Difference between revisions of "Ansible"

From Freephile Wiki
Jump to navigation Jump to search
(11 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
== Installation ==
 
== Installation ==
 
The preferred way to [http://docs.ansible.com/intro_installation.html install] is to just <code>git clone</code> the source.  Having the source makes it easy to upgrade, and it's self-contained, plus best of all you get all the examples and contribs.   
 
The preferred way to [http://docs.ansible.com/intro_installation.html install] is to just <code>git clone</code> the source.  Having the source makes it easy to upgrade, and it's self-contained, plus best of all you get all the examples and contribs.   
 +
 +
<source lang="bash">
 +
cd
 +
mkdir ~/bin
 +
cd bin
 +
git clone git://github.com/ansible/ansible.git --recursive
 +
cd ./ansible
 +
source ./hacking/env-setup
 +
</source>
 +
 
If you see this error message:  
 
If you see this error message:  
 
<pre>
 
<pre>
Line 27: Line 37:
 
=== Initialize a Project ===
 
=== Initialize a Project ===
 
'''Ansible Galaxy''' If you want to do a new project, you can use the <code>ansible-galaxy foo init</code> command which will create the directory and file structure for 'foo' in the current working directory.
 
'''Ansible Galaxy''' If you want to do a new project, you can use the <code>ansible-galaxy foo init</code> command which will create the directory and file structure for 'foo' in the current working directory.
 +
 +
Also, if you want to install other Ansible Galaxy projects, you can either do it "manually" <code> ansible-galaxy install -r </code> Or, setup a 'requirements.yml' file in your playbook that then gets run by your stack. <ref>https://stackoverflow.com/questions/25230376/how-to-automatically-install-ansible-galaxy-roles</ref> <code>ansible-galaxy [delete|import|info|init|install|list|login|remove|search|setup] [--help] [options]</code>
  
 
== Modules ==
 
== Modules ==
 
Ansible comes with [https://docs.ansible.com/ansible/modules_by_category.html over 200 modules] that you should get familiar with in order to use the system effectively.
 
Ansible comes with [https://docs.ansible.com/ansible/modules_by_category.html over 200 modules] that you should get familiar with in order to use the system effectively.
  
 +
There are a bunch of modules in Ansible, like the [https://docs.ansible.com/ansible/mysql_db_module.html MySQL module], the [https://docs.ansible.com/ansible/monit_module.html Monit module], or the [https://docs.ansible.com/ansible/file_module.html File module] and other interesting modules like jabber, mail, sendgrid, dpkg_selections, composer, yum, redhat_subscription, [https://github.com/ansible/ansible-modules-core/blob/devel/cloud/digital_ocean/digital_ocean.py digital ocean], the [https://docs.ansible.com/ansible/authorized_key_module.html authorized_key module] for working with SSH keys, and a whole section of [https://docs.ansible.com/ansible/list_of_system_modules.html system modules].
  
There are a bunch of modules in Ansible, like the [https://docs.ansible.com/ansible/mysql_db_module.html MySQL module], the [https://docs.ansible.com/ansible/monit_module.html Monit module], or the [https://docs.ansible.com/ansible/file_module.html File module] and other interesting modules like jabber, mail, sendgrid, dpkg_selections, composer, yum, redhat_subscription, the [https://docs.ansible.com/ansible/authorized_key_module.html authorized_key module] for working with SSH keys, and a whole section of [https://docs.ansible.com/ansible/list_of_system_modules.html system modules].
+
You can use the '''command module''' (secure but simple) or the '''[https://docs.ansible.com/ansible/shell_module.html shell module]'''. The latter may be useful if you need to run bash explicitly (defaults to /bin/sh); or anytime you need $HOME and redirection.
 
 
  
You can use the '''command module''' (secure but simple) or the '''[https://docs.ansible.com/ansible/shell_module.html shell module]'''.  The latter may be useful if you need to run bash explicitly (defaults to /bin/sh); or anytime you need $HOME and redirection.
+
To sanitize any variables passed to the shell module, you should use <nowiki>"{{ var | quote }}" instead of just "{{ var }}"</nowiki> to make sure they don't include evil things like semicolons.
  
 
  
  
 
== Example Commands ==
 
== Example Commands ==
 
Note: control verbosity with <code>-vvvv</code>
 
Note: control verbosity with <code>-vvvv</code>
 +
# <code>ansible --help</code> display help
 +
# <code>ansible --version</code> show version info
 
# <code>ansible -c local -i ~/ansible_hosts -m ping all</code> ping all the hosts in the inventory file
 
# <code>ansible -c local -i ~/ansible_hosts -m ping all</code> ping all the hosts in the inventory file
# <code>ansible '''-m setup''' wiki.example.com</code> will show you all the ansible 'facts' (aka [[ansible_variables]]) about that host.
+
# <code>ansible '''-m setup''' wiki.example.com</code> Use the '''[https://docs.ansible.com/ansible/latest/setup_module.html setup]''' module to gather ansible 'facts' (aka [[ansible_variables]]) about that host.
 
# <code>ansible '''localhost''' -m setup -a 'gather_subset=!all'</code> or look at the localhost
 
# <code>ansible '''localhost''' -m setup -a 'gather_subset=!all'</code> or look at the localhost
 
# <code>ansible all -m setup -a '''"filter=ansible_distribution*"'''</code> use a filter action to see specific variables
 
# <code>ansible all -m setup -a '''"filter=ansible_distribution*"'''</code> use a filter action to see specific variables
Line 77: Line 90:
  
 
The array notation is preferred over the dot notation for accessing variables.
 
The array notation is preferred over the dot notation for accessing variables.
{{ ansible_eth0["ipv4"]["address"] }} over {{ ansible_eth0.ipv4.address }} because some keywords in Python would conflict
+
<nowiki>{{ ansible_eth0["ipv4"]["address"] }} over {{ ansible_eth0.ipv4.address }}</nowiki> because some keywords in Python would conflict
  
 
Reserved words:
 
Reserved words:
Line 85: Line 98:
 
* environemnt
 
* environemnt
  
'''inventory_hostname''' is the name of the hostname as configured in inventory host file.  '''ansible_hostname''' is the discovered hostname  
+
'''inventory_hostname''' is the name of the hostname as configured in Ansible's inventory host file.  '''ansible_hostname''' is the discovered hostname  
  
 
You can use a variables file to put sensitive data in a different file (one excluded from git).
 
You can use a variables file to put sensitive data in a different file (one excluded from git).
Line 108: Line 121:
 
</source>
 
</source>
 
<code>ansible-playbook release.yml --extra-vars "hosts=vipers user=starbuck"</code>
 
<code>ansible-playbook release.yml --extra-vars "hosts=vipers user=starbuck"</code>
 +
 +
Check [https://www.ansible.com/blog/ansible-performance-tuning Performance Tuning] like enabling <code>pipelining</code> which is off by default.
  
 
== Scope ==
 
== Scope ==
Line 117: Line 132:
  
 
== Ansible with Vagrant ==
 
== Ansible with Vagrant ==
https://docs.ansible.com/ansible/guide_vagrant.html
+
https://docs.ansible.com/ansible/guide_vagrant.html and [[Private:QualityBox/Vagrant]]
  
 
== Ansible with MediaWiki ==
 
== Ansible with MediaWiki ==
Line 186: Line 201:
 
* [http://jinja.pocoo.org/docs/dev/ Jinja] - the template engine for Ansible
 
* [http://jinja.pocoo.org/docs/dev/ Jinja] - the template engine for Ansible
  
 +
* [https://cheat.readthedocs.io/en/latest/ansible/index.html Dan's Cheat Sheets]
 +
{{References}}
  
 +
[[Category:Virtualization]]
 
[[Category:Configuration Management]]
 
[[Category:Configuration Management]]
 
[[Category:DevOps]]
 
[[Category:DevOps]]

Revision as of 22:08, 3 August 2020

wp:Ansible_(software) is an open-source software platform for configuring and managing computers. It combines multi-node software deployment, ad hoc task execution, and configuration management. Written in Python, it is packaged by RedHat. As of July 2016, we're using Ansible 2.2.0

Installation[edit | edit source]

The preferred way to install is to just git clone the source. Having the source makes it easy to upgrade, and it's self-contained, plus best of all you get all the examples and contribs.

cd
mkdir ~/bin
cd bin
git clone git://github.com/ansible/ansible.git --recursive
cd ./ansible
source ./hacking/env-setup

If you see this error message:

Traceback (most recent call last):
  File "/usr/local/bin/ansible-playbook", line 44, in <module>
    import ansible.constants as C
ImportError: No module named ansible.constants

Be sure to source the env-setup script

Getting Started[edit | edit source]

You must source the environment setup script to begin using Ansible (assuming you are running from a git checkout) source ~/bin/ansible/hacking/env-setup Ansible provides three main commands:

  1. ansible-playbook - to execute an Ansible playbook on the specified systems
  2. ansible - to execute an individual shell command or Ansible module on the specified systems
  3. ansible-vault - (optional) to encrypt or decrypt YAML files that Ansible uses.

Global Config[edit | edit source]

export ANSIBLE_HOST_KEY_CHECKING=False or set it in your ~/.ansible.cfg so that as you add new hosts it won't prompt you.

Also use 'ssh' instead of paramiko when doing this.

Initialize a Project[edit | edit source]

Ansible Galaxy If you want to do a new project, you can use the ansible-galaxy foo init command which will create the directory and file structure for 'foo' in the current working directory.

Also, if you want to install other Ansible Galaxy projects, you can either do it "manually" ansible-galaxy install -r Or, setup a 'requirements.yml' file in your playbook that then gets run by your stack. [1]ansible-galaxy [delete|import|info|init|install|list|login|remove|search|setup] [--help] [options]

Modules[edit | edit source]

Ansible comes with over 200 modules that you should get familiar with in order to use the system effectively.

There are a bunch of modules in Ansible, like the MySQL module, the Monit module, or the File module and other interesting modules like jabber, mail, sendgrid, dpkg_selections, composer, yum, redhat_subscription, digital ocean, the authorized_key module for working with SSH keys, and a whole section of system modules.

You can use the command module (secure but simple) or the shell module. The latter may be useful if you need to run bash explicitly (defaults to /bin/sh); or anytime you need $HOME and redirection.

To sanitize any variables passed to the shell module, you should use "{{ var | quote }}" instead of just "{{ var }}" to make sure they don't include evil things like semicolons.


Example Commands[edit | edit source]

Note: control verbosity with -vvvv

  1. ansible --help display help
  2. ansible --version show version info
  3. ansible -c local -i ~/ansible_hosts -m ping all ping all the hosts in the inventory file
  4. ansible -m setup wiki.example.com Use the setup module to gather ansible 'facts' (aka ansible_variables) about that host.
  5. ansible localhost -m setup -a 'gather_subset=!all' or look at the localhost
  6. ansible all -m setup -a "filter=ansible_distribution*" use a filter action to see specific variables
  7. ansible localhost -m setup --tree /tmp/facts store all facts in a file 'tree', based on hostname
  8. ansible -m debug -a "var=hostvars['wiki.example.com']" localhost gives you the 'ansible hostvars'
  9. ansible-playbook play1.yml play2.yml Run multiple playbooks
  10. ansible-playbook -i production webservers.yml --tags ntp --list-tasks confirm what task names would be run if I ran this command and said "just ntp tasks"
  11. ansible-playbook --list-tags launch.yml see what tags exist in my playbook (the tasks list shows more detail + the tags)
  12. ansible-playbook -i production webservers.yml --limit boston --list-hosts confirm what hostnames might be communicated with if I said "limit to boston" [2]
  13. ~/bin/ansible/contrib/inventory/digital_ocean.py --list --pretty --api-token TOKEN_HERE use the DO api to list your droplets (dynamic inventory)
  14. ansible-playbook -vvv launch.yml -l wiki.example.com --user=root -e do_name=wiki.example.com --start-at-task='remove empty wiki schema from database if it already exists' start at a particular point in the task list
  15. php -r 'var_dump(json_decode(file_get_contents("/tmp/facts/localhost"), true));' look at the json with php (or more interesting tools) With Ansible's Jinja2 filters, you can specify the output of a variable to be 'pretty' {{ some_variable | to_nice_json }}

Variables[edit | edit source]

You have 3 plays in one playbook. Will play 3 be able to reference facts registered in play 1?
facts, yes, play vars, no
vars associated to the host, persist, vars defined in the play, do not, set_facts, registered vars and gathered facts associate to the host so those do persist for the run

Playbooks[edit | edit source]

Ansible "Playbooks" use an easy and descriptive language based on YAML.

Targets[edit | edit source]

Ansible can deploy to virtualization environments and public and private cloud environments including VMWare, OpenStack, AWS, Eucalyptus Cloud, KVM, and CloudStack

Best Practices[edit | edit source]

Use tags to organize your Ansible work

Use caching (default is off) to be able to refer to host 'facts' without having to hit each host in a playbook.

Use register of variables to create more 'facts'. Results vary from module to module. Use -v to see possible values.

There is an order of precedence with playbook variables, with role defaults the lowest priority and extra vars the winner.

The array notation is preferred over the dot notation for accessing variables. {{ ansible_eth0["ipv4"]["address"] }} over {{ ansible_eth0.ipv4.address }} because some keywords in Python would conflict

Reserved words:

  • hostvars
  • group_names
  • groups
  • environemnt

inventory_hostname is the name of the hostname as configured in Ansible's inventory host file. ansible_hostname is the discovered hostname

You can use a variables file to put sensitive data in a different file (one excluded from git).

- hosts: all
  remote_user: root
  vars:
    favcolor: blue
  vars_files:
    - /vars/top_secret.yml

You can use variables on the command line (and besides key=value pairs, you can use json or yml)

---

- hosts: '{{ hosts }}'
  remote_user: '{{ user }}'

  tasks:
     - ...

ansible-playbook release.yml --extra-vars "hosts=vipers user=starbuck"

Check Performance Tuning like enabling pipelining which is off by default.

Scope[edit | edit source]

Ansible has 3 main scopes:

Global: this is set by config, environment variables and the command line Play: each play and contained structures, vars entries, include_vars, role defaults and vars. Host: variables directly associated to a host, like inventory, facts or registered task outputs

Ansible with Vagrant[edit | edit source]

https://docs.ansible.com/ansible/guide_vagrant.html and Private:QualityBox/Vagrant

Ansible with MediaWiki[edit | edit source]

https://github.com/Orain I've cloned the 'ansible-playbook'

Ansible with Drupal[edit | edit source]

  • Jeff Geerling (geerlingguy) has his code on github https://github.com/geerlingguy/drupal-vm, and also a website http://www.drupalvm.com/. He's the author of Ansible for DevOps. The only problem I see with his code is that it installs everything from his own 'roles' (individual components) via the sharing site/mechanism called Ansible Galaxy. So, for example, phpMyAdmin comes from https://github.com/geerlingguy/ansible-role-phpmyadmin This is good in that he can make his system work, but it's bad in that you're getting all your bits from him and can't tweak any of it without manually checking each role for the code and instructions behind it so you know what you can set via variables and such. I'd rather see each of these roles contained in the project, community sourced, installed via git.
geerlingguy.firewall
geerlingguy.git
geerlingguy.apache
geerlingguy.memcached
geerlingguy.mysql
geerlingguy.php
geerlingguy.php-pecl
geerlingguy.php-memcached
geerlingguy.php-mysql
geerlingguy.php-xdebug
geerlingguy.php-xhprof
geerlingguy.phpmyadmin
geerlingguy.composer
geerlingguy.drush
geerlingguy.daemonize
geerlingguy.mailhog
geerlingguy.java
geerlingguy.solr


Ansible in the cloud[edit | edit source]

Ansible has several core modules for working with various cloud providers. These include

  • OpenStack

Ansible on Fedora[edit | edit source]

The Fedora Project uses Ansible in it's Infrastructure team, and they publish their whole setup https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/README

Ansible Docs[edit | edit source]

Some of the docs pages I've visited


Ansible References[edit | edit source]

References[edit source]