Ansible¶
Directory structure¶
Structure
ansible.cfg
inventories/
hosts.yaml
group_vars/
host_vars/
site.yaml
web.yaml
galera.yaml
roles/
common/
tasks/
main.yaml
handlers/
main.yaml
templates/
authorized_keys.j2
files/
test.txt
meta/
main.yaml
galera/
[...]
openstack/
[...]
[...]
CLI Documentation¶
- List callout plugins
ansible-doc -t callback -l - Show docs for mail callback
ansible-doc -t callback mail - List all module plugins
ansible-doc -l
How to rebuild merge and rebuild variables in groups¶
So when using the ''a10_service_group'' module groups must be set like this:
- a10_service_group:
host: a10.mydomain.com
username: myadmin
password: mypassword
partition: mypartition
service_group: sg-smtp
servers:
- server: mail1
port: 25
- server: mail2
port: 25
- a10_service_group:
host: a10.mydomain.com
username: myadmin
password: mypassword
partition: mypartition
service_group: sg-imap
servers:
- server: mail1
port: 143
- server: mail2
port: 143
When doing maintenance with ansible following Variable structure can be handy.
Group_vars containing the information about the service group and a host_var for simply enabling and disabling it accross all service groups.
mail:
vars:
sgs:
- service_group: sg-smtp
port: 25
- service_group: ag-imap
port: 143
hosts:
mail1:
sg_state: disabled
mail1:
The problem is that this group/host structure must be merged and passed to localhost for loadbalancer tasks. This can be achieved with following (evil hack/ugly) snipped:
- hosts: localhost
vars:
sg_group: mail
gather_facts: 'no'
tasks:
- set_fact:
servers: "{{ servers | default([]) + [ {
'server': item,
'state': hostvars[item].sg_state | default('enabled')
} ] }}"
with_items: "{{ groups[sg_group] }}"
- set_fact:
serverfarm: "{{ serverfarm | default([]) + [ {
'service_group': item.service_group,
'servers': servers | map('combine', {'port': item.port }) | list
} ] }}"
with_items: "{{ groups[sg_group] | map('extract', hostvars, 'sgs') | list | unique }}"
- debug:
var: serverfarm
TASK [debug] *********************************
ok: [localhost] => {
"serverfarm": [
{
"servers": [
{
"port": 25,
"server": "mail1",
"state": "enabled"
}
],
"service_group": "sg-smtp"
},
{
"servers": [
{
"port": 143,
"server": "mail1",
"state": "enabled"
}
],
"service_group": "ag-imap"
}
]
}
ansible-vault with password store and gpg-agent¶
pass ansible/base.vault | head -1 | ansible-playbook --vault-password-file=/bin/cat -i inventory baseprovision.yaml
copy templates recursive¶
- name: copying templates
template: src={{ item.path }} dest={{ dir }}/{{ item.path | basename | regex_replace('.j2', '') }}
loop: "{{ lookup('filetree', 'templates/', wantlist=True) }}"
loop_control:
label: "{{ item.path }}"
when: "'.j2' in item.path"
optionaly include tasks based on hosts' os_family¶
- name: Distribution specific tasks
include_tasks: "{{ item }}"
loop: "{{ q('first_found', 'tasks/{{ ansible_os_family }}.yml', errors='ignore') }}"
ansible-lint¶
Add .ansible-lint file to skip checks:
.ansible-lint
---
skip_list:
- skip_this_tag
- and_this_one_too
- skip_this_id
- '401'
Makefile for roles¶
This allows for quick builds on your local system before publishing
Makefile
TARBIN ?= tar
TARFLAGS ?= --exclude-vcs --exclude='.git' -cvf
AGNAME ?= $(shell awk '/author:/{a=$$2}; /role_name/{n=$$2};END{print a"."n}' meta/main*)
TARFILE ?= /tmp/${AGNAME}
AGBIN ?= ansible-galaxy
.PHONY: all
all: lint package install list
lint:
ansible-lint --parseable-severity -x experimental
package:
${TARBIN} ${TARFLAGS} ${TARFILE} .
install:
${AGBIN} role install -f file://${TARFILE},9.99.999.dev9999
list:
${AGBIN} role list
Last update:
January 26, 2021