ansible notes
Contents |
installation
pip install ansible
variables
A variable name can only include letters, numbers, and underscores. Python keywords or playbook keywords are not valid variable names. A variable name cannot begin with a number. Use use double curly braces to reference them. i.e. {{ foo }}
types
Simple vars store a single value.
List variables store multiple.
referencing specific fields
region: "{{ region[0] }}"
Dictionary vars store data in key-value pairs
get var type
{{ myvar | type_debug }}
Combining list variables
ansible.builtin.set_fact: merged_list: "Template:list1 + list2"
Combining dictionary variables
ansible.builtin.set_fact: merged_dict: "Template:dict1"
merge variables that match the given prefixes, suffixes, or regular expressions, you can use the community.general.merge_variables lookup, for example:
merged_variable: "Template:lookup('community.general.merge variables', ' my pattern', pattern type='suffix')"
Adding variables to inventory
Reference nested variables using either bracket notation or dot notation
'{{ ansible_facts["eth0"]["ipv4"]["address"] }}'
or
Template:ansible facts.eth0.ipv4.address
setting variables
Variables can be set via files (like inventory), plays or command line at run time.
setfact
- name: set a var
set_fact:
somevar: "foo"
Registering variables with the task keyword register.
- name: Run a shell command and register its output as a variable
ansible.builtin.shell: /usr/bin/foo
register: foo_result
Defining variables at runtime
key=value syntax values are interpreted as strings
ansible-playbook release.yml --extra-vars "version=1.23.45 other_variable=foo"
Use the JSON format if you need to pass non-string values such as Booleans, integers, floats, lists...
ansible-playbook release.yml --extra-vars '{"version":"1.23.45","other_variable":"foo"}'
ansible-playbook arcade.yml --extra-vars '{"pacman":"mrs","ghosts":["inky","pinky","clyde","sue"]}'
you must escape quotes and other special characters
ansible-playbook arcade.yml --extra-vars "{\"name\":\"Conan O\'Brien\"}"
ansible-playbook arcade.yml --extra-vars '{"name":"Conan O'\\\Brien"}'
ansible-playbook script.yml --extra-vars "{\"dialog\":\"He said \\\"I just can\'t get enough of those single and double-quotes"\!"\\\"\"}"
Connecting to hosts
Secure credentials with Ansible Vault
common commands
$ ansible-vault create <path to file> $ ansible-vault edit <path to file> $ ansible-vault rekey <path to file> $ ansible-vault view <path to file>
default directories for encrypted vault files
group_vars
host_vars
use hostname/groupname from inventory file as name of the file
connection plugins
variable ansible_connection
listing connection types/plugins
$ ansible-doc -t connection -l kubectl Execute tasks in pods running on Kubernetes libvirt_lxc Run tasks in lxc containers via libvirt chroot Interact with local chroot psrp Run tasks over Microsoft PowerShell Remoting Protocol network_cli Use network_cli to run command on network appliances vmware_tools Execute tasks inside a VM via VMware Tools ssh connect via ssh client binary httpapi Use httpapi to run command on network appliances docker Run tasks in docker containers ...
playbooks
examples
- name: My first play
hosts: myhosts
tasks:
- name: Print wall message
ansible.builtin.command: /usr/bin/wall hello
- name: output test
hosts: myhosts
tasks:
- name: run uname thru awk
ansible.builtin.shell: /usr/bin/uname -a | awk '{print $NF}'
register: results
- debug:
var: results.stdout
$ ansible-playbook -i inventory.ini shelltest.yaml PLAY [output test] ********************************************************************************************************************************
TASK [run uname thru awk] ************************************************************************************************************************* changed: [10.0.0.15]
TASK [debug] ************************************************************************************************************************************** ok: [10.0.0.15] => { "results.stdout": "GNU/Linux" }
PLAY RECAP **************************************************************************************************************************************** 10.0.0.15 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
programming
conditionals
loops
jinja2
output
parsing json
use community.general.json_query which uses jmespath
Selecting JSON data: JSON queries
writing to files
- name: output to file
lineinfile:
insertafter: EOF
dest: "out.txt"
line: "foo bar"
modules and plugins
Using Ansible modules and plugins
Difference between Modules and Plugins in Ansible
collections
Using collections Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins. As modules move from the core Ansible repository into collections, the module documentation will move to the collections pages.
use cases
network/security automation
platform modules (Maintained by Ansible Network Team)
checkpoint modules (gaia / mgmt)
fortinet
cloud
kvm
Ansible libvirt dynamic inventory
