Рубрика: Linux

Install ansible on CentOS7:

yum install epel-release
yum install -y ansible

Standard directory structure:
[root@lab-1 ansible_playbooks]# tree
.
├── fs_servers.yml
├── inventories
│   ├── production
│   │   ├── group_vars
│   │   └── host_vars
│   └── staging
│   ├── group_vars
│   ├── hosts
│   └── host_vars
├── roles
│   └── fileserver
│   ├── files
│   ├── tasks
│   ├── templates
│   └── vars
└── site.yml

When using git with GitHub create (touch) .gitkeep file in each directory to sync the directory structure.

To provide ssh_key use next parameter in the hosts file:
ansible_ssh_private_key_file=/root/.ssh/id_rsa

List all information about ansible inventory:
[root@lab-1 ansible_playbooks]# ansible-inventory --list -i ./inventories/staging/hosts

Tree-like inventory info:
ansible-inventory --graph -i ./inventories/staging/hosts

Check information of the server:
[root@lab-1 ansible_playbooks]# ansible -i ./inventories/staging/hosts staging_lab_servers -m setup

Execute shell command on remote servers:
ansible -i ./inventories/staging/hosts staging_lab_servers -m shell -a "uptime"

Copy file from source VM to all servers:
[root@lab-1 ansible_playbooks]# ansible -i ./inventories/staging/hosts staging_lab_servers -m copy -a "src=/home/file.txt dest=/home mode=777" -b

Delete file from all servers:
[root@lab-1 ansible_playbooks]#ansible -i ./inventories/staging/hosts staging_lab_servers -m file -a "path=/home/file.txt state=absent"

Download file from URL to all servers:
[root@lab-1 ansible_playbooks]#ansible -i ./inventories/staging/hosts staging_lab_servers -m get_url -a "url=https://ya.ru dest=/home" -b

Make Get request to URL:
[root@lab-1 ansible_playbooks]# ansible -i ./inventories/staging/hosts staging_lab_servers -m uri -a "url=https://ya.ru"

Make Get request with content to URL:
[root@lab-1 ansible_playbooks]# ansible -i ./inventories/staging/hosts staging_lab_servers -m uri -a "url=https://ya.ru return_content=true"

Install yum package on all servers:
[root@lab-1 ansible_playbooks]# ansible -i ./inventories/staging/hosts staging_lab_servers -m yum -a "name=tree state=latest" -b

Remove yum package from all servers:
[root@lab-1 ansible_playbooks]# ansible -i ./inventories/staging/hosts staging_lab_servers -m yum -a "name=tree state=removed" -b

Enable service and start it:
[root@lab-1 ansible_playbooks]# ansible -i ./inventories/staging/hosts staging_lab_servers -m service -a "name=httpd state=started enabled=yes" -b

Initialize role in the current folder (will create a subfolder with provided role name):
ansible-galaxy init ROLE_NAME

********************************************************************
********************************************************************
********************************************************************

Ansible vault encrypt a file:
ansible-vault encrypt FILE

Ansible decrypt the encrypted file:
ansible-vault decrypt FILE

Cat encrypted file:
ansible-vault view FILE

Edit encrypted file:
ansible-vault edit FILE

Run encrypted playbook:
ansible-playbook FILE.yml --ask-vault-pass

Run encrypted playbook with predefined passwd:
ansible-playbook FILE.yml --vault-password-file passwd_file.txt

Ansible encrypt variable:
ansible-vault encrypt_string
enter var: VAR_PASSWORD
copy the encrypted string to the playbook.
or
echo -n "VAR_PASSWORD" | ansible-vault encrypt_string

Prepare Windows Server for Ansible automation:
Set-Service -Name "WinRM" -StartupType Automatic
Start-Service -Name "WinRM"
winrm quickconfig
Enable-PSRemoting -SkipNetworkProfileCheck -Force