Ansible
------------------------------------------------------------------------------------------------------------
Playbook Format
------------------------------------------------------------------------------------------------------------
- name: play1
hosts: class
become: true
tasks:
- name: Adding user
user:
name: ansible
comment: "GECOS VALUE"
groups: wheel
password:changeme
generate_ssh_key: yes
createhome: yes
tags:
- useradd
- name: Deleting user
user:
name: ansible
state: absent
tags:
- userdel
------------------------------------------------------------------------------------------------------------------------
Basic Commands
------------------------------------------------------------------------------------------------------------------------
Running ansible playbook
# ansible-playbook playbook.yml
Running commands using ssh and sudo password
# ansible-playbook user.yaml -u username --ask-pass --ask-su-pass
Dry run
ansible-playbook -C user.yaml
Syntax Check
# ansible-playbook --syntax-check user.yaml
To enter encrypted password in palybbok
# openssl passwd -1 "plaintextpassword"
To set password of vault:
# ansible-vault encrypt playbook.yml
To edit encrypted yml file:
# ansible-vault edit playbook.yml
To decrypt password:
# ansible-vault decrypt playbook.yml
To run encrypted playbook:
# ansible-vault playbook.yml --ask-vault-pass
To run playbook using tags:
# ansible-playbook playbook.yml --tags tag-name
Creating roles
# ansible-galaxy init users
-----------------------------------------------------------------------------------------------------------------------------
Roles directory structure
-----------------------------------------------------------------------------------------------------------------------------
defaults: default variables used by a role
vars: vars and defaults house variables, but variables in vars have a higher priority
files: where you put files that need to be added to the machine being provisioned
handlers: contain targets for notify directives, and are almost always associated with services
meta: metadata of an Ansible role consists of attributes such as author, supported platforms, and dependencies
tasks: houses a series of Ansible plays to install, configure, and run software
templates: similar to files except that templates support modification as they’re added to the machine being provisioned
-----------------------------------------------------------------------------------------------------------------------------
Configuration file
-----------------------------------------------------------------------------------------------------------------------------
[defaults]
inventory=/home/ansible/inventory -- location of inventory file
remote_user=username -- User used to execute tasks
forks=5 -- Tasks will be executed on 5 hosts in parallel
[priviledge_escalation]
become=True -- To activate priviledges escalation
become_method=sudo -- Method used for root priviledges
become_ask_pass=True -- Ask for sudo password
become_user=username -- the user you become, NOT the user you login as
-----------------------------------------------------------------------------------------------------------------------------
delegate_to keyword
-----------------------------------------------------------------------------------------------------------------------------
If you want to perform a task on one host with reference to other hosts
- name: take out of load balancer pool
command: /usr/bin/take_out_of_pool {{ inventory_hostname }}
delegate_to: 127.0.0.1
-----------------------------------------------------------------------------------------------------------------------------
Register variable
-----------------------------------------------------------------------------------------------------------------------------
It will store the output in variable and we can use output later
- name: Ansible register with_items example
shell: "find *.txt"
args:
chdir: "/Users/mdtutorials2/Documents/Ansible"
register: with_output
- shell: "cp {{ item }} {{item}}_bkp"
with_items:
- "{{ with_output.stdout_lines }}"
- name: User creation and deletion evidence
shell: "echo On {{inventory_hostname}} && getent passwd testing"
tags:
- evidence
register: output
- name: local file
copy:
content: "{{ output.stdout }}"
dest: "evidence.txt"
delegate_to: localhost
tags:
- fetch
-----------------------------------------------------------------------------------------------------------------------------
Command Line options
-----------------------------------------------------------------------------------------------------------------------------
--ask-su-pass
ask for su password (deprecated, use become)
--ask-sudo-pass
ask for sudo password (deprecated, use become)
--ask-vault-pass
ask for vault password
--become-method <BECOME_METHOD>
privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | pmrun | enable ]
--become-user <BECOME_USER>
run operations as this user (default=root)
--list-hosts
outputs a list of matching hosts; does not execute anything else
--playbook-dir <BASEDIR>
Since this tool does not use playbooks, use this as a subsitute playbook directory.This sets the relative path for many features including roles/ group_vars/ etc.
--syntax-check
perform a syntax check on the playbook, but do not execute it
-C, --check
don’t make any changes; instead, try to predict some of the changes that may occur
-K, --ask-become-pass
ask for privilege escalation password
-f <FORKS>, --forks <FORKS>
specify number of parallel processes to use (default=5)
-i, --inventory, --inventory-file
specify inventory host path or comma separated host list. –inventory-file is deprecated
-k, --ask-pass
ask for connection password
-t <TREE>, --tree <TREE>
log output to this directory
run_once: true -- means to run the task for exactly one host in the list of hosts.
-----------------------------------------------------------------------------------------------------------------------------------
Modules
------------------------------------------------------------------------------------------------------------------------------------
yum:
name: "httpd", "*", "@Development tools"
state: present, absent, latest
security: yes
enablerepo: "epel,ol7_latest"
disablerepo: "epel,ol7_latest"
update_cache: yes, no
exclude: kernel*,foo*
apt:
name: foo, "*"
update_cache: yes
state: present, absent, latest
upgrade: dist
autoclean: yes
autoremove: yes
user:
name: johnd
comment: John Doe
uid: 1040
group: admin
shell: /bin/bash
groups: admins,developers
append: yes
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
expires: 1422403387
state: absent, present
update_password: on_create
lvol:
vg: firefly
lv: test
size: 512, 100%FREE, +100%FREE, 80%VG
pvs: /dev/sda,/dev/sdb
resizefs: true
state: absent
force: yes
snapshot: snap1
#!/bin/sh
free -m | awk 'NR==2{printf "Memory Usage: %s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2 }'
df -h | awk '$NF=="/"{printf "Disk Usage: %d/%dGB (%s)\n", $3,$2,$5}'
top -bn1 | grep load | awk '{printf "CPU Load: %.2f\n", $(NF-2)}'
setup variables:
"ansible_system_vendor": "VMware, Inc.",
"ansible_swapfree_mb": 1999,
"ansible_swaptotal_mb": 1999,
"ansible_system": "Linux",
"ansible_processor_cores": 1,
"ansible_processor_count": 1,
"ansible_processor_threads_per_core": 1,
"ansible_nodename": "mbunixlmc801",
"ansible_os_family": "Debian",
"ansible_memtotal_mb": 2000,
"ansible_mounts":
"ansible_memfree_mb": 924,
"ansible_memory_mb":
"ansible_lsb":
"ansible_kernel":
"ansible_fqdn": "mbunixlmc801.ucsfmedicalcenter.org",
"ansible_hostname": "mbunixlmc801",
"ansible_interfaces":
"ansible_domain": "ucsfmedicalcenter.org",
"ansible_distribution": "Ubuntu",
"ansible_distribution_version": "16.04",
"ansible_dns":
"ansible_devices.sda.partitions":
"ansible_default_ipv4":
"ansible_bios_date": "09/21/2015",
"ansible_bios_version": "6.00",
Thursday, 31 May 2018
Ansible Cheat Sheet
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment