Scribd Logo
Upload

Welcome to Scribd!

  • 2018 Summit - Ansible Tips & Tricks Handout (Letter)

    Uploaded by

    Diego Marado
    22 views2 pages

    Original Title

    2018 Summit - Ansible Tips & Tricks Handout (letter)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views2 pages

    2018 Summit - Ansible Tips & Tricks Handout (Letter)

    Uploaded by

    Diego Marado

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    AUTOMATION IS CODE - USE GIT  STRUCTURE YOUR CONTENT - LAYOUT 

    Treat your Ansible content like code  site.yml ​# master playbook


    Version control​ your Ansible content  webservers.yml ​# playbook web tier
    Start:​ ​basic playbook​ and ​static inventory  deployonce.yml ​# single shot
    Refactor​ and m ​ odularize​ later  inventories/ 
    ​production/ ​# different stages
    Start with one Git repo, use multiple later!  hosts ​# inventory file
    Start​ with​ one Git​ repository, in the long run:  ​group_vars/
    host_vars/
    One​ Git ​repository​ per role 
    london/ ​# alternative group
    Dedicated​ ​repositories​ for completely  roles/
    separated ​teams / tasks  requirements.yml # includes roles
    common/​ # base line
    GROUPING 
    webtier/ 
    Group hosts for easier inventory selection 
    and less conditional tasks. THE RIGHT TOOLS - FOR THE RIGHT JOB 
    Don’t just start services -- use smoke tests  
    [db] [eastwest:children]
    db[1:4] east - ​name:​ check for proper response
    west ​uri:
    [web]
    ​url:​ http://localhost/myapp
    web[1:4] [eastwest:vars]
    ​return_content:​ yes
    some_groupvar=value
    [east] ​register:​ result
    db1 [dev] ​until:​ '"Hello" in result.content'
    web1 db2 ​retries:​ ​10
    db3 web2 ​delay:​ ​1

    [west] [prod] When using command or shell module: 


    db2 db3
    web2 web3 Use arguments to c ​ heck​ for c
    ​ ertain conditions 
     
    - so the “​changed​” state is shown properly: 
    FORMATTING  - ​name:​ command removes a file
    ​command: ​rm /somedir/somefile
    YAML: Only spaces and correct indentation  ​args:
    Add this line to ​~/.vimrc​:  ​removes:​ /somedir/somefile
    - ​name:​ command creates a file
    autocmd FileType yaml setlocal ai ts=2 ⏎
    ​command: ​touch /somedir/someotherfile
    sw=2 et
    ​args:
    ​creates:​ /somedir/someotherfile
    CONFIGURATION  - ​name:​ command echoes the change
    ​shell: ​echo something has changed
    Ansible configuration files search order:  ​register:​ cmd_var
    ​changed_when:​ "'has changed' in ⏎
    $ANSIBLE_CONFIG (environment variable) cmd_var.stdout"
    ./ansible.cfg (current directory)
    ~/.ansible.cfg (home directory) Mark Ansible-managed files 
    /etc/ansible/ansible.cfg (global) {{ ansible_managed | comment }}
    ROLES - GALAXIES   

    Roles enable you to encapsulate your  Debugging tasks can clutter the output, use 
    operations.  verbosity 
    Keep​ roles ​purpose​ and f​ unction​ focused  ​ ame: ​Output debug message
    -​ n
    Store​ roles in ​dedicated​ Git repos  debug:
    ​msg:​ ​"This always displays"
    Include​ roles via ​roles/requirements.yml  
    Limit​ role d
    ​ ependencies  ​ ame: ​Output higher debug message
    -​ n
    Use ​defaults​ and ​variables​ with ​prefix​ to avoid  debug:
    collisions in the namespace of Ansible:  ​ ​msg:​ ​"ansible-playbook -vv"
    ​verbosity:​ ​2
    apache_max_keepalive: ​25
     
    apache_port: ​80 TEMPLATING 
    tomcat_port: ​8080
      Use Jinja2 templating but don’t get too crazy  
    Create a stub for a new role 
    Non-FQDN hostname: ​{{ ansible_hostname }}
    To start a new role: 
    Other hosts variable:
    $ mkdir -p roles && cd roles {{​ ​hostvars['host2.example.com'] ⏎
    $ ansible-galaxy init --offline ⏎ ['ansible_default_ipv4']['address'] }}
    my_role_name
      Loop over all hosts in group webserver:
    ACCESS RIGHTS  {% for host in groups['webserver'] %}
    - {{ hostvars[host]['inventory_hostname'] }}
    Root access is harder to track than sudo - use  {% endfor %}
    sudo wherever possible 
    Print mem free only for host1
    Ansible​ can be run as ​root​ but l​ ogin​ or ​security 
    {% if ansible_hostname | match('host1') %}
    policies often ​request non-root 
    host1 MEM:​ ​{{ ansible_memfree_mb }}
    Use ​become​ method - so Ansible scripts are  {% endif %}
    executed​ via s​ udo 
    External data lookup:
    Best​: create an A
    ​ nsible only user 
    {{ lookup('dig', 'redhat.com./MX') }}
    Don’t limit sudo​ rights to commands - Ansible  {{ lookup('url', 'http://dom.tld/mykey') }}
    does n
    ​ ot work​ that way! 
    NEED MORE? GO HERE! 
    DEBUGGING 
    The latest docs and the blog 
    Keep the code on the target machine 
    http://docs.ansible.com/ansible/latest 
    Tell Ansible to keep files on managed nodes: 
    https://www.ansible.com/blog  
    $ ANSIBLE_KEEP_REMOTE_FILES=1 ⏎
    ansible target-node -m yum ⏎
    -a "name=httpd state=absent"
    Execute on the managed node: 
    $ /bin/sh -c 'sudo -u $SUDO_USER ⏎  
    /bin/sh -c "/usr/bin/python ⏎
    /home/xy/.ansible/tmp/.." FAQ & Best Practices 

    Print variables from Playbook 


    - ​name:​ ​get variables
    ​debug:
    ​var:​ ​hostvars[inventory_hostname]
     
    Print list of all a
    ​ nsible_​ facts ad hoc 
    $ ansible -m setup hostname

    You might also like