-
Add SSH Credentials
ssh-add /path/to_cred_file.pem -
contents of inventory.yml
inventory.yml
[dockerbuild]
59.68.67.67
# note that following promtps yes/no
ansible dockerbuild -m ping -i inventory.yml -u centos
- take two: using variables, ansible_become means 'sudo'
inventory.yml
[dockerbuild]
59.68.67.67 ansible_user=centos ansible_become=true
ansible dockerbuild -m ping -i inventory
- use default config file
content of ansible.cfg
[defaults]
inventory = inventory.yml
host_key_checking = false #no ssh key checking
# now it is possible to rewrite the above adhoc command as:
ansible dockerbuild -m ping
-
install docker on target host:
ansible dockerbuild -a 'yum install -y docker' -
Use Yum Module: I want docker to be installed, do nothing if already installed
ansible dockerbuild -m yum -a "name=docker state=present" -
I want docker service to be running
ansible dockerbuild -m yum -a "name=docker state=started" -
run docker ps command using shell module.. adhoc
ansible dockerbuild -m shell -a "docker ps"
- contents of playbook.yml
---
- hosts: dockerbuild
vars:
repo_name: "https://github.com/jberkus/ansible101.git"
tasks:
- name: install docker
yum: name=docker state=present
- name: start docker
service: name=docker state=started
- name: install git
yum: name=git state=present
- name: check out ansible101 repo_name
git: repo={{ repo_name }}
dest=/tmp/ansible101
- Run the above playbook via
ansible-playbookcommand
ansible-playbook playbook.yml
# Following will ceate a vault by prompting you with a password to it
# This password is used to encrypt/decrypt the content of vault
ansible-vault create password.yml
- contents of password.yml below:
---
docker_username = adil
docker_password = mypwd
owner_email = adil@hindistan
- once you have the encrypted password file, you can refer to it in your playbook using
vars_file
...
vars_file = password.yml
handlers:
- name: log into docker hub
docker_login:
username: "{{ docker_username }}"
password: "{{ docker_password }}"
email: "{{ owner_email }}"
...
- Limitation: when you run the playbook, you are prompted once. So, all vaults needs the same pwd
- Other commands:
ansible-vault edit password.yml # edit file
ansible-vault decrypt password.yml # file is now in plain-text
ansible-vault encrypt password.yml # re-encrypt with a new pwd
## If you need to be prompted for password
ansible-playbook password.yml --ask-vault-password
-
Ansible has built-in
treestructure, which can be leveraged with playbooks -
group_varsdirectory is the key! If you have it in the root of your automation directory:- You can have files full of variables that are named after the groups
- say it looks like this:
|-- group_vars |-- all -- dockerbuild
-
run
treecommand to see the directory structure -
rolesare also very important, and are used to call other playbooks -
Instead of a long playbook, simply put the
tasksintasksfolder,handlersin thehandlersDirectory|-- roles |--dockerbuilds |--handlers 'main.yml |--tasks '--main.yml |--templates '--main.yml -
If you do this, playbook gets very short:
--- - hosts: dockerbuild vars_files: - password.yml roles: - dockerbuild
- Do not use bare variables with
withstatement
with_items: my_list # NO
with_items: "{{ my_list }}" # YES