Ansible Note

All version?

skip setup

ansible.cfg

[defaults]
gathering=explicit

module ref

ansible-doc <module>

git clone

use git module

For repo=git:// (ssh), hostkey issue.

accept_hostkey=yes

git for private repo

ssh-agent?
http://qiita.com/seizans/items/f5f052aec1592c47767f

SELinux python

Mandatory...

    - name: install essential packages
      yum: name=libselinux-python state=installed

string append via lineinfile

    - name: disable SELinux
      lineinfile: dest=/etc/selinux/config regexp=^SELINUXPLUS= line=SELINUXPLUS=disabled

When you want to erase, use state=absent

Ansible 2.0x

Set tags for a role

roles:
  - { role: webserver, port: 5000, tags: [ 'web', 'foo' ] }

[DEPRECATION WARNING]: Using bare variables is deprecated.

NG

var/main.yml

---
user:
 - hoge
 - fuga
 - use1

- name: mk user dir
  file:
    dest: '/home/{{item}}'
    state: directory
    owner: '{{item}}'
    group: '{{item}}'
    mode: 0700
  with_items:
    - user

OK

- name: mk user dir
  file:
    dest: '/home/{{item}}'
    state: directory
    owner: '{{item}}'
    group: '{{item}}'
    mode: 0700
  with_items:
    - '{{user}}'

More YAMLish!

- name: some task
  shell: |
    echo hoge >> somelog.txt
    echo foo
    echo baa
  args:
    chdir: somedir/

Ref module's document

# show all modules
ansible-doc -l

# show file module doc
ansible-doc file

Gem & rbenv

set executable = [your gem path]
set user_install=False

- name: install bundler
  gem: name=bundler user_install=no executable=/opt/rbenv/shims/gem

I want to use 2.0's extra mods

1. Create library dir in your ansible_home directory.
2. Download extra mods source from github and move to library dir.

Can I use nested vars?

No.
this is W/A.

task.yml

- name: copy user-indivisual files
  copy:
    content: '{{ sample_text[item] }}'
    dest: '/home/{{item}}/test.txt'
  with_items:
    - hoge
    - fuga

vars.yml

sample_text:
  hoge: |
    hello world.
    this is hoge.
  fuga: |
    hello world!
    this is fuga.

Apply ansible vault to file

use copy: content="{{ encrypted_var }}" dest=hoge.txt

User-defined template filter (jinja2)

1. Set custom filter path in ansible.cfg.
2. Write python script!

ansible.cfg

[defaults]
filter_plugins = /filter_plugins/auto_server_id.py

auto_server_id.py

def calc_server_id(ipaddr):
    octs = ipaddr.split('.')
    return eval(octs[2] + "*256+" + octs[3])


class FilterModule(object):
    def filters(self):
        return {'auto_server_id': calc_server_id}

Use it!

sample.j2

{{ "192.168.1.200"|auto_server_id }}

Idempotence (冪等性)

User handlers

role/hoge/tasks/main.yml

- name: config httpd
  copy: src=xxx dest=/etc/httpd/httpd.conf
  notify: restart httpd

role/hoge/handlers/main.yml

- name: restart httpd
  service: name=httpd state=restarted

notify launched by task result changed.
Even if notify occured any times, handler runs only once.

shell/command module dafault

• failed caused by rturn code != 0 $? != 0
• Anytime changed !

Modify changed judgement

tasks:
  - name: install python-apt
    shell: LANG=C sudo apt-get install -y python-apt
    register: result
    changed_when: '"is already the newest version" not in result.stdout'
  - debug: var=result

Modify failed judgement

tasks/main.yml

- name: set Timezone
  shell: /tmp/set-localtime.sh
  register: tz_res
  failed_when: tz_res.rc not in [0, 1]
  changed_when: tz_res.rc != 0
  tags: config

files/set-localtime.sh

P_LG=`localectl status`
localectl set-locale LANG=ja_JP.UTF-8
localectl set-keymap jp-OADG109A
C_LG=`localectl status`
echo $P_LG | ( echo $C_LG | diff /dev/fd/3 -) 3<&0