#+STARTUP: overview #+TITLE: my scrappy ansible notes #+AUTHOR: blizzack * <2023-10-23 Mon> --------------------------------------------------------- - installing ansible via pip bash-5.2$ python3 -m pip install --user ansible Collecting ansible Downloading ansible-8.5.0-py3-none-any.whl (47.5 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 47.5/47.5 MB 10.5 MB/s eta 0:00:00 Collecting ansible-core~=2.15.5 Downloading ansible_core-2.15.5-py3-none-any.whl (2.2 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.2/2.2 MB 11.4 MB/s eta 0:00:00 Collecting resolvelib<1.1.0,>=0.5.3 Downloading resolvelib-1.0.1-py2.py3-none-any.whl (17 kB) Collecting cryptography Downloading cryptography-41.0.4-cp37-abi3-manylinux_2_28_x86_64.whl (4.4 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.4/4.4 MB 11.2 MB/s eta 0:00:00 Requirement already satisfied: PyYAML>=5.1 in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (6.0) Requirement already satisfied: packaging in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (21.3) Collecting importlib-resources<5.1,>=5.0 Downloading importlib_resources-5.0.7-py3-none-any.whl (24 kB) Requirement already satisfied: jinja2>=3.0.0 in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (3.0.3) Requirement already satisfied: MarkupSafe>=2.0 in /usr/lib64/python3.9/site-packages (from jinja2>=3.0.0->ansible-core~=2.15.5->ansible) (2.0.1) Requirement already satisfied: cffi>=1.12 in /usr/lib64/python3.9/site-packages (from cryptography->ansible-core~=2.15.5->ansible) (1.15.0) Requirement already satisfied: pyparsing!=3.0.5,>=2.0.2 in /usr/lib64/python3.9/site-packages (from packaging->ansible-core~=2.15.5->ansible) (2.4.7) Requirement already satisfied: pycparser in /usr/lib64/python3.9/site-packages (from cffi>=1.12->cryptography->ansible-core~=2.15.5->ansible) (2.21) Installing collected packages: resolvelib, importlib-resources, cryptography, ansible-core, ansible WARNING: The scripts ansible, ansible-config, ansible-connection, ansible-console, ansible-doc, ansible-galaxy, ansible-inventory, ansible-playbook, ansible-pull and ansible-vault are installed in '/home/dpierre/.local/bin' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. WARNING: The script ansible-community is installed in '/home/dpierre/.local/bin' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. Successfully installed ansible-8.5.0 ansible-core-2.15.5 cryptography-41.0.4 importlib-resources-5.0.7 resolvelib-1.0.1 bash-5.2$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/libexec/kf5:/usr/lib64/qt5/bin bash-5.2$ export PATH=$PATH:~/.local/bin bash-5.2$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/libexec/kf5:/usr/lib64/qt5/bin:/home/dpierre/.local/bin bash-5.2$ bash-5.2$ bash-5.2$ python3 -m pip install --user ansible Requirement already satisfied: ansible in /home/dpierre/.local/lib/python3.9/site-packages (8.5.0) Requirement already satisfied: ansible-core~=2.15.5 in /home/dpierre/.local/lib/python3.9/site-packages (from ansible) (2.15.5) Requirement already satisfied: cryptography in /home/dpierre/.local/lib/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (41.0.4) Requirement already satisfied: PyYAML>=5.1 in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (6.0) Requirement already satisfied: jinja2>=3.0.0 in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (3.0.3) Requirement already satisfied: resolvelib<1.1.0,>=0.5.3 in /home/dpierre/.local/lib/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (1.0.1) Requirement already satisfied: importlib-resources<5.1,>=5.0 in /home/dpierre/.local/lib/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (5.0.7) Requirement already satisfied: packaging in /usr/lib64/python3.9/site-packages (from ansible-core~=2.15.5->ansible) (21.3) Requirement already satisfied: MarkupSafe>=2.0 in /usr/lib64/python3.9/site-packages (from jinja2>=3.0.0->ansible-core~=2.15.5->ansible) (2.0.1) Requirement already satisfied: cffi>=1.12 in /usr/lib64/python3.9/site-packages (from cryptography->ansible-core~=2.15.5->ansible) (1.15.0) Requirement already satisfied: pyparsing!=3.0.5,>=2.0.2 in /usr/lib64/python3.9/site-packages (from packaging->ansible-core~=2.15.5->ansible) (2.4.7) Requirement already satisfied: pycparser in /usr/lib64/python3.9/site-packages (from cffi>=1.12->cryptography->ansible-core~=2.15.5->ansible) (2.21) bash-5.2$ ll ~/.local/bin bash: ll: command not found bash-5.2$ alias ll='ls -al' bash-5.2$ ll ~/.local/bin total 56 drwxr-xr-x 2 dpierre users 4096 Oct 23 12:18 . drwx------ 5 dpierre users 4096 Oct 23 12:18 .. -rwxr-xr-x 1 dpierre users 216 Oct 23 12:18 ansible -rwxr-xr-x 1 dpierre users 236 Oct 23 12:18 ansible-community -rwxr-xr-x 1 dpierre users 217 Oct 23 12:18 ansible-config -rwxr-xr-x 1 dpierre users 246 Oct 23 12:18 ansible-connection -rwxr-xr-x 1 dpierre users 218 Oct 23 12:18 ansible-console -rwxr-xr-x 1 dpierre users 214 Oct 23 12:18 ansible-doc -rwxr-xr-x 1 dpierre users 217 Oct 23 12:18 ansible-galaxy -rwxr-xr-x 1 dpierre users 220 Oct 23 12:18 ansible-inventory -rwxr-xr-x 1 dpierre users 219 Oct 23 12:18 ansible-playbook -rwxr-xr-x 1 dpierre users 215 Oct 23 12:18 ansible-pull -rwxr-xr-x 1 dpierre users 1700 Oct 23 12:18 ansible-test -rwxr-xr-x 1 dpierre users 216 Oct 23 12:18 ansible-vault bash-5.2$ ansible --version ansible [core 2.15.5] config file = None configured module search path = ['/home/dpierre/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/dpierre/.local/lib/python3.9/site-packages/ansible ansible collection location = /home/dpierre/.ansible/collections:/usr/share/ansible/collections executable location = /home/dpierre/.local/bin/ansible python version = 3.9.18 (main, Sep 15 2023, 12:58:45) [GCC 13.2.0] (/usr/bin/python3) jinja version = 3.0.3 libyaml = True bash-5.2$ ansible-community --version Ansible community version 8.5.0 bash-5.2$ python3 -m pip install --user argcomplete Collecting argcomplete Downloading argcomplete-3.1.2-py3-none-any.whl (41 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 41.5/41.5 kB 2.3 MB/s eta 0:00:00 Installing collected packages: argcomplete Successfully installed argcomplete-3.1.2 bash-5.2$ pip3 list Package Version ----------------------------- --------- alabaster 0.7.12 ansible 8.5.0 ansible-core 2.15.5 appdirs 1.4.4 argcomplete 3.1.2 Babel 2.10.1 Brotli 1.1.0 build 0.10.0 caca 0.99b20 certifi 2021.10.8 cffi 1.15.0 chardet 4.0.0 charset-normalizer 2.0.10 cryptography 41.0.4 cupshelpers 1.0 Cython 0.29.36 distro 1.6.0 dnspython 2.1.0 docutils 0.17.1 doxypypy 0.8.8.6 doxyqml 0.5.1 flit_core 3.9.0 future 0.18.2 getmail6 6.18.13 glad2 2.0.4 gyp 0.1 idna 3.3 imagesize 1.3.0 importlib-metadata 5.0.0 importlib-resources 5.0.7 include_server 3.4 installer 0.7.0 Jinja2 3.0.3 kapidox 5.111.0 libwebp 0.0 lxml 4.9.3 M2Crypto 0.38.0 Mako 1.1.6 Markdown 3.3.4 MarkupSafe 2.0.1 mercurial 6.5.2 meson 1.2.3 netsnmp-python 1.0a1 nftables 0.1 notify2 0.3.1 packaging 21.3 pbr 5.8.0 Pillow 8.4.0 pip 22.2.2 ply 3.11 pssh 2.3.5 pycairo 1.20.1 pycparser 2.21 pycups 2.0.1 pycurl 7.44.1 Pygments 2.10.0 PyGObject 3.44.1 pyparsing 2.4.7 pyproject_hooks 1.0.0 PyQt5 5.15.2 PyQt5_sip 4.19.25 pysol-cards 0.12.0 python-sane 2.9.1 pytz 2022.1 pyxdg 0.27 PyYAML 6.0 QScintilla 2.11.6 random2 1.0.1 requests 2.26.0 resolvelib 1.0.1 rpm 4.18.1 SCons 4.5.2 setuptools 65.1.1 setuptools-scm 6.4.2 sip 4.19.25 six 1.16.0 snowballstemmer 2.2.0 Sphinx 4.5.0 sphinxcontrib-applehelp 1.0.2 sphinxcontrib-devhelp 1.0.2 sphinxcontrib-htmlhelp 2.0.0 sphinxcontrib-jsmath 1.0.1 sphinxcontrib-qthelp 1.0.3 sphinxcontrib-serializinghtml 1.1.5 tomli 1.2.2 tomli_w 1.0.0 undervolt 0.3.0 urllib3 1.26.8 wheel 0.41.1 zenmap 7.94 zipp 3.8.0 bash-5.2$ ll ~/.local/bin total 72 drwxr-xr-x 2 dpierre users 4096 Oct 23 12:30 . drwx------ 5 dpierre users 4096 Oct 23 12:18 .. -rwxr-xr-x 1 dpierre users 4707 Oct 23 12:30 activate-global-python-argcomplete -rwxr-xr-x 1 dpierre users 216 Oct 23 12:18 ansible -rwxr-xr-x 1 dpierre users 236 Oct 23 12:18 ansible-community -rwxr-xr-x 1 dpierre users 217 Oct 23 12:18 ansible-config -rwxr-xr-x 1 dpierre users 246 Oct 23 12:18 ansible-connection -rwxr-xr-x 1 dpierre users 218 Oct 23 12:18 ansible-console -rwxr-xr-x 1 dpierre users 214 Oct 23 12:18 ansible-doc -rwxr-xr-x 1 dpierre users 217 Oct 23 12:18 ansible-galaxy -rwxr-xr-x 1 dpierre users 220 Oct 23 12:18 ansible-inventory -rwxr-xr-x 1 dpierre users 219 Oct 23 12:18 ansible-playbook -rwxr-xr-x 1 dpierre users 215 Oct 23 12:18 ansible-pull -rwxr-xr-x 1 dpierre users 1700 Oct 23 12:18 ansible-test -rwxr-xr-x 1 dpierre users 216 Oct 23 12:18 ansible-vault -rwxr-xr-x 1 dpierre users 2605 Oct 23 12:30 python-argcomplete-check-easy-install-script -rwxr-xr-x 1 dpierre users 1993 Oct 23 12:30 register-python-argcomplete bash-5.2$ acivate-global-python-argcomplete --user bash: acivate-global-python-argcomplete: command not found (failed reverse-i-search)`': ll ~/^Cocal/bin bash-5.2$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/libexec/kf5:/usr/lib64/qt5/bin:/home/dpierre/.local/bin bash-5.2$ ~/.local/bin/activate-global-python-argcomplete --user Argcomplete was installed in the user site local directory. Defaulting to user installation. Adding shellcode to /home/dpierre/.zshenv... Added. Adding shellcode to /home/dpierre/.bash_completion... Added. Please restart your shell or source the installed file to activate it. bash-5.2$ bash-5.2$ bash-5.2$ ll total 104 drwx--x--x 18 dpierre users 4096 Oct 23 12:38 . drwxr-xr-x 5 root root 4096 Oct 9 13:23 .. -rw------- 1 dpierre users 63 Oct 23 11:55 .Xauthority drwxr-xr-x 3 dpierre users 4096 Oct 23 12:26 .ansible -rw-r--r-- 1 dpierre users 165 Oct 23 12:38 .bash_completion -rw------- 1 dpierre users 403 Oct 22 18:25 .bash_history drwx------ 20 dpierre users 4096 Oct 23 12:34 .cache drwxr-xr-x 15 dpierre users 4096 Oct 23 12:38 .config drwx------ 3 dpierre users 4096 Oct 17 14:20 .dbus drwx------ 3 dpierre users 4096 Oct 23 12:23 .emacs.d -rw-r--r-- 1 dpierre users 270 Oct 23 11:55 .gtkrc-2.0 drwxr-xr-x 2 dpierre users 4096 Oct 23 11:55 .hplip -rw------- 1 dpierre users 20 Oct 17 14:16 .lesshst drwx------ 5 dpierre users 4096 Oct 23 12:18 .local drwx------ 4 dpierre users 4096 Oct 17 14:29 .mozilla -rw-r--r-- 1 dpierre users 3729 Feb 1 2022 .screenrc -rw------- 1 dpierre users 63 Oct 23 11:55 .serverauth.1719 -rw-r--r-- 1 dpierre users 160 Oct 23 12:38 .zshenv drwxr-xr-x 2 dpierre users 4096 Oct 23 12:34 Desktop drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Documents drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Downloads drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Music drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Pictures drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Public drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Templates drwxr-xr-x 2 dpierre users 4096 Oct 17 14:20 Videos bash-5.2$ since i installed ansible locally i assume much of my configurations are local as well. In the docs https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html#getting-the-latest-configuration it states that one can view the configuration in '/etc/ansible/ansible.cfg' bash-5.2$ ansible-config list ... ... ... bash-5.2$ ansible-config view ERROR! Invalid or no config file was supplied after viewing https://docs.ansible.com/ansible/latest/cli/ansible-config.html seems i need to create an '~/.ansible.cfg' that will override any other config files created 'globally'. There is no global one in my case. more info on configuration precedence can be found here. https://docs.ansible.com/ansible/latest/reference_appendices/config.html bash-5.2$ ansible-config init --disabled -t all > ansible.cfg bash-5.2$ cp -arv ansible_all.cfg .ansible.cfg bash-5.2$ chmod 600 .ansible.cfg to get a list of all configuration options w/ my setup bash-5.2$ ansible-config list > ansible-config-list.txt reviewing building our inventory https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html bash-5.2$ bash-5.2$ bash-5.2$ bash-5.2$ * <2023-10-24 Tue> --------------------------------------------------------- decided it would be nice to have another host to play around with so i dusted off 'bbox' and logged into it from 'boom2' bash-5.2$ ssh-keygen -t ed25519 -C "bbox test from boom2" -f ~/.ssh/20231024bbox Generating public/private ed25519 key pair. Created directory '/home/dpierre/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/dpierre/.ssh/20231024bbox Your public key has been saved in /home/dpierre/.ssh/20231024bbox.pub The key fingerprint is: SHA256:UpDK1R9LlJ30unU6vDGyJ0tDFdc/6dHPMlYHTSQZWIs bbox test from boom2 The key's randomart image is: +--[ED25519 256]--+ | .o ..+.+=*=| | o.. + +oo=o| | . o .o oE +.+| | o . o o +=| | . S o oo*| | . . +++o| | =.*o | | ..+.= | | o+. | +----[SHA256]-----+ bash-5.2$ bash-5.2$ bash-5.2$ ssh-keygen -l -f ~/.ssh/20231024bbox 256 SHA256:UpDK1R9LlJ30unU6vDGyJ0tDFdc/6dHPMlYHTSQZWIs bbox test from boom2 (ED25519) bash-5.2$ ll ~/.ssh/ total 16 drwx------ 2 dpierre users 4096 Oct 24 14:16 . drwx--x--x 19 dpierre users 4096 Oct 24 14:16 .. -rw------- 1 dpierre users 464 Oct 24 14:16 20231024bbox -rw-r--r-- 1 dpierre users 102 Oct 24 14:16 20231024bbox.pub i had a little dilemma as i cannot log into 'bbox' w/out using an ssh key; so i needed to get my newly created pubkey inserted as line entry inside of 'dpierre@bbox:~/.ssh/authorized_keys'. since i can log into 'bbox' from 'boom' i copied the '~/.ssh/20231024bbox.pub' to a USB key. then copied that file over to 'boom' and from there logged into 'bbox' and appended the line inside of 'dpierre@bbox:~/.ssh/authorized_keys'. i was able to test it easily... bash-5.2$ ssh -i ~/.ssh/20231024bbox dpierre@192.168.0.220 The authenticity of host '192.168.0.220 (192.168.0.220)' can't be established. ED25519 key fingerprint is SHA256:KIFNv05/0KyoX0hfK8U4ILud0fP+BVeeAhHMlakXumo. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.0.220' (ED25519) to the list of known hosts. Enter passphrase for key '/home/dpierre/.ssh/20231024bbox': Last login: Tue Oct 24 13:31:18 2023 from 192.168.0.148 Linux 5.15.19. For those who like this sort of thing, this is the sort of thing they like. -- Abraham Lincoln dpierre@bbox:~$ ll -bash: ll: command not found dpierre@bbox:~$ alias ll='ls -al' dpierre@bbox:~$ ll ... ... dpierre@bbox:~$ logout Connection to 192.168.0.220 closed. - edited '~/.ansible.cfg' - uncommeted / added the following entry under the [default] entry private_key_file=~/.ssh/20231024bbox - uncommeted/edited this line from: ;inventory=/etc/ansible/hosts -to- inventory=~/.ansible/hosts https://www.educba.com/ansible-hosts-file/ * <2023-10-29 Sun> --------------------------------------------------------- - created '~/.ansible/hosts' file like so: #+begin_src [test] 192.168.0.220 [dev] 192.168.0.220 #+end_src - i ran the following commands ansible all --list-hosts ansible-inventory --list ansible-inventory --graph ansible all -m ping ansible dev -m ping - the above reference using the inventory file '~/.ansible/hosts' but when executing ansible commands we can use any inventory file as long as we use the '-i' switch to explicitly point to it. like so: ansible all -i /some/path/to/my/inventory_file -m ping ansible-playbook -i /some/path/to/my/inventory_file 01-playbook-hello.yml - the following resource shows so many different ways to setup your inventory file(s). it shows detailed ways of organizing nodes into groups and subgroups, inventory variables, use patterns to target different groups of servers when running commands & playbooks. https://assets.digitalocean.com/books/how-to-manage-remote-servers-with-ansible.pdf - create a file on a host using ansible https://phoenixnap.com/kb/ansible-create-file - need to learn a lil something about how playbooks are structured https://www.digitalocean.com/community/tutorial-series/how-to-write-ansible-playbooks - created the following playbook #+name: ~/ansible-practice/01-playbook-hello.yml #+begin_src yaml --- - hosts: all tasks: - name: Print message debug: msg: Hello Ansible World #+end_src * <2023-10-30 Mon> --------------------------------------------------------- - make sure to setup my path correctly so that the ansible executable can be found bash-5.2$ export PATH=$PATH:~/.local/bin bash-5.2$ echo $PATH - test our recently made playbook bash-5.2$ cd ~/ansible-practice/ bash-5.2$ ansible-playbook 01-playbook-hello.yml - created a playbook that only works locally and simply prints out the current directory https://www.middlewareinventory.com/blog/run-ansible-playbook-locally/ #+name: ~/ansible-practice/02-playbook-local-test.yml #+begin_src yaml --- - name: "Playing with Ansible localhost" hosts: localhost connection: local tasks: - name: "just execute a ls -lrt command" shell: "ls -lrt" register: "output" - debug: var=output.stdout_lines #+end_src - some other suggestions to run commands locally bash-5.2$ ansible localhost -m ping bash-5.2$ ansible localhost -m shell -a "ls -alrt" - an interesting way to run a playbook meant for external hosts...but locally: bash-5.2$ ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 01-playbook-hello.yml - seems i dont understand YAML well enuf https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html * <2023-11-02 Thu> --------------------------------------------------------- some definitions of things: - control node = my ansible server - managed node(s) = target systems * <2023-11-22 Wed> --------------------------------------------------------- did a lil research on more resources https://www.lifewire.com/download-free-books-3482754 https://assets.digitalocean.com/books/how-to-manage-remote-servers-with-ansible.pdf https://www.digitalocean.com/community/cheatsheets/how-to-use-ansible-cheat-sheet-guide https://docs.ansible.com/ansible/latest/command_guide/intro_adhoc.html To execute a command on a node, use the -a option followed by the command you want to run, in quotes. some of these don't use a -m bcuz they're using the default 'command' module. we'll want to be careful using the 'command' module cuz it DOES NOT SUPPORT extended shell syntaxes like piping and redirects (although shell variables will always work). If your command requires shell-specific syntax, use the shell module instead. https://docs.ansible.com/ansible/latest/collections/ansible/builtin/command_module.html some more examples of an adhoc commands that can be run: dpierre@boom2:~$ ansible all -a "df -Th" 192.168.0.220 | CHANGED | rc=0 >> Filesystem Type Size Used Avail Use% Mounted on /dev/root ext4 98G 17G 77G 18% / devtmpfs devtmpfs 3.9G 0 3.9G 0% /dev tmpfs tmpfs 32M 1.2M 31M 4% /run tmpfs tmpfs 3.9G 0 3.9G 0% /dev/shm cgroup_root tmpfs 8.0M 0 8.0M 0% /sys/fs/cgroup /dev/sda1 ext4 89M 82M 73K 100% /boot -- or -- we could've run the above like so: ansible all -m ansible.builtin.shell -a "df -Th" https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html dpierre@boom2:~$ ansible all -a "uptime" 192.168.0.220 | CHANGED | rc=0 >> 14:00:39 up 5 min, 1 user, load average: 0.15, 0.05, 0.01 - copying files that are owned by myself ansible all -m ansible.builtin.copy -a "src=./file.txt dest=~/myfile.txt" - change file permissions ansible all -m ansible.builtin.file -a "dest=/var/www/file.txt mode=600 owner=sammy group=sammy" --become -K - invoking services ansible all -a "/sbin/reboot" --become -K interesting... we can use a different ssh key with our ansible commands if we wish like so: ansible all -a "df -Th" --private-key=~/.ssh/some/custom_ssh_key this is also mentioned in the comments within '~/.ansible.cfg' that we manufactured on <2023-10-23 Mon> grrr...so many options!! we can add a private key directly to the inventory file we choose to use as well. there is a variable called 'ansible_ssh_private_key_file=~/.ssh/some/custom_ssh_key' this resource below mentions this some more: https://www.digitalocean.com/community/cheatsheets/how-to-manage-multiple-servers-with-ansible-ad-hoc-commands we use the '-m' switch on ansible commands to reference a command via the 'command module' to execute that command on the remote server(s). ansible all -m ansible.builtin.setup ansible all -m ansible.builtin.setup -a "gather_subset=min" ansible all -m ansible.builtin.setup -a " filter=*ipv* " ansible all -m ansible.builtin.setup > ../bbox-system.json ansible localhost -m ansible.builtin.setup https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html - to list out the tasks of a playbook: ansible-playbook 12-playbook-copy-directory.yml --list-tasks playbook: 12-playbook-copy-directory.yml play #1 (all): 12 - Playing with Ansible - copy directories from control to managed node TAGS: [] tasks: copy entire directory TAGS: [step1] copy directory contents TAGS: [step2] - to list out the tags of a playbook: ansible-playbook 12-playbook-copy-directory.yml --list-tags playbook: 12-playbook-copy-directory.yml play #1 (all): 12 - Playing with Ansible - copy directories from control to managed node TAGS: [] TASK TAGS: [step1, step2] - execute tasks by tag ansible-playbook 12-playbook-copy-directory.yml --tags=step2 - skipping tasks by tag ansible-playbook 12-playbook-copy-directory.yml --exclude-tags=step1 - starting execution at specific task ansible-playbook 12-playbook-copy-directory.yml --start-at-task=step4 - limiting targets for execution to a set of workstations - many typically playbooks set up their target as 'all' by default, and sometimes you want to limit the group or single server that should be the target for that setup. You can use -l (limit) to set up the target group or server in that play. - REMEMBER... the 'hosts' w/in the playbook must be using a group of some kind for this to work...or else you'll receive a message like "skipping: no hosts matched" ansible-playbook -l dev-stations 12-playbook-copy-directory.yml * <2023-11-30 Thu> --------------------------------------------------------- researching 'roles' and how to use them. the issue i have now is that i made a simple playbook that copies files on to the host as expected...but i want to change where those files are placed depending on the host type. i think roles will help me w/ this. https://stackoverflow.com/questions/32101001/ansible-playbooks-vs-roles https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html - the above URL shows an example of using a conditional on which tasks to run on a host depending on the host os. ansible grabs this info by calling 'ansible_facts' (grabbing the 'setup') on the host. - i grabbed the setup info on each host like so: ansible localhost -m ansible.builtin.setup > ansible_setup_on_control_node.json ansible dev -m ansible.builtin.setup > ansible_setup_on_dev_node.json - the setup info looks very similar for both in that there's no real way to discern a managed from a control host simply by reading the json - there are differences in the ip address and machine name but not much else - wtf are 'magic variables' (special variables) https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html#information-about-ansible-magic-variables maybe this is my answer to finding something that describes the control vs managed node ansible docs are not very good at explaining this stuff very well !!! https://stackoverflow.com/questions/18839509/where-can-i-get-a-list-of-ansible-pre-defined-variables - this is not a bad way of pulling these 'magic variables' - these are what i need !! ansible -m ansible.builtin.debug -a 'var=hostvars' localhost ansible -m ansible.builtin.debug -a 'var=hostvars.localhost' localhost - i'll get different values for different hosts w/ these variables: - via my one managed host i see: "inventory_hostname": "192.168.0.220", "inventory_hostname_short": "192.168.0.220", - via my control host i see: "inventory_hostname": "localhost", "inventory_hostname_short": "localhost" - so it appears i could use the above 'magic variables' in a conditional statement - role - bash_configs - tasks - main.yml - localhost.yml - other_hosts.yml * <2023-12-04 Mon> --------------------------------------------------------- - experimented w/ using the 'inventory_hostname' above by using an example from here: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/debug_module.html - grrr... ansible documentation from redhat is not really good if you want a slight tutorial on how to work w/ roles. it's great at push out facts about 'roles' or other constructs but putting it together it a good example is quite terrible IMHO. - this is a great example of a simple role https://github.com/cesarvr/ansible-role-hello-world - the inet needs more simple examples like this !! * <2023-12-05 Tue> --------------------------------------------------------- - How to Use Ansible Roles to Abstract your Infrastructure Environment https://www.digitalocean.com/community/tutorials/how-to-use-ansible-roles-to-abstract-your-infrastructure-environment - i decided im gonna create my roles directory like so: '~/.ansible/roles/' - [X] i need to update 'roles_path' in '~/.ansible.cfg' to point to this 'roles' directory - [X] create 'bash_config' role - had all sorts of issues w/ including files in roles. The vars_files key is a play directive. It defines a list of files to read from to load variable data. These files are read and parsed at the time the playbook itself is parsed. Just as with including tasks and handlers, the path is relative to the file referencing the file. - this is kind of what i want to do... https://serverfault.com/questions/589734/ansible-can-i-use-vars-files-when-some-files-do-not-exist https://stackoverflow.com/questions/53253879/ansible-vars-files-vs-include-vars https://stackoverflow.com/questions/36134552/use-multiple-var-files-in-ansible-role * <2023-12-07 Thu> --------------------------------------------------------- - worked w/ 'var_files' and that did not do what i expected - playing w/ 'group_vars' directory https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#id44 - this seemed to work nicely for me. i created '06-playbook-print-group-vars.yml' as an exmple - i had to create the following files inside of '/home/dpierre/.ansible' ├── group_vars │   └── all ├── host_vars │   └── localhost - with the following guts: # /home/dpierre/.ansible/group_vars/all prefix_dir: ~/ # /home/dpierre/.ansible/host_vars/localhost prefix_dir: ~/tmp/temp_files/ - i also added the following at the top '/home/dpierre/.ansible/host' # /home/dpierre/.ansible/hosts ... localhost ansible_connection=local - looking again at this: https://www.middlewareinventory.com/blog/run-ansible-playbook-locally/ - i think i just need to employ one of these strategies for running a playbook locally and stop fighting friction - i believe i'm more interested in methods 3 and 4 - another link w/ some examples: https://nixzie.com/run-ansible-playbook-locally/#Run_Ansible_Playbook_Locally_Using_Local_Action - this lil argument on SO states that idiomatic roles in ansible should not possess roles: https://stackoverflow.com/questions/36134552/use-multiple-var-files-in-ansible-role - so...this explains why trying to add different variablse for the hosts in roles was painful...its bcuz its in the wrong place * <2023-12-08 Fri> --------------------------------------------------------- - continued my tests of copying files and found the correct way is to use hosts and/or group vars that can be kept in the playbook or w/ the 'hosts'/'inventory' file. - made the correct changes and now copied the files to localhost in the correct place - make copy of ~/.ansible into repo for reference: rsync -avzhrP ~/.ansible* ~/repos/ansible_repo/home/ - my next projects will be to do the following on a managed host: - [ ] setup/update system files - import needed public keys - slackware - slackbuilds - [ ] setup/update network files - [ ] setup a firewall - probably need to use a 'handler' for this - [ ] create/update a user - [ ] copy/create needed files in users home directory - [ ] copy need ssh keys - use ansible vaults - [ ] add to sudoers - may need to use a template' for this - [ ] configure/perform slackpkg updates - [ ] run the sbopkg package manager to install a package - clamav - [ ] perform a system backup - a slacker created a wiki entry on how to perform slackware automation using ansible https://docs.slackware.com/howtos:slackware_admin:slackware_automation_using_ansible https://gitlab.com/mmlj4/ansible_slackware_bootstrap - some notes on how to use a 'slackpg module' for ansible https://docs.ansible.com/ansible/latest/collections/community/general/slackpkg_module.html - the difference between using 'ansible.builtin.shell' vs 'ansible.builtin.command' https://stackoverflow.com/questions/56663332/difference-between-shell-and-command-in-ansible * <2023-12-12 Tue> --------------------------------------------------------- today i learned that ansible makes it a lil difficult to copy/move files around on the controller node. they make it very apparent that ansible is for contolling managed nodes not necessarily controlling the control node. * <2023-12-13 Wed> --------------------------------------------------------- looking at examples to update a file on a managed host these examples use the 'lineinfile' module https://www.middlewareinventory.com/blog/ansible-update-etc-hosts-file-across-all-hosts/ https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html - regex syntax for python https://docs.python.org/3/library/re.html - an online python regex syntax checker https://pythex.org/ * <2023-12-14 Thu> --------------------------------------------------------- copy 'rc.firewall' from bbox to boom2: rsync --progress -avzhr --delete -e 'ssh -i ~/.ssh/20231024bbox' dpierre@192.168.0.220:/etc/rc.d/rc.firewall ~/.ansible/roles/new_host/files/ https://chmod-calculator.com/ * <2023-12-15 Fri> --------------------------------------------------------- lol..learned of a lil abnormality w/ ansible today. while testing replacing contents of a file w/ the 'ansible.builtin.replace' module it was just not working as i expected. it seemed that the task completed ok but no changes took place. i was testing on a particular task w/in a playbook. i was calling the task like so: #+begin_example ansible-playbook 11-playbook-herd-new-host.yml -b -K --tags=slackpkg_blacklist BECOME password: PLAY [11 - custom ansible - herd new host] ******************************************** TASK [Gathering Facts] **************************************************************** ok: [192.168.0.220] PLAY RECAP **************************************************************************** 192.168.0.220 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 #+end_example the following looks okay...but you really need to look at the above closely. i called the 'slackpkg_blacklist' task to be run but the above output does not state that the task has run.....grrr!! to debug i had to move the separate task into its own playbook and the error showed up like so: #+begin_example $ ansible-playbook system/12-replace-text.yml -b -K BECOME password: PLAY [12 - custom ansible - replace text] *********************************************** TASK [Gathering Facts] ****************************************************************** ok: [192.168.0.220] TASK [update slackpg blacklist] ********************************************************* fatal: [192.168.0.220]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ansible.builtin.replace) module: tags. Supported parameters include: after, attributes, backup, before, encoding, group, mode, owner, path, regexp, replace, selevel, serole, setype, seuser, unsafe_writes, validate (attr, dest, destfile, name)."} PLAY RECAP ****************************************************************************** 192.168.0.220 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 #+end_example when i looked closer at my playbook the 'tags:' directive was indented too much and ansible complained w/ the running playbook. which is nice! but... it did not complain when the task was called directly as part of a playbook w/ many tasks. #+name: BAD EXAMPLE !!!! #+begin_example - name: update slackpg blacklist ansible.builtin.replace: path: "{{ backup_etc_dir }}/blacklist-list" regexp: '#kernel' replace: 'kernel' backup: yes tags: ['slackpkg_blacklist'] #+end_example #+name: GOOD EXAMPLE !!!! #+begin_example - name: update slackpg blacklist ansible.builtin.replace: path: "{{ backup_etc_dir }}/blacklist-list" regexp: '#kernel' replace: 'kernel' backup: yes tags: ['slackpkg_blacklist'] #+end_example another crazy thing i noticed w/ the first example output above was that i purposed placed errors in the task to see if i'd get an error and still no feedback from ansible that anything went wrong. the lesson learned here: - looking at the CLI for awhile can make anyone skip over text on the screen. when calling a task explicitly from a playbook you'll want to make sure that task is explictly listed in the output !!!! ** python backtrace i thought i was gonna need to use pythons regex backtrace construct but realized i did not need it. the following are decent resources on backtrace. https://www.howtouselinux.com/post/modify-files-with-ansible-lineinfile-replace-and-blockinfile https://www.programiz.com/python-programming/regex https://www.pythontutorial.net/python-regex/python-regex-backreferences/ ansible replace examples: - https://www.linuxtechi.com/replace-strings-lines-with-ansible/ * <2023-12-16 Sat> --------------------------------------------------------- just pointing out another case of weirdness that occured as a result of the 'command' vs. 'shell' in a playbook. this is an example of the playbook tested: #+name: using command module #+begin_example tasks: - name: check if user exists ansible.builtin.command: id {{ username }} register: user_check ignore_errors: true - name: display user information ansible.builtin.debug: msg: user '{{ username }}' exists ! when: user_check.rc == 0 - name: display error message if user does not exist ansible.builtin.debug: msg: user '{{ username }}' does not exist ! when: user_check.rc != 0 #+end_example #+name: using shell module #+begin_example tasks: - name: check if user exists ansible.builtin.shell: id {{ username }} register: user_check ignore_errors: true - name: display user information ansible.builtin.debug: msg: user '{{ username }}' exists ! when: user_check.rc == 0 - name: display error message if user does not exist ansible.builtin.debug: msg: user '{{ username }}' does not exist ! when: user_check.rc != 0 #+end_example for the ignored test that failed i noticed that the "cmd" object from the command module returns an array, like so: #+name: shell module result #+begin_example ... ... TASK [check if user exists] ************************************************************ fatal: [192.168.0.220]: FAILED! => {"changed": true, "cmd": ["id", "testuser1"], "delta": "0:00:00.011568", "end": "2023-12-17 09:04:06.919370", "msg": "non-zero return code", "rc": 1, "start": "2023-12-17 09:04:06.907802", "stderr": "id: ‘testuser1’: no such user", "stderr_lines": ["id: ‘testuser1’: no such user"], "stdout": "", "stdout_lines": []} ...ignoring ... ... #+end_example while the same object under the shell command returns a string, like so: #+name: shell module result #+begin_example ... ... TASK [check if user exists] ************************************************************ fatal: [192.168.0.220]: FAILED! => {"changed": true, "cmd": "id testuser1", "delta": "0:00:00.025297", "end": "2023-12-17 08:08:40.530399", "msg": "non-zero return code", "rc": 1, "start": "2023-12-17 08:08:40.505102", "stderr": "id: ‘testuser1’: no such user", "stderr_lines": ["id: ‘testuser1’: no such user"], "stdout": "", "stdout_lines": []} ...ignoring ... ... #+end_example just documenting this fact here cuz i have a feeling this weirdness will bite me in the ass someday. * <2023-12-19 Tue> --------------------------------------------------------- - slackpkg module been looking at the slackpkg module https://docs.ansible.com/ansible/latest/collections/community/general/slackpkg_module.html i was initially wondering how a host receives the correct updates. but then i realized that each host has their own configuration that should be setup. - this is the source code for the slackpkg module https://github.com/ansible-collections/community.general/blob/main/plugins/modules/slackpkg.py - slackbuilds module there does not seem to be a module for this since it is considered 'unofficial' - interesting i see an example of using a template w/in a template here: https://medium.com/@chandrapal/managing-linux-users-ssh-keys-using-ansible-39ee2fc24c16 - i've seen references online that say this does not work well. will need to test this * <2023-12-20 Wed> --------------------------------------------------------- - learned a bit about ansible.builtin.fetch - copied files from a managed host(s) to the controller - started working on playbooks to invoke an sbopkg rsync on a host - had to perform a bunch of bash trix to get what i want - cut command https://stackoverflow.com/questions/19482123/extract-part-of-a-string-using-bash-cut-split https://stackoverflow.com/questions/6594085/remove-first-character-of-a-string-in-bash https://www.geeksforgeeks.org/remove-last-character-from-string-in-linux/ - tr command https://unix.stackexchange.com/questions/9647/how-can-i-find-and-replace-with-a-new-line https://stackoverflow.com/questions/19345872/how-to-remove-a-newline-from-a-string-in-bash https://www.delftstack.com/howto/linux/use-tr-command-in-linux-bash/ - sed command https://unix.stackexchange.com/questions/144298/delete-the-last-character-of-a-string-using-string-manipulation-in-shell-script * references 2023-12-16 -- the following is a lists of ansible related URLs compiled so far. http://mywiki.wooledge.org/BashFAQ/088 https://assets.digitalocean.com/books/how-to-manage-remote-servers-with-ansible.pdf https://chmod-calculator.com/ https://cyb.org.uk/2021/05/03/bash-productivity.html https://docs.ansible.com/ansible-core/2.15/reference_appendices/interpreter_discovery.html https://docs.ansible.com/ansible/2.7/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable https://docs.ansible.com/ansible/2.9/user_guide/playbooks_reuse.html https://docs.ansible.com/ansible/2.9/user_guide/playbooks_reuse_includes.html#including-and-importing-task-files https://docs.ansible.com/ansible/latest/cli/ansible-config.html https://docs.ansible.com/ansible/latest/collections/ansible/builtin/ https://docs.ansible.com/ansible/latest/collections/ansible/builtin/command_module.html https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html https://docs.ansible.com/ansible/latest/collections/ansible/builtin/debug_module.html https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_playbook_module.html https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html https://docs.ansible.com/ansible/latest/collections/ansible/builtin/reboot_module.html https://docs.ansible.com/ansible/latest/collections/ansible/builtin/replace_module.html https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html https://docs.ansible.com/ansible/latest/collections/ansible/builtin/stat_module.html https://docs.ansible.com/ansible/latest/collections/community/general/shutdown_module.html https://docs.ansible.com/ansible/latest/collections/community/general/slackpkg_module.html https://docs.ansible.com/ansible/latest/command_guide/intro_adhoc.html https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html#getting-the-latest-configuration https://docs.ansible.com/ansible/latest/inventory/implicit_localhost.html https://docs.ansible.com/ansible/latest/inventory_guide/connection_details.html https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_delegation.html https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_delegation.html#delegating-facts https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#id44 https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#registering-variables https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html#information-about-ansible-magic-variables https://docs.ansible.com/ansible/latest/plugins/become.html https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html https://docs.ansible.com/ansible/latest/reference_appendices/config.html https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-handle-different-machines-needing-different-user-accounts-or-ports-to-log-in-with https://docs.python.org/3/library/re.html https://docs.slackware.com/howtos:slackware_admin:slackware_automation_using_ansible https://github.com/cesarvr/ansible-role-hello-world https://gitlab.com/mmlj4/ansible_slackware_bootstrap https://nixzie.com/run-ansible-playbook-locally/#Run_Ansible_Playbook_Locally_Using_Local_Action https://phoenixnap.com/kb/ansible-check-if-file-exists https://phoenixnap.com/kb/ansible-create-file https://pythex.org/ https://serverfault.com/questions/589734/ansible-can-i-use-vars-files-when-some-files-do-not-exist https://stackoverflow.com/questions/18839509/where-can-i-get-a-list-of-ansible-pre-defined-variables https://stackoverflow.com/questions/24162996/how-to-move-rename-a-file-using-an-ansible-task-on-a-remote-system https://stackoverflow.com/questions/32101001/ansible-playbooks-vs-roles https://stackoverflow.com/questions/36134552/use-multiple-var-files-in-ansible-role https://stackoverflow.com/questions/53253879/ansible-vars-files-vs-include-vars https://stackoverflow.com/questions/56663332/difference-between-shell-and-command-in-ansible https://www.digitalocean.com/community/cheatsheets/how-to-manage-multiple-servers-with-ansible-ad-hoc-commands https://www.digitalocean.com/community/cheatsheets/how-to-use-ansible-cheat-sheet-guide https://www.digitalocean.com/community/tutorial-series/how-to-write-ansible-playbooks https://www.digitalocean.com/community/tutorials/how-to-use-ansible-roles-to-abstract-your-infrastructure-environment https://www.educba.com/ansible-hosts-file/ https://www.freekb.net/Article?id=2395 https://www.freekb.net/Article?id=3078 https://www.freekb.net/Article?id=573 https://www.freekb.net/Article?id=759 https://www.howtouselinux.com/post/ansible-copy-module-examples-to-copy-file-to-remote-server https://www.howtouselinux.com/post/modify-files-with-ansible-lineinfile-replace-and-blockinfile https://www.lifewire.com/download-free-books-3482754 https://www.linuxtechi.com/replace-strings-lines-with-ansible/ https://www.middlewareinventory.com/blog/ansible-update-etc-hosts-file-across-all-hosts/ https://www.middlewareinventory.com/blog/run-ansible-playbook-locally/ https://www.programiz.com/python-programming/regex https://www.pythontutorial.net/python-regex/python-regex-backreferences/