Tohuwabohu excorcism

User Tools

Site Tools

Trace: spring
devops:ansible

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
devops:ansible [2018/04/06 18:43] – [Galaxy] skipidardevops:ansible [2023/11/01 07:15] (current) – ↷ Page moved from camunda:devops:ansible to devops:ansible skipidar
Line 222: Line 222:
  
  
-==== Extra vars ====+==== Extra vars alias arguments ====
  
-Pass external variables to the playbook, to e.g. define hosts outside of the playbook.+Pass external variables as arguments to the playbook, to e.g. define hosts outside of the playbook.
  
 <code> <code>
Line 239: Line 239:
   ...   ...
 </code> </code>
 +
 +
 +
 +==== Ansible behind proxy ====
 +
 +If you configure the Hosts to use corkscrew, then ansible will be able to reach the machines:
 +
 +Open /home/vagrant/.ssh/config, add
 +<code>
 +Host *
 +    ProxyCommand corkscrew 194.138.0.33 9400 %h %p
 +</code>
 +
 +
 +
  
  
Line 286: Line 301:
  
 Check https://github.com/ansible/ansible/issues/25941 Check https://github.com/ansible/ansible/issues/25941
 +
 +
 +==== AWX installation ====
 +The UI, which enables team management and delegation is available as the AWX project
 +https://github.com/ansible/awx
 +
 +
 +
 +
 +==== Importing and Including ====
 +
 +|include*|Is done evaluated at runtime|
 +|Import*|Is done at compile time. PREFER THAT.|
 +
 +
 +
 +
 +=== import_tasks ===
 +Can be used, to extract equal steps you want to reuse in a separate file.
 +
 +|import_tasks*| Allows passing variables. Requires the imported file to have only tasks, no "hosts" etc.|
 +
 +
 +Usecase: requirements for a Renderer/Viewer which needs the same preparations.
 +
 +common_requirements.yaml
 +It is important, that you dont have the header here. Only tasks
 +<code>
 +
 +  - name: Creates product configuration file
 +    file:
 +      path: /etc/apt/apt.conf.d/product
 +      state: touch
 +      owner: ubuntu
 +      group: ubuntu
 +      mode: 0700
 +
 +  - name: product config content
 +    copy:
 +      dest: "/etc/apt/apt.conf.d/product"
 +      content: |
 +        Acquire::https::repo.product.com {
 +          Verify-Peer "true";
 +          Verify-Host "true";
 +
 +          SslCert "/etc/ssl/product/MYCERT.crt";
 +          SslKey "/etc/ssl/product/MYKEY.key";
 +        };
 +</code>
 +
 +Renderer:
 +<code>
 +---
 +- hosts: "{{ host }}"
 +  become: true
 +  become_method: sudo
 +  become_user: root
 +  tasks:
 +
 +  - name: Install product requirements
 +    import_tasks: common_requirements.yml
 +    vars:
 +      host: aws
 +
 +  - name: Install renderer
 +    become: true
 +    apt: product_renderer
 +</code>
 +
 +Viewer:
 +<code>
 +---
 +- hosts: "{{ host }}"
 +  become: true
 +  become_method: sudo
 +  become_user: root
 +  tasks:
 +
 +  - name: Install product requirements
 +    import_tasks: common_requirements.yml
 +    vars:
 +      host: aws
 +
 +  - name: Install VIEWER, reusing the tasks
 +    become: true
 +    apt: product_viewer
 +</code>
 +
 +
 +=== import_playbook ===
 +
 +Unfortunately lacks the possibility to pass in variables.
 +Which makes it unusable
 +
 +
 +
 +==== Read remote files ====
 +To read remote file do use slurp
 +
 +
 +<code>
 +  - name: set facts
 +    set_fact:
 +      dest_timestamp: /tmp/progress/timestamp
 +      
 +      
 +  - name: Slurp timestamp file
 +    slurp:
 +      src: "{{ dest_timestamp }}"
 +    register: slurpfile
 +
 +  - name: set the timestamp fact
 +    set_fact:
 +      timestamp: "{{ slurpfile['content'] | b64decode }}"
 +
 +  - name: timestamp variable
 +    debug: msg="{{ timestamp }}"
 +      
 +      
 +</code>
 +
 +
 +==== Execute a shell script, as a user with a valid environment ====
 +Sometimes you face the issues, that the environment variables defined by some tool, installed for a special user - are not defined, when you execute the tool.
 +
 +To execute some installed software in a valid environment, \\
 +with /home/bashrc \\
 +with /etc/profile.d \\
 +etc
 +
 +use the following approach.
 +
 +<code>
 +      # unfortunately the environment defined by tool in /etc/profile.d - is not taken up by ansible. Explicitely requesting the interactive shell is necessary here
 +      - name: processing step
 +        shell:
 +          sudo -iu ubuntu yourtool.sh   > /tmp/logs/yourtool.log 2>&1
 +        args:
 +          executable: /bin/bash
 +
 +
 +       -i [command]
 +                   The -i (simulate initial login) option runs the shell specified in the passwd(5) entry of the target user as a login shell.  This means that login-specific
 +                   resource files such as .profile or .login will be read by the shell.  If a command is specified, it is passed to the shell for execution.  Otherwise, an
 +                   interactive shell is executed.  sudo attempts to change to that user's home directory before running the shell.  It also initializes the environment, leaving
 +                   DISPLAY and TERM unchanged, setting HOME, MAIL, SHELL, USER, LOGNAME, and PATH, as well as the contents of /etc/environment on Linux and AIX systems.  All other
 +                   environment variables are removed.
 +
 +</code>
 +See https://github.com/ansible/ansible/issues/4854
 +
 +UNfortunately the aproach with become_user - does not have the same result
 +
 +
devops/ansible.1523040232.txt.gz · Last modified: (external edit)