Skip to content

Instantly share code, notes, and snippets.

@astrojuanlu

astrojuanlu/ansible-notes.md

Created November 29, 2022 11:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save astrojuanlu/21d8caef900d8614cd9194626af7fc04 to your computer and use it in GitHub Desktop.
Save astrojuanlu/21d8caef900d8614cd9194626af7fc04 to your computer and use it in GitHub Desktop.
Download ZIP
Ansible, there we go again
Raw
ansible-notes.md
  • To install: pipx install ansible --include-deps
    • If no --include-deps, the actual ansible command, part of ansible-core (a dependency of the ansible metapackage), is not included by pipx
  • Some definitions
    • A host is a remote machine managed by Ansible
    • An inventory is a file that describes a list of managed nodes or hosts that are logically organized in groups
    • A module is a unit of work that Ansible ships to a host
      • Usually written in Python (although more languages are supported)
      • They return a JSON and they are removed from the host after execution
      • For example
        • ansible.builtin.setup is called automatically by playbooks during the implicit "Gather Facts" task
        • ansible.builtin.package calls the appropriate module (e.g. ansible.builtin.apt) discovered by ansible.builtin.setup
    • An action is a module and its arguments
    • Is a task a single module with a name, or can be a list of modules
      • The glossary says "(A Task combines) an action with a name and optionally other keywords" and that Tasks is "A list of Task"
      • The getting started page says a Task is "A list of one or more modules"
      • I think there's a bit of terminology abuse here, but let's refer to "tasks" as a list of named modules
    • A play is a mapping between a set of hosts and the tasks to run on them
    • A playbook is a list of plays
    • A role is a redistributable unit of related Ansible artifacts that can be reused in playbooks and represent a single behavior
      • The predefined directory structure supports tasks, handlers, templates, files, variables, defaults, dependencies, and custom stuff (modules, module_utils, other types of plugins)
  • Ideally, actions are idempotent, so running them twice is OK
  • Have a local hosts file acting as the inventory
  • Declare dependencies like with a requirements.yml 
$ cat requirements.yml 
roles:
- name: geerlingguy.docker
  • Roles might not work if the user does not have proper permissions (for example if they install new packages)
  • By default, --become does not really "become" another user: it is a boolean switch to use sudo
    • To ask for the password, pass -K
  • Example playbook to install Docker on some hosts using the aforementioned role: 
$ cat playbooks/main.yml 
- hosts: webservers
  roles:
    - geerlingguy.docker
  • To run it: ansible-playbook -i hosts -bK playbooks/main.yml
  • A richer example based on the docs:
    • With become: true in the play you don't need -b (-K however is still needed to request the password)
    • But why do I need the YAML front matter ---
    • And what if I want to have both roles and tasks in a single play
---
- name: Docker installed
  hosts: webservers
  become: true
  roles:
    - geerlingguy.docker
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment