From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a stub. You can help by expanding it.

Ansible is a configuration management system written in Python. It can be used for automating machine deployments.


USE flags

USE flags for app-admin/ansible Model-driven deployment, config management, and command execution framework

test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)


Install app-admin/ansible:

root #emerge --ask app-admin/ansible


The ansible ebuild has a example configuration generate the basic configuration. Change to home directory:

user $cd

Extract the example configuration to the home directory:

user $bzcat /usr/share/doc/ansible*/examples/ansible.cfg.bz2 > ~/.ansible.cfg

To show current ansible configuration, issue:

user $ansible-config view

Additionally a example configuration file is available on the official site of the project.

With ansible_ssh_user= and ansible_ssh_port= remote users and ssh ports can be specified per hosts. From 2.0 version they are deprecated, use ansible_user and ansible_port instead.

The first two lines are crucial to explicitly set Ansible's python interpreter for all hosts, Ansible only works with python 2.7, and even is the python_targets_python2_7 flag is set, it will use the system's python by default. It is unnecessary if the system python is version 2.7, but still recommended to avoid unexpected failure if you change it.

FILE /home/larry/.ansible.cfgDefault configuration
# config file for ansible
# ===============================================

# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first


# some basic default values...

inventory = $HOME/ansible/hosts

# uncomment this to disable SSH key host checking
host_key_checking = False

# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root

# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
vault_password_file = /path/to/vault_password_file

# This might be deprecated, anyway chech vault.yaml for remote user
# keep things simple
# Default remote user
#remote_user = root


The default inventory file is named hosts. It should be created in the /etc/ansible directory:

user $mkdir ansible
user $nano ansible/hosts

This file contains the managed nodes organized in groups.

FILE /etc/ansible/hostsSample inventory file
evapc ansible_ssh_user=myuser ansible_ssh_port=9000
joepc ansible_ssh_user=myuser
mypc ansible_ssh_user=myuser ansible_connection=local


The credentials username and password should be handled by ansible-vault change to the ansible directory in the home path:

user $cd ~/ansible

Create a ansible vault for the credentials. The ansible-vault asks for a passphrase. This passphrase is used to encrypt and decrypt the vault.yml file:

user $ansible-vault create vault.yml

New Vault password:

The vault file contains the credentials used to authenticate to remote nodes:

FILE ~/ansible/vault.ymlansilbe-vault credentials
username: larry
password: gentoo linux rocks and I am a cow

Content of the encrypted vault.yml file:

user $more vault.yml

Roles for Gentoo

Over 40 roles specifically for Gentoo can be found in the project.


Check if ansible can manage remote machine with given user:

user $ansible evapc -u myuser -m ping

Get info from remote machine, what can be used later in playbooks:

user $ansible evapc -u myuser -m setup

Run emerge --sync on evapc under myuser via sudo:

user $ansible evapc -s -u myuser -m command -a "emerge --sync"
Option Description
-u Specifies the user, if absent ansible will search in your inventory file for default user associated to the given host, if not any it will use the default specified in the /etc/ansible/ansible.cfg file, if there is no such an entry it will use the current username.
-m Specifies the module to be invoked.
-a Specifies the arguments to passed to the module.

The ansible-doc command can be used to read module documentation. For example, to list available modules:

user $ansible-doc -l

To print out info about the ping module:

user $ansible-doc ping

Ad-hoc commands

Add simple examples.


External resources