Ansible in practice

Recommended tutorial

• Ansible: Up and running, 2nd Edition

Recommended development environment

Optimize ansible setting

configuration of ansible.cfg file:

# ansible.cfg
[defaults]
gathering = smart
# 24-hour timeout, adjust if needed
fact_caching_timeout = 86400

# Specify a fact caching implementation to accelerate fact gathering speed
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible_fact_cache

# If not defined, no log file is genreated, all the output goes to stdout
# log_path=/path/to/logfile

# If you are using slack as communication tool, then try slack callback plugin
# If you are interested in how long each task takes, try profile_tasks plugin
callback_whitelist = slack, profile_tasks

# I found debug mode is much better than the default stdout_callback plugin
stdout_callback = debug

Note: You can specify the log_path if you want to write the output to log file.

Before the slack callback plugin can work, you need to install prettytable in control machine using:

$ pip install prettytable

Then set the SLACK_WEBHOOK_URL environment variable using:

$ export SLACK_WEBHOOK_URL=xxx

Note: You need to manually set up the slack app and enable web_hook to get the webhook_url, or you can configure it in the ini file directly, see https://docs.ansible.com/ansible/latest/plugins/callback/slack.html

Mount windows share folder if necessary

Because ansible does not support windows machine as control machine, if you are developing in windows, you can share your local folder on windows and then mount it in the Linux control machine, the mount command will be like:

$ sudo mkdir /mnt/dev -p
$ sudo mount -t cifs -o username=,uid=,gid= /// /mnt/dev

Access remote host without requiring a password for each login

GENERATE AN SSH KEY

On your ansible control machine, run following command to generate an SSH key (one-time job):

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ylo/.ssh/id_rsa): mykey
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in mykey.
Your public key has been saved in mykey.pub.
The key fingerprint is:
SHA256:GKW7yzA1J1qkr1Cr9MhUwAbHbF2NrIPEgZXeOUOz3Us ylo@klar
The key's randomart image is:
+---[RSA 2048]----+
|.*++ o.o.        |
|.+B + oo.        |
| +++ *+.         |
| .o.Oo.+E        |
|    ++B.S.       |
|   o * =.        |
|  + = o          |
| + = = .         |
|  + o o          |
+----[SHA256]-----+
#

Creating a key pair (public key and private key) only takes a minute. The key files are usually stored in the ~/.ssh directory.

COPY THE KEY TO A SERVER

Use a command like the following to copy SSH key:

$ ssh-copy-id -i ~/.ssh/mykey user@host

This logs into the server host, and copies keys to the server, and configures them to grant access by adding them to the authorized_keys file. The copying may ask for a password or other authentication for the server.

Some other tips

Run task locally

Sometimes, you will want to run some module locally on your control machine as they would required certain python package being installed for the execution machine, thus you can use delegate_to clause to avoid install unnecessary package everywhere, for example:

- name: install pymysql to use mysql_db module
  pip: pymysql
  delegate_to: localhost
- name: create a new database with name "test"
  mysql_db:
    database: demo
    state: present
  delegate_to: localhost

Get prompt when variable is not defined

Sometimes, you would want to get prompt when certain variable is not defined, you may then use vars_prompt, for example:

---
- name: test_prompt_variable
  hosts: localhost
  vars_prompt:
    - name: build_number
      prompt: input the build number
      private: no
      when: build_number is not defined
      default: 1.1.0
  roles:
    - database