© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.
If you are familiar with Puppet terminology, this concept is basically the same as ‘external nodes’, with the slight difference that it also defines which hosts are managed.
When the external node script is called with no arguments, the script must return a JSON hash/dictionary of all the groups to be managed, with a list of each host/IP as the value for each hash/dictionary element, like so:
+When the external node script is called with the single argument ‘–list’, the script must return a JSON hash/dictionary of all the groups to be managed, with a list of each host/IP as the value for each hash/dictionary element, like so:
{
'databases' : [ 'host1.example.com', 'host2.example.com' ],
'webservers' : [ 'host2.example.com', 'host3.example.com' ],
@@ -276,8 +276,8 @@ of these options via an external inventory system.
}
When called with a single argument, the name of a host from above, the script must return either an empty JSON -hash/dictionary, or a list of key/value variables to make available to templates. Returning variables is optional, +
When called with the arguments ‘–host <hostname>’ (where <hostname> is a host from above), the script must return either an empty JSON +hash/dictionary, or a list of key/value variables to make available to templates or playbooks. Returning variables is optional, if the script does not wish to do this, returning an empty hash/dictionary is the way to go:
{
'favcolor' : 'red',
@@ -357,7 +357,7 @@ a conf.d file appropriately or something similar. Who knows?
© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.
ssh-agent bash
ssh-add ~/.ssh/id_rsa.pub
Now to run the command on all servers in a group, in this case, ‘atlanta’:
+If you don’t want to use ssh-agent and want to instead SSH with a password instead of keys, you can with +–ask-pass (-k), but it’s much better to just use ssh-agent.
+Now to run the command on all servers in a group, in this case, ‘atlanta’, in 10 parallel forks:
ansible atlanta -a "/sbin/reboot" -f 10
If you want to run commands as a different user than root:
+If you want to run commands as a different user than root, it looks like this:
ansible atlanta -a "/usr/bin/foo" -u yourname
If you want to run commands through sudo:
ansible atlanta -a "/usr/bin/foo" -u yourname --sudo [--ask-sudo-pass]
Use –ask-sudo-pass (-K) if you are not using passwordless sudo.
+Use –ask-sudo-pass (-K) if you are not using passwordless sudo. This will interactively prompt +you for the password to use. Use of passwordless sudo makes things easier to automate, but it’s +not required.
+It is also possible to sudo to a user other than root using –sudo-user (-U):
+ansible atlanta -a "/usr/bin/foo" -u yourname -U otheruser [--ask-sudo-pass]
+Ok, so those are basics. If you didn’t read about patterns and groups yet, go back and read The Inventory File, Patterns, and Groups.
The -f 10 in the above specifies the usage of 10 simultaneous processes. Normally commands also take a -m for module name, but the default module name is ‘command’, so we didn’t need to specify that -here. We’ll use -m later to run some other Ansible Modules.
-The command module requires absolute paths and does not support shell variables. If we want to +all of the time. We’ll use -m in later examples to run some other Ansible Modules.
+Note that the command module requires absolute paths and does not support shell variables. If we want to execute a module using the shell, we can do those things, and also use pipe and redirection operators. Read more about the differences on the Ansible Modules page. The shell module looks like this:
@@ -373,7 +380,7 @@ a simplified syntax for this.
© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.
As the project is still pretty new, you will probably want to clone -the git checkout, so you can keep up with all of the latest features, -and also easily contribute back to the project (if you want).
+If you are interested in using all the latest features, you may wish to keep up to date +with the development branch of the git checkout. This also makes it easiest to contribute +back to the project.
Instructions for installing from source are below.
+Ansible’s release cycles are about one month long. Due to this +short release cycle, any bugs will generally be fixed in the next release versus maintaining +backports on the stable branch.
You may also wish to follow the Github project if you have a github account. This is also where we keep the issue tracker for sharing bugs and feature ideas.
@@ -227,6 +230,7 @@ bugs and feature ideas.Ansible is trivially easy to run from a checkout, root permissions are not required to use it:
$ git clone git://github.com/ansible/ansible.git
+$ git checkout -t origin/devel
$ cd ./ansible
$ source ./hacking/env-setup
If you are not working from a distribution where Ansible is packaged yet, you can install Ansible using “make install”. This is done through python-distutils:
$ git clone git://github.com/ansible/ansible.git
+$ git checkout -t origin/devel
$ cd ./ansible
$ sudo make install
In the near future, pre-built packages will be available through your -distribution. Until that time, you can use the make rpm command to +
RPMs for the last Ansible release are available for EPEL 6 and currently supported +Fedora distributions.
+++# install the epel-release RPM if needed on CentOS, RHEL, or Scientific Linux +$ sudo yum install ansible
You can also use the make rpm command to build an RPM you can distribute and install:
$ git clone git://github.com/ansible/ansible.git
$ cd ./ansible
@@ -265,14 +274,15 @@ same version. This is perfectly safe to do.
Debian, Gentoo, Arch, Others¶
Gentoo eBuilds are available here
-Debian package recipes are in progress – see the source checkout, in the packaging/debian
-directory.
+Debian package recipes can be built from the source checkout, run:
+make debian
+
An Arch PKGBUILD is available on AUR
If you have python3 installed on Arch, you probably want to symlink python to python2.:
sudo ln -sf /usr/bin/python2 /usr/bin/python
If you would like to package Ansible for Homebrew, BSD, or others,
-please stop by the mailing list and say hi.
+please stop by the mailing list and say hi!
Tagged Releases¶
@@ -281,8 +291,6 @@ project page:
-At this point in Ansible’s development, running or building from checkout is preferred
-if you want access to all of the latest modules and improvements.
© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.
ansible/hacking/test-module ./time time=\"March 14 12:23\"
This should return something like:
-{"changed": true, "time": "2012-03-14 12:23:00.000307"}
+{"changed": True, "time": "2012-03-14 12:23:00.000307"}
The ‘setup’ module that ships with Ansible provides many variables about a system that can be used in playbooks +and templates. However, it’s possible to also add your own facts without modifying the system module. To do +this, just have the module return a ansible_facts key, like so, along with other return data. This requires +Ansible 0.4 and later:
+{
+ "changed" : True,
+ "rc" : 5,
+ "ansible_facts" : {
+ "leptons" : 5000
+ "colors" : {
+ "red" : "FF0000",
+ "white" : "FFFFFF"
+ }
+ }
+}
+These ‘facts’ will be available to all statements called after that module (but not before) in the playbook. +A good idea might be make a module called ‘site_facts’ and always call it at the top of each playbook, though +we’re always open to improving the selection of core facts in Ansible as well.
+If writing a module in Python and you have managed nodes running @@ -430,7 +453,7 @@ Stop by the mailing list to inquire about requirements.
© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.
Manages apt-packages (such as for Debian/Ubuntu).
pkg:
state:
update-cache:
Deploys software (or files) from git checkouts.
repo:
dest:
branch:
+Example action from Ansible Playbooks:
git repo=git://foosball.example.org/path/to/repo.git dest=/srv/checkout version=release-0.22
system:
+To control members of the group, see the users resource.
Example action from Ansible Playbooks:
group name=somegroup state=present
@@ -443,8 +452,24 @@ successful contact.
takes no parameters & does not support change hooks, nor does it make
any changes on the system.
Executes a low-down and dirty SSH command, not going through the module subsystem. +This module is new in Ansible 0.4.
+This is useful and should only be done in two cases. The first case is installing +python-simplejson on older (python 2.4 and before) hosts that need it as a dependency +to run modules, since nearly all core modules require it. Another is speaking to any +devices such as routers that do not have any Python installed. In any other case, +using the ‘shell’ or ‘command’ module is much more appropriate.
+Arguments given to ‘raw’ are run directly through the configured remote shell and +only output is returned. There is no error detection or change handler support +for this module.
+Example from /usr/bin/ansible to bootstrap a legacy python 2.4 host:
+++ansible newhost.example.com raw -a “yum install python-simplejson”
Controls services on remote machines.
state:
enabled:
+list:
+name:
system:
+force:
state:
list:
Example action from Ansible Playbooks:
yum pkg=httpd state=latest
@@ -748,7 +787,7 @@ yum pkg=httpd state=installed
© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.
It’s also ok to mix wildcard patterns and groups at the same time:
one*.com:dbservers
Note
-It is not possible to target a host not in the inventory file, unless using playbooks with –override-hosts. More on that later. This is a safety feature.
-Easy enough. See Command Line Examples and then Playbooks for how to do things to selected hosts.
Using the 0.4 branch of Ansible, it is possible to make groups of groups:
-[atlanta]
+
+Groups of Groups, and Group Variables¶
+Using Ansible 0.4, it is possible to make groups of groups and assign
+variables to groups. These variables can be used by /usr/bin/ansible-playbook, but not
+/usr/bin/ansible.
+
+[atlanta]
host1
+host2
+[raleigh]
host2
-
-[raleigh]
-host2
-host3
-
-[southeast:children]
+host3
+[southeast:children]
atlanta
-raleigh
-
-[southeast:vars]
+raleigh
+[southeast:vars]
some_server=foo.southeast.example.com
-
-[usa:children]
+halon_system_timeout=30
+self_destruct_countdown=60
+escape_pods=2
+[usa:children]
southeast
northeast
southwest
-southeast
-
+southeast
+
© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.
To run an entire playbook locally, just set the “hosts:” line to “hosts:127.0.0.1” and then run the playbook like so:
-playbook playbook.yml --connection=local
+ansible-playbook playbook.yml --connection=local
Alternatively, a local connection can be used in a single playbook play, even if other plays in the playbook use the default remote connection type:
@@ -719,7 +719,7 @@ Let’s run a playbook using a parallelism level of 10:
© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on May 06, 2012.
+ Last updated on May 10, 2012.