USE flags for app-admin/ansible Model-driven deployment, config management, and command execution framework
emerge --ask app-admin/ansible
- app-admin/ansible-lint - Tool for linting Ansible playbooks and roles
- app-admin/ansible-modules-hashivault - Ansible module integrating HashiCorp Vault
- app-admin/ansible-cmdb - Provides an overview of system configuration gathered by an Ansible run
Ansible configuration file location is resolved in the following order: ANSIBLE_CONFIG variable, ansible.cfg file in the current directory, ~/.ansible.cfg file, lastly /etc/ansible/ansible.cfg.
The ebuild provides an example configuration. It can be extracted using:
bzcat /usr/share/doc/ansible*/examples/ansible.cfg.bz2 > ~/.ansible.cfg
To show the current Ansible configuration, use:
[defaults] # Basic default values: inventory = $HOME/ansible/hosts # Uncomment this to disable SSH key host checks #host_key_checking = False # Default user to use for playbooks if user is not specified # (/usr/bin/ansible will use current user as default) #remote_user = root # If set, configures the path to the Vault password file as an alternative to # specifying --vault-password-file on the command line. #vault_password_file = /path/to/vault_password_file
Ansible inventory holds aliases for all managed hosts organized in groups. The default inventory file name is hosts. It is expected to reside in the ~/ansible directory.
With ansible_user and ansible_port it is possible to override the target host's default connection port (22/TCP by default) and remote user. The ansible_host variable specifies the host/IP when it differs from the inventory alias.
The first two lines explicitly set the Ansible Python interpreter for all hosts in the inventory. Ansible attempts to detect the Python interpreter  but setting it explicitly makes the process safer.
Example inventory describing two host groups ("servers" and "workstations") configured to use the /usr/bin/python3.7 Python interpreter:
[all:vars] ansible_python_interpreter=/usr/bin/python3.7 [servers] myserver01 myserver02 ansible_user=larry myserver03 ansible_host=126.96.36.199 [workstations] evapc ansible_user=larry ansible_port=9000 joepc ansible_user=larry mypc ansible_user=larry ansible_connection=local
By default, Ansible assumes SSH keys (leveraging ssh-agent or similar) being used to connect to the managed hosts.
It is also possible to use username and password, although this method requires encryption prior storing the credentials. Ansible provides the ansible-vault tool enabling manipulation with encrypted data.
Create an Ansible vault file for the credentials. Invoking the ansible-vault asks for a passphrase. This passphrase is used to encrypt and decrypt content of the ~/ansible/vault.yml file:
ansible-vault create ~/ansible/vault.yml
The vault file contains the credentials used to authenticate to the managed hosts:
--- username: larry password: gentoo linux rocks and I am a cow
Content of the encrypted ~/ansible/vault.yml file:
$ANSIBLE_VAULT;1.1;AES256 36616661333864373230383539623831626231643737323662366437316233396631666530303664 3137373065663035393937393764646666613437363333350a316163653066656362636339653561 66643133313266323764386337623365353463626263343963366330333265613938346638616166 6466656332386436350a353734333265303063346139356662656532383462653534666437663539 64356335356538623339323864613136346231356130376262636237663036363738663264663864 36316531643563643633643739663464396138643732356564653531353030383539303366373565 36383963636532666665623138613834333764646534373133356665366130666338386337393736 32363139633432343039
Over 40 Ansible roles created specifically for Gentoo can be found in the Gentoo Ansible project.
Check if Ansible can manage remote machine with given user:
ansible evapc -u larry -m ping
Get info from remote machine, what can be used later in Ansible playbooks:
ansible evapc -u larry -m setup
Run emerge --sync on evapc under larry via sudo:
ansible evapc -s -u larry -m command -a "emerge --sync"
||Specifies the user, if absent Ansible will search in your inventory file for default user associated to the given host, if not any it will use the default specified in the /etc/ansible/ansible.cfg file, if there is no such an entry it will use the current username.|
||Specifies the module to be invoked.|
||Specifies the arguments to passed to the module.|
The ansible-doc command can be used to read module documentation. For example, to list available modules:
To print out info about the ping module:
Although Ansible provides means for composing and running complex configurations using Ansible playbooks, there is always a possibility to execute an one-off task.
For example, restarting all hosts in a host group named "workstations" can be performed as simply as:
ansible workstations -a '/sbin/reboot'
The previous example used the default Ansible module called "command". There is also module providing shell capabilities named "shell". It can be invoked as:
ansible workstations -m shell -a 'date >> /tmp/stamp.log'
- Chef a configuration management tool written in Ruby and Erlang.
- Puppet a configuration management tool written in C++ and Clojure.
- (R)?ex a friendly automation framework written in Perl 5.
- Salt a configuration management tool written Python.
- Sparrow an automation framework written in Raku.