Ansible

Ansible is Article description::an agentless automation system written in [[Python.]] It can be used for automating machine deployments, configuration management, or orchestrating continuous delivery.

The automation jobs are written in YAML as a series of interactions with the target hosts performed via SSH by default. Ansible requires no databases nor central runtime servers.

Emerge
Install :

Additional software

 * - Tool for linting Ansible playbooks and roles
 * - Ansible module integrating HashiCorp Vault
 * - Provides an overview of system configuration gathered by an Ansible run

Configuration
Ansible configuration file location is resolved in the following order: ANSIBLE_CONFIG variable, file in the current directory,  file, lastly.

The ebuild provides an example configuration. It can be extracted using:

To show the current Ansible configuration, use:

Inventory
Ansible inventory holds aliases for all managed hosts organized in groups. The default inventory file name is. It is expected to reside in the directory.

With ansible_user and ansible_port it is possible to override the target host's default connection port (22/TCP by default) and remote user. The ansible_host variable specifies the host/IP when it differs from the inventory alias.

The first two lines explicitly set the Ansible Python interpreter for all hosts in the inventory. Ansible attempts to detect the Python interpreter but setting it explicitly makes the process safer.

Example inventory describing two host groups ("servers" and "workstations") configured to use the Python interpreter:

Authentication
By default, Ansible assumes SSH keys (leveraging or similar) being used to connect to the managed hosts.

It is also possible to use username and password, although this method requires encryption prior storing the credentials. Ansible provides the tool enabling manipulation with encrypted data.

Create an Ansible vault file for the credentials. Invoking the asks for a passphrase. This passphrase is used to encrypt and decrypt content of the file:

The vault file contains the credentials used to authenticate to the managed hosts:

Content of the encrypted file:

Gentoo-specific roles
Over 40 Ansible roles created specifically for Gentoo can be found in the Gentoo Ansible project.

Usage
Check if Ansible can manage remote machine with given user:

Get info from remote machine, what can be used later in Ansible playbooks:

Run on evapc under larry via :

The command can be used to read module documentation. For example, to list available modules:

To print out info about the ping module:

Ad-hoc commands
Although Ansible provides means for composing and running complex configurations using Ansible playbooks, there is always a possibility to execute an one-off task.

For example, restarting all hosts in a host group named "workstations" can be performed as simply as:

The previous example used the default Ansible module called "command". There is also module providing shell capabilities named "shell". It can be invoked as:

Alternatives

 * Chef a configuration management tool written in Ruby and Erlang.
 * Puppet a configuration management tool written in C++ and Clojure.
 * (R)?ex a friendly automation framework written in Perl 5.
 * Salt a configuration management tool written Python.
 * Sparrow an automation framework written in Raku.

External resources

 * Set of Ansible tasks to configure Gentoo-based workstations (not tested before posting link).
 * Example ansible configuration file
 * Example hosts file
 * Porting guides