Ansible

  • warning: Illegal string offset 'files' in /data/web/1/000/027/003/273448/htdocs/panticz.de/modules/upload/upload.module on line 281.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.
  • warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /data/web/1/000/027/003/273448/htdocs/panticz.de/includes/unicode.inc on line 349.

Release and maintenance

Ansible playbook repository

Install Ansible

Configuration
cat <> ~/.bashrc
export ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/.vault_pass
export ANSIBLE_STDOUT_CALLBACK=debug
# export ANSIBLE_DEBUG=True
# export ANSIBLE_LOG_PATH=/var/log/ansible.log
EOF

DISPLAY_SKIPPED_HOSTS=0

Ansible syntax (YAML)

Configuration files

/etc/ansible/ansible.cfg - global default configuration
~/.ansible.cfg - local global configuration
/etc/ansible/hosts - default inventory file

Ignore host key
sed -i 's|#host_key_checking = False|host_key_checking = False|g' /etc/ansible/ansible.cfg

# /etc/ansible/ansible.cfg or ~/.ansible.cfg file:
[defaults]
host_key_checking = False

# variable:
export ANSIBLE_HOST_KEY_CHECKING=False

# command line:
ansible-playbook -e 'host_key_checking=False' yourplaybook.yml

# format debug output
export ANSIBLE_STDOUT_CALLBACK=debug

Copy SSH key to clients and install required applications
for HOST in $(cat /etc/ansible/hosts | grep -v "[\[|#]" | grep -v '^$' | sort -u); do
ssh-copy-id -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i /root/.ssh/id_rsa.pub root@${HOST}
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${HOST} apt-get install -y sudo python
done

Run command for specific host
ansible-playbook /etc/ansible/playbooks/example.yml --limit

import vs. include
import - statements are pre-processed at the time playbooks are parsed
include - statements are processed as they encountered during the execution of the playbook

Structure
site.yml
webservers.yml
fooservers.yml
roles/
common/
files/
templates/
tasks/
handlers/
vars/
defaults/
meta/
webservers/
files/
templates/
tasks/
handlers/
vars/
defaults/
meta/

Documentation
ansible-doc -l
ansible-doc apt -s



Modules




Variables

Ansible galaxy
ansible-galaxy install
- Network configuration

# ssh
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null
ssh_args = -o ForwardAgent=yes

# install python manual
ansible host_name -i inventory_name -m raw -a "apt-get update && apt-get install -y python-minimal"

# configure valut
apg -a1 -m32 -n1 > ~/.ansible/.vault_pass.txt
echo "export ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/.vault_pass.txt" >> ~/.bashrc
# check vars
find *_vars -type f -exec cat {} \;

# check encryption
find -name "*.enc.*" -exec cat {} \;

# find encrypted values
find -name *.enc.* -exec ansible-vault view {} \; | grep foo

ansible-vault encrypt ~/ansible/host_vars/www.example.com.yml.enc
#

manage OpenWRT with Ansible
opkg install python-light openssh-sftp-server
opkg install python-light python-codecs python-logging python-openssl
opkg install python

Ansible command line options

ansible-playbook --syntax-check
ansible-playbook --list-hosts
ansible-playbook --list-tasks

Create customized module

nmcli module - NetworkManager command line tool

LXC module

# Update lxc_container module to latest version
wget -q -O /usr/lib/python2.7/dist-packages/ansible/modules/cloud/lxc/lxc_container.py

Variables include order
role defaults
inventory file or script group vars
inventory group_vars/all
playbook group_vars/all
inventory group_vars/*
playbook group_vars/*
inventory file or script host vars
inventory host_vars/*
playbook host_vars/*
host facts
play vars
play vars_prompt
play vars_files
role vars (defined in role/vars/main.yml)
block vars (only for tasks in block)
task vars (only for the task)
role (and include_role) params
include params
include_vars
set_facts / registered vars
extra vars

Links