“Ansible: Setup, Configure, and Ad Hoc Commands Deep Dive” study note

The course focuses on ad hoc commands of Ansible

about Ansible

ansible is run a task against a single host ansible-playbook is running a set of tasks against a single or a groups of hosts

##how to setup ansible default inventory file: /etc/ansible/hosts

it’s recommended to add a new user for ansible. Besides security considerations, systems may not share the same user name in default. this makes login with ansible with tedious work.

try to ssh to the hosts manually for the first time before using ansible against them, if no ssh key file is used.

configuring ssh and sudo for ansible

config user for ansible on hosts

useradd ansible
passwd ansible
  1. ssh to the hosts after adding new users to save ssh keys
  2. or (recommended) ssh-copy-id to copy remote keys to local.

on server, first generate key files by ssh-keygen then use ssh-copy-id <managed host> on the server to copy id to the server

escalate privilege on remote hosts

-K can be used to specify sudo password on remote system when privilege escalation is needed (-b). It can be quite challenging when running ansible against multiple systems

edit /etc/sudoers and add ansible for running ansible without a password or a predefined password across all machines.

add the following line in the /etc/sudoers to enable it.:

ansible ALL=(ALL)   NOPASSWD: ALL

Ansible configuration file

the default config file is located at /etc/ansible/ansible.cfg

or a command ansible-config can be used to show the current config

there can be multiple config files and ansible only use the first config found and ignores the rest. the search path follows:

  1. ANSIBLE_CONFIG (environment variable)
  2. ansible.cfg (in current directory)
  3. ~/.ansible.cfg (in home folder)
  4. /etc/ansible/ansible.cfg

setting up ansible inventory

the inventory is a list of hosts that Ansible manages, which is in /etc/ansible/hosts

similar to the config file, there can be more than one host files, the search order follows:

  1. default inventory file (/etc/ansible/hosts)
  2. specified by CLI (ansible -i <filename>)
  3. config in ansible.cfg

note that, ansible.cfg is the ansible configuration file whose search order has been mentioned in the pervious section.

in the inventory file, multiple hosts can be grouped like

[group1]
host1
host2
...

then the group name can be used to specify hosts: ansible -m ping -i inventory group1

ansible command

understanding ansible modules

The Shell and Command Modules

shell module is the default module for ansible, so the -m can be omitted for running any shell command and only -a is needed to specify the actual command to run

collecting system information

setup module is used for collecitng facts from hosts

working with the file and copy modules

file is used to create, delete, modify file properties

copy is used to copy files from:

  • control node to targets
  • files on the targets
  • content created by copy module to target (= create a file with specified content) (don’t recommended personally)

editing file contents with the lineinfile module

lineinfile append, insert, delete a line of a file

==Why don’t we prepare the what content we want beforehand instead of dynamically editing a file?==

replace provides more granular changes using RE

downloading files with get_url module

supported protocols: HTTPS, HTTP, FTP

important arguments:

  • url
  • dest. absolute path ONLY
  • use_proxy
  • url_username, url_password

working with file archives

archive and unarchive are for archive files (compress and uncompress)

creating system users with the user module

important arguments:

  • append. if yes, add the user to the groups specified; if no, add the user to the groups specified and remove it from all other groups

working with the group module

similar to the user module

installing software

yum and apt are used on specific distribution

package will automatically detect host distribution, which is recommended

control daemons with the service module

important arguments:

  • name
  • state. started,
  • enabled

managing long-running commands

  • -B provide timeout and initiate the operation. Fail if the timeout exceeded.
  • -P polling of the operation on a set interval. -P 0 means to disable reporting
  • async_status is used to check status. useful in playbooks, not ad-hoc command

Parallelism in Ansible

fork is used to specify how many hosts are targeted at the same time.

default is 5, use -f or --fork to change specify the number, or change it in the ansible.cfg file