After having to play around with Chef and being confronted with documentation more sparse and ivory tower than java and the plan9 os combined. I’ve decided to take a few best ideas and apply them to ansible (not that they where missing to begin with)
Ansible roles
Instead of always running long commands or having to edit playbooks I’ve come up with a set of bash functions and setup for ansible to allow one to apply roles to any hosts listed in one’s inventory files. This is the main part of how this all works.
function ittome() { ansible-playbook --extra-vars "onhosts=localhost" ~/.local/ansible/runrole.yml -e "role=${1:-default}"; }
function ittoall() { ansible-playbook ~/.local/ansible/runrole.yml -e "role=${1:-default}"; }
function ittothem() { ansible-playbook --extra-vars "onhosts=${2:-all}" ~/.local/ansible/runrole.yml -e "role=${1:-default}"; }
While the name does seem weird, I do a lot with the python module watchdog which the command for that is watchmedo and it executes based on filesystem events.
So what does these commands do?
ittome <rolename> |
applies a role to localhost |
ittoall <rolename> |
applies a role to all inventory items |
ittothem <rolename> |
applies a role to a group of inventory items |
Example use:
~ $ ittome default
PLAY [localhost] *************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [default : find] ********************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [default : list of available roles] *************************************************************************************************************************************************************************************************************************************
ok: [localhost] => (item=None) => {
"msg": "site.local"
}
ok: [localhost] => (item=None) => {
"msg": "site.aws"
}
ok: [localhost] => (item=None) => {
"msg": "default"
}
PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0
Central online hub
Don’t feel like creating a role or not sure of what to do. Well just as github is to source code and docker hub is to containers. Ansible has their own hub for roles called Galaxy.
One can install prebuild roles via the ansible-galaxy command.
Example
ansible-galaxy install denzuko-ansible-roles.elasticsearch
Requirements
Linux based system with ssh keys setup (can be in a container)
Python 2.6+ and Pip
Setup
Installation is via pip. For those that are not familar with python one can use pip -r requirements.txt to install the needed modules for a project. Which in this case we’re using it to install the latest version of ansible.
File structure
$HOME/.local/ansible
- hosts.yml
- requirements.txt
- roles/
- default/
- tasks/main.yml
- sites.localhost/
- meta/main.yml
- sites.aws.uswest1
- meta/main.yml
- default/
- runrole.yml
hosts.yml
---
all: #top level group for ittoall
children:
local: #local network group
hosts:
testpi:
localhost:
vars:
ansible_connection: ssh
aws: # aws instances
children:
uswest1: # site group
children:
windows:
hosts:
prwinhost01:
linux:
hosts:
prlnxhost01:
requirements.txt
ansible
pywinrm
docker-py
sites.localhost/meta/main.yml
---
dependencies:
- { role: default }
# list out any others one wishes to apply to this meta role
External links
- Ansible Role Best Practices
- Role Dependencies via meta
- Ansible Galaxy
- Dallas-Makerspace/Ansible-Training class material
- PFSense runbooks as an example cicd based tasks.
Related articles