Ansible¶
Ansible Vault¶
Create a new encrypted data file:
$EDITOR=nano ansible-vault create foo.yml
Edit encrypted file:
$EDITOR=nano ansible-vault edit foo.yml
Change your password on a vault-encrypted file or files:
ansible-vault rekey foo.yml bar.yml baz.yml
Encrypt/Decrypt files:
ansible-vault encrypt [--vault-password-file <path_to_file>] foo.yml bar.yml baz.yml
ansible-vault decrypt [--vault-password-file <path_to_file>] foo.yml bar.yml baz.yml
Instruction¶
https://habrahabr.ru/post/195048/
Config /etc/ansible/ansible.cfg or ~/.ansible.cfg:
# if host changed.. known_hosts...
host_key_checking = False
Hosts /etc/ansible/hosts
ssh-keygen
ssh-copy-id # to hosts
ssh-agent bash
ssh-add ~/.ssh/id_rsa
# run simple command
ansible <[group_of_hosts]> -a "/bin/echo Hello, World!"
ansible all -a "/bin/echo hello"
# using modulw 'service' on 'webservers' group
ansible webservers -m service -a "name=nginx state=stopped"
# ping known hosts
ansible all -m ping
-u spider # ping with username
-u bruce -b # to root user
-u bruce -b --become-user batman # to sudo user
# run playbook with inventory file
ansible-playbook -i <inventory> <playbook.yml>
# play playbook with ask sudo pass or root
ansible-playbook -i inventory playbooks/lemp.yml --ask-become-pass(-K) -u spider
ansible-playbook -i inventory playbooks/lemp.yml -u root
Inventory file:
# become for all operations
192.168.0.5 ansible_become=true ansible_user=manager
Show all available facts:
# gather_facts = true
ansible -m setup localhost
Use factsin playbook:
{{ ansible_distribution_release }} # trusty, ...
{{ ansible_distribution }} # Debian, ...
Inventory file example¶
Example inventory:
[WebServersG1]
webserver1-g1 ansible_ssh_port=4444 ansible_ssh_host=192.168.1.50 ansible_ssh_user=ubuntu
staging.test.com.ua
[WebServersG2]
webserver1-g2:4444 # alternative SSH port
webserver2-g2
[WebServersProxy]
webserver-proxy1
webserver-proxy2
[DataBase]
db1
db2
[DataBaseSlave]
dbs1
dbs2
[SomeServers]
someserver1
someserver2
[WEB:children]
WebServersG1
WebServersG2
WebServersProxy