linux_wiki:ansible_playbook_downloads

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
linux_wiki:ansible_playbook_downloads [2018/07/01 00:32]
billdozor [Python: Install Pip] 		linux_wiki:ansible_playbook_downloads [2019/05/25 23:50]
127.0.0.1 external edit
Line 22: Line 22:
 ====== Playbook Snippets ====== ====== Playbook Snippets ======
  
-Snippets of tasks to provide examples of some commonly used Ansible modules in action.+Snippets of tasks to provide examples of some Ansible modules in action
 + 
 +Most of these snippets are tasks that span multiple documentation sources or were discovered through searches and trial/error.
  
 \\ \\
Line 34: Line 36:
  
 **Examples** **Examples**
-  * Set default group permissions for "awesome" group. (so any files created in the directory will get those group permissions)<code bash>- name: my_description|ACL of MyApp config dir+  * Set default group permissions for "awesome" group. (so any files created in the directory will get those group permissions)<code yaml>- name: my_description|ACL of MyApp config dir
   acl:   acl:
     path: "/etc/myapp"     path: "/etc/myapp"
Line 50: Line 52:
  
 **Examples** **Examples**
-  * Copy a kernel tuning drop in file and load settings if file changes<code bash>- name: tuning|MyApp kernel tuning+  * Copy a kernel tuning drop in file and load settings if file changes<code yaml>- name: tuning|MyApp kernel tuning
   copy:   copy:
     src: "sysctl_myapp_{{env}}"     src: "sysctl_myapp_{{env}}"
Line 65: Line 67:
   command: sysctl --system</code>   command: sysctl --system</code>
  
-  * Copy autofs config files and restart autofs<code bash># AutoFS: Config files+  * Copy autofs config files and restart autofs<code yaml># AutoFS: Config files
 - name: mounts|Copy Master AutoFS Config - name: mounts|Copy Master AutoFS Config
   copy:   copy:
Line 99: Line 101:
  
 **Examples** **Examples**
-  * Recursively remove a list of directories<code bash>- name: my_app|Remove MyApp directories+  * Recursively remove a list of directories<code yaml>- name: my_app|Remove MyApp directories
   file:   file:
     path: "{{ item }}"     path: "{{ item }}"
Line 108: Line 110:
     - "/usr/local/lib/myapp/"</code>     - "/usr/local/lib/myapp/"</code>
  
-  * Recursively set ownership to myappdaemon:awesome<code bash>- name: my_description|Ownership of MyApp Log dir+  * Recursively set ownership to myappdaemon:awesome<code yaml>- name: my_description|Ownership of MyApp Log dir
   file:   file:
     path: "/var/log/myapp"     path: "/var/log/myapp"
Line 115: Line 117:
     recurse: yes</code>     recurse: yes</code>
          
-  * Set ownership of all /data* directories for myappdaemon:awesome<code bash># Find all /data* directories+  * Set ownership of all /data* directories for myappdaemon:awesome<code yaml># Find all /data* directories
 - name: my_description|Info Gather find all Data dirs - name: my_description|Info Gather find all Data dirs
   find:   find:
Line 142: Line 144:
  
 **Examples** **Examples**
-  * Ensure a certain mount point exists<code bash># Info gather for /data1 to see if its a mountpoint+  * Ensure a certain mount point exists<code yaml># Info gather for /data1 to see if its a mountpoint
 - name: pre_reqs|Info gather on /data1 - name: pre_reqs|Info gather on /data1
   command: mountpoint -q /data1   command: mountpoint -q /data1
Line 155: Line 157:
   when: mount_stat.rc != 0</code>   when: mount_stat.rc != 0</code>
  
-  * Check for a specific configured network interface<code bash># Info gather for all ip addresses to ensure storage network is setup+  * Check for a specific configured network interface<code yaml># Info gather for all ip addresses to ensure storage network is setup
 - name: pre-reqs|Info gather on Storage Network (172.16.1.0/24) - name: pre-reqs|Info gather on Storage Network (172.16.1.0/24)
   shell: ip address show | grep 172.16.1.   shell: ip address show | grep 172.16.1.
Line 168: Line 170:
   when: storage_network.rc != 0</code>   when: storage_network.rc != 0</code>
  
-  * Check for the existence of a certain package, stop service if so<code bash>- name: my_app|Check for myapp RPM+  * Check for the existence of a certain package, stop service if so<code yaml>- name: my_app|Check for myapp RPM
   shell: rpm -q myapp   shell: rpm -q myapp
   register: myapp_rpm_exists   register: myapp_rpm_exists
Line 190: Line 192:
 One method of installing pip into a Python environment. One method of installing pip into a Python environment.
  
-<code bash># Check to see if pip exists, store answer in "pip_path"+<code yaml># Check to see if pip exists, store answer in "pip_path"
 - name: software|Check for pip - name: software|Check for pip
   stat:   stat:
Line 220: Line 222:
  
 Installing Python packages via pip. Installing Python packages via pip.
-  * Install virtualenv<code bash># Install virtualenv python library +  * Install virtualenv<code yaml># Install virtualenv python package 
-- name: software|Install virtualenv python library via pip+- name: software|Install virtualenv python package via pip
   pip:   pip:
     executable: "/usr/bin/pip"     executable: "/usr/bin/pip"
Line 228: Line 230:
 ---- ----
  
-===== When Conditional =====+===== Remote Scripts =====
  
-Only execute certain tasks under certain conditions.+Running remote scripts and capturing results.
  
 **Examples** **Examples**
-  * Do not execute any of the imported "mytasks.yml" if host is "server01" or "server02"<code bash>- import_tasksmytasks.yml +  * Copy a script to the remote system if it is different. Run the script as the app user and record as changed if the script outputs the string "Modified".<code yaml># Copy calculation script to system 
-  when+namescript|Copy Calcuation Script to System 
-    - inventory_hostname != "server01+  copy
-    - inventory_hostname != "server02"</code>+    src: "calc-resources.py
 +    dest: "/home/{{ app_user }}/bin/calc-resources.py" 
 +    owner: "{{ app_user }}" 
 +    group: "{{ app_group }}" 
 +    mode: 0700 
 +  tags: calc_resources
  
-  * Execute a task if a host is in the "specialinventory group<code bash>- import_tasksmytasks.yml +# Run calculcation script - Mark as changed if std out contains 'Modified' 
-  wheninventory_hostname in groups.special</code>+- name: script|Run Resource Calcuation Script 
 +  become: yes 
 +  become_method: su 
 +  become_user: "{{ app_user }}" 
 +  environment: 
 +    LOCAL_ENV_VAR_NEEDED_IN_SCRIPT: "/home/{{ app_user }}/bin/myapp/" 
 +  command: "/home/{{ app_user }}/bin/calc-resources.py" 
 +  registerresource_calc_result 
 +  changed_when: "'Modified' in resource_calc_result.stdout" 
 +  tags: calc_resources
  
-  * Execute a task if a host is NOT in the "special" inventory group<code bash>- import_tasks: mytasks.yml +Uncomment debug to see variable contents of 'resource_calc_result' 
-  when: inventory_hostname not in groups.special</code> +debug
-   +    varresource_calc_result 
-  * Execute a task if the distribution major version is 7 (EL 7)<code bash>Enable and start service (EL7) +  tagscalc_resources</code>
-name: my_service|Enable and Start Service (EL7) +
-  systemd: +
-    name: myservice +
-    enabled: yes +
-    statestarted +
-    daemon_reloadyes +
-  whenansible_distribution_major_version == "7"</code>+
  
-  Execute task when an inventory group_var variable matches<code bash>- import_tasksmytasks.yml +---- 
-  when: env == "prod"</code>+ 
 +===== SSH Keys ===== 
 + 
 +Manipulating SSH keys on remote hosts. 
 + 
 +**Examples** 
 +  * Add public key to a user's authorized_keys<code yaml>- namessh-access|Copy a public key to a remote users authorized_keys 
 +  authorized_key: 
 +    user: "{{ app_user }}" 
 +    state: present 
 +    key: "{{ item }}" 
 +  with_file: 
 +    - "ssh_{{ app_user }}-id-rsa.pub"</code> 
 + 
 +  * Generate a SSH Key Pair (public/private) for a user<code yaml>- name: ssh-access|SSH Key Generation for App User 
 +  user: 
 +    name: "{{ app_user }}" 
 +    generate_ssh_key: yes 
 +    ssh_key_bits: 2048</code> 
 + 
 +  * Fetch a remote SSH public key, save to the local Ansible system, then add that now local key to the remote system<code yaml># Fetch remote ssh public key 
 +- name: ssh-access|Fetching remote ssh public key 
 +  fetch: 
 +    src: "/home/{{ app_user }}/.ssh/id_rsa.pub" 
 +    dest: "/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey" 
 +    flat: yes 
 + 
 +# Add fetched key to authorized_keys 
 +- name: ssh-access|Add Local SSH Key to authorized_keys 
 +  authorized_key: 
 +    user: "{{ app_user }}" 
 +    state: present 
 +    key: "{{ lookup('file', '/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey') }}"</code> 
 + 
 +  * Add a list of system names to a remote system's SSH known_hosts (so there is no fingerprint accept prompt<code yaml># Check each item to see if its in known_hosts, save results to register variable 
 +- name: ssh-access|Check to see if host name is in known_hosts 
 +  shell: "ssh-keygen -f /home/{{ app_user }}/.ssh/known_hosts -F {{ item }}" 
 +  with_items: 
 +    - "localhost" 
 +    - "127.0.0.1" 
 +    - "{{ ansible_nodename|lower }}" 
 +    - "{{ ansible_hostname|lower }}" 
 +  register: ssh_known_host_results 
 +  changed_when: false 
 +  ignore_errors: yes 
 + 
 +# Uncomment debug to see stored object 
 +- debug: 
 +    var: ssh_known_host_results 
 + 
 +# If the saved results from above do not contain output, add the host to known_hosts 
 +- name: ssh-access|Scan public keys (add to known_hosts) 
 +  shell: "ssh-keyscan {{ item.item }} >> /home/{{ app_user }}/.ssh/known_hosts" 
 +  when: item.stdout == "" 
 +  with_items: "{{ ssh_known_host_results.results }}" 
 + 
 +# Ensure known_hosts is owned by app user and group 
 +- name: ssh-access|Ensure known_hosts is owned by the application user 
 +  file: 
 +    path: "/home/{{ app_user }}/.ssh/known_hosts" 
 +    state: file 
 +    owner: "{{ app_user }}" 
 +    group: "{{ app_group }}" 
 +    mode: 0644</code>
  
 ---- ----
Line 262: Line 334:
 Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed. Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed.
  
-<code bash># Copy myapp tarball if source is newer+<code yaml># Copy myapp tarball if source is newer
 - name: my_app|MyApp tarball copy - name: my_app|MyApp tarball copy
   copy:   copy:
Line 289: Line 361:
  
 **Examples** **Examples**
-  * Add a list of users to a local group.<code bash># Local "awesome" group+  * Add a list of users to a local group.<code yaml># Local "awesome" group
 - name: my_description|Add users to the local awesome group - name: my_description|Add users to the local awesome group
   user:   user:
Line 303: Line 375:
   - vader   - vader
   - rjones</code>   - rjones</code>
 +
 +----
 +
 +===== When Conditional =====
 +
 +Only execute certain tasks under certain conditions.
 +
 +**Examples**
 +  * Do not execute any of the imported "mytasks.yml" if host is "server01" or "server02"<code yaml>- import_tasks: mytasks.yml
 +  when:
 +    - inventory_hostname != "server01"
 +    - inventory_hostname != "server02"</code>
 +
 +  * Execute a task if a host is in the "special" inventory group<code yaml>- import_tasks: mytasks.yml
 +  when: inventory_hostname in groups.special</code>
 +
 +  * Execute a task if a host is NOT in the "special" inventory group<code yaml>- import_tasks: mytasks.yml
 +  when: inventory_hostname not in groups.special</code>
 +  
 +  * Execute a task if the distribution major version is 7 (EL 7)<code yaml># Enable and start service (EL7)
 +- name: my_service|Enable and Start Service (EL7)
 +  systemd:
 +    name: myservice
 +    enabled: yes
 +    state: started
 +    daemon_reload: yes
 +  when: ansible_distribution_major_version == "7"</code>
 +
 +  * Execute a task when an inventory group_var variable matches<code yaml>- import_tasks: mytasks.yml
 +  when: env == "prod"</code>
  
 ---- ----
Line 311: Line 413:
  
 **Examples** **Examples**
-  * Apache Cassandra<code bash># Apache Cassandra Repo+  * Apache Cassandra<code yaml># Apache Cassandra Repo
 - name: cassandra|Add Repo - name: cassandra|Add Repo
   yum_repository:   yum_repository:
Line 317: Line 419:
     description: Apache Cassandra     description: Apache Cassandra
     baseurl: https://www.apache.org/dist/cassandra/redhat/311x/     baseurl: https://www.apache.org/dist/cassandra/redhat/311x/
-    enabled: no+    enabled: yes
     gpgcheck: yes     gpgcheck: yes
     repo_gpgcheck: yes     repo_gpgcheck: yes
  • linux_wiki/ansible_playbook_downloads.txt
  • Last modified: 2019/06/24 23:41
  • by billdozor