linux_wiki:ansible_playbook_downloads

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:ansible_playbook_downloads [2018/07/01 00:33]
billdozor [Python: Install Packages] 		linux_wiki:ansible_playbook_downloads [2019/06/24 23:41] (current)
billdozor [Playbook Downloads]
Line 15: Line 15:
 ====== Playbook Downloads ====== ====== Playbook Downloads ======
  
-^  Playbook  ^  Description +Example Ansible playbooks/roles are maintained here: https://gitlab.com/whowe/ansible
-|  Playbook1 Name/Download link  |  Description goes here.  |+
  
 ---- ----
Line 22: Line 21:
 ====== Playbook Snippets ====== ====== Playbook Snippets ======
  
-Snippets of tasks to provide examples of some commonly used Ansible modules in action.+Snippets of tasks to provide examples of some Ansible modules in action
 + 
 +Most of these snippets are tasks that span multiple documentation sources or were discovered through searches and trial/error.
  
 \\ \\
Line 34: Line 35:
  
 **Examples** **Examples**
-  * Set default group permissions for "awesome" group. (so any files created in the directory will get those group permissions)<code bash>- name: my_description|ACL of MyApp config dir+  * Set default group permissions for "awesome" group. (so any files created in the directory will get those group permissions)<code yaml>- name: my_description|ACL of MyApp config dir
   acl:   acl:
     path: "/etc/myapp"     path: "/etc/myapp"
Line 50: Line 51:
  
 **Examples** **Examples**
-  * Copy a kernel tuning drop in file and load settings if file changes<code bash>- name: tuning|MyApp kernel tuning+  * Copy a kernel tuning drop in file and load settings if file changes<code yaml>- name: tuning|MyApp kernel tuning
   copy:   copy:
     src: "sysctl_myapp_{{env}}"     src: "sysctl_myapp_{{env}}"
Line 65: Line 66:
   command: sysctl --system</code>   command: sysctl --system</code>
  
-  * Copy autofs config files and restart autofs<code bash># AutoFS: Config files+  * Copy autofs config files and restart autofs<code yaml># AutoFS: Config files
 - name: mounts|Copy Master AutoFS Config - name: mounts|Copy Master AutoFS Config
   copy:   copy:
Line 99: Line 100:
  
 **Examples** **Examples**
-  * Recursively remove a list of directories<code bash>- name: my_app|Remove MyApp directories+  * Recursively remove a list of directories<code yaml>- name: my_app|Remove MyApp directories
   file:   file:
     path: "{{ item }}"     path: "{{ item }}"
Line 108: Line 109:
     - "/usr/local/lib/myapp/"</code>     - "/usr/local/lib/myapp/"</code>
  
-  * Recursively set ownership to myappdaemon:awesome<code bash>- name: my_description|Ownership of MyApp Log dir+  * Recursively set ownership to myappdaemon:awesome<code yaml>- name: my_description|Ownership of MyApp Log dir
   file:   file:
     path: "/var/log/myapp"     path: "/var/log/myapp"
Line 115: Line 116:
     recurse: yes</code>     recurse: yes</code>
          
-  * Set ownership of all /data* directories for myappdaemon:awesome<code bash># Find all /data* directories+  * Set ownership of all /data* directories for myappdaemon:awesome<code yaml># Find all /data* directories
 - name: my_description|Info Gather find all Data dirs - name: my_description|Info Gather find all Data dirs
   find:   find:
Line 142: Line 143:
  
 **Examples** **Examples**
-  * Ensure a certain mount point exists<code bash># Info gather for /data1 to see if its a mountpoint+  * Ensure a certain mount point exists<code yaml># Info gather for /data1 to see if its a mountpoint
 - name: pre_reqs|Info gather on /data1 - name: pre_reqs|Info gather on /data1
   command: mountpoint -q /data1   command: mountpoint -q /data1
Line 155: Line 156:
   when: mount_stat.rc != 0</code>   when: mount_stat.rc != 0</code>
  
-  * Check for a specific configured network interface<code bash># Info gather for all ip addresses to ensure storage network is setup+  * Check for a specific configured network interface<code yaml># Info gather for all ip addresses to ensure storage network is setup
 - name: pre-reqs|Info gather on Storage Network (172.16.1.0/24) - name: pre-reqs|Info gather on Storage Network (172.16.1.0/24)
   shell: ip address show | grep 172.16.1.   shell: ip address show | grep 172.16.1.
Line 168: Line 169:
   when: storage_network.rc != 0</code>   when: storage_network.rc != 0</code>
  
-  * Check for the existence of a certain package, stop service if so<code bash>- name: my_app|Check for myapp RPM+  * Check for the existence of a certain package, stop service if so<code yaml>- name: my_app|Check for myapp RPM
   shell: rpm -q myapp   shell: rpm -q myapp
   register: myapp_rpm_exists   register: myapp_rpm_exists
Line 190: Line 191:
 One method of installing pip into a Python environment. One method of installing pip into a Python environment.
  
-<code bash># Check to see if pip exists, store answer in "pip_path"+<code yaml># Check to see if pip exists, store answer in "pip_path"
 - name: software|Check for pip - name: software|Check for pip
   stat:   stat:
Line 220: Line 221:
  
 Installing Python packages via pip. Installing Python packages via pip.
-  * Install virtualenv<code bash># Install virtualenv python package+  * Install virtualenv<code yaml># Install virtualenv python package
 - name: software|Install virtualenv python package via pip - name: software|Install virtualenv python package via pip
   pip:   pip:
Line 228: Line 229:
 ---- ----
  
-===== When Conditional =====+===== Remote Scripts =====
  
-Only execute certain tasks under certain conditions.+Running remote scripts and capturing results.
  
 **Examples** **Examples**
-  * Do not execute any of the imported "mytasks.yml" if host is "server01" or "server02"<code bash>- import_tasksmytasks.yml +  * Copy a script to the remote system if it is different. Run the script as the app user and record as changed if the script outputs the string "Modified".<code yaml># Copy calculation script to system 
-  when+namescript|Copy Calcuation Script to System 
-    - inventory_hostname != "server01+  copy
-    - inventory_hostname != "server02"</code>+    src: "calc-resources.py
 +    dest: "/home/{{ app_user }}/bin/calc-resources.py" 
 +    owner: "{{ app_user }}" 
 +    group: "{{ app_group }}" 
 +    mode: 0700 
 +  tags: calc_resources
  
-  * Execute a task if a host is in the "specialinventory group<code bash>- import_tasksmytasks.yml +# Run calculcation script - Mark as changed if std out contains 'Modified' 
-  wheninventory_hostname in groups.special</code>+- name: script|Run Resource Calcuation Script 
 +  become: yes 
 +  become_method: su 
 +  become_user: "{{ app_user }}" 
 +  environment: 
 +    LOCAL_ENV_VAR_NEEDED_IN_SCRIPT: "/home/{{ app_user }}/bin/myapp/" 
 +  command: "/home/{{ app_user }}/bin/calc-resources.py" 
 +  registerresource_calc_result 
 +  changed_when: "'Modified' in resource_calc_result.stdout" 
 +  tags: calc_resources
  
-  * Execute a task if a host is NOT in the "special" inventory group<code bash>- import_tasks: mytasks.yml +Uncomment debug to see variable contents of 'resource_calc_result' 
-  when: inventory_hostname not in groups.special</code> +debug
-   +    varresource_calc_result 
-  * Execute a task if the distribution major version is 7 (EL 7)<code bash>Enable and start service (EL7) +  tagscalc_resources</code>
-name: my_service|Enable and Start Service (EL7) +
-  systemd: +
-    name: myservice +
-    enabled: yes +
-    statestarted +
-    daemon_reloadyes +
-  whenansible_distribution_major_version == "7"</code>+
  
-  Execute task when an inventory group_var variable matches<code bash>- import_tasksmytasks.yml +---- 
-  when: env == "prod"</code>+ 
 +===== SSH Keys ===== 
 + 
 +Manipulating SSH keys on remote hosts. 
 + 
 +**Examples** 
 +  * Add public key to a user's authorized_keys<code yaml>- namessh-access|Copy a public key to a remote users authorized_keys 
 +  authorized_key: 
 +    user: "{{ app_user }}" 
 +    state: present 
 +    key: "{{ item }}" 
 +  with_file: 
 +    - "ssh_{{ app_user }}-id-rsa.pub"</code> 
 + 
 +  * Generate a SSH Key Pair (public/private) for a user<code yaml>- name: ssh-access|SSH Key Generation for App User 
 +  user: 
 +    name: "{{ app_user }}" 
 +    generate_ssh_key: yes 
 +    ssh_key_bits: 2048</code> 
 + 
 +  * Fetch a remote SSH public key, save to the local Ansible system, then add that now local key to the remote system<code yaml># Fetch remote ssh public key 
 +- name: ssh-access|Fetching remote ssh public key 
 +  fetch: 
 +    src: "/home/{{ app_user }}/.ssh/id_rsa.pub" 
 +    dest: "/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey" 
 +    flat: yes 
 + 
 +# Add fetched key to authorized_keys 
 +- name: ssh-access|Add Local SSH Key to authorized_keys 
 +  authorized_key: 
 +    user: "{{ app_user }}" 
 +    state: present 
 +    key: "{{ lookup('file', '/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey') }}"</code> 
 + 
 +  * Add a list of system names to a remote system's SSH known_hosts (so there is no fingerprint accept prompt<code yaml># Check each item to see if its in known_hosts, save results to register variable 
 +- name: ssh-access|Check to see if host name is in known_hosts 
 +  shell: "ssh-keygen -f /home/{{ app_user }}/.ssh/known_hosts -F {{ item }}" 
 +  with_items: 
 +    - "localhost" 
 +    - "127.0.0.1" 
 +    - "{{ ansible_nodename|lower }}" 
 +    - "{{ ansible_hostname|lower }}" 
 +  register: ssh_known_host_results 
 +  changed_when: false 
 +  ignore_errors: yes 
 + 
 +# Uncomment debug to see stored object 
 +- debug: 
 +    var: ssh_known_host_results 
 + 
 +# If the saved results from above do not contain output, add the host to known_hosts 
 +- name: ssh-access|Scan public keys (add to known_hosts) 
 +  shell: "ssh-keyscan {{ item.item }} >> /home/{{ app_user }}/.ssh/known_hosts" 
 +  when: item.stdout == "" 
 +  with_items: "{{ ssh_known_host_results.results }}" 
 + 
 +# Ensure known_hosts is owned by app user and group 
 +- name: ssh-access|Ensure known_hosts is owned by the application user 
 +  file: 
 +    path: "/home/{{ app_user }}/.ssh/known_hosts" 
 +    state: file 
 +    owner: "{{ app_user }}" 
 +    group: "{{ app_group }}" 
 +    mode: 0644</code>
  
 ---- ----
Line 262: Line 333:
 Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed. Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed.
  
-<code bash># Copy myapp tarball if source is newer+<code yaml># Copy myapp tarball if source is newer
 - name: my_app|MyApp tarball copy - name: my_app|MyApp tarball copy
   copy:   copy:
Line 289: Line 360:
  
 **Examples** **Examples**
-  * Add a list of users to a local group.<code bash># Local "awesome" group+  * Add a list of users to a local group.<code yaml># Local "awesome" group
 - name: my_description|Add users to the local awesome group - name: my_description|Add users to the local awesome group
   user:   user:
Line 303: Line 374:
   - vader   - vader
   - rjones</code>   - rjones</code>
 +
 +----
 +
 +===== When Conditional =====
 +
 +Only execute certain tasks under certain conditions.
 +
 +**Examples**
 +  * Do not execute any of the imported "mytasks.yml" if host is "server01" or "server02"<code yaml>- import_tasks: mytasks.yml
 +  when:
 +    - inventory_hostname != "server01"
 +    - inventory_hostname != "server02"</code>
 +
 +  * Execute a task if a host is in the "special" inventory group<code yaml>- import_tasks: mytasks.yml
 +  when: inventory_hostname in groups.special</code>
 +
 +  * Execute a task if a host is NOT in the "special" inventory group<code yaml>- import_tasks: mytasks.yml
 +  when: inventory_hostname not in groups.special</code>
 +  
 +  * Execute a task if the distribution major version is 7 (EL 7)<code yaml># Enable and start service (EL7)
 +- name: my_service|Enable and Start Service (EL7)
 +  systemd:
 +    name: myservice
 +    enabled: yes
 +    state: started
 +    daemon_reload: yes
 +  when: ansible_distribution_major_version == "7"</code>
 +
 +  * Execute a task when an inventory group_var variable matches<code yaml>- import_tasks: mytasks.yml
 +  when: env == "prod"</code>
  
 ---- ----
Line 311: Line 412:
  
 **Examples** **Examples**
-  * Apache Cassandra<code bash># Apache Cassandra Repo+  * Apache Cassandra<code yaml># Apache Cassandra Repo
 - name: cassandra|Add Repo - name: cassandra|Add Repo
   yum_repository:   yum_repository:
Line 317: Line 418:
     description: Apache Cassandra     description: Apache Cassandra
     baseurl: https://www.apache.org/dist/cassandra/redhat/311x/     baseurl: https://www.apache.org/dist/cassandra/redhat/311x/
-    enabled: no+    enabled: yes
     gpgcheck: yes     gpgcheck: yes
     repo_gpgcheck: yes     repo_gpgcheck: yes
  • linux_wiki/ansible_playbook_downloads.1530419599.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)