Professional Documents
Culture Documents
Roles enable you to encapsulate your Debugging tasks can clutter the output, use
operations. verbosity
Keep roles purpose and f unction focused ame: Output debug message
- n
Store roles in dedicated Git repos debug:
msg: "This always displays"
Include roles via roles/requirements.yml
Limit role d
ependencies ame: Output higher debug message
- n
Use defaults and variables with prefix to avoid debug:
collisions in the namespace of Ansible: msg: "ansible-playbook -vv"
verbosity: 2
apache_max_keepalive: 25
apache_port: 80 TEMPLATING
tomcat_port: 8080
Use Jinja2 templating but don’t get too crazy
Create a stub for a new role
Non-FQDN hostname: {{ ansible_hostname }}
To start a new role:
Other hosts variable:
$ mkdir -p roles && cd roles {{ hostvars['host2.example.com'] ⏎
$ ansible-galaxy init --offline ⏎ ['ansible_default_ipv4']['address'] }}
my_role_name
Loop over all hosts in group webserver:
ACCESS RIGHTS {% for host in groups['webserver'] %}
- {{ hostvars[host]['inventory_hostname'] }}
Root access is harder to track than sudo - use {% endfor %}
sudo wherever possible
Print mem free only for host1
Ansible can be run as root but l ogin or security
{% if ansible_hostname | match('host1') %}
policies often request non-root
host1 MEM: {{ ansible_memfree_mb }}
Use become method - so Ansible scripts are {% endif %}
executed via s udo
External data lookup:
Best: create an A
nsible only user
{{ lookup('dig', 'redhat.com./MX') }}
Don’t limit sudo rights to commands - Ansible {{ lookup('url', 'http://dom.tld/mykey') }}
does n
ot work that way!
NEED MORE? GO HERE!
DEBUGGING
The latest docs and the blog
Keep the code on the target machine
http://docs.ansible.com/ansible/latest
Tell Ansible to keep files on managed nodes:
https://www.ansible.com/blog
$ ANSIBLE_KEEP_REMOTE_FILES=1 ⏎
ansible target-node -m yum ⏎
-a "name=httpd state=absent"
Execute on the managed node:
$ /bin/sh -c 'sudo -u $SUDO_USER ⏎
/bin/sh -c "/usr/bin/python ⏎
/home/xy/.ansible/tmp/.." FAQ & Best Practices