Some examples and hints on Ansible
I play with Ansible for quite a while now. Here are some real life examples and hints.
Yaml good indentation
- hosts: ...
vars:
filename: ...
vars_files:
- ...
tasks:
- name:...
command:
...
Managing several versions
- lineinfile:
name: /etc/inittab
regexp: '^ca::ctrlaltdel'
line: 'ca::ctrlaltdel:/bin/logger -p authpriv.warning -t init "Console-invoked Ctrl-Alt-Del was ignored"'
state: 'present'
when: ansible_distribution_major_version == "5"
- name: Disable Ctrl+Alt+Delete on RHEL6
block:
- file:
path: /etc/init/control-alt-delete.override
state: absent
- lineinfile:
path: /etc/init/control-alt-delete.override
create: yes
owner: root
group: root
mode: 0644
line: 'exec /usr/bin/logger -p authpriv.notice -t init "Console-invoked Ctrl-Alt-Del was ignored"'
state: 'present'
when: ansible_distribution_major_version == "6"
- name: Disable Ctrl+Alt+Delete on RHEL7
block:
- file:
path: /usr/lib/systemd/system/ctrl-alt-del.target
state: absent
- file:
path: /usr/lib/systemd/system/ctrl-alt-del.target
src: /dev/null
state: link
when: ansible_distribution_major_version == "7"
Managing users
- Deleting a user
user: name={{user}} state=absent remove=yes
Creating and mounting a volume
tasks:
- name: Create u01 logical volume for PL01
command: "{{item}}"
with_items:
- vgcreate u01vg /dev/xvdc
- lvcreate -l 100%FREE -n u01lv u01vg
- mkfs.ext4 /dev/u01vg/u01lv
- name: add mountpoint in /etc/fstab
mount:
name: /u01
src: /dev/mapper/u01vg-u01lv
fstype: ext4
opts: defaults
state: present
Using lineinfile
- Allow the user "psoft" to submit cron jobs
- name: Add psoft user une cron.allow lineinfile: dest=/etc/cron.allow line="psoft" - Add the Ansible server in /etc/hosts
- name: Add
int /etc/hosts lineinfile: dest=/etc/hosts line="{{ansible_default_ipv4.address}} {{ansible_hostname}}" - Modify sshd_config and restart sshd
- hosts: all vars: filename: /etc/ssh/sshd_config vars_files: - ../data/sshd_config.yml tasks:Do a backup- shell: cp {{filename}} {{filename}}.`date '+%Y%m%d%H%M%S'`.bakReplace the line, even if commented out- lineinfile: name: "{{ filename }}" regexp: '^[# ]*{{ item.param }}[ =]+' line: '{{ item.param }} {{ item.value }}' state: '{{ item.state }}' with_items: '{{ sshd_config }}'Restart the service- service: name=sshd state=restartedHere the file used for data:sshd_config: - { param: 'AddressFamily', value: 'inet', state: 'present' } - { param: 'AllowTcpForwarding', value: 'no', state: 'present' } - { param: 'PermitRootLogin', value: 'no', state: 'present' } - Replace lines with empty lines
- lineinfile: dest: /etc/sysctl.conf insertafter: EOF line: '{{ item }}' with_items: - ' ' - '# fs.suid_dumpable: disallow core dumping by setuid and setgid programs' - 'fs.suid_dumpable=0' - ' ' - '# kernel.randomize_va_space: Address Space Layout Randomization, - '# randomize the positions of the stack, VDSO page, shared memory regions, and the data segment.' - 'kernel.randomize_va_space=2' -
Replace a word in a line
- lineinfile: name: '{{filename}}' regexp: '^(password[ \t]+sufficient[ \t]+pam_unix.so md5 shadow nullok try_first_pass use_authtok) remember=5$' line: '\1 remember=6' backrefs: yes - Comment out the privilege to SU in sudoers
vars: filename: /etc/sudoers tasks: - lineinfile: name: "{{filename}}" regexp: '^([ \t]*Cmnd_Alias[ \t]+SU[ \t]+=[ \t]+(?:/usr)*/bin/su[ \t]+-)$' line: '# \1' backrefs: yes
Playing with packages
- Sending a local archive
- unarchive: src=/local/ansible/roles/common/files/ctmagent.tar.gz dest=/opt/tools/ctmagent
- Removing samba
yum: name: samba state: absent
Misc
- Encrypting a password with python
Use:python -c 'import crypt; print crypt.crypt(password,salt)'# python -c 'import crypt; print crypt.crypt("S3cret!","salt")' saj4Pa9MfKdsI
Comments