linux_wiki:ansible_playbook_downloads

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:ansible_playbook_downloads [2018/07/01 00:15]
billdozor [Playbook Snippets] 		linux_wiki:ansible_playbook_downloads [2019/06/24 23:41] (current)
billdozor [Playbook Downloads]
Line 15: Line 15:
 ====== Playbook Downloads ====== ====== Playbook Downloads ======
  
-^  Playbook  ^  Description +Example Ansible playbooks/roles are maintained here: https://gitlab.com/whowe/ansible
-|  Playbook1 Name/Download link  |  Description goes here.  |+
  
 ---- ----
Line 22: Line 21:
 ====== Playbook Snippets ====== ====== Playbook Snippets ======
  
-Snippets of tasks to provide examples of some commonly used Ansible modules in action.+Snippets of tasks to provide examples of some Ansible modules in action.
  
 +Most of these snippets are tasks that span multiple documentation sources or were discovered through searches and trial/error.
 +
 +\\
 Ansible Module Index: https://docs.ansible.com/ansible/2.4/modules_by_category.html Ansible Module Index: https://docs.ansible.com/ansible/2.4/modules_by_category.html
  
Line 33: Line 35:
  
 **Examples** **Examples**
-  * Set default group permissions for "awesome" group. (so any files created in the directory will get those group permissions)<code bash>- name: my_description|ACL of MyApp config dir+  * Set default group permissions for "awesome" group. (so any files created in the directory will get those group permissions)<code yaml>- name: my_description|ACL of MyApp config dir
   acl:   acl:
     path: "/etc/myapp"     path: "/etc/myapp"
Line 49: Line 51:
  
 **Examples** **Examples**
-  * Copy a kernel tuning drop in file and load settings if file changes<code bash>- name: tuning|MyApp kernel tuning+  * Copy a kernel tuning drop in file and load settings if file changes<code yaml>- name: tuning|MyApp kernel tuning
   copy:   copy:
     src: "sysctl_myapp_{{env}}"     src: "sysctl_myapp_{{env}}"
Line 63: Line 65:
 - name: reload sysctl - name: reload sysctl
   command: sysctl --system</code>   command: sysctl --system</code>
 +
 +  * Copy autofs config files and restart autofs<code yaml># AutoFS: Config files
 +- name: mounts|Copy Master AutoFS Config
 +  copy:
 +    src: "autofs_auto.master"
 +    dest: "/etc/auto.master.d/master-configs.autofs"
 +    owner: root
 +    group: root
 +    mode: 0644
 +  notify: restart autofs
 +
 +- name: mounts|Copy AutoFS Direct Maps
 +  copy:
 +    src: "autofs_auto.direct-maps"
 +    dest: "/etc/auto.direct-maps"
 +    owner: root
 +    group: root
 +    mode: 0644
 +  notify: restart autofs
 +  
 +# Handler file for autofs (../handlers/main.yml)
 +##-- Service Restarts --##
 +# AutoFS Service
 +- name: restart autofs
 +  service:
 +    name: autofs
 +    state: restarted</code>
  
 ---- ----
Line 71: Line 100:
  
 **Examples** **Examples**
-  * Recursively remove a list of directories<code bash>- name: my_app|Remove MyApp directories+  * Recursively remove a list of directories<code yaml>- name: my_app|Remove MyApp directories
   file:   file:
     path: "{{ item }}"     path: "{{ item }}"
Line 80: Line 109:
     - "/usr/local/lib/myapp/"</code>     - "/usr/local/lib/myapp/"</code>
  
-  * Recursively set ownership to myappdaemon:awesome<code bash>- name: my_description|Ownership of MyApp Log dir+  * Recursively set ownership to myappdaemon:awesome<code yaml>- name: my_description|Ownership of MyApp Log dir
   file:   file:
     path: "/var/log/myapp"     path: "/var/log/myapp"
Line 87: Line 116:
     recurse: yes</code>     recurse: yes</code>
          
-  * Set ownership of all /data* directories for myappdaemon:awesome<code bash># Find all /data* directories+  * Set ownership of all /data* directories for myappdaemon:awesome<code yaml># Find all /data* directories
 - name: my_description|Info Gather find all Data dirs - name: my_description|Info Gather find all Data dirs
   find:   find:
Line 114: Line 143:
  
 **Examples** **Examples**
-  * Ensure a certain mount point exists<code bash># Info gather for /data1 to see if its a mountpoint+  * Ensure a certain mount point exists<code yaml># Info gather for /data1 to see if its a mountpoint
 - name: pre_reqs|Info gather on /data1 - name: pre_reqs|Info gather on /data1
   command: mountpoint -q /data1   command: mountpoint -q /data1
Line 127: Line 156:
   when: mount_stat.rc != 0</code>   when: mount_stat.rc != 0</code>
  
-  * Check for a specific configured network interface<code bash># Info gather for all ip addresses to ensure storage network is setup+  * Check for a specific configured network interface<code yaml># Info gather for all ip addresses to ensure storage network is setup
 - name: pre-reqs|Info gather on Storage Network (172.16.1.0/24) - name: pre-reqs|Info gather on Storage Network (172.16.1.0/24)
   shell: ip address show | grep 172.16.1.   shell: ip address show | grep 172.16.1.
Line 140: Line 169:
   when: storage_network.rc != 0</code>   when: storage_network.rc != 0</code>
  
-  * Check for the existence of a certain package, stop service if so<code bash>- name: my_app|Check for myapp RPM+  * Check for the existence of a certain package, stop service if so<code yaml>- name: my_app|Check for myapp RPM
   shell: rpm -q myapp   shell: rpm -q myapp
   register: myapp_rpm_exists   register: myapp_rpm_exists
Line 158: Line 187:
 ---- ----
  
-===== When Conditional =====+===== Python: Install Pip =====
  
-Only execute certain tasks under certain conditions.+One method of installing pip into a Python environment. 
 + 
 +<code yaml># Check to see if pip exists, store answer in "pip_path" 
 +- name: software|Check for pip 
 +  stat: 
 +    path: "/usr/bin/pip" 
 +  register: pip_path 
 + 
 +# Copy pip script to system if pip did not exist 
 +- name: software|No Pip - Copy get-pip.py for pip install 
 +  copy: 
 +    src: "python_get-pip.py" 
 +    dest: "/root/get-pip.py" 
 +  when: pip_path.stat.exists == False 
 + 
 +# Install pip into Python site packages if pip did not exist 
 +- name: software|No Pip - Install pip using Python (/usr/bin/python) 
 +  command: "/usr/bin/python /root/get-pip.py" 
 +  when: pip_path.stat.exists == False 
 + 
 +# Remove get-pip.py if pip did not exist before 
 +- name: software|No Pip - Remove get-pip.py 
 +  file: 
 +    path: "/root/get-pip.py" 
 +    state: absent 
 +  when: pip_path.stat.exists == False</code> 
 + 
 +---- 
 + 
 +===== Python: Install Packages ===== 
 + 
 +Installing Python packages via pip. 
 +  * Install virtualenv<code yaml># Install virtualenv python package 
 +- name: software|Install virtualenv python package via pip 
 +  pip: 
 +    executable: "/usr/bin/pip" 
 +    name: "virtualenv"</code> 
 + 
 +---- 
 + 
 +===== Remote Scripts ===== 
 + 
 +Running remote scripts and capturing results.
  
 **Examples** **Examples**
-  * Do not execute any of the imported "mytasks.yml" if host is "server01" or "server02"<code bash>- import_tasksmytasks.yml +  * Copy a script to the remote system if it is different. Run the script as the app user and record as changed if the script outputs the string "Modified".<code yaml># Copy calculation script to system 
-  when+namescript|Copy Calcuation Script to System 
-    - inventory_hostname != "server01+  copy
-    - inventory_hostname != "server02"</code>+    src: "calc-resources.py
 +    dest: "/home/{{ app_user }}/bin/calc-resources.py" 
 +    owner: "{{ app_user }}" 
 +    group: "{{ app_group }}" 
 +    mode: 0700 
 +  tags: calc_resources
  
-  * Execute a task if a host is in the "specialinventory group<code bash>- import_tasksmytasks.yml +# Run calculcation script - Mark as changed if std out contains 'Modified' 
-  wheninventory_hostname in groups.special</code>+- name: script|Run Resource Calcuation Script 
 +  become: yes 
 +  become_method: su 
 +  become_user: "{{ app_user }}" 
 +  environment: 
 +    LOCAL_ENV_VAR_NEEDED_IN_SCRIPT: "/home/{{ app_user }}/bin/myapp/" 
 +  command: "/home/{{ app_user }}/bin/calc-resources.py" 
 +  registerresource_calc_result 
 +  changed_when: "'Modified' in resource_calc_result.stdout" 
 +  tags: calc_resources
  
-  * Execute a task if a host is NOT in the "special" inventory group<code bash>- import_tasks: mytasks.yml +Uncomment debug to see variable contents of 'resource_calc_result' 
-  when: inventory_hostname not in groups.special</code> +debug
-   +    varresource_calc_result 
-  * Execute a task if the distribution major version is 7 (EL 7)<code bash>Enable and start service (EL7) +  tagscalc_resources</code>
-name: my_service|Enable and Start Service (EL7) +
-  systemd: +
-    name: myservice +
-    enabled: yes +
-    statestarted +
-    daemon_reloadyes +
-  whenansible_distribution_major_version == "7"</code>+
  
-  Execute task when an inventory group_var variable matches<code bash>- import_tasksmytasks.yml +---- 
-  when: env == "prod"</code>+ 
 +===== SSH Keys ===== 
 + 
 +Manipulating SSH keys on remote hosts. 
 + 
 +**Examples** 
 +  * Add public key to a user's authorized_keys<code yaml>- namessh-access|Copy a public key to a remote users authorized_keys 
 +  authorized_key: 
 +    user: "{{ app_user }}" 
 +    state: present 
 +    key: "{{ item }}" 
 +  with_file: 
 +    - "ssh_{{ app_user }}-id-rsa.pub"</code> 
 + 
 +  * Generate a SSH Key Pair (public/private) for a user<code yaml>- name: ssh-access|SSH Key Generation for App User 
 +  user: 
 +    name: "{{ app_user }}" 
 +    generate_ssh_key: yes 
 +    ssh_key_bits: 2048</code> 
 + 
 +  * Fetch a remote SSH public key, save to the local Ansible system, then add that now local key to the remote system<code yaml># Fetch remote ssh public key 
 +- name: ssh-access|Fetching remote ssh public key 
 +  fetch: 
 +    src: "/home/{{ app_user }}/.ssh/id_rsa.pub" 
 +    dest: "/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey" 
 +    flat: yes 
 + 
 +# Add fetched key to authorized_keys 
 +- name: ssh-access|Add Local SSH Key to authorized_keys 
 +  authorized_key: 
 +    user: "{{ app_user }}" 
 +    state: present 
 +    key: "{{ lookup('file', '/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey') }}"</code> 
 + 
 +  * Add a list of system names to a remote system's SSH known_hosts (so there is no fingerprint accept prompt<code yaml># Check each item to see if its in known_hosts, save results to register variable 
 +- name: ssh-access|Check to see if host name is in known_hosts 
 +  shell: "ssh-keygen -f /home/{{ app_user }}/.ssh/known_hosts -F {{ item }}" 
 +  with_items: 
 +    - "localhost" 
 +    - "127.0.0.1" 
 +    - "{{ ansible_nodename|lower }}" 
 +    - "{{ ansible_hostname|lower }}" 
 +  register: ssh_known_host_results 
 +  changed_when: false 
 +  ignore_errors: yes 
 + 
 +# Uncomment debug to see stored object 
 +- debug: 
 +    var: ssh_known_host_results 
 + 
 +# If the saved results from above do not contain output, add the host to known_hosts 
 +- name: ssh-access|Scan public keys (add to known_hosts) 
 +  shell: "ssh-keyscan {{ item.item }} >> /home/{{ app_user }}/.ssh/known_hosts" 
 +  when: item.stdout == "" 
 +  with_items: "{{ ssh_known_host_results.results }}" 
 + 
 +# Ensure known_hosts is owned by app user and group 
 +- name: ssh-access|Ensure known_hosts is owned by the application user 
 +  file: 
 +    path: "/home/{{ app_user }}/.ssh/known_hosts" 
 +    state: file 
 +    owner: "{{ app_user }}" 
 +    group: "{{ app_group }}" 
 +    mode: 0644</code>
  
 ---- ----
Line 192: Line 333:
 Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed. Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed.
  
-<code bash># Copy myapp tarball if source is newer+<code yaml># Copy myapp tarball if source is newer
 - name: my_app|MyApp tarball copy - name: my_app|MyApp tarball copy
   copy:   copy:
Line 219: Line 360:
  
 **Examples** **Examples**
-  * Add a list of users to a local group.<code bash># Local "awesome" group+  * Add a list of users to a local group.<code yaml># Local "awesome" group
 - name: my_description|Add users to the local awesome group - name: my_description|Add users to the local awesome group
   user:   user:
Line 233: Line 374:
   - vader   - vader
   - rjones</code>   - rjones</code>
 +
 +----
 +
 +===== When Conditional =====
 +
 +Only execute certain tasks under certain conditions.
 +
 +**Examples**
 +  * Do not execute any of the imported "mytasks.yml" if host is "server01" or "server02"<code yaml>- import_tasks: mytasks.yml
 +  when:
 +    - inventory_hostname != "server01"
 +    - inventory_hostname != "server02"</code>
 +
 +  * Execute a task if a host is in the "special" inventory group<code yaml>- import_tasks: mytasks.yml
 +  when: inventory_hostname in groups.special</code>
 +
 +  * Execute a task if a host is NOT in the "special" inventory group<code yaml>- import_tasks: mytasks.yml
 +  when: inventory_hostname not in groups.special</code>
 +  
 +  * Execute a task if the distribution major version is 7 (EL 7)<code yaml># Enable and start service (EL7)
 +- name: my_service|Enable and Start Service (EL7)
 +  systemd:
 +    name: myservice
 +    enabled: yes
 +    state: started
 +    daemon_reload: yes
 +  when: ansible_distribution_major_version == "7"</code>
 +
 +  * Execute a task when an inventory group_var variable matches<code yaml>- import_tasks: mytasks.yml
 +  when: env == "prod"</code>
  
 ---- ----
Line 241: Line 412:
  
 **Examples** **Examples**
-  * Apache Cassandra<code bash># Apache Cassandra Repo+  * Apache Cassandra<code yaml># Apache Cassandra Repo
 - name: cassandra|Add Repo - name: cassandra|Add Repo
   yum_repository:   yum_repository:
Line 247: Line 418:
     description: Apache Cassandra     description: Apache Cassandra
     baseurl: https://www.apache.org/dist/cassandra/redhat/311x/     baseurl: https://www.apache.org/dist/cassandra/redhat/311x/
-    enabled: no+    enabled: yes
     gpgcheck: yes     gpgcheck: yes
     repo_gpgcheck: yes     repo_gpgcheck: yes
  • linux_wiki/ansible_playbook_downloads.1530418536.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)