* notes on ansible * installing ansible via pip ** <2023-10-23 Mon> bash-5.2$ python3 -m pip install --user ansible Collecting ansible Downloading ansible-8.5.0-py3-none-any.whl (47.5 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 47.5/47.5 MB 10.5 MB/s eta 0:00:00 Collecting ansible-core~=2.15.5 Downloading ansible_core-2.15.5-py3-none-any.whl (2.2 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.2/2.2 MB 11.4 MB/s eta 0:00:00 Collecting resolvelib<1.1.0,>=0.5.3 Downloading resolvelib-1.0.1-py2.py3-none-any.whl (17 kB) Collecting cryptography Downloading cryptography-41.0.4-cp37-abi3-manylinux_2_28_x86_64.whl (4.4 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.4/4.4 MB 11.2 MB/s eta 0:00:00 Requirement already satisfied: PyYAML>=5.1 in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (6.0) Requirement already satisfied: packaging in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (21.3) Collecting importlib-resources<5.1,>=5.0 Downloading importlib_resources-5.0.7-py3-none-any.whl (24 kB) Requirement already satisfied: jinja2>=3.0.0 in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (3.0.3) Requirement already satisfied: MarkupSafe>=2.0 in /usr/lib64/python3.9/site-packages (from jinja2>=3.0.0->ansible-core~=2.15.5->ansible) (2.0.1) Requirement already satisfied: cffi>=1.12 in /usr/lib64/python3.9/site-packages (from cryptography->ansible-core~=2.15.5->ansible) (1.15.0) Requirement already satisfied: pyparsing!=3.0.5,>=2.0.2 in /usr/lib64/python3.9/site-packages (from packaging->ansible-core~=2.15.5->ansible) (2.4.7) Requirement already satisfied: pycparser in /usr/lib64/python3.9/site-packages (from cffi>=1.12->cryptography->ansible-core~=2.15.5->ansible) (2.21) Installing collected packages: resolvelib, importlib-resources, cryptography, ansible-core, ansible WARNING: The scripts ansible, ansible-config, ansible-connection, ansible-console, ansible-doc, ansible-galaxy, ansible-inventory, ansible-playbook, ansible-pull and ansible-vault are installed in '/home/dpierre/.local/bin' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. WARNING: The script ansible-community is installed in '/home/dpierre/.local/bin' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. Successfully installed ansible-8.5.0 ansible-core-2.15.5 cryptography-41.0.4 importlib-resources-5.0.7 resolvelib-1.0.1 bash-5.2$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/libexec/kf5:/usr/lib64/qt5/bin bash-5.2$ export PATH=$PATH:~/.local/bin bash-5.2$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/libexec/kf5:/usr/lib64/qt5/bin:/home/dpierre/.local/bin bash-5.2$ bash-5.2$ bash-5.2$ python3 -m pip install --user ansible Requirement already satisfied: ansible in /home/dpierre/.local/lib/python3.9/site-packages (8.5.0) Requirement already satisfied: ansible-core~=2.15.5 in /home/dpierre/.local/lib/python3.9/site-packages (from ansible) (2.15.5) Requirement already satisfied: cryptography in /home/dpierre/.local/lib/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (41.0.4) Requirement already satisfied: PyYAML>=5.1 in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (6.0) Requirement already satisfied: jinja2>=3.0.0 in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (3.0.3) Requirement already satisfied: resolvelib<1.1.0,>=0.5.3 in /home/dpierre/.local/lib/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (1.0.1) Requirement already satisfied: importlib-resources<5.1,>=5.0 in /home/dpierre/.local/lib/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (5.0.7) Requirement already satisfied: packaging in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (21.3) Requirement already satisfied: MarkupSafe>=2.0 in /usr/lib64/python3.9/site-packages (from jinja2>=3.0.0->ansible-core~=2.15.5->ansible) (2.0.1) Requirement already satisfied: cffi>=1.12 in /usr/lib64/python3.9/site-packages (from cryptography->ansible-core~=2.15.5->ansible) (1.15.0) Requirement already satisfied: pyparsing!=3.0.5,>=2.0.2 in /usr/lib64/python3.9/site-packages (from packaging->ansible-core~=2.15.5->ansible) (2.4.7) Requirement already satisfied: pycparser in /usr/lib64/python3.9/site-packages (from cffi>=1.12->cryptography->ansible-core~=2.15.5->ansible) (2.21) bash-5.2$ ll ~/.local/bin bash: ll: command not found bash-5.2$ alias ll='ls -al' bash-5.2$ ll ~/.local/bin total 56 drwxr-xr-x 2 dpierre users 4096 Oct 23 12:18 . drwx------ 5 dpierre users 4096 Oct 23 12:18 .. -rwxr-xr-x 1 dpierre users 216 Oct 23 12:18 ansible -rwxr-xr-x 1 dpierre users 236 Oct 23 12:18 ansible-community -rwxr-xr-x 1 dpierre users 217 Oct 23 12:18 ansible-config -rwxr-xr-x 1 dpierre users 246 Oct 23 12:18 ansible-connection -rwxr-xr-x 1 dpierre users 218 Oct 23 12:18 ansible-console -rwxr-xr-x 1 dpierre users 214 Oct 23 12:18 ansible-doc -rwxr-xr-x 1 dpierre users 217 Oct 23 12:18 ansible-galaxy -rwxr-xr-x 1 dpierre users 220 Oct 23 12:18 ansible-inventory -rwxr-xr-x 1 dpierre users 219 Oct 23 12:18 ansible-playbook -rwxr-xr-x 1 dpierre users 215 Oct 23 12:18 ansible-pull -rwxr-xr-x 1 dpierre users 1700 Oct 23 12:18 ansible-test -rwxr-xr-x 1 dpierre users 216 Oct 23 12:18 ansible-vault bash-5.2$ ansible --version ansible [core 2.15.5] config file = None configured module search path = ['/home/dpierre/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/dpierre/.local/lib/python3.9/site-packages/ansible ansible collection location = /home/dpierre/.ansible/collections:/usr/share/ansible/collections executable location = /home/dpierre/.local/bin/ansible python version = 3.9.18 (main, Sep 15 2023, 12:58:45) [GCC 13.2.0] (/usr/bin/python3) jinja version = 3.0.3 libyaml = True bash-5.2$ ansible-community --version Ansible community version 8.5.0 bash-5.2$ python3 -m pip install --user argcomplete Collecting argcomplete Downloading argcomplete-3.1.2-py3-none-any.whl (41 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 41.5/41.5 kB 2.3 MB/s eta 0:00:00 Installing collected packages: argcomplete Successfully installed argcomplete-3.1.2 bash-5.2$ pip3 list Package Version ----------------------------- --------- alabaster 0.7.12 ansible 8.5.0 ansible-core 2.15.5 appdirs 1.4.4 argcomplete 3.1.2 Babel 2.10.1 Brotli 1.1.0 build 0.10.0 caca 0.99b20 certifi 2021.10.8 cffi 1.15.0 chardet 4.0.0 charset-normalizer 2.0.10 cryptography 41.0.4 cupshelpers 1.0 Cython 0.29.36 distro 1.6.0 dnspython 2.1.0 docutils 0.17.1 doxypypy 0.8.8.6 doxyqml 0.5.1 flit_core 3.9.0 future 0.18.2 getmail6 6.18.13 glad2 2.0.4 gyp 0.1 idna 3.3 imagesize 1.3.0 importlib-metadata 5.0.0 importlib-resources 5.0.7 include_server 3.4 installer 0.7.0 Jinja2 3.0.3 kapidox 5.111.0 libwebp 0.0 lxml 4.9.3 M2Crypto 0.38.0 Mako 1.1.6 Markdown 3.3.4 MarkupSafe 2.0.1 mercurial 6.5.2 meson 1.2.3 netsnmp-python 1.0a1 nftables 0.1 notify2 0.3.1 packaging 21.3 pbr 5.8.0 Pillow 8.4.0 pip 22.2.2 ply 3.11 pssh 2.3.5 pycairo 1.20.1 pycparser 2.21 pycups 2.0.1 pycurl 7.44.1 Pygments 2.10.0 PyGObject 3.44.1 pyparsing 2.4.7 pyproject_hooks 1.0.0 PyQt5 5.15.2 PyQt5_sip 4.19.25 pysol-cards 0.12.0 python-sane 2.9.1 pytz 2022.1 pyxdg 0.27 PyYAML 6.0 QScintilla 2.11.6 random2 1.0.1 requests 2.26.0 resolvelib 1.0.1 rpm 4.18.1 SCons 4.5.2 setuptools 65.1.1 setuptools-scm 6.4.2 sip 4.19.25 six 1.16.0 snowballstemmer 2.2.0 Sphinx 4.5.0 sphinxcontrib-applehelp 1.0.2 sphinxcontrib-devhelp 1.0.2 sphinxcontrib-htmlhelp 2.0.0 sphinxcontrib-jsmath 1.0.1 sphinxcontrib-qthelp 1.0.3 sphinxcontrib-serializinghtml 1.1.5 tomli 1.2.2 tomli_w 1.0.0 undervolt 0.3.0 urllib3 1.26.8 wheel 0.41.1 zenmap 7.94 zipp 3.8.0 bash-5.2$ ll ~/.local/bin total 72 drwxr-xr-x 2 dpierre users 4096 Oct 23 12:30 . drwx------ 5 dpierre users 4096 Oct 23 12:18 .. -rwxr-xr-x 1 dpierre users 4707 Oct 23 12:30 activate-global-python-argcomplete -rwxr-xr-x 1 dpierre users 216 Oct 23 12:18 ansible -rwxr-xr-x 1 dpierre users 236 Oct 23 12:18 ansible-community -rwxr-xr-x 1 dpierre users 217 Oct 23 12:18 ansible-config -rwxr-xr-x 1 dpierre users 246 Oct 23 12:18 ansible-connection -rwxr-xr-x 1 dpierre users 218 Oct 23 12:18 ansible-console -rwxr-xr-x 1 dpierre users 214 Oct 23 12:18 ansible-doc -rwxr-xr-x 1 dpierre users 217 Oct 23 12:18 ansible-galaxy -rwxr-xr-x 1 dpierre users 220 Oct 23 12:18 ansible-inventory -rwxr-xr-x 1 dpierre users 219 Oct 23 12:18 ansible-playbook -rwxr-xr-x 1 dpierre users 215 Oct 23 12:18 ansible-pull -rwxr-xr-x 1 dpierre users 1700 Oct 23 12:18 ansible-test -rwxr-xr-x 1 dpierre users 216 Oct 23 12:18 ansible-vault -rwxr-xr-x 1 dpierre users 2605 Oct 23 12:30 python-argcomplete-check-easy-install-script -rwxr-xr-x 1 dpierre users 1993 Oct 23 12:30 register-python-argcomplete bash-5.2$ acivate-global-python-argcomplete --user bash: acivate-global-python-argcomplete: command not found (failed reverse-i-search)`': ll ~/^Cocal/bin bash-5.2$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/libexec/kf5:/usr/lib64/qt5/bin:/home/dpierre/.local/bin bash-5.2$ ~/.local/bin/activate-global-python-argcomplete --user Argcomplete was installed in the user site local directory. Defaulting to user installation. Adding shellcode to /home/dpierre/.zshenv... Added. Adding shellcode to /home/dpierre/.bash_completion... Added. Please restart your shell or source the installed file to activate it. bash-5.2$ bash-5.2$ bash-5.2$ ll total 104 drwx--x--x 18 dpierre users 4096 Oct 23 12:38 . drwxr-xr-x 5 root root 4096 Oct 9 13:23 .. -rw------- 1 dpierre users 63 Oct 23 11:55 .Xauthority drwxr-xr-x 3 dpierre users 4096 Oct 23 12:26 .ansible -rw-r--r-- 1 dpierre users 165 Oct 23 12:38 .bash_completion -rw------- 1 dpierre users 403 Oct 22 18:25 .bash_history drwx------ 20 dpierre users 4096 Oct 23 12:34 .cache drwxr-xr-x 15 dpierre users 4096 Oct 23 12:38 .config drwx------ 3 dpierre users 4096 Oct 17 14:20 .dbus drwx------ 3 dpierre users 4096 Oct 23 12:23 .emacs.d -rw-r--r-- 1 dpierre users 270 Oct 23 11:55 .gtkrc-2.0 drwxr-xr-x 2 dpierre users 4096 Oct 23 11:55 .hplip -rw------- 1 dpierre users 20 Oct 17 14:16 .lesshst drwx------ 5 dpierre users 4096 Oct 23 12:18 .local drwx------ 4 dpierre users 4096 Oct 17 14:29 .mozilla -rw-r--r-- 1 dpierre users 3729 Feb 1 2022 .screenrc -rw------- 1 dpierre users 63 Oct 23 11:55 .serverauth.1719 -rw-r--r-- 1 dpierre users 160 Oct 23 12:38 .zshenv drwxr-xr-x 2 dpierre users 4096 Oct 23 12:34 Desktop drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Documents drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Downloads drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Music drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Pictures drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Public drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Templates drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Videos bash-5.2$ since i installed ansible locally i assume much of my configurations are local as well. In the docs https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html#getting-the-latest-configuration it states that one can view the configuration in '/etc/ansible/ansible.cfg' bash-5.2$ ansible-config list ... ... ... bash-5.2$ ansible-config view ERROR! Invalid or no config file was supplied after viewing https://docs.ansible.com/ansible/latest/cli/ansible-config.html seems i need to create an '~/.ansible.cfg' that will override any other config files created 'globally'. There is no global one in my case. more info on configuration precedence can be found here. https://docs.ansible.com/ansible/latest/reference_appendices/config.html bash-5.2$ ansible-config init --disabled -t all > ansible.cfg bash-5.2$ cp -arv ansible_all.cfg .ansible.cfg bash-5.2$ chmod 600 .ansible.cfg to get a list of all configuration options w/ my setup bash-5.2$ ansible-config list > ansible-config-list.txt reviewing building our inventory https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html bash-5.2$ bash-5.2$ bash-5.2$ bash-5.2$ ** <2023-10-24 Tue> decided it would be nice to have another host to play around with so i dusted off 'bbox' and logged into it from 'boom2' bash-5.2$ ssh-keygen -t ed25519 -C "bbox test from boom2" -f ~/.ssh/20231024bbox Generating public/private ed25519 key pair. Created directory '/home/dpierre/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/dpierre/.ssh/20231024bbox Your public key has been saved in /home/dpierre/.ssh/20231024bbox.pub The key fingerprint is: SHA256:UpDK1R9LlJ30unU6vDGyJ0tDFdc/6dHPMlYHTSQZWIs bbox test from boom2 The key's randomart image is: +--[ED25519 256]--+ | .o ..+.+=*=| | o.. + +oo=o| | . o .o oE +.+| | o . o o +=| | . S o oo*| | . . +++o| | =.*o | | ..+.= | | o+. | +----[SHA256]-----+ bash-5.2$ bash-5.2$ bash-5.2$ ssh-keygen -l -f ~/.ssh/20231024bbox 256 SHA256:UpDK1R9LlJ30unU6vDGyJ0tDFdc/6dHPMlYHTSQZWIs bbox test from boom2 (ED25519) bash-5.2$ ll ~/.ssh/ total 16 drwx------ 2 dpierre users 4096 Oct 24 14:16 . drwx--x--x 19 dpierre users 4096 Oct 24 14:16 .. -rw------- 1 dpierre users 464 Oct 24 14:16 20231024bbox -rw-r--r-- 1 dpierre users 102 Oct 24 14:16 20231024bbox.pub i had a little dilemma as i cannot log into 'bbox' w/out using an ssh key; so i needed to get my newly created pubkey inserted as line entry inside of 'dpierre@bbox:~/.ssh/authorized_keys'. since i can log into 'bbox' from 'boom' i copied the '~/.ssh/20231024bbox.pub' to a USB key. then copied that file over to 'boom' and from there logged into 'bbox' and appended the line inside of 'dpierre@bbox:~/.ssh/authorized_keys'. i was able to test it easily... bash-5.2$ ssh -i ~/.ssh/20231024bbox dpierre@192.168.0.220 The authenticity of host '192.168.0.220 (192.168.0.220)' can't be established. ED25519 key fingerprint is SHA256:KIFNv05/0KyoX0hfK8U4ILud0fP+BVeeAhHMlakXumo. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.0.220' (ED25519) to the list of known hosts. Enter passphrase for key '/home/dpierre/.ssh/20231024bbox': Last login: Tue Oct 24 13:31:18 2023 from 192.168.0.148 Linux 5.15.19. For those who like this sort of thing, this is the sort of thing they like. -- Abraham Lincoln dpierre@bbox:~$ ll -bash: ll: command not found dpierre@bbox:~$ alias ll='ls -al' dpierre@bbox:~$ ll ... ... dpierre@bbox:~$ logout Connection to 192.168.0.220 closed. - edited '~/.ansible.cfg' - uncommeted / added the following entry under the [default] entry private_key_file=~/.ssh/20231024bbox - uncommeted/edited this line from: ;inventory=/etc/ansible/hosts -to- inventory=~/.ansible/hosts https://www.educba.com/ansible-hosts-file/ ** <2023-10-29 Sun> - created '~/.ansible/hosts' file like so: #+begin_src [test] 192.168.0.220 [dev] 192.168.0.220 #+end_src - i ran the following commands ansible all --list-hosts ansible-inventory --list ansible-inventory --graph ansible all -m ping ansible dev -m ping - the above reference using the inventory file '~/.ansible/hosts' but when executing ansible commands we can use any inventory file as long as we use the '-i' switch to explicitly point to it. like so: ansible all -i /some/path/to/my/inventory_file -m ping ansible-playbook -i /some/path/to/my/inventory_file 01-playbook-hello.yml - the following resource shows so many different ways to setup your inventory file(s). it shows detailed ways of organizing nodes into groups and subgroups, inventory variables, use patterns to target different groups of servers when running commands & playbooks. https://assets.digitalocean.com/books/how-to-manage-remote-servers-with-ansible.pdf - create a file on a host using ansible https://phoenixnap.com/kb/ansible-create-file - need to learn a lil something about how playbooks are structured https://www.digitalocean.com/community/tutorial-series/how-to-write-ansible-playbooks - created the following playbook #+name: ~/ansible-practice/01-playbook-hello.yml #+begin_src yaml --- - hosts: all tasks: - name: Print message debug: msg: Hello Ansible World #+end_src ** <2023-10-30 Mon> - make sure to setup my path correctly so that the ansible executable can be found bash-5.2$ export PATH=$PATH:~/.local/bin bash-5.2$ echo $PATH - test our recently made playbook bash-5.2$ cd ~/ansible-practice/ bash-5.2$ ansible-playbook 01-playbook-hello.yml - created a playbook that only works locally and simply prints out the current directory https://www.middlewareinventory.com/blog/run-ansible-playbook-locally/ #+name: ~/ansible-practice/02-playbook-local-test.yml #+begin_src yaml --- - name: "Playing with Ansible localhost" hosts: localhost connection: local tasks: - name: "just execute a ls -lrt command" shell: "ls -lrt" register: "output" - debug: var=output.stdout_lines #+end_src - some other suggestions to run commands locally bash-5.2$ ansible localhost -m ping bash-5.2$ ansible localhost -m shell -a "ls -alrt" - an interesting way to run a playbook meant for external hosts...but locally: bash-5.2$ ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 01-playbook-hello.yml - seems i dont understand YAML well enuf https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html ** <2023-11-02 Thu> some definitions of things: - control node = my ansible server - managed node(s) = target systems ** <2023-11-22 Wed> did a lil research on more resources https://www.lifewire.com/download-free-books-3482754 https://assets.digitalocean.com/books/how-to-manage-remote-servers-with-ansible.pdf https://www.digitalocean.com/community/cheatsheets/how-to-use-ansible-cheat-sheet-guide To execute a command on a node, use the -a option followed by the command you want to run, in quotes. some more examples of an adhoc commands that can be run: dpierre@boom2:~$ ansible all -a "df -Th" 192.168.0.220 | CHANGED | rc=0 >> Filesystem Type Size Used Avail Use% Mounted on /dev/root ext4 98G 17G 77G 18% / devtmpfs devtmpfs 3.9G 0 3.9G 0% /dev tmpfs tmpfs 32M 1.2M 31M 4% /run tmpfs tmpfs 3.9G 0 3.9G 0% /dev/shm cgroup_root tmpfs 8.0M 0 8.0M 0% /sys/fs/cgroup /dev/sda1 ext4 89M 82M 73K 100% /boot dpierre@boom2:~$ ansible all -a "uptime" 192.168.0.220 | CHANGED | rc=0 >> 14:00:39 up 5 min, 1 user, load average: 0.15, 0.05, 0.01 interesting... we can use a different ssh key with our ansible commands if we wish like so: ansible all -a "df -Th" --private-key=~/.ssh/some/custom_ssh_key this is also mentioned in the comments within '~/.ansible.cfg' that we manufactured on <2023-10-23 Mon> grrr...so many options!! we can add a private key directly to the inventory file we choose to use as well. there is a variable called 'ansible_ssh_private_key_file=~/.ssh/some/custom_ssh_key' this resource below mentions this some more: https://www.digitalocean.com/community/cheatsheets/how-to-manage-multiple-servers-with-ansible-ad-hoc-commands we use the '-m' switch on ansible commands to reference a command via the 'command module' to execute that command on the remote server(s). ansible all -m setup ansible all -m setup -a "gather_subset=min" ansible all -m setup -a " filter=*ipv* " ansible all -m setup > ../bbox-system.json