Ansible
Ansible is a configuration management system written in Python. It can be used for automating machine deployments.
Installation
USE flags
USE flags for app-admin/ansible Model-driven deployment, config management, and command execution framework
test
|
Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently) |
Emerge
Install app-admin/ansible:
root #
emerge --ask app-admin/ansible
Configuration
The ansible ebuild has a example configuration generate the basic configuration. Change to home directory:
user $
cd
Extract the example configuration to the home directory:
user $
bzcat /usr/share/doc/ansible*/examples/ansible.cfg.bz2 > ~/.ansible.cfg
To show current ansible configuration, issue:
user $
ansible-config view
Additionally a example configuration file is available on the official site of the project.
With ansible_ssh_user=
and ansible_ssh_port=
remote users and ssh ports can be specified per hosts. From 2.0 version they are deprecated, use ansible_user
and ansible_port
instead.
The first two lines are crucial to explicitly set Ansible's python interpreter for all hosts, Ansible only works with python 2.7, and even is the python_targets_python2_7
flag is set, it will use the system's python by default. It is unnecessary if the system python is version 2.7, but still recommended to avoid unexpected failure if you change it.
/home/larry/.ansible.cfg
Default configuration# config file for ansible # =============================================== # nearly all parameters can be overridden in ansible-playbook # or with command line flags. ansible will read ANSIBLE_CONFIG, # ansible.cfg in the current working directory, .ansible.cfg in # the home directory or /etc/ansible/ansible.cfg, whichever it # finds first [defaults] # some basic default values... inventory = $HOME/ansible/hosts # uncomment this to disable SSH key host checking host_key_checking = False # default user to use for playbooks if user is not specified # (/usr/bin/ansible will use current user as default) #remote_user = root # If set, configures the path to the Vault password file as an alternative to # specifying --vault-password-file on the command line. vault_password_file = /path/to/vault_password_file # This might be deprecated, anyway chech vault.yaml for remote user # keep things simple # # Default remote user #remote_user = root
Inventory
The default inventory file is named hosts. It should be created in the /etc/ansible directory:
user $
mkdir ansible
user $
nano ansible/hosts
This file contains the managed nodes organized in groups.
/etc/ansible/hosts
Sample inventory file[all:vars] # IMPORTANT ansible_python_interpreter=/usr/bin/python3.7 [servers] myserver01 myserver02 myserver03 [workstations] evapc ansible_ssh_user=myuser ansible_ssh_port=9000 joepc ansible_ssh_user=myuser mypc ansible_ssh_user=myuser ansible_connection=local
Authentication
The credentials username and password should be handled by ansible-vault change to the ansible directory in the home path:
user $
cd ~/ansible
Create a ansible vault for the credentials. The ansible-vault asks for a passphrase. This passphrase is used to encrypt and decrypt the vault.yml file:
user $
ansible-vault create vault.yml
New Vault password:
The vault file contains the credentials used to authenticate to remote nodes:
~/ansible/vault.yml
ansilbe-vault credentials--- username: larry password: gentoo linux rocks and I am a cow
Content of the encrypted vault.yml file:
user $
more vault.yml
$ANSIBLE_VAULT;1.1;AES256 36616661333864373230383539623831626231643737323662366437316233396631666530303664 3137373065663035393937393764646666613437363333350a316163653066656362636339653561 66643133313266323764386337623365353463626263343963366330333265613938346638616166 6466656332386436350a353734333265303063346139356662656532383462653534666437663539 64356335356538623339323864613136346231356130376262636237663036363738663264663864 36316531643563643633643739663464396138643732356564653531353030383539303366373565 36383963636532666665623138613834333764646534373133356665366130666338386337393736 32363139633432343039
Roles for Gentoo
Over 40 roles specifically for Gentoo can be found in the https://github.com/gentoo-ansible project.
Usage
Check if ansible can manage remote machine with given user:
user $
ansible evapc -u myuser -m ping
Get info from remote machine, what can be used later in playbooks:
user $
ansible evapc -u myuser -m setup
Run emerge --sync on evapc under myuser via sudo:
user $
ansible evapc -s -u myuser -m command -a "emerge --sync"
Option | Description |
---|---|
-u
|
Specifies the user, if absent ansible will search in your inventory file for default user associated to the given host, if not any it will use the default specified in the /etc/ansible/ansible.cfg file, if there is no such an entry it will use the current username. |
-m
|
Specifies the module to be invoked. |
-a
|
Specifies the arguments to passed to the module. |
The ansible-doc command can be used to read module documentation. For example, to list available modules:
user $
ansible-doc -l
To print out info about the ping module:
user $
ansible-doc ping
Ad-hoc commands
Add simple examples.