Differences

This shows you the differences between two versions of the page.

--- devops:ansible [2018/03/29 14:16] – [Extra vars] skipidar
+++ devops:ansible [2023/11/01 07:15] (current) – ↷ Page moved from camunda:devops:ansible to devops:ansible skipidar
@@ Line 222: / Line 222: @@
-==== Extra vars ====
+==== Extra vars alias arguments ====
-Pass external variables to the playbook, to e.g. define hosts outside of the playbook.
+Pass external variables as arguments to the playbook, to e.g. define hosts outside of the playbook.
 <code>
@@ Line 239: / Line 239: @@
   ...
 </code>
+==== Ansible behind proxy ====
+If you configure the Hosts to use corkscrew, then ansible will be able to reach the machines:
+Open /home/vagrant/.ssh/config, add
+<code>
+Host *
+    ProxyCommand corkscrew 194.138.0.33 9400 %h %p
+</code>
@@ Line 260: / Line 275: @@
 </code>
+==== MODULE FAILURE - rc 127 ====
+When ssh works, but the ping fails with
+<code>
+$ ansible slaves -m ping -vvvv
+ansible 2.5.0
+  config file = /etc/ansible/ansible.cfg
+  configured module search path = [u'/home/vagrant/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
+  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
+  executable location = /usr/bin/ansible
+  python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]
+    "module_stdout": "",
+    "msg": "MODULE FAILURE",
+    "rc": 127
+}
+</code>
+Then it will help to ssh to the remote host and install python
+<code>
+ssh 34.242.178.166 -l ubuntu -i /home/vagrant/.ssh/DevOpsBootCamp.openssh.ppk
+ubuntu@34.242.178.166: sudo apt install python
+</code>
+Check https://github.com/ansible/ansible/issues/25941
+==== AWX installation ====
+The UI, which enables team management and delegation is available as the AWX project
+https://github.com/ansible/awx
+==== Importing and Including ====
+|include*|Is done evaluated at runtime|
+|Import*|Is done at compile time. PREFER THAT.|
+=== import_tasks ===
+Can be used, to extract equal steps you want to reuse in a separate file.
+|import_tasks*| Allows passing variables. Requires the imported file to have only tasks, no "hosts" etc.|
+Usecase: requirements for a Renderer/Viewer which needs the same preparations.
+common_requirements.yaml
+It is important, that you dont have the header here. Only tasks
+<code>
+  - name: Creates product configuration file
+    file:
+      path: /etc/apt/apt.conf.d/product
+      state: touch
+      owner: ubuntu
+      group: ubuntu
+      mode: 0700
+  - name: product config content
+    copy:
+      dest: "/etc/apt/apt.conf.d/product"
+      content: |
+        Acquire::https::repo.product.com {
+          Verify-Peer "true";
+          Verify-Host "true";
+          SslCert "/etc/ssl/product/MYCERT.crt";
+          SslKey "/etc/ssl/product/MYKEY.key";
+        };
+</code>
+Renderer:
+<code>
+---
+- hosts: "{{ host }}"
+  become: true
+  become_method: sudo
+  become_user: root
+  tasks:
+  - name: Install product requirements
+    import_tasks: common_requirements.yml
+    vars:
+      host: aws
+  - name: Install renderer
+    become: true
+    apt: product_renderer
+</code>
+Viewer:
+<code>
+---
+- hosts: "{{ host }}"
+  become: true
+  become_method: sudo
+  become_user: root
+  tasks:
+  - name: Install product requirements
+    import_tasks: common_requirements.yml
+    vars:
+      host: aws
+  - name: Install VIEWER, reusing the tasks
+    become: true
+    apt: product_viewer
+</code>
+=== import_playbook ===
+Unfortunately lacks the possibility to pass in variables.
+Which makes it unusable
+==== Read remote files ====
+To read remote file do use slurp
+<code>
+  - name: set facts
+    set_fact:
+      dest_timestamp: /tmp/progress/timestamp
+  - name: Slurp timestamp file
+    slurp:
+      src: "{{ dest_timestamp }}"
+    register: slurpfile
+  - name: set the timestamp fact
+    set_fact:
+      timestamp: "{{ slurpfile['content'] | b64decode }}"
+  - name: timestamp variable
+    debug: msg="{{ timestamp }}"
+</code>
+==== Execute a shell script, as a user with a valid environment ====
+Sometimes you face the issues, that the environment variables defined by some tool, installed for a special user - are not defined, when you execute the tool.
+To execute some installed software in a valid environment, \\
+with /home/bashrc \\
+with /etc/profile.d \\
+etc
+use the following approach.
+<code>
+      # unfortunately the environment defined by tool in /etc/profile.d - is not taken up by ansible. Explicitely requesting the interactive shell is necessary here
+      - name: processing step
+        shell:
+          sudo -iu ubuntu yourtool.sh   > /tmp/logs/yourtool.log 2>&1
+        args:
+          executable: /bin/bash
+       -i [command]
+                   The -i (simulate initial login) option runs the shell specified in the passwd(5) entry of the target user as a login shell.  This means that login-specific
+                   resource files such as .profile or .login will be read by the shell.  If a command is specified, it is passed to the shell for execution.  Otherwise, an
+                   interactive shell is executed.  sudo attempts to change to that user's home directory before running the shell.  It also initializes the environment, leaving
+                   DISPLAY and TERM unchanged, setting HOME, MAIL, SHELL, USER, LOGNAME, and PATH, as well as the contents of /etc/environment on Linux and AIX systems.  All other
+                   environment variables are removed.
+</code>
+See https://github.com/ansible/ansible/issues/4854
+UNfortunately the aproach with become_user - does not have the same result