ||
Line 96: | Line 143: | ||
**Examples** | **Examples** | ||
- | * Ensure a certain mount point exists< | + | * Ensure a certain mount point exists< |
- name: pre_reqs|Info gather on /data1 | - name: pre_reqs|Info gather on /data1 | ||
command: mountpoint -q /data1 | command: mountpoint -q /data1 | ||
Line 109: | Line 156: | ||
when: mount_stat.rc != 0</ | when: mount_stat.rc != 0</ | ||
- | * Check for a specific configured network interface< | + | * Check for a specific configured network interface< |
- name: pre-reqs|Info gather on Storage Network (172.16.1.0/ | - name: pre-reqs|Info gather on Storage Network (172.16.1.0/ | ||
shell: ip address show | grep 172.16.1. | shell: ip address show | grep 172.16.1. | ||
Line 122: | Line 169: | ||
when: storage_network.rc != 0</ | when: storage_network.rc != 0</ | ||
- | * Check for the existence of a certain package, stop service if so< | + | * Check for the existence of a certain package, stop service if so< |
shell: rpm -q myapp | shell: rpm -q myapp | ||
register: myapp_rpm_exists | register: myapp_rpm_exists | ||
Line 140: | Line 187: | ||
---- | ---- | ||
- | ===== When Conditional | + | ===== Python: Install Pip ===== |
- | Only execute certain tasks under certain conditions. | + | One method of installing pip into a Python environment. |
+ | |||
+ | <code yaml># Check to see if pip exists, store answer in " | ||
+ | - name: software|Check for pip | ||
+ | stat: | ||
+ | path: "/ | ||
+ | register: pip_path | ||
+ | |||
+ | # Copy pip script to system if pip did not exist | ||
+ | - name: software|No Pip - Copy get-pip.py for pip install | ||
+ | copy: | ||
+ | src: " | ||
+ | dest: "/ | ||
+ | when: pip_path.stat.exists == False | ||
+ | |||
+ | # Install pip into Python site packages if pip did not exist | ||
+ | - name: software|No Pip - Install pip using Python (/ | ||
+ | command: "/ | ||
+ | when: pip_path.stat.exists == False | ||
+ | |||
+ | # Remove get-pip.py if pip did not exist before | ||
+ | - name: software|No Pip - Remove get-pip.py | ||
+ | file: | ||
+ | path: "/ | ||
+ | state: absent | ||
+ | when: pip_path.stat.exists == False</ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Python: Install Packages ===== | ||
+ | |||
+ | Installing Python packages via pip. | ||
+ | * Install virtualenv< | ||
+ | - name: software|Install virtualenv python package via pip | ||
+ | pip: | ||
+ | executable: "/ | ||
+ | name: " | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Remote Scripts ===== | ||
+ | |||
+ | Running remote scripts and capturing results. | ||
**Examples** | **Examples** | ||
- | * Do not execute any of the imported " | + | * Copy a script to the remote system |
- | | + | - name: script|Copy Calcuation Script to System |
- | | + | |
- | - inventory_hostname != "server02"</ | + | |
+ | | ||
+ | owner: | ||
+ | group: "{{ app_group }}" | ||
+ | mode: 0700 | ||
+ | tags: calc_resources | ||
- | * Execute a task if a host is in the "special" | + | # Run calculcation script - Mark as changed |
- | | + | - name: script|Run Resource Calcuation Script |
+ | become: yes | ||
+ | become_method: | ||
+ | become_user: | ||
+ | environment: | ||
+ | LOCAL_ENV_VAR_NEEDED_IN_SCRIPT: | ||
+ | command: "/ | ||
+ | | ||
+ | changed_when: | ||
+ | tags: calc_resources | ||
- | | + | # Uncomment debug to see variable contents of ' |
- | | + | - debug: |
- | + | var: resource_calc_result | |
- | * Execute | + | tags: calc_resources</ |
- | - name: my_service|Enable and Start Service (EL7) | + | |
- | | + | ---- |
- | | + | |
- | | + | ===== SSH Keys ===== |
- | state: | + | |
- | | + | Manipulating SSH keys on remote hosts. |
- | when: ansible_distribution_major_version | + | |
+ | **Examples** | ||
+ | | ||
+ | | ||
+ | user: "{{ app_user }}" | ||
+ | state: present | ||
+ | key: "{{ item }}" | ||
+ | with_file: | ||
+ | - " | ||
+ | |||
+ | * Generate | ||
+ | user: | ||
+ | name: "{{ app_user }}" | ||
+ | generate_ssh_key: | ||
+ | ssh_key_bits: | ||
+ | |||
+ | * Fetch a remote SSH public key, save to the local Ansible system, then add that now local key to the remote system< | ||
+ | - name: ssh-access|Fetching remote ssh public key | ||
+ | | ||
+ | | ||
+ | | ||
+ | flat: yes | ||
+ | |||
+ | # Add fetched key to authorized_keys | ||
+ | - name: ssh-access|Add Local SSH Key to authorized_keys | ||
+ | authorized_key: | ||
+ | user: "{{ app_user }}" | ||
+ | state: | ||
+ | | ||
+ | |||
+ | * Add a list of system names to a remote system' | ||
+ | - name: ssh-access|Check to see if host name is in known_hosts | ||
+ | shell: " | ||
+ | with_items: | ||
+ | - " | ||
+ | - " | ||
+ | - "{{ ansible_nodename|lower }}" | ||
+ | - "{{ ansible_hostname|lower }}" | ||
+ | register: ssh_known_host_results | ||
+ | changed_when: | ||
+ | ignore_errors: yes | ||
+ | |||
+ | # Uncomment debug to see stored object | ||
+ | - debug: | ||
+ | var: ssh_known_host_results | ||
+ | |||
+ | # If the saved results from above do not contain output, add the host to known_hosts | ||
+ | - name: ssh-access|Scan public keys (add to known_hosts) | ||
+ | shell: " | ||
+ | when: item.stdout | ||
+ | with_items: "{{ ssh_known_host_results.results }}" | ||
+ | |||
+ | # Ensure known_hosts is owned by app user and group | ||
+ | - name: ssh-access|Ensure known_hosts is owned by the application user | ||
+ | file: | ||
+ | path: "/ | ||
+ | state: file | ||
+ | owner: "{{ app_user }}" | ||
+ | group: "{{ app_group }}" | ||
+ | mode: 0644</ | ||
---- | ---- | ||
Line 171: | Line 333: | ||
Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed. | Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed. | ||
- | < | + | < |
- name: my_app|MyApp tarball copy | - name: my_app|MyApp tarball copy | ||
copy: | copy: | ||
Line 198: | Line 360: | ||
**Examples** | **Examples** | ||
- | * Add a list of users to a local group.< | + | * Add a list of users to a local group.< |
- name: my_description|Add users to the local awesome group | - name: my_description|Add users to the local awesome group | ||
user: | user: | ||
Line 212: | Line 374: | ||
- vader | - vader | ||
- rjones</ | - rjones</ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== When Conditional ===== | ||
+ | |||
+ | Only execute certain tasks under certain conditions. | ||
+ | |||
+ | **Examples** | ||
+ | * Do not execute any of the imported " | ||
+ | when: | ||
+ | - inventory_hostname != " | ||
+ | - inventory_hostname != " | ||
+ | |||
+ | * Execute a task if a host is in the " | ||
+ | when: inventory_hostname in groups.special</ | ||
+ | |||
+ | * Execute a task if a host is NOT in the " | ||
+ | when: inventory_hostname not in groups.special</ | ||
+ | | ||
+ | * Execute a task if the distribution major version is 7 (EL 7)<code yaml># Enable and start service (EL7) | ||
+ | - name: my_service|Enable and Start Service (EL7) | ||
+ | systemd: | ||
+ | name: myservice | ||
+ | enabled: yes | ||
+ | state: started | ||
+ | daemon_reload: | ||
+ | when: ansible_distribution_major_version == " | ||
+ | |||
+ | * Execute a task when an inventory group_var variable matches< | ||
+ | when: env == " | ||
---- | ---- | ||
Line 220: | Line 412: | ||
**Examples** | **Examples** | ||
- | * Apache Cassandra< | + | * Apache Cassandra< |
- name: cassandra|Add Repo | - name: cassandra|Add Repo | ||
yum_repository: | yum_repository: | ||
Line 226: | Line 418: | ||
description: | description: | ||
baseurl: https:// | baseurl: https:// | ||
- | enabled: | + | enabled: |
gpgcheck: yes | gpgcheck: yes | ||
repo_gpgcheck: | repo_gpgcheck: |