ansible.org

Ansible

• willthames/ansible-inventory-grapher
• Работа с Ansible: шпаргалка | IT Knowledge Base
• Sample Ansible setup — Ansible Documentation
• nihaldivyam/docker_using_ansible: Script to Deploy docker and container using ansible
• ansible-community/toolset: Ansible Toolset combines all ansible development tools in a single container: ansible, ansible-lint and molecule
• roles-ansible/role-grafana-kiosk: Ansible role to deploy the grafana-kiosk
• haidaraM/ansible-playbook-grapher: A command line tool to create a graph representing your Ansible playbook tasks and roles
• maschmann/php-ansible: php oop wrapper for ansible provisioning tool
• TristanCacqueray/Haxible: Ansible interpreter powered by Haxl
• ansible-semaphore/semaphore: Modern UI for Ansible
• cytopia/docker-ansible: Alpine-based multistage-build version of Ansible for reproducible usage in CI
• Асинхронность в Ansible / Хабр
• ansible

  ansible -c local localhost -m slack -a "token='$(pass show majordomo/private/mjru.slack.com/tokens/ansible)' msg='$(date)' channel=#test"
      

• reboot

  ansible kube8.intr -m reboot -a 'search_paths=/run/current-system/sw/bin'
      

• ls /tmp in ssh-guest-room

- hosts: web
  tasks:
    - shell: |
        ls -ld /proc/"$(docker top ssh-guest-room | awk '/s6-svscan/ { print $2 }')"/root/tmp
      register: output
    - debug: var=output

• Skip host key check (example in packer template syntax)

"ansible_env_vars": [
    "ANSIBLE_HOST_KEY_CHECKING=False"
]

• ip address

- tags: docker
  name: Generate /etc/default/docker file
  copy:
    dest: '/etc/default/docker'
    content: |
      DOCKER_OPTS="-H tcp://{{ ansible_all_ipv4_addresses | ipaddr('172.16.103.0/24') | first }}:2375 -H unix:///var/run/docker.sock"

• ubuntu 14.04 interfaces

- hosts: web_ubuntu
  tasks:
    - set_fact: interfaces="{{ ansible_interfaces | select('match', '^(em|p|eth|br)[0-9]+') | map('regex_replace', '^(.*)$', 'ansible_\\1') | list | unique }}"
    - debug: var=interfaces
    - debug: msg="{{ interfaces | map('extract', hostvars[inventory_hostname], 'macaddress') | select('defined') | list | unique }}"
    - debug: msg="{{ interfaces | map('extract', hostvars[inventory_hostname], 'ipv4') | select('defined') | list }}"
    - debug: msg="{{ interfaces | map('extract', hostvars[inventory_hostname], 'ipv4_secondaries') | select('defined') | list }}"

• netplan

- hosts: kubernetes
  tasks:
    - copy:
        dest: /etc/netplan/01-netcfg.yaml
        content: |
          network:
            version: 2
            renderer: networkd
            ethernets:
              {{ ansible_default_ipv4.alias }}:
               dhcp4: no
               addresses: [{{ ansible_all_ipv4_addresses | first }}/23]
               gateway4: {{ ansible_default_ipv4.gateway }}
               nameservers:
                 addresses: [8.8.8.8,8.8.4.4]

• docker memory

#!/usr/bin/env ansible-playbook

- hosts: web30.intr
  # vars:
  #   ansible_become_pass: "{{ lookup('passwordstore', 'majordomo/ssh/eng') }}"
  #   slack_token: "{{ lookup('passwordstore', 'majordomo/mjru.slack.com/tokens/ansible') }}"
  tasks:
    - shell: "{% raw %}docker stats --format '{{ .Name }} {{ .MemUsage }}' --no-stream | awk '/mariadb/ { print $2 }' | cut -d. -f 1{% endraw %}"
      become: yes
      register: docker

    - debug: var=docker.stdout

    - slack:
        token: "{{ slack_token }}"
        msg: "MySQL container memory took more than 22GB on web30.intr"
        channel: "#test"
      when: docker.stdout|int > 22

• Run docker playbook

  ANSIBLE_HOST_KEY_CHECKING=false ansible-playbook -uroot -i78.108.86.238, -e 'host=78.108.86.238' docker.yml
      

• source ./hacking/env-setup
• https://pagure.io/Fedora-Infra/ansible
• https://docs.ansible.com/ansible/latest/plugins/callback/log_plays.html#log-plays-callback

  ANSIBLE_STDOUT_CALLBACK=log_plays ANSIBLE_LOAD_CALLBACK_PLUGINS=1 ansible localhost -a 'df -h'
  ANSIBLE_STDOUT_CALLBACK=oneline ansible web -m shell -a 'timedatectl show'
      

• http://tonkersten.com/2019/02/150-ansible-with-loops-or-lookup/

• https://hodovi.ch/posts/extending-ansible-with-callback-plugins/

Cheat sheet

• https://en.wikiversity.org/wiki/DevOps/Ansible

  debug msg='sshpass -p{{ ansible_ssh_pass }} ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no {{ ansible_ssh_user }}@{{ ansible_host }}'
      

- name: send a message with a report link using Slack markup
  slack:
    token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    msg: |
      goaccess report is available at <https://malscan.intr/reports/access-{{ site }}.html> and you could generate it again by invoking:
      ```curl "http://malscan:8052/api/v2/job_templates/10/launch/" -H "Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -H "Content-Type: application/json" --data '{"extra_vars":{"host":"{{ host }}","home":"{{ home }}","site":"{{ site }}"}}'```
  delegate_to: localhost

Learning

• Agreements as Code: как отрефакторить инфраструктуру и не сломаться / Хабр
• Отладка плэйбуков ansible / Хабр

Roles

• geerlingguy/ansible-role-jenkins: Ansible Role - Jenkins CI

Security

ansible localhost -m user -a ‘password=”!” name=root’ -bK

Tools

• ansible/awx-operator: An Ansible AWX operator for Kubernetes built with Operator SDK and Ansible. 🤖

Misc

- hosts: web
  tasks:
    - shell: |
        cat > /etc/ntp.conf <<'EOF'
        restrict default ignore
        restrict localhost
        restrict 127.0.0.1
        restrict 192.168.0.0 mask 255.255.0.0
        restrict 172.16.0.0 mask 255.255.0.0
        restrict 127.127.1.0

        server 172.16.102.1 iburst burst
        server 172.16.103.1 iburst burst

        server  127.127.1.0
        fudge   127.127.1.0 stratum 10

        driftfile /var/lib/ntp/drift
        EOF

        nix-shell -p ntp --run 'ntpd -qg'

---
- hosts: web33.intr
  become: yes
  tasks:
    - shell: |
        kill -SIGHUP "$(docker top taskexecutor | awk '/python/ { print $2 }')"

[ssh_connection]

# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use 
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
ssh_args = -4 -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey

# The path to use for the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
# very long hostnames or very long path names (caused by long user names or 
# deeply nested home directories) this can exceed the character limit on
# file socket names (108 characters for most platforms). In that case, you 
# may wish to shorten the string below.
# 
# Example: 
# control_path = %(directory)s/%%h-%%r
control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
#control_path = /run/shm/%r@%h-%p
#ControlPath  /run/shm/%r@%h-%p

# Enabling pipelining reduces the number of SSH operations required to 
# execute a module on the remote server. This can result in a significant 
# performance improvement when enabled, however when using "sudo:" you must 
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
# 
#pipelining = False
pipelining = true

# if True, make ansible use scp if the connection type is ssh 
# (default is sftp)
#scp_if_ssh = True

[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0