Ansible Back to Index
A random collection of commands and playbook features for Ansible.
- Setting SSH options
- Problems with -o BatchMode
- Fetch configs and store them on Ansible
- Automatically commit fetched configs to git
In /etc/ansible/ansible.cfg, SSH settings can be defined.
# uncomment this to disable SSH key host checking
host_key_checking = False
[...]
private_key_file = /etc/ansible/ansible.ppk
[...]
[ssh_connection]
# ssh arguments to use ssh_args = -o BatchMode=yes -o ForwardAgent=yes
Ansible gives you the option to pass SSH options such as “BatchMode” on to your ansible runs. However, I ran into a problem regarding BatchMode and the Ansible –ask-pass (-k) option.
I used the following command to check if ldap login worked on all hosts.
ansible 'all' -a hostname -u username -k
With ssh_args = -o BatchMode=yes enabled in /etc/ansible/ansible.cfg the command failed. After I removed BatchMode=yes, everything worked.
Fetch configs and store them on Ansible
To backup single files with ansible, use the following fetch-configs.yml playbook
---
# Fetch Configs before rollout
- hosts: all:!fail
remote_user: root
gather_facts: true
tasks:
- name: Fetch config /etc/example.conf
fetch: src=/etc/example.conf dest=/srv/ansible/archive/fetched/
- name: Fetch config /etc/another.conf
fetch: src=/etc/another.conf dest=/srv/ansible/archive/fetched/
# Optional: Push to git repository (/srv/ansible/ must be git repo!)
# For more info, read below about automatically pushing configs to git
- tasks:
include: ansible_commit.yml
To backup multiple files, use the synchronize module in pull mode.
#/srv/ansible/multifetch.yml
---
- hosts: all:!fail
gather_facts: true
remote_user: root
tasks:
- name: Fetch all configs in /root/.ssh/ with ansible sync-module
synchronize: mode=pull src=/./root/.ssh/ dest=/srv/ansible/archive/fetched/{{ inventory_hostname }}/ rsync_opts=-avR perms=yes
The last part rsync_opts=-arR perms=yes can still be optimised. I think perms and -ar is on by default in ansibles synchronize module.
FYI, the hosts: all:!fail selects all hosts, except the ones I have added to the group [fail]. These can be hosts that have been known to fail during playbook runs but haven’t been fixed yet.
Automatically commit fetched configs to git
Assuming that you store all your fetched configs in one place on your Ansible server, e.g. /srv/ansible/archive/{{ansible_hostname}}/etc/example.conf, you can use the following autocommit.yml playbook to automatically push changes to your repository.
---
- hosts: localhost
remote_user: root
tasks:
# Check if commit is necessary
- name: check if git commit is necessary
command: git --git-dir=/srv/ansible/.git/ --work-tree=/srv/ansible/ status
register: git_check
# Commit Changes in Ansible Directory
- name: Committing changes on Ansible server
local_action: shell cd /srv/ansible/ && git add * && git commit -m "Ansible Automated Commit" && git push
when: "'nothing to commit' not in git_check.stdout"
In order to execute the playbook, just append it to your other playbooks. This is usefull if you have for example a webserver.yml playbook which fetches all configs before deploying new changes.
---
# Webserver playbook
[...] # <- whatever you do in your playbook
# Update & Push Ansible Local Repository
- tasks:
include: autocommit.yml
Deploy time settings with Ansible CLI
sudo ansible 'mygroup' -m shell -a 'echo "Europe/Berlin" |sudo tee /etc/timezone' -u user -K
sudo ansible 'mygroup' -m shell -a 'sudo cp -f /usr/share/zoneinfo/Europe/Berlin /etc/localtime' -u user -K
sudo ansible 'mygroup' -m shell -a 'sudo ntpdate-debian' -u user -K