Ansible Cheatsheet

Summary based on Ansible Tutorial

Basic

• default inventory file:

/etc/ansible/hosts

• ping server (test connection)

ansible -m ping localhost
ansible -m ping test-ansible
ansible -m ping all
ansible test-ansible -m ping -s -k -u vagrant

• m ping: Use the "ping" module, which simply runs the ping command and returns the results
• s: Use "sudo" to run the commands
• k: Ask for a password rather than use key-based authentication
• u vagrant: Log into servers using user vagrant

Module

• Ansible modules ensure indempotence - we can run the same Tasks over and over without affecting the final result.

ansible all -s -m shell -a 'apt-get install nginx'

• For installing software on Debian/Ubuntu servers, the "apt" module will run the same command, but ensure idempotence.

ansible all -s -m apt -a 'pkg=nginx state=installed update_cache=true'

---

Playbook

Sample playbook:

---
- hosts: local
  vars:
   - docroot: /var/www/serversforhackers.com/public
  tasks:
   - name: Add Nginx Repository
     apt_repository: repo='ppa:nginx/stable' state=present
     register: ppastable

   - name: Install Nginx
     apt: pkg=nginx state=installed update_cache=true
     when: ppastable|success
     register: nginxinstalled
     notify:
      - Start Nginx

   - name: Create Web Root
     when: nginxinstalled|success
     file: dest={{ '{{' }} docroot {{ '}}' }} mode=775 state=directory owner=www-data group=www-data
     notify:
      - Reload Nginx

  handlers:
   - name: Start Nginx
     service: name=nginx state=started

    - name: Reload Nginx
      service: name=nginx state=reloaded

• Ansible debug

# Example that prints the loopback address and gateway for each host
- debug: msg="System {{ inventory_hostname }} has uuid {{ ansible_product_uuid }}"

- debug: msg="System {{ inventory_hostname }} has gateway {{ ansible_default_ipv4.gateway }}"
  when: ansible_default_ipv4.gateway is defined

- shell: /usr/bin/uptime
  register: result

- debug: var=result verbosity=2

- name: Display all variables/facts known for a host
  debug: var=hostvars[inventory_hostname] verbosity=4

• Task
• Register
• Handler
• Variable
• Hosts

We can run the playbook like this:

ansible-playbook -s nginx.yml

Or, as I ran on my Vagrant machine:

ansible-playbook -s -k -u vagrant nginx.yml

---

Ansible and AWS integration

https://www.ansible.com/aws
http://docs.ansible.com/ansible/guide_aws.html

Ansible server communication setting

• Ansible use ssh to communicate with server. Before trying Ansible ping, we should first make sure we can ssh into server.
• For AWS, that means setup configure file in .ssh/config, .aws/credentials, .aws/config, and have correct .pem key.
• Inventory file (default to be /etc/ansible/hosts)

[test-ansible]
test-ansible-1
test-ansible-2
test-ansible-3

[local]
127.0.0.1

• Test ansible can connect to inventory server:

ansible -m ping test-ansible
ansible all -m ping # ping all machine on default inventory

---

Ansible Galaxy and Role

https://galaxy.ansible.com/intro#download
http://docs.ansible.com/ansible/galaxy.html#list-installed-roles (better)

目录名同角色名
目录结构固定：
files静态文件
templates jinjia2模板文件
tasks 至少有main.yml文件，定义各tasks
handlers至少有main.yml文件，定义各handlers
vars至少有main.yml文件，定义变量
meta定义依赖关系等信息

Download Roles

$ ansible-galaxy install username.rolename

Download multiple Roles

$ ansible-galaxy install -r install_roles.yml

You can specify a particular directory where you want the downloaded roles to be placed:

$ ansible-galaxy install username.role -p ~/Code/ansible_roles/

List installed Roles

ansible-galaxy list

Search for Roles

ansible-galaxy search elasticsearch --author geerlingguy

# install_roles.yml

# from galaxy
- src: yatesr.timezone

# from github
- src: https://github.com/bennojoy/nginx

# from github installing to a relative path
- src: https://github.com/bennojoy/nginx
  path: vagrant/roles/

# from github, overriding the name and specifying a specific tag
- src: https://github.com/bennojoy/nginx
  version: master
  name: nginx_role

Create a Role

$ ansible-galaxy init role_name

This creates the directory structure needed for organizing your code:

README.md
.travis.yml
defaults/
    main.yml
files/
handlers/
    main.yml
meta/
    main.yml
templates/
tests/
    inventory
    test.yml
vars/
    main.yml

---

Components for Ansible Role

ReadMe file

# README.md
# Ansible Role: Acme 2.x

An Ansible role that installs Acme 2.x on Centos 7.x

## Requirements
If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`.

## Role Variables
Available variables are listed below, along with default values:

    acme_listen_port: 80
    acme_listen_port_ssl: 443

## Dependencies
- username.iptables - configure the firewall and block all ports except those needed for the web server and ssh access.
- username.common - perform common server configuration

## Example Playbook

    - hosts: webservers
      roles:
        - { role: username.acme }

## License

MIT

Variable

• Q: where to put these ??

为了方便让playbooks配置使用。

[Hvariables]

host1 http_port=80
host2 http_port=8080

定义组变量：

组变量作用于组的所有成员

[Gvariable]
host1
host2
[Gvariable:vars]
ftp_server = ftp.fuchao.com
web_server = www.fuchao.com

Inventory

The “inventory” is a configuration file where you define the host information. In the above /etc/ansible/hosts example, we declared two servers under test-hosts.

[webservers]
www[01:50].example.com
[databases]
db-[a:f].example.com

• 主机变量
  可以在inventory中定义主机时为其添加主机变量以便于在playbook中使用。例如

[webservers]
www1.magedu.com http_port=80 maxRequestsPerChild=808
www2.magedu.com http_port=303 maxRequestsPerChild=909

• 组变量
  组变量是指赋予给指定组内所有主机上的在playbook中可用的变量。例如

[webservers]
www1.magedu.com
www2.magedu.com
 
[webservers:vars]
ntp_server=ntp.magedu.com
nfs_server=nfs.magedu.com

• 组嵌套
  inventory中组还可以包含其它的组并且也可以向组中的主机指定变量。不过这些变量只能在ansible-playbook中使用而ansible不支持。例如

[apache]
httpd1.magedu.com
httpd2.magedu.com
 
[nginx]
ngx1.magedu.com
ngx2.magedu.com
 
[webservers:children]
apache
nginx
 
[webservers:vars]
ntp_server=ntp.magedu.com

• ansible parameters
  ansible_ssh_host # 要连接的主机名
  ansible_ssh_port # 端口号默认是22
  ansible_ssh_user # ssh连接时默认使用的用户名
  ansible_ssh_pass # ssh连接时的密码
  ansible_sudo_pass # 使用sudo连接用户是的密码
  ansible_ssh_private_key_file # 秘钥文件如果不想使用ssh-agent管理时可以使用此选项
  ansible_shell_type # shell的类型默认sh