Differences

This shows you the differences between two versions of the page.

--- linux_wiki:ansible_playbook_downloads [2018/07/01 00:09]
billdozor [ACLs]
+++ linux_wiki:ansible_playbook_downloads [2019/05/25 23:50]
127.0.0.1 external edit
@@ Line 22: / Line 22: @@
 ====== Playbook Snippets ======
-Snippets of tasks to provide examples of some commonly used Ansible modules in action.
+Snippets of tasks to provide examples of some Ansible modules in action.
+Most of these snippets are tasks that span multiple documentation sources or were discovered through searches and trial/error.
+\\
+Ansible Module Index: https://docs.ansible.com/ansible/2.4/modules_by_category.html
 ----
@@ Line 31: / Line 36: @@
 **Examples**
-  * Set default group permissions for "awesome" group. (so any files created in the directory will get those group permissions)<code bash>- name: my_description|ACL of MyApp log dir
+  * Set default group permissions for "awesome" group. (so any files created in the directory will get those group permissions)<code yaml>- name: my_description|ACL of MyApp config dir
   acl:
-    path: "/var/log/myapp"
+    path: "/etc/myapp"
     entity: awesome
     etype: group
@@ Line 47: / Line 52: @@
 **Examples**
-  * Copy a kernel tuning drop in file and load settings if file changes<code bash>- name: tuning|MyApp kernel tuning
+  * Copy a kernel tuning drop in file and load settings if file changes<code yaml>- name: tuning|MyApp kernel tuning
   copy:
     src: "sysctl_myapp_{{env}}"
@@ Line 61: / Line 66: @@
 - name: reload sysctl
   command: sysctl --system</code>
+  * Copy autofs config files and restart autofs<code yaml># AutoFS: Config files
+- name: mounts|Copy Master AutoFS Config
+  copy:
+    src: "autofs_auto.master"
+    dest: "/etc/auto.master.d/master-configs.autofs"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart autofs
+- name: mounts|Copy AutoFS Direct Maps
+  copy:
+    src: "autofs_auto.direct-maps"
+    dest: "/etc/auto.direct-maps"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart autofs
+# Handler file for autofs (../handlers/main.yml)
+##-- Service Restarts --##
+# AutoFS Service
+- name: restart autofs
+  service:
+    name: autofs
+    state: restarted</code>
 ----
@@ Line 69: / Line 101: @@
 **Examples**
-  * Recursively remove a list of directories<code bash>- name: my_app|Remove MyApp directories
+  * Recursively remove a list of directories<code yaml>- name: my_app|Remove MyApp directories
   file:
     path: "{{ item }}"
@@ Line 78: / Line 110: @@
     - "/usr/local/lib/myapp/"</code>
-  * Recursively set ownership to myappdaemon:awesome<code bash>- name: my_description|Ownership of MyApp Log dir
+  * Recursively set ownership to myappdaemon:awesome<code yaml>- name: my_description|Ownership of MyApp Log dir
   file:
     path: "/var/log/myapp"
@@ Line 85: / Line 117: @@
     recurse: yes</code>
-  * Set ownership of all /data* directories for myappdaemon:awesome<code bash># Find all /data* directories
+  * Set ownership of all /data* directories for myappdaemon:awesome<code yaml># Find all /data* directories
 - name: my_description|Info Gather find all Data dirs
   find:
@@ Line 112: / Line 144: @@
 **Examples**
-  * Ensure a certain mount point exists<code bash># Info gather for /data1 to see if its a mountpoint
+  * Ensure a certain mount point exists<code yaml># Info gather for /data1 to see if its a mountpoint
 - name: pre_reqs|Info gather on /data1
   command: mountpoint -q /data1
@@ Line 125: / Line 157: @@
   when: mount_stat.rc != 0</code>
-  * Check for a specific configured network interface<code bash># Info gather for all ip addresses to ensure storage network is setup
+  * Check for a specific configured network interface<code yaml># Info gather for all ip addresses to ensure storage network is setup
 - name: pre-reqs|Info gather on Storage Network (172.16.1.0/24)
   shell: ip address show | grep 172.16.1.
@@ Line 138: / Line 170: @@
   when: storage_network.rc != 0</code>
-  * Check for the existence of a certain package, stop service if so<code bash>- name: my_app|Check for myapp RPM
+  * Check for the existence of a certain package, stop service if so<code yaml>- name: my_app|Check for myapp RPM
   shell: rpm -q myapp
   register: myapp_rpm_exists
@@ Line 156: / Line 188: @@
 ----
-===== When Conditional =====
+===== Python: Install Pip =====
-Only execute certain tasks under certain conditions.
+One method of installing pip into a Python environment.
+<code yaml># Check to see if pip exists, store answer in "pip_path"
+- name: software|Check for pip
+  stat:
+    path: "/usr/bin/pip"
+  register: pip_path
+# Copy pip script to system if pip did not exist
+- name: software|No Pip - Copy get-pip.py for pip install
+  copy:
+    src: "python_get-pip.py"
+    dest: "/root/get-pip.py"
+  when: pip_path.stat.exists == False
+# Install pip into Python site packages if pip did not exist
+- name: software|No Pip - Install pip using Python (/usr/bin/python)
+  command: "/usr/bin/python /root/get-pip.py"
+  when: pip_path.stat.exists == False
+# Remove get-pip.py if pip did not exist before
+- name: software|No Pip - Remove get-pip.py
+  file:
+    path: "/root/get-pip.py"
+    state: absent
+  when: pip_path.stat.exists == False</code>
+----
+===== Python: Install Packages =====
+Installing Python packages via pip.
+  * Install virtualenv<code yaml># Install virtualenv python package
+- name: software|Install virtualenv python package via pip
+  pip:
+    executable: "/usr/bin/pip"
+    name: "virtualenv"</code>
+----
+===== Remote Scripts =====
+Running remote scripts and capturing results.
 **Examples**
-  * Do not execute any of the imported "mytasks.yml" if host is "server01" or "server02"<code bash>- import_tasks: mytasks.yml
+  * Copy a script to the remote system if it is different. Run the script as the app user and record as changed if the script outputs the string "Modified".<code yaml># Copy calculation script to system
-  when:
+- name: script|Copy Calcuation Script to System
-    - inventory_hostname != "server01"
+  copy:
-    - inventory_hostname != "server02"</code>
+    src: "calc-resources.py"
+    dest: "/home/{{ app_user }}/bin/calc-resources.py"
+    owner: "{{ app_user }}"
+    group: "{{ app_group }}"
+    mode: 0700
+  tags: calc_resources
-  * Execute a task if a host is in the "special" inventory group<code bash>- import_tasks: mytasks.yml
+# Run calculcation script - Mark as changed if std out contains 'Modified'
-  when: inventory_hostname in groups.special</code>
+- name: script|Run Resource Calcuation Script
+  become: yes
+  become_method: su
+  become_user: "{{ app_user }}"
+  environment:
+    LOCAL_ENV_VAR_NEEDED_IN_SCRIPT: "/home/{{ app_user }}/bin/myapp/"
+  command: "/home/{{ app_user }}/bin/calc-resources.py"
+  register: resource_calc_result
+  changed_when: "'Modified' in resource_calc_result.stdout"
+  tags: calc_resources
-  * Execute a task if a host is NOT in the "special" inventory group<code bash>- import_tasks: mytasks.yml
+# Uncomment debug to see variable contents of 'resource_calc_result'
-  when: inventory_hostname not in groups.special</code>
+- debug:
+    var: resource_calc_result
-  * Execute a task if the distribution major version is 7 (EL 7)<code bash># Enable and start service (EL7)
+  tags: calc_resources</code>
-- name: my_service|Enable and Start Service (EL7)
-  systemd:
+----
-    name: myservice
-    enabled: yes
+===== SSH Keys =====
-    state: started
-    daemon_reload: yes
+Manipulating SSH keys on remote hosts.
-  when: ansible_distribution_major_version == "7"</code>
+**Examples**
+  * Add a public key to a user's authorized_keys<code yaml>- name: ssh-access|Copy a public key to a remote users authorized_keys
+  authorized_key:
+    user: "{{ app_user }}"
+    state: present
+    key: "{{ item }}"
+  with_file:
+    - "ssh_{{ app_user }}-id-rsa.pub"</code>
+  * Generate a SSH Key Pair (public/private) for a user<code yaml>- name: ssh-access|SSH Key Generation for App User
+  user:
+    name: "{{ app_user }}"
+    generate_ssh_key: yes
+    ssh_key_bits: 2048</code>
+  * Fetch a remote SSH public key, save to the local Ansible system, then add that now local key to the remote system<code yaml># Fetch remote ssh public key
+- name: ssh-access|Fetching remote ssh public key
+  fetch:
+    src: "/home/{{ app_user }}/.ssh/id_rsa.pub"
+    dest: "/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey"
+    flat: yes
+# Add fetched key to authorized_keys
+- name: ssh-access|Add Local SSH Key to authorized_keys
+  authorized_key:
+    user: "{{ app_user }}"
+    state: present
+    key: "{{ lookup('file', '/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey') }}"</code>
+  * Add a list of system names to a remote system's SSH known_hosts (so there is no fingerprint accept prompt<code yaml># Check each item to see if its in known_hosts, save results to register variable
+- name: ssh-access|Check to see if host name is in known_hosts
+  shell: "ssh-keygen -f /home/{{ app_user }}/.ssh/known_hosts -F {{ item }}"
+  with_items:
+    - "localhost"
+    - "127.0.0.1"
+    - "{{ ansible_nodename|lower }}"
+    - "{{ ansible_hostname|lower }}"
+  register: ssh_known_host_results
+  changed_when: false
+  ignore_errors: yes
+# Uncomment debug to see stored object
+- debug:
+    var: ssh_known_host_results
+# If the saved results from above do not contain output, add the host to known_hosts
+- name: ssh-access|Scan public keys (add to known_hosts)
+  shell: "ssh-keyscan {{ item.item }} >> /home/{{ app_user }}/.ssh/known_hosts"
+  when: item.stdout == ""
+  with_items: "{{ ssh_known_host_results.results }}"
+# Ensure known_hosts is owned by app user and group
+- name: ssh-access|Ensure known_hosts is owned by the application user
+  file:
+    path: "/home/{{ app_user }}/.ssh/known_hosts"
+    state: file
+    owner: "{{ app_user }}"
+    group: "{{ app_group }}"
+    mode: 0644</code>
 ----
@@ Line 187: / Line 334: @@
 Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed.
-<code bash># Copy myapp tarball if source is newer
+<code yaml># Copy myapp tarball if source is newer
 - name: my_app|MyApp tarball copy
   copy:
@@ Line 214: / Line 361: @@
 **Examples**
-  * Add a list of users to a local group.<code bash># Local "awesome" group
+  * Add a list of users to a local group.<code yaml># Local "awesome" group
 - name: my_description|Add users to the local awesome group
   user:
@@ Line 228: / Line 375: @@
   - vader
   - rjones</code>
+----
+===== When Conditional =====
+Only execute certain tasks under certain conditions.
+**Examples**
+  * Do not execute any of the imported "mytasks.yml" if host is "server01" or "server02"<code yaml>- import_tasks: mytasks.yml
+  when:
+    - inventory_hostname != "server01"
+    - inventory_hostname != "server02"</code>
+  * Execute a task if a host is in the "special" inventory group<code yaml>- import_tasks: mytasks.yml
+  when: inventory_hostname in groups.special</code>
+  * Execute a task if a host is NOT in the "special" inventory group<code yaml>- import_tasks: mytasks.yml
+  when: inventory_hostname not in groups.special</code>
+  * Execute a task if the distribution major version is 7 (EL 7)<code yaml># Enable and start service (EL7)
+- name: my_service|Enable and Start Service (EL7)
+  systemd:
+    name: myservice
+    enabled: yes
+    state: started
+    daemon_reload: yes
+  when: ansible_distribution_major_version == "7"</code>
+  * Execute a task when an inventory group_var variable matches<code yaml>- import_tasks: mytasks.yml
+  when: env == "prod"</code>
 ----
@@ Line 236: / Line 413: @@
 **Examples**
-  * Apache Cassandra<code bash># Apache Cassandra Repo
+  * Apache Cassandra<code yaml># Apache Cassandra Repo
 - name: cassandra|Add Repo
   yum_repository:
@@ Line 242: / Line 419: @@
     description: Apache Cassandra
     baseurl: https://www.apache.org/dist/cassandra/redhat/311x/
-    enabled: no
+    enabled: yes
     gpgcheck: yes
     repo_gpgcheck: yes