Difference between revisions of "ansible notes"
|  (→platform modules) |  (→types) | ||
| (31 intermediate revisions by one user not shown) | |||
| Line 4: | Line 4: | ||
|   pip install ansible |   pip install ansible | ||
| − | ==[https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html#variables-in-inventory Adding variables to inventory]== | + | ==variables== | 
| + | |||
| + | A variable name can only include letters, numbers, and underscores. [https://docs.python.org/3/reference/lexical_analysis.html#keywords Python keywords]  or [https://docs.ansible.com/ansible/latest/reference_appendices/playbooks_keywords.html#playbook-keywords playbook keywords] are not valid variable names. A variable name cannot begin with a number. Use use double curly braces to reference them. i.e. | ||
| + | <nowiki> | ||
| + |  {{ foo }} | ||
| + | </nowiki> | ||
| + | ===types=== | ||
| + | |||
| + | Simple vars store a single value.  | ||
| + | |||
| + | List variables store multiple. | ||
| + | |||
| + | referencing specific fields | ||
| + |  region: "{{ region[0] }}" | ||
| + | |||
| + | Dictionary vars store data in key-value pairs | ||
| + | |||
| + | get var type | ||
| + | |||
| + | <nowiki> | ||
| + |  {{ myvar | type_debug }} | ||
| + | </nowiki> | ||
| + | |||
| + | Combining list variables | ||
| + |  ansible.builtin.set_fact: | ||
| + |    merged_list: <nowiki>"{{ list1 + list2 }}"</nowiki> | ||
| + | |||
| + | Combining dictionary variables | ||
| + |  ansible.builtin.set_fact: | ||
| + |   merged_dict: <nowiki>"{{ dict1 | ansible.builtin.combine(dict2) }}"</nowiki> | ||
| + | |||
| + | merge variables that match the given prefixes, suffixes, or regular expressions, you can use the community.general.merge_variables lookup, for example: | ||
| + | |||
| + |  merged_variable: <nowiki>"{{ lookup('community.general.merge_variables', '__my_pattern', pattern_type='suffix') }}"</nowiki> | ||
| + | |||
| + | ===[https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html#variables-in-inventory Adding variables to inventory]=== | ||
| + | |||
| + | Reference nested variables using either bracket notation or dot notation | ||
| + | <nowiki> | ||
| + |  '{{ ansible_facts["eth0"]["ipv4"]["address"] }}' | ||
| + |  or | ||
| + |  {{ ansible_facts.eth0.ipv4.address }} | ||
| + | </nowiki> | ||
| + | |||
| + | ===setting variables=== | ||
| + | Variables can be set via files (like inventory), plays or command line at run time. | ||
| + | |||
| + | setfact | ||
| + |  - name: set a var | ||
| + |    set_fact: | ||
| + |      somevar: "foo" | ||
| + | |||
| + | Registering variables with the task keyword register. | ||
| + | |||
| + |      - name: Run a shell command and register its output as a variable | ||
| + |        ansible.builtin.shell: /usr/bin/foo | ||
| + |        register: foo_result | ||
| + | |||
| + | Defining variables at runtime | ||
| + | |||
| + | key=value syntax | ||
| + | values are interpreted as strings  | ||
| + | |||
| + |  ansible-playbook release.yml --extra-vars "version=1.23.45 other_variable=foo" | ||
| + | |||
| + | Use the JSON format if you need to pass non-string values such as Booleans, integers, floats, lists... | ||
| + | |||
| + |  ansible-playbook release.yml --extra-vars '{"version":"1.23.45","other_variable":"foo"}' | ||
| + |  ansible-playbook arcade.yml --extra-vars '{"pacman":"mrs","ghosts":["inky","pinky","clyde","sue"]}' | ||
| + | |||
| + | you must escape quotes and other special characters  | ||
| + | |||
| + |  ansible-playbook arcade.yml --extra-vars "{\"name\":\"Conan O\'Brien\"}" | ||
| + |  ansible-playbook arcade.yml --extra-vars '{"name":"Conan O'\\\''Brien"}' | ||
| + |  ansible-playbook script.yml --extra-vars "{\"dialog\":\"He said \\\"I just can\'t get enough of those single and double-quotes"\!"\\\"\"}" | ||
| ==Connecting to hosts== | ==Connecting to hosts== | ||
| − | ===[https://docs.ansible.com/ansible/latest/vault_guide/vault.html#vault Ansible Vault]=== | + | ===[https://docs.ansible.com/ansible/latest/vault_guide/vault.html#vault Secure credentials with Ansible Vault]=== | 
| − | + | ||
| + | common commands | ||
| + | |||
| + |  $ ansible-vault create <path to file> | ||
| + | |||
| + |  $ ansible-vault edit <path to file> | ||
| + | |||
| + |  $ ansible-vault rekey <path to file> | ||
| + | |||
| + |  $ ansible-vault view <path to file> | ||
| + | |||
| + | default directories for encrypted vault files | ||
| + | |||
| + | group_vars | ||
| + | |||
| + | host_vars | ||
| + | |||
| + | use hostname/groupname from inventory file as name of the file | ||
| + | |||
| + | ===connection plugins=== | ||
| variable ansible_connection | variable ansible_connection | ||
| Line 56: | Line 149: | ||
|   <br> |   <br> | ||
|   PLAY RECAP **************************************************************************************************************************************** |   PLAY RECAP **************************************************************************************************************************************** | ||
| − |   10.0.0.15                  : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  | + |   10.0.0.15                  : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 | 
| + | |||
| + | ==programming== | ||
| + | |||
| + | ===[https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html conditionals]=== | ||
| + | |||
| + | ===[https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_loops.html loops]=== | ||
| + | |||
| + | ===jinja2=== | ||
| + | [https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_templating.html Templating (Jinja2)] | ||
| + | ==output== | ||
| + | ===parsing json=== | ||
| + | use community.general.json_query which uses | ||
| + | [https://jmespath.org/proposals/functions.html#join jmespath] | ||
| + | |||
| + | [https://docs.ansible.com/ansible/latest/collections/community/general/docsite/filter_guide_selecting_json_data.html Selecting JSON data: JSON queries] | ||
| + | |||
| + | ===writing to files=== | ||
| + |  - name: output to file  | ||
| + |    lineinfile:  | ||
| + |      insertafter: EOF | ||
| + |      dest: "out.txt" | ||
| + |      line: "foo bar" | ||
| + | |||
| + | ==modules and plugins== | ||
| + | [https://docs.ansible.com/ansible/latest/module_plugin_guide/index.html Using Ansible modules and plugins] | ||
| + | |||
| + | [https://thecloudops.org/difference-between-modules-and-plugins/ Difference between Modules and Plugins in Ansible] | ||
| + | |||
| + | ===collections=== | ||
| + | [https://docs.ansible.com/ansible/5/user_guide/collections_using.html Using collections] | ||
| + | Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins. As modules move from the core Ansible repository into collections, the module documentation will move to the collections pages. | ||
| + | |||
| + | ==use cases== | ||
| + | ===network/security automation=== | ||
| − | |||
| − | |||
| [https://docs.ansible.com/ansible/latest/network/user_guide/platform_index.html#platform-options platform modules (Maintained by Ansible Network Team)] | [https://docs.ansible.com/ansible/latest/network/user_guide/platform_index.html#platform-options platform modules (Maintained by Ansible Network Team)] | ||
| − | [https://galaxy.ansible.com/ui/namespaces/check_point/ checkpoint modules (gaia / mgmt)] | + | ====[https://galaxy.ansible.com/ui/namespaces/check_point/ checkpoint modules (gaia / mgmt)]==== | 
| + | ====fortinet==== | ||
| [https://galaxy.ansible.com/ui/namespaces/fortinet/ fortinet] | [https://galaxy.ansible.com/ui/namespaces/fortinet/ fortinet] | ||
| + | |||
| + | [https://docs.fortinet.com/document/fortisoar/7.4.2/playbooks-guide/767891/jinja-filters-and-functions Jinja Filters and Functions] | ||
| [https://galaxy.ansible.com/ui/namespaces/paloaltonetworks/ paloalto] | [https://galaxy.ansible.com/ui/namespaces/paloaltonetworks/ paloalto] | ||
| + | ===cloud=== | ||
| + | ====kvm==== | ||
| + | [https://docs.ansible.com/ansible/latest/collections/community/libvirt/virt_module.html KVM libvirt module] | ||
| − | + | [https://thenathan.net/2022/09/30/ansible-libvirt-dynamic-inventory/ Ansible libvirt dynamic inventory] | |
| − | + | [https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-domain_commands-connecting_the_serial_console_for_the_guest_virtual_machine Connecting the Serial Console for the Guest Virtual Machine] | |
| − | + | [[category:ansible]] | |
| − | + | [https://www.uni-koeln.de/~pbogusze/posts/Ansible_export_facts_to_simple_csv_file.html Ansible export facts to simple csv file] | |
| − | [ | + | |
Latest revision as of 22:12, 16 April 2025
| Contents | 
installation
pip install ansible
variables
A variable name can only include letters, numbers, and underscores. Python keywords or playbook keywords are not valid variable names. A variable name cannot begin with a number. Use use double curly braces to reference them. i.e. {{ foo }}
types
Simple vars store a single value.
List variables store multiple.
referencing specific fields
region: "{{ region[0] }}"
Dictionary vars store data in key-value pairs
get var type
{{ myvar | type_debug }}
Combining list variables
ansible.builtin.set_fact:
  merged_list: "{{ list1 + list2 }}"
Combining dictionary variables
ansible.builtin.set_fact:
 merged_dict: "{{ dict1 | ansible.builtin.combine(dict2) }}"
merge variables that match the given prefixes, suffixes, or regular expressions, you can use the community.general.merge_variables lookup, for example:
merged_variable: "{{ lookup('community.general.merge_variables', '__my_pattern', pattern_type='suffix') }}"
Adding variables to inventory
Reference nested variables using either bracket notation or dot notation '{{ ansible_facts["eth0"]["ipv4"]["address"] }}' or {{ ansible_facts.eth0.ipv4.address }}
setting variables
Variables can be set via files (like inventory), plays or command line at run time.
setfact
- name: set a var
  set_fact:
    somevar: "foo"
Registering variables with the task keyword register.
    - name: Run a shell command and register its output as a variable
      ansible.builtin.shell: /usr/bin/foo
      register: foo_result
Defining variables at runtime
key=value syntax values are interpreted as strings
ansible-playbook release.yml --extra-vars "version=1.23.45 other_variable=foo"
Use the JSON format if you need to pass non-string values such as Booleans, integers, floats, lists...
ansible-playbook release.yml --extra-vars '{"version":"1.23.45","other_variable":"foo"}'
ansible-playbook arcade.yml --extra-vars '{"pacman":"mrs","ghosts":["inky","pinky","clyde","sue"]}'
you must escape quotes and other special characters
ansible-playbook arcade.yml --extra-vars "{\"name\":\"Conan O\'Brien\"}"
ansible-playbook arcade.yml --extra-vars '{"name":"Conan O'\\\Brien"}'
ansible-playbook script.yml --extra-vars "{\"dialog\":\"He said \\\"I just can\'t get enough of those single and double-quotes"\!"\\\"\"}"
Connecting to hosts
Secure credentials with Ansible Vault
common commands
$ ansible-vault create <path to file> $ ansible-vault edit <path to file> $ ansible-vault rekey <path to file> $ ansible-vault view <path to file>
default directories for encrypted vault files
group_vars
host_vars
use hostname/groupname from inventory file as name of the file
connection plugins
variable ansible_connection
listing connection types/plugins
$ ansible-doc -t connection -l kubectl Execute tasks in pods running on Kubernetes libvirt_lxc Run tasks in lxc containers via libvirt chroot Interact with local chroot psrp Run tasks over Microsoft PowerShell Remoting Protocol network_cli Use network_cli to run command on network appliances vmware_tools Execute tasks inside a VM via VMware Tools ssh connect via ssh client binary httpapi Use httpapi to run command on network appliances docker Run tasks in docker containers ...
playbooks
examples
- name: My first play
 hosts: myhosts
 tasks:
  - name: Print wall message
    ansible.builtin.command: /usr/bin/wall hello
- name: output test 
 hosts: myhosts
 tasks:
  - name: run uname thru awk 
    ansible.builtin.shell:  /usr/bin/uname -a | awk '{print $NF}'
    register: results
  - debug:
      var: results.stdout
$ ansible-playbook -i inventory.ini shelltest.yaml PLAY [output test] ********************************************************************************************************************************
TASK [run uname thru awk] ************************************************************************************************************************* changed: [10.0.0.15]
TASK [debug] ************************************************************************************************************************************** ok: [10.0.0.15] => { "results.stdout": "GNU/Linux" }
PLAY RECAP **************************************************************************************************************************************** 10.0.0.15 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
programming
conditionals
loops
jinja2
output
parsing json
use community.general.json_query which uses jmespath
Selecting JSON data: JSON queries
writing to files
- name: output to file 
  lineinfile: 
    insertafter: EOF
    dest: "out.txt"
    line: "foo bar"
modules and plugins
Using Ansible modules and plugins
Difference between Modules and Plugins in Ansible
collections
Using collections Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins. As modules move from the core Ansible repository into collections, the module documentation will move to the collections pages.
use cases
network/security automation
platform modules (Maintained by Ansible Network Team)
checkpoint modules (gaia / mgmt)
fortinet
cloud
kvm
Ansible libvirt dynamic inventory
 
					