Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Working with Ad-Hoc Ansible command

  • Add SSH Credentials ssh-add /path/to_cred_file.pem

  • contents of inventory.yml

   inventory.yml
   [dockerbuild]
   59.68.67.67
# note that following promtps yes/no 
ansible dockerbuild -m ping -i inventory.yml -u centos  
  • take two: using variables, ansible_become means 'sudo'
    inventory.yml
    [dockerbuild]
    59.68.67.67 ansible_user=centos ansible_become=true

ansible dockerbuild -m ping -i inventory 
  • use default config file
    content of ansible.cfg
    [defaults]
    inventory = inventory.yml
    host_key_checking = false   #no ssh key checking
# now it is possible to rewrite the above adhoc command as:
ansible dockerbuild -m ping 
  • install docker on target host:

    ansible dockerbuild -a 'yum install -y docker'

  • Use Yum Module: I want docker to be installed, do nothing if already installed

    ansible dockerbuild -m yum -a "name=docker state=present"

  • I want docker service to be running

    ansible dockerbuild -m yum -a "name=docker state=started"

  • run docker ps command using shell module.. adhoc

    ansible dockerbuild -m shell -a "docker ps"

Running a series of modules is done via 'Playbook'

  • contents of playbook.yml
    ---
    - hosts: dockerbuild
    vars:
        repo_name: "https://github.com/jberkus/ansible101.git"
    tasks:
        - name: install docker
        yum: name=docker state=present
        - name: start docker
        service: name=docker state=started
        - name: install git
        yum: name=git state=present
        - name: check out ansible101 repo_name
        git: repo={{ repo_name }}
            dest=/tmp/ansible101
  • Run the above playbook via ansible-playbook command
ansible-playbook playbook.yml

Handle Configuration Secrets via ansible-vault

# Following will ceate a vault by prompting you with a password to it
# This password is used to encrypt/decrypt the content of vault
ansible-vault create password.yml
  • contents of password.yml below:
    ---
    docker_username = adil
    docker_password = mypwd
    owner_email =  adil@hindistan
  • once you have the encrypted password file, you can refer to it in your playbook using vars_file
   ...
   vars_file = password.yml
   handlers:
        - name: log into docker hub
          docker_login:
            username: "{{ docker_username }}"
            password: "{{ docker_password }}"
            email: "{{ owner_email }}"
   ...            
  • Limitation: when you run the playbook, you are prompted once. So, all vaults needs the same pwd
  • Other commands:
 ansible-vault edit password.yml     # edit file
 ansible-vault decrypt password.yml  # file is now in plain-text
 ansible-vault encrypt password.yml  # re-encrypt with a new pwd
 
 ## If you need to be prompted for password
 ansible-playbook password.yml  --ask-vault-password 

Ansible Directory Organization

  • Ansible has built-in tree structure, which can be leveraged with playbooks

  • group_vars directory is the key! If you have it in the root of your automation directory:

    • You can have files full of variables that are named after the groups
    • say it looks like this:
       |-- group_vars
           |-- all
            -- dockerbuild
      
  • run tree command to see the directory structure

  • roles are also very important, and are used to call other playbooks

  • Instead of a long playbook, simply put the tasks in tasks folder, handlers in the handlers Directory

    |-- roles
        |--dockerbuilds
           |--handlers
              'main.yml
           |--tasks
              '--main.yml
           |--templates
              '--main.yml
    
  • If you do this, playbook gets very short:

      ---
      - hosts: dockerbuild
        vars_files:
          - password.yml
        roles:
          - dockerbuild
    

Best Practices

  • Do not use bare variables with with statement
    with_items: my_list          # NO
    with_items: "{{ my_list }}"  # YES
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment