Skip to content

Instantly share code, notes, and snippets.

@docdyhr
Last active April 13, 2021 15:54
Show Gist options
  • Save docdyhr/65ca2c5d30ac408bfaa75b87ad6f1669 to your computer and use it in GitHub Desktop.
Save docdyhr/65ca2c5d30ac408bfaa75b87ad6f1669 to your computer and use it in GitHub Desktop.
Notes, snippets and one-liners from the Ansible 101 YouTube series based on Jeff Geerling's book Ansible for DevOps

Ansible 101

References:
Ansible 101
Ansible for DevOps Examples
Book:
Ansible for DevOps by Jeff Geerling
Ressources:
Jeff Geerling's Ansible Content
Blog | Jeff Geerling

Prerequisites

Tools

ansible
python
vagrant
virtualbox

Common Files

Vagrant
playbook.yml
ansible.cfg

Chapter 2) Ansible and Vagrant

Vagrant setup

vagrant init
subl Vagrantfile
config.vm.box = "geerlingguy/centos7"
vagrant up --provider=virtualbox
vagrant ssh-config
vagrant ssh / ssh vagrant@localhost:2222

Run playbook

ansible-playbook playbook.yaml
vagrant provision

Clean Up

vagrant status
vagrant halt
vagrant destroy

Chapter 3) Ad-Hoc Commands

ansible multi -a "hostname"
ansible multi -a "hostname" -f 1 # -f 1 run in order with only 1 fork from ansible
ansible multi -a "df -h"
ansible multi -a "free -m"
ansible multi -a "date" -o # -o show results on one line. ansible multi -b -m yum -a "name=chrony state=present" # chrony is a ntpd like server. ansible multi -b -m service -a "name=chronyd state=started enabled=yes"
ansible multi -m shell -a "date" -o
ansible multi -b -a "chronyc tracking" # time sync

Configure the Database servers

ansible app -b -m yum -a "name=python3-pip state=present"
ansible app -b -m pip -a "name=django<4 state=present"
ansible app -a "python -m django --version"

ansible db -b -m yum -a "name=mariadb-server state=present"
ansible db -b -m service -a "name=mariadb state=started enabled=yes"

Firewall

ansible db -b -m yum -a "name=firewalld state=present"
ansible db -b -m service -a "name=firewalld state=started enabled=yes"
ansible db -b -m firewalld -a "zone=database state=present permanent=yes"
ansible db -b -m firewalld -a "source=192.168.60.0/24 zone=database state=enabled permanent=yes"
ansible db -b -m firewalld -a "port=3306/tcp zone=database state=enabled permanent=yes"

ansible db -b -m yum -a "name=python3-PyMySQL state=present"
ansible db -b -m mysql_user -a "name=django host=% password=12345 priv=.:ALL state=present"

Recap

ansible app -b -a "systemctl status chronyd"
ansible app -b -a "service chronyd restart" --limit "192.168.60.4"
ansible app -b -a "service ntpd restart" --limit ".4" # ip ending on .4
ansible app -b -a "service ntpd restart" --limit ~".
.4" # regex search)

Manage users and groups

ansible app -b -m group -a "name=admin state=present"
ansible app -b -m user -a "name=johndoe group=admin createhome=yes"
ansible app -b -m user -a "name=johndoe state=absent remove=yes"

Manage packages

ansible app -b -m package -a "name=git state=present"

Manage files and directories

ansible multi -m stat -a "path=/etc/environment" # exists
ansible multi -m copy -a "src=/etc/hosts dest=/tmp/hosts" # copy
ansible multi -b -m fetch -a "src=/etc/hosts dest=/tmp" # fetch
ansible multi -m file -a "dest=/tmp/test mode=644 state=directory" # chmod
ansible multi -m file -a "src=/src/file dest=/dest/symlink state=link" # symbolic link
ansible multi -m file -a "dest=/tmp/test state=absent" # delete file

Update servers asynchronously with asynchronous jobs

ansible multi -b -B 3600 -P 0 -a "yum -y update"

Check log files

ansible multi -b -a "tail /var/log/messages"

Manage cron jobs

ansible multi -b -m cron -a "name='daily-cron-all-servers' hour=4 job='/path/to/daily-script.sh'" # create job
ansible multi -b -m cron -a "name='daily-cron-all-servers' state=absent" # remove job
ansible multi -b -a 'crontab -l'

Deploy a version-controlled application

ansible app -b -m package -a "name=git state=present"
ansible app -b -m git -a "repo=git://example.com/path/to/repo.git dest=/opt/myapp update=yes version=1.2.4"

Notes

Easy reading with ansible ad-hoc commands
(Easy reading of results: Use Ansible's YAML callback plugin for a better CLI experience

ansible.cfg

[Defaults]
# Use the YAML callback plugin.
stdout_callback = yaml  
# Use the stdout_callback when running ad-hoc commands.
bin_ansible_callbacks = True 

Ansible Tunning

ANSIBLE_PIPELINING

Pipelining, if supported by the connection plugin, reduces the number of network operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfer. This can result in a very significant performance improvement when enabled. However this conflicts with privilege escalation (become).For example, when using ‘sudo:’ operations you must first disable ‘requiretty’ in /etc/sudoers on all managed hosts, which is why it is disabled by default. This option is disabled if ANSIBLE_KEEP_REMOTE_FILES is enabled.

ansible.cfg

[ssh_connection]
pipelining = True

Chapter 4) Ansible Playbooks

ansible-playbook playbook.yml --limit xyz.example.com # limit to host xzy...
ansible-playbook playbook.yml --list-hosts # check hosts
ansible-playbook playbook.yml --user=johndoe
ansible-playbook playbook.yml --become --become-user=janedoe --ask-become-pass

Ansible-playbook options

--inventory=PATH (-i PATH): Define a custom inventory file. --verbose (-v): Verbose mode -vvvv to give every minute detail.
--extra-vars=VARS (-e VARS): Define variables to be used in the playbook, in "key=value,key=value" format.
--forks=NUM (-f NUM): Number for forks (integer)
--connection=TYPE (-c TYPE): ssh or local..
--check: Run the playbook in Check Mode (‘Dry Run’); all tasks defined in the playbook will be checked against all hosts, but none will actually be run.

Notes

Ansible playbooks. All the examples in this chapter are in the Ansible for DevOps Examples

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment