Skip to content

Ansible

Directory structure

Structure
ansible.cfg

inventories/
  hosts.yaml
  group_vars/
  host_vars/

site.yaml
web.yaml
galera.yaml
roles/
  common/
    tasks/
      main.yaml
    handlers/
      main.yaml
    templates/
      authorized_keys.j2
    files/
      test.txt
    meta/
      main.yaml
  galera/
    [...]
  openstack/
    [...]
  [...]

CLI Documentation

  • List callout plugins ansible-doc -t callback -l
  • Show docs for mail callback ansible-doc -t callback mail
  • List all module plugins ansible-doc -l

How to rebuild merge and rebuild variables in groups

So when using the ''a10_service_group'' module groups must be set like this:

- a10_service_group:
    host: a10.mydomain.com
    username: myadmin
    password: mypassword
    partition: mypartition
    service_group: sg-smtp
    servers:
      - server: mail1
        port: 25
      - server: mail2
        port: 25
- a10_service_group:
    host: a10.mydomain.com
    username: myadmin
    password: mypassword
    partition: mypartition
    service_group: sg-imap
    servers:
      - server: mail1
        port: 143
      - server: mail2
        port: 143

When doing maintenance with ansible following Variable structure can be handy.

Group_vars containing the information about the service group and a host_var for simply enabling and disabling it accross all service groups.

mail:
  vars:
    sgs:
      - service_group: sg-smtp
        port: 25
      - service_group: ag-imap
        port: 143
  hosts:
    mail1:
      sg_state: disabled
    mail1:

The problem is that this group/host structure must be merged and passed to localhost for loadbalancer tasks. This can be achieved with following (evil hack/ugly) snipped:

- hosts: localhost
  vars:
    sg_group: mail
  gather_facts: 'no'
  tasks:
    - set_fact:
        servers: "{{ servers | default([]) + [ {
          'server': item,
          'state': hostvars[item].sg_state | default('enabled')
        } ] }}"
      with_items: "{{ groups[sg_group] }}"
    - set_fact:
       serverfarm: "{{ serverfarm | default([]) + [ {
          'service_group': item.service_group,
          'servers': servers | map('combine', {'port': item.port }) | list
        } ] }}"
      with_items: "{{ groups[sg_group] | map('extract', hostvars, 'sgs') | list | unique }}"
    - debug:
        var: serverfarm
TASK [debug] *********************************
ok: [localhost] => {
 "serverfarm": [
     {
         "servers": [
             {
                 "port": 25,
                 "server": "mail1",
                 "state": "enabled"
             }
         ],
         "service_group": "sg-smtp"
     },
     {
         "servers": [
             {
                 "port": 143,
                 "server": "mail1",
                 "state": "enabled"
             }
         ],
         "service_group": "ag-imap"
     }
 ]
}

ansible-vault with password store and gpg-agent

pass ansible/base.vault | head -1 | ansible-playbook --vault-password-file=/bin/cat -i inventory baseprovision.yaml

copy templates recursive

  - name: copying templates
    template: src={{ item.path }} dest={{ dir }}/{{ item.path | basename | regex_replace('.j2', '') }}
    loop: "{{ lookup('filetree', 'templates/', wantlist=True) }}"
    loop_control:
      label: "{{ item.path }}"
    when: "'.j2' in item.path"

optionaly include tasks based on hosts' os_family

- name: Distribution specific tasks
  include_tasks: "{{ item }}"
  loop: "{{ q('first_found', 'tasks/{{ ansible_os_family }}.yml', errors='ignore') }}" 

ansible-lint

Add .ansible-lint file to skip checks:

.ansible-lint
---

skip_list:
  - skip_this_tag
  - and_this_one_too
  - skip_this_id
  - '401'

Makefile for roles

This allows for quick builds on your local system before publishing

Makefile

TARBIN ?= tar
TARFLAGS ?= --exclude-vcs --exclude='.git' -cvf
AGNAME ?= $(shell awk '/author:/{a=$$2}; /role_name/{n=$$2};END{print a"."n}' meta/main*)
TARFILE ?= /tmp/${AGNAME}
AGBIN ?= ansible-galaxy

.PHONY: all

all: lint package install list

lint:
    ansible-lint --parseable-severity -x experimental
package:
    ${TARBIN} ${TARFLAGS} ${TARFILE} .
install:
    ${AGBIN} role install -f file://${TARFILE},9.99.999.dev9999
list:
    ${AGBIN} role list

Last update: January 26, 2021

Comments