Ansible

From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a stub. You can help by expanding it.

Ansible is a configuration management system written in Python. It can be used for automating machine deployments.

Installation

USE flags

USE flags for app-admin/ansible Model-driven deployment, config management, and command execution framework

test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)

Emerge

Install app-admin/ansible:

root #emerge --ask app-admin/ansible

Configuration

The ansible ebuild has a example configuration generate the basic configuration. Change to home directory:

user $cd

Extract the example configuration to the home directory:

user $bzcat /usr/share/doc/ansible*/examples/ansible.cfg.bz2 > ~/.ansible.cfg

To show current ansible configuration, issue:

user $ansible-config view

Additionally a example configuration file is available on the official site of the project.

With ansible_ssh_user= and ansible_ssh_port= remote users and ssh ports can be specified per hosts. From 2.0 version they are deprecated, use ansible_user and ansible_port instead.

The first two lines are crucial to explicitly set Ansible's python interpreter for all hosts, Ansible only works with python 2.7, and even is the python_targets_python2_7 flag is set, it will use the system's python by default. It is unnecessary if the system python is version 2.7, but still recommended to avoid unexpected failure if you change it.

FILE /home/larry/.ansible.cfgDefault configuration
# config file for ansible
# ===============================================

# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first

[defaults]

# some basic default values...

inventory = $HOME/ansible/hosts

# uncomment this to disable SSH key host checking
host_key_checking = False

# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root

# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
vault_password_file = /path/to/vault_password_file

# This might be deprecated, anyway chech vault.yaml for remote user
# keep things simple
#
# Default remote user
#remote_user = root

Inventory

The default inventory file is named hosts. It should be created in the /etc/ansible directory:

user $mkdir ansible
user $nano ansible/hosts

This file contains the managed nodes organized in groups.

FILE /etc/ansible/hostsSample inventory file
[all:vars]
# IMPORTANT
ansible_python_interpreter=/usr/bin/python3.7
 
[servers]
myserver01
myserver02
myserver03
 
[workstations]
evapc ansible_ssh_user=myuser ansible_ssh_port=9000
joepc ansible_ssh_user=myuser
mypc ansible_ssh_user=myuser ansible_connection=local



Authentication

The credentials username and password should be handled by ansible-vault change to the ansible directory in the home path:

user $cd ~/ansible

Create a ansible vault for the credentials. The ansible-vault asks for a passphrase. This passphrase is used to encrypt and decrypt the vault.yml file:

user $ansible-vault create vault.yml

New Vault password:

The vault file contains the credentials used to authenticate to remote nodes:

FILE ~/ansible/vault.ymlansilbe-vault credentials
---
username: larry
password: gentoo linux rocks and I am a cow

Content of the encrypted vault.yml file:

user $more vault.yml
$ANSIBLE_VAULT;1.1;AES256
36616661333864373230383539623831626231643737323662366437316233396631666530303664
3137373065663035393937393764646666613437363333350a316163653066656362636339653561
66643133313266323764386337623365353463626263343963366330333265613938346638616166
6466656332386436350a353734333265303063346139356662656532383462653534666437663539
64356335356538623339323864613136346231356130376262636237663036363738663264663864
36316531643563643633643739663464396138643732356564653531353030383539303366373565
36383963636532666665623138613834333764646534373133356665366130666338386337393736
32363139633432343039

Roles for Gentoo

Over 40 roles specifically for Gentoo can be found in the https://github.com/gentoo-ansible project.

Usage

Check if ansible can manage remote machine with given user:

user $ansible evapc -u myuser -m ping

Get info from remote machine, what can be used later in playbooks:

user $ansible evapc -u myuser -m setup

Run emerge --sync on evapc under myuser via sudo:

user $ansible evapc -s -u myuser -m command -a "emerge --sync"
Option Description
-u Specifies the user, if absent ansible will search in your inventory file for default user associated to the given host, if not any it will use the default specified in the /etc/ansible/ansible.cfg file, if there is no such an entry it will use the current username.
-m Specifies the module to be invoked.
-a Specifies the arguments to passed to the module.

The ansible-doc command can be used to read module documentation. For example, to list available modules:

user $ansible-doc -l

To print out info about the ping module:

user $ansible-doc ping

Ad-hoc commands

Add simple examples.

Troubleshooting

External resources