navigation
Home
admin
|
Ansible
November 10th, 2016
|
| Installation |  |
 If you are wishing to run the latest released version of Ansible and you are running Red Hat Enterprise Linux (TM), CentOS, Fedora, Debian, or Ubuntu, we recommend using the OS package manager.
| SSH | |
Ansible by default manages machines over the SSH protocol. By default this uses sftp.
Occasionally you’ll encounter a device that doesn’t support SFTP. This is rare, but should it occur, you can switch to SCP mode in Configuration file.
When speaking with remote machines, Ansible by default assumes you are using SSH keys. SSH keys are encouraged.
| Python | |
Currently Ansible can be run from any machine with Python 2.6 or 2.7 installed (Windows isn’t supported for the control machine).
You need Python 2.4 or later. If you are running less than Python 2.5 on the remotes, you will also need python-simplejson.
Ansible uses Python 2 (and not 3.X) in order to maintain compability with older distributions.
On systems without python, you should install one, and set the ‘ansible_python_interpreter’ variable in inventory (see Inventory) to point at your 2.X Python.
| Bonnes pratiques | |
Using modules when possible over arbitrary shell commands can lead to more reliable and consistent playbook runs, and also easier to maintain playbooks
Using with_items might be a good idea
# Installing all packages with one task (faster)
- name: install required packages using the apt module
apt: package={{ item }} update_cache=yes
sudo: True
with_items:
- git
- memcached
- nginx |
| Playbooks | |
Playbooks are expressed in YAML
Each playbook is composed of one or more ‘plays’ in a list. The goal of a play is to map a group of hosts to some well defined roles, represented by things ansible calls tasks.
Si une tache d'un playbook échoue, des taches suivantes, pour la machine en question, ne seront pas exécutées.
playbook runs top to bottom.
hosts with failed tasks are taken out of the rotation for the entire playbook.
les playbook sont composés de plusieurs "plays".
Chaque play commence par "hosts".
Playbooks can include other playbooks.
| Tasks | |
Every task should have a name, which is included in the output from running the playbook.
Each play contains a list of tasks. Tasks are executed in order, one at a time, against all machines matched by the host pattern, before moving on to the next task. It is important to understand that, within a play, all hosts are going to get the same task directives. It is the purpose of a play to map a selection of hosts to tasks.
The command and shell modules are the only modules that just take a list of arguments and don’t use the key=value form.
Tasks can be run step-by-step
$ ansible-playbook provision.yml -i hosts --step
> Perform task: TASK: setup (y/n/c): n #
> Perform task: TASK: First task (y/n/c): n
> Perform task: TASK: Second task (y/n/c): y |
The setup module is automatically called by playbooks (at first) to gather useful variables about remote hosts that can be used in playbooks.
 script, shell and command
script : The local script at path will be transferred to the remote node and then executed.
shell : The shell module takes the command name followed by a list of space-delimited arguments and runs the command through a shell (/bin/sh) on the remote node.
command : The given command will be executed on all selected nodes. It will not be processed through the shell, so variables like $HOME and operations like "<", ">", "|", ";" and "&" will not work.
Sources :
http://docs.ansible.com/ansible/script_module.html
http://docs.ansible.com/ansible/shell_module.html
http://docs.ansible.com/ansible/command_module.html#command
Boucles
Avec la commande with_items il est possible de modéliser des boucles. Exemple :
- name: lancement services rpcbind et nfslock
shell: service {{item}} start
with_items:
- rpcbind
- nfslock |
| Handlers | |
modules can relay when they have made a change on the remote system.
notify : appel à 1 ou plusieurs handlers
exemple :
notify:
- restart memcached
- restart apache |
Définition de handlers :
handlers:
- name: restart memcached
service: name=memcached state=restarted
- name: restart apache
service: name=apache state=restarted |
Les handlers ne sont déclenchés qu'une fois même s'ils sont appelés par plusieurs taches. Le handler est exécuté lors de l'exécution de la dernière tache.
| Rôles | |
Roles are just automation around ‘include’ directive
| Variables | |
Des variables peuvent être associées à des machines pour ensuit être utilisées dans les playbooks.
Exemple :
[grp-1]
host1 http_port=80 maxRequestsPerChild=808 |
Des variables peuvent être associées à des groupes :
[atlanta]
host1
host2
[atlanta:vars]
ntp_server=ntp.atlanta.example.com
proxy=proxy.atlanta.example.com |
 The preferred practice in Ansible is actually not to store variables in the main inventory file.
mkdir group_vars/host1
echo "portweb: 8080" > group_vars/host1/httpd_conf |
Les variables sont alors lues automatiquement.
Une doc intéressante : http://jpmens.net/2012/08/30/ansible-variables-variables-and-more-variables/
| Divers | |
Traitements en // avec 10 forks => -f 10 (the default is 5)
Exécution de commandes : ansible atlanta -m shell -a "hostname" ou ansible atlanta -m command -a "hostname"
Copie de fichiers : ansible atlanta -m copy -a "src=/etc/hosts dest=/tmp/hosts"
Manipulation de fichiers : ansible webservers -m file -a "dest=/srv/foo/a.txt mode=600"
Gestion des paquets : ansible webservers -m yum -a "name=acme-1.5 state=present" # ici vérification qu'un paquet est présent
Gestion des services : ansible webservers -m service -a "name=httpd state=restarted"
YAML Rules
Applicable YAML files: all files with a .yml extension.
Tabs are NOT allowed, use spaces ONLY.
You MUST indent your properties and lists with 1 or more spaces.
All keys/properties are case-sensitive. ("ThIs", is not the same as "thiS")
Sources
http://docs.ansible.com/ansible/intro_installation.html
http://codeheaven.io/15-things-you-should-know-about-ansible/
|
|
Contact
|
|---|
Pour m'envoyer un mail,
Pour me laisser un commentaire :richard.brunooo
chez
gmail.com |  |
|
|