ansible-notes.md

Working with Ad-Hoc Ansible command

• Add SSH Credentials ssh-add /path/to_cred_file.pem

• contents of inventory.yml

   inventory.yml
   [dockerbuild]
   59.68.67.67

# note that following promtps yes/no 
ansible dockerbuild -m ping -i inventory.yml -u centos  

• take two: using variables, ansible_become means 'sudo'

    inventory.yml
    [dockerbuild]
    59.68.67.67 ansible_user=centos ansible_become=true

ansible dockerbuild -m ping -i inventory 

• use default config file

    content of ansible.cfg
    [defaults]
    inventory = inventory.yml
    host_key_checking = false   #no ssh key checking

# now it is possible to rewrite the above adhoc command as:
ansible dockerbuild -m ping 

• install docker on target host:

  ansible dockerbuild -a 'yum install -y docker'

• Use Yum Module: I want docker to be installed, do nothing if already installed

  ansible dockerbuild -m yum -a "name=docker state=present"

• I want docker service to be running

  ansible dockerbuild -m yum -a "name=docker state=started"

• run docker ps command using shell module.. adhoc

  ansible dockerbuild -m shell -a "docker ps"

Running a series of modules is done via 'Playbook'

• contents of playbook.yml

    ---
    - hosts: dockerbuild
    vars:
        repo_name: "https://github.com/jberkus/ansible101.git"
    tasks:
        - name: install docker
        yum: name=docker state=present
        - name: start docker
        service: name=docker state=started
        - name: install git
        yum: name=git state=present
        - name: check out ansible101 repo_name
        git: repo={{ repo_name }}
            dest=/tmp/ansible101

• Run the above playbook via ansible-playbook command

ansible-playbook playbook.yml

Handle Configuration Secrets via ansible-vault

# Following will ceate a vault by prompting you with a password to it
# This password is used to encrypt/decrypt the content of vault
ansible-vault create password.yml

• contents of password.yml below:

    ---
    docker_username = adil
    docker_password = mypwd
    owner_email =  adil@hindistan

• once you have the encrypted password file, you can refer to it in your playbook using vars_file

   ...
   vars_file = password.yml
   handlers:
        - name: log into docker hub
          docker_login:
            username: "{{ docker_username }}"
            password: "{{ docker_password }}"
            email: "{{ owner_email }}"
   ...            

• Limitation: when you run the playbook, you are prompted once. So, all vaults needs the same pwd
• Other commands:

 ansible-vault edit password.yml     # edit file
 ansible-vault decrypt password.yml  # file is now in plain-text
 ansible-vault encrypt password.yml  # re-encrypt with a new pwd
 
 ## If you need to be prompted for password
 ansible-playbook password.yml  --ask-vault-password 

Ansible Directory Organization

• Ansible has built-in tree structure, which can be leveraged with playbooks

• group_vars directory is the key! If you have it in the root of your automation directory:

  • You can have files full of variables that are named after the groups
  • say it looks like this:

     |-- group_vars
         |-- all
          -- dockerbuild
    

• run tree command to see the directory structure

• roles are also very important, and are used to call other playbooks

• Instead of a long playbook, simply put the tasks in tasks folder, handlers in the handlers Directory

  |-- roles
      |--dockerbuilds
         |--handlers
            'main.yml
         |--tasks
            '--main.yml
         |--templates
            '--main.yml
  

• If you do this, playbook gets very short:

    ---
    - hosts: dockerbuild
      vars_files:
        - password.yml
      roles:
        - dockerbuild
  

Best Practices

• Do not use bare variables with with statement

    with_items: my_list          # NO
    with_items: "{{ my_list }}"  # YES