Tohuwabohu excorcism

User Tools

Site Tools

Trace: tutorial-win-minikube gerrit puppet spring design_patterns
devops:ansible

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
devops:ansible [2018/03/19 15:43] – [Remove Old SSH Key Fingerprint] skipidardevops:ansible [2023/11/01 07:15] (current) – ↷ Page moved from camunda:devops:ansible to devops:ansible skipidar
Line 182: Line 182:
 <code> <code>
 sed -i 's/.*pipelining.*/pipelining = True/' /etc/ansible/ansible.cfg sed -i 's/.*pipelining.*/pipelining = True/' /etc/ansible/ansible.cfg
-sed -i 's/.*pipelining.*/allow_world_readable_tmpfiles = True/' /etc/ansible/ansible.cfg+sed -i 's/.*allow_world_readable_tmpfiles .*/allow_world_readable_tmpfiles = True/' /etc/ansible/ansible.cfg
 </code> </code>
  
Line 222: Line 222:
  
  
-==== Extra vars ====+==== Extra vars alias arguments ====
  
-Pass external variables to the playbook, to e.g. define hosts outside of the playbook.+Pass external variables as arguments to the playbook, to e.g. define hosts outside of the playbook.
  
 <code> <code>
Line 239: Line 239:
   ...   ...
 </code> </code>
 +
 +
 +
 +==== Ansible behind proxy ====
 +
 +If you configure the Hosts to use corkscrew, then ansible will be able to reach the machines:
 +
 +Open /home/vagrant/.ssh/config, add
 +<code>
 +Host *
 +    ProxyCommand corkscrew 194.138.0.33 9400 %h %p
 +</code>
 +
 +
 +
 +
 +
 +==== Galaxy ====
 +You can use the galaxy (https://galaxy.ansible.com/intro) to share roles or download them.
 +
 +A role "cmacrae.sensu" might be downloaded using 
 +<code>
 +ansible-galaxy install cmacrae.sensu
 +</code>
 +
 +After that you can embed the role into your playbooks:
 +
 +<code>
 +---
 +- name: Install sensu
 +  hosts: slave
 +  become: true
 +  roles:
 +    - { role: cmacrae.sensu, sensu_master: true, sensu_include_dashboard: true  }
 +</code>
 +
 +
 +==== MODULE FAILURE - rc 127 ====
 +
 +When ssh works, but the ping fails with
 +<code>
 +$ ansible slaves -m ping -vvvv
 +
 +ansible 2.5.0
 +  config file = /etc/ansible/ansible.cfg
 +  configured module search path = [u'/home/vagrant/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
 +  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
 +  executable location = /usr/bin/ansible
 +  python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]
 +    "module_stdout": "",
 +    "msg": "MODULE FAILURE",
 +    "rc": 127
 +}
 +</code>
 +
 +Then it will help to ssh to the remote host and install python
 +<code>
 +ssh 34.242.178.166 -l ubuntu -i /home/vagrant/.ssh/DevOpsBootCamp.openssh.ppk
 +ubuntu@34.242.178.166: sudo apt install python
 +</code>
 +
 +Check https://github.com/ansible/ansible/issues/25941
 +
 +
 +==== AWX installation ====
 +The UI, which enables team management and delegation is available as the AWX project
 +https://github.com/ansible/awx
 +
 +
 +
 +
 +==== Importing and Including ====
 +
 +|include*|Is done evaluated at runtime|
 +|Import*|Is done at compile time. PREFER THAT.|
 +
 +
 +
 +
 +=== import_tasks ===
 +Can be used, to extract equal steps you want to reuse in a separate file.
 +
 +|import_tasks*| Allows passing variables. Requires the imported file to have only tasks, no "hosts" etc.|
 +
 +
 +Usecase: requirements for a Renderer/Viewer which needs the same preparations.
 +
 +common_requirements.yaml
 +It is important, that you dont have the header here. Only tasks
 +<code>
 +
 +  - name: Creates product configuration file
 +    file:
 +      path: /etc/apt/apt.conf.d/product
 +      state: touch
 +      owner: ubuntu
 +      group: ubuntu
 +      mode: 0700
 +
 +  - name: product config content
 +    copy:
 +      dest: "/etc/apt/apt.conf.d/product"
 +      content: |
 +        Acquire::https::repo.product.com {
 +          Verify-Peer "true";
 +          Verify-Host "true";
 +
 +          SslCert "/etc/ssl/product/MYCERT.crt";
 +          SslKey "/etc/ssl/product/MYKEY.key";
 +        };
 +</code>
 +
 +Renderer:
 +<code>
 +---
 +- hosts: "{{ host }}"
 +  become: true
 +  become_method: sudo
 +  become_user: root
 +  tasks:
 +
 +  - name: Install product requirements
 +    import_tasks: common_requirements.yml
 +    vars:
 +      host: aws
 +
 +  - name: Install renderer
 +    become: true
 +    apt: product_renderer
 +</code>
 +
 +Viewer:
 +<code>
 +---
 +- hosts: "{{ host }}"
 +  become: true
 +  become_method: sudo
 +  become_user: root
 +  tasks:
 +
 +  - name: Install product requirements
 +    import_tasks: common_requirements.yml
 +    vars:
 +      host: aws
 +
 +  - name: Install VIEWER, reusing the tasks
 +    become: true
 +    apt: product_viewer
 +</code>
 +
 +
 +=== import_playbook ===
 +
 +Unfortunately lacks the possibility to pass in variables.
 +Which makes it unusable
 +
 +
 +
 +==== Read remote files ====
 +To read remote file do use slurp
 +
 +
 +<code>
 +  - name: set facts
 +    set_fact:
 +      dest_timestamp: /tmp/progress/timestamp
 +      
 +      
 +  - name: Slurp timestamp file
 +    slurp:
 +      src: "{{ dest_timestamp }}"
 +    register: slurpfile
 +
 +  - name: set the timestamp fact
 +    set_fact:
 +      timestamp: "{{ slurpfile['content'] | b64decode }}"
 +
 +  - name: timestamp variable
 +    debug: msg="{{ timestamp }}"
 +      
 +      
 +</code>
 +
 +
 +==== Execute a shell script, as a user with a valid environment ====
 +Sometimes you face the issues, that the environment variables defined by some tool, installed for a special user - are not defined, when you execute the tool.
 +
 +To execute some installed software in a valid environment, \\
 +with /home/bashrc \\
 +with /etc/profile.d \\
 +etc
 +
 +use the following approach.
 +
 +<code>
 +      # unfortunately the environment defined by tool in /etc/profile.d - is not taken up by ansible. Explicitely requesting the interactive shell is necessary here
 +      - name: processing step
 +        shell:
 +          sudo -iu ubuntu yourtool.sh   > /tmp/logs/yourtool.log 2>&1
 +        args:
 +          executable: /bin/bash
 +
 +
 +       -i [command]
 +                   The -i (simulate initial login) option runs the shell specified in the passwd(5) entry of the target user as a login shell.  This means that login-specific
 +                   resource files such as .profile or .login will be read by the shell.  If a command is specified, it is passed to the shell for execution.  Otherwise, an
 +                   interactive shell is executed.  sudo attempts to change to that user's home directory before running the shell.  It also initializes the environment, leaving
 +                   DISPLAY and TERM unchanged, setting HOME, MAIL, SHELL, USER, LOGNAME, and PATH, as well as the contents of /etc/environment on Linux and AIX systems.  All other
 +                   environment variables are removed.
 +
 +</code>
 +See https://github.com/ansible/ansible/issues/4854
 +
 +UNfortunately the aproach with become_user - does not have the same result
 +
 +
devops/ansible.1521474181.txt.gz · Last modified: (external edit)