-
Notifications
You must be signed in to change notification settings - Fork 1
/
ansible.txt
126 lines (99 loc) · 3.16 KB
/
ansible.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
Ansible works by connecting to your nodes and pushing out small programs,
called "Ansible modules" to them. Ansible then executes these modules, and
removes them when finished.
ansible hosts -mmodule -aarguments options
\
command (default)
shell if you need |s and >s
The command and shell modules are the only modules that just take a list of
arguments and don’t use the key=value form.
hosts can be: qa1, *.example.com, group1:group2, ~regex...
Inventory:
/etc/ansible/hosts
[qa]
qa[1:5] ansible_user=mitko # host variable
[qa:vars] # group variables
[new_group:children]
qa
other_child
Variables outside of the inventory in YAML files:
/etc/ansible/group_vars/group1
/etc/ansible/group_vars/group2
/etc/ansible/host_vars/host1
Also with subdirs:
/etc/ansible/group_vars/group1/db_settings
/etc/ansible/group_vars/group1/cluster_settings
Useful examples:
ansible <hosts> -m copy -a 'src=/etc/hosts dest=/tmp/hosts'
ansible <hosts> -m yum -a 'name=vim-enhanced state=latest'
ansible <hosts> -m service -a 'name=httpd state=restarted'
Facts:
ansible <hosts> -m setup
Playbooks:
ansible-playbook playbook.yml options
---
- hosts: webservers # play 1
remote_user: root
tasks: # modules (idempotent)
- name: ensure apache is at the latest version
yum: name=httpd state=latest # action: yum name=httpd state=latest is deprecated
# or the equivalent:
# yum:
# name: httpd
# state: latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify: # only if /etc/httpd.conf above has changed
- restart memcached # handler name
- restart apache
# or notify: "restart web services"
handlers:
- name: restart memcached
service: name=memcached state=restarted
listen: "restart web services"
- name: restart apache
service: name=apache state=restarted
listen: "restart web services"
- hosts: databases # play 2
remote_user: root
tasks:
- name: ensure postgresql is at the latest version
yum: name=postgresql state=latest
- name: ensure that postgresql is started
service: name=postgresql state=started
Roles
roles let you automatically load related vars, files, tasks, handlers, and other Ansible artifacts based on a known file structure.
After you group your content in roles, you can easily reuse them and share them with other users.
roles are just automation around ‘include’ directives
ex: auto include roles/*/tasks/main.yml (equiv to init.pp in puppet land)
vs - include: tasks/foo.yml
ex 2:
---
- hosts: webservers
roles:
- common
- webservers
Autoload structure:
roles/
webservers/
tasks/
handlers/
library/
files/
templates/
vars/
defaults/
meta/
~/.ansible.cfg:
[defaults]
forks = 50
[ssh_connection]
# ProxyCommand related:
# fix the unreachable issue related to the sftp subsystem not being enabled
scp_if_ssh = True
jinja2
tests:
* filter - variable | filter
* test - variable is test_name # match/search/regex/truthy/falsy/all/any/directory/file/exists/failed/...
ex:
ansible localhost -m debug -a "msg={{ 'hello.world'|replace('.world','') }}"