Skip to content

Ansible

Ansible is an IT automation tool, to configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments.

A "state" configuration tool: i wish such and such thing to be present or absent (state)

Installation: In most case it is just python -m pip install --user ansible or pip/pip3 intsall ansible

If you don't have pip you can install it like

$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
$ python get-pip.py --user

Test your installation: ansible localhost -m ping

Get Started Documentation

You can train yourself here without any installation

Modules: that can be executed directly on remote hosts or through Playbooks.

https://docs.ansible.com/ansible/2.9/modules/modules_by_category.html

To avoid first time failure due to ssh strict checking: ansible_ssh_extra_args='-o StrictHostKeyChecking=no'

Some Tips

  • Use command ansible-galaxy init .. to generate your role files/tree
  • Module rsync does not decrypt encrypted files during synchronization

Tools around Ansible

There is some interesting tools around ansible like:

  • https://galaxy.ansible.com Public repo/site for using and sharing Ansible Content with Public
  • Ansible Lint(YamlLint also): a highly configurable linter for Ansible playbooks
  • Ansible cmdb : gather information from Ansible’s and converts it into a static HTML...an overview inventory site!
  • Mitogen for Ansible - uses the Mitogen library to execute Ansible playbooks in a more efficient way
  • AWX: provides a web-based user interface, REST API, and task engine built on top of Ansible.
    Open Source version of Ansible Tower.
  • ARA : to records Ansible and makes it easier to understand and troubleshoot.

More tools and plugins

ARA

Getting started : https://ara.recordsansible.org/

Deploy and test ARA quickly

Install the API/Server 
docker pull recordsansible/ara-api
## Remove env variables  ARA_WRITE_LOGIN_REQUIRED/ARA_READ_LOGIN_REQUIRED
## if you wnat to test without authentification
docker run --name api-server -dit --restart unless-stopped  -p 8080:8000  \
-e ARA_WRITE_LOGIN_REQUIRED=true -e ARA_READ_LOGIN_REQUIRED=true  \
docker.io/recordsansible/ara-api:latest

## If you set ARA_WRITE_LOGIN_REQUIRED/ARA_READ_LOGIN_REQUIRED
docker exec -it api-server ara-manage createsuperuser \
--username=admin --email=admin@example.com

## Open the UI in your browser
Set ARA on client side 
## Install ARA
pip3 install --user  ara  ##  python3 -m pip install --user  ara

## Configure Ansible to use the ARA callback plugin
export ANSIBLE_CALLBACK_PLUGINS="$(python3 -m ara.setup.callback_plugins)"

## Set up the ARA callback to use the API
export ARA_API_CLIENT="http"
export ARA_API_SERVER="http://127.0.0.1:8080"
# If ARA is deployed on another host, use the IP/Hostname of this server

## If you have enabled authentification
export ARA_API_USERNAME="your_user"
export ARA_API_PASSWORD="your_user_password"
## export ARA_IGNORED_ARGUMENTS=vault_password_files

## Instead to export all these variables you can add them in ansible.cfg
[ara]
api_client = http
api_server = http://ara-api-host.example.com
api_username = xx
api_password = xxx
## ignored_arguments = vault_password_files
Run an Ansible playbook to test 
ansible-playbook playbook.yaml
ara playbook list
ara playbook metrics
ara playbook show -f yaml 1
ara play list
ara play show 1