This is an old revision of the document!
Ansible Playbook Downloads
General Information
This page will contain Ansible playbook/role downloads.
In order to install/configure Ansible, see this page first.
Checklist
- Ansible installed and configured
Playbook Downloads
Playbook | Description |
---|---|
Playbook1 Name/Download link | Description goes here. |
Playbook Snippets
Snippets of tasks to provide examples of some commonly used Ansible modules in action.
Ansible Module Index: https://docs.ansible.com/ansible/2.4/modules_by_category.html
ACLs
ACL module.
Examples
- Set default group permissions for “awesome” group. (so any files created in the directory will get those group permissions)
- name: my_description|ACL of MyApp config dir acl: path: "/etc/myapp" entity: awesome etype: group default: yes permissions: rw state: present
Copy Module
Copy module examples.
Examples
- Copy a kernel tuning drop in file and load settings if file changes
- name: tuning|MyApp kernel tuning copy: src: "sysctl_myapp_{{env}}" dest: "/etc/sysctl.d/55-myapp.conf" owner: root group: root mode: 0600 notify: reload sysctl # Handler file contents (../handlers/main.yml) ##-- Service Reloads --## # Sysctl reload - name: reload sysctl command: sysctl --system
- Copy autofs config files and restart autofs
# AutoFS: Config files - name: mounts|Copy Master AutoFS Config copy: src: "autofs_auto.master" dest: "/etc/auto.master.d/master-configs.autofs" owner: root group: root mode: 0644 notify: restart autofs - name: mounts|Copy AutoFS Direct Maps copy: src: "autofs_auto.direct-maps" dest: "/etc/auto.direct-maps" owner: root group: root mode: 0644 notify: restart autofs # Handler file for autofs (../handlers/main.yml) ##-- Service Restarts --## # AutoFS Service - name: restart autofs service: name: autofs state: restarted
File Module
Some file module examples.
Examples
- Recursively remove a list of directories
- name: my_app|Remove MyApp directories file: path: "{{ item }}" state: absent with_items: - "/opt/MyApp/" - "/var/log/myapp/" - "/usr/local/lib/myapp/"
- Recursively set ownership to myappdaemon:awesome
- name: my_description|Ownership of MyApp Log dir file: path: "/var/log/myapp" owner: myappdaemon group: awesome recurse: yes
- Set ownership of all /data* directories for myappdaemon:awesome
# Find all /data* directories - name: my_description|Info Gather find all Data dirs find: paths: "/" patterns: 'data*' recurse: no file_type: directory register: dirs_data # Set ownership of all /data* directories - name: my_description|Ownership of Data dirs file: path: "{{item.path}}" owner: myappdaemon group: awesome recurse: no with_items: "{{dirs_data.files}}"
Pre Req Tests
Using a combination of the command module, registering variables, and the fail module, any command can be checked for a certain return code.
This can be useful for pre-req checks.
Examples
- Ensure a certain mount point exists
# Info gather for /data1 to see if its a mountpoint - name: pre_reqs|Info gather on /data1 command: mountpoint -q /data1 register: mount_stat failed_when: False changed_when: False # Exit playbook if /data1 is not a configured mountpoint - name: pre_regs|Exit if /data1 is NOT a mountpoint fail: msg: "/data1 is not a mountpoint! Exiting." when: mount_stat.rc != 0
- Check for a specific configured network interface
# Info gather for all ip addresses to ensure storage network is setup - name: pre-reqs|Info gather on Storage Network (172.16.1.0/24) shell: ip address show | grep 172.16.1. register: storage_network failed_when: False changed_when: False # Exit playbook if Storage Network interface is not configured - name: pre-reqs|Exit if Storage Network (172.16.1.0/24) interface not found fail: msg: "Storage Network (172.16.1.0/24) interface not found! Exiting." when: storage_network.rc != 0
- Check for the existence of a certain package, stop service if so
- name: my_app|Check for myapp RPM shell: rpm -q myapp register: myapp_rpm_exists changed_when: False failed_when: False # EL7: Stop service if RPM exists - name: my_app|Stop service (EL7 if RPM exists) systemd: name: myapp state: stopped when: - myapp_rpm_exists.rc == 0 - ansible_distribution_major_version == "7"
Python: Install Pip
One method of installing pip into a Python environment.
# Check to see if pip exists, store answer in "pip_path" - name: software|Check for pip stat: path: "/usr/bin/pip" register: pip_path # Copy pip script to system if pip did not exist - name: software|No Pip - Copy get-pip.py for pip install copy: src: "python_get-pip.py" dest: "/root/get-pip.py" when: pip_path.stat.exists == False # Install pip into Python site packages if pip did not exist - name: software|No Pip - Install pip using Python (/usr/bin/python) command: "/usr/bin/python /root/get-pip.py" when: pip_path.stat.exists == False # Remove get-pip.py if pip did not exist before - name: software|No Pip - Remove get-pip.py file: path: "/root/get-pip.py" state: absent when: pip_path.stat.exists == False
Python: Install Packages
Installing Python packages via pip.
- Install virtualenv
# Install virtualenv python package - name: software|Install virtualenv python package via pip pip: executable: "/usr/bin/pip" name: "virtualenv"
SSH Keys
Manipulating SSH keys on remote hosts.
Examples
- Add a public key to a user's authorized_keys
- name: ssh-access|Copy a public key to a remote users authorized_keys authorized_key: user: "{{ app_user }}" state: present key: "{{ item }}" with_file: - "ssh_{{ app_user }}-id-rsa.pub"
- Generate a SSH Key Pair (public/private) for a user
- name: ssh-access|SSH Key Generation for App User user: name: "{{ app_user }}" generate_ssh_key: yes ssh_key_bits: 2048
- Fetch a remote SSH public key, save to the local Ansible system, then add that now local key to the remote system
# Fetch remote ssh public key - name: ssh-access|Fetching remote ssh public key fetch: src: "/home/{{ app_user }}/.ssh/id_rsa.pub" dest: "/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey" flat: yes # Add fetched key to authorized_keys - name: ssh-access|Add Local SSH Key to authorized_keys authorized_key: user: "{{ app_user }}" state: present key: "{{ lookup('file', '/tmp/ansible-ssh-pub/{{ inventory_hostname }}_pubkey') }}"
- Add a list of system names to a remote system's SSH known_hosts (so there is no fingerprint accept prompt
# Check each item to see if its in known_hosts, save results to register variable - name: ssh-access|Check to see if host name is in known_hosts shell: "ssh-keygen -f /home/{{ app_user }}/.ssh/known_hosts -F {{ item }}" with_items: - "localhost" - "127.0.0.1" - "{{ ansible_nodename|lower }}" - "{{ ansible_hostname|lower }}" register: ssh_known_host_results changed_when: false ignore_errors: yes # Uncomment debug to see stored object - debug: var: ssh_known_host_results # If the saved results from above do not contain output, add the host to known_hosts - name: ssh-access|Scan public keys (add to known_hosts) shell: "ssh-keyscan {{ item.item }} >> /home/{{ app_user }}/.ssh/known_hosts" when: item.stdout == "" with_items: "{{ ssh_known_host_results.results }}" # Ensure known_hosts is owned by app user and group - name: ssh-access|Ensure known_hosts is owned by the application user file: path: "/home/{{ app_user }}/.ssh/known_hosts" state: file owner: "{{ app_user }}" group: "{{ app_group }}" mode: 0644
Unarchive
Copying tarballs to a remote system only if newer and un-archiving only if the tarball changed.
# Copy myapp tarball if source is newer - name: my_app|MyApp tarball copy copy: src: "myapp_current.tar" dest: "/var/opt/myapp/" owner: root group: root mode: 0755 follow: yes register: myapp_new_archive # Unarchive tarball on remote system if it was changed - name: my_app|MyApp tarball unarchive if newer unarchive: src: "/var/opt/myapp/myapp_current.tar" dest: "/var/opt/myapp/" copy: no when: - myapp_new_archive is changed
User
The user module.
Examples
- Add a list of users to a local group.
# Local "awesome" group - name: my_description|Add users to the local awesome group user: name: "{{item}}" groups: awesome append: yes with_items: "{{awesome_users}}" # Variable file (../vars/main.yml) # Awesome Group Users awesome_users: - yoda - vader - rjones
When Conditional
Only execute certain tasks under certain conditions.
Examples
- Do not execute any of the imported “mytasks.yml” if host is “server01” or “server02”
- import_tasks: mytasks.yml when: - inventory_hostname != "server01" - inventory_hostname != "server02"
- Execute a task if a host is in the “special” inventory group
- import_tasks: mytasks.yml when: inventory_hostname in groups.special
- Execute a task if a host is NOT in the “special” inventory group
- import_tasks: mytasks.yml when: inventory_hostname not in groups.special
- Execute a task if the distribution major version is 7 (EL 7)
# Enable and start service (EL7) - name: my_service|Enable and Start Service (EL7) systemd: name: myservice enabled: yes state: started daemon_reload: yes when: ansible_distribution_major_version == "7"
- Execute a task when an inventory group_var variable matches
- import_tasks: mytasks.yml when: env == "prod"
Yum Repository
Adding a yum repo with the yum_repository module.
Examples
- Apache Cassandra
# Apache Cassandra Repo - name: cassandra|Add Repo yum_repository: name: cassandra description: Apache Cassandra baseurl: https://www.apache.org/dist/cassandra/redhat/311x/ enabled: no gpgcheck: yes repo_gpgcheck: yes gpgkey: https://www.apache.org/dist/cassandra/KEYS