James's Ramblings

Ansible

Created: March 17, 2020

Inventories

  • Located at /etc/ansible/hosts by default.
  • Standard inventories are YAML or INI.
  • Inventories can also be dynamic.
  • Alternative inventories can be used using the flag: --i PATH.
  • Multiple inventories can be used at the same time.
  • YAML inventories are recommended because types in INI inventories can be ambiguous.

Basic YAML Inventory

all:
  hosts:
    HOST1:
  children:
    GROUP1:
      hosts:
        HOST2:
        HOST3:
    GROUP2:
      hosts:
        HOST4:

Basic INI Inventory

HOST1

[GROUP1]
HOST2
HOST3

[GROUP2]
HOST4

Groups

  • A host can be a member of multiple groups.
  • all is an implicit grouping of all hosts.
  • ungrouped is an implicit grouping of hosts that have no explicit group.
  • Ranges of hosts with predictable names can be added to inventories using square brackets syntax: 
    www[01:50].domain.com
db-[a:f].domain.com
  • Groups can be nested.
  • Members of child groups are also members of parent groups.

  • Groups can have multiple parents and children, but no circular relationships.

  • Hosts can also be in multiple groups, but there will only be one instance of a host, merging the data from the multiple groups.

Variables

Assign a variable to one host (INI):

HOST1 http_port=80 maxRequestsPerChild=808

Assign a variable to one host (YAML):

HOST1:
  http_port: 80
  maxRequestsPerChild: 808
  • Ports can be specified at the end of hostnames. Technically this is a variable.
  • One host variables works well for defining ansible_connection and ansible_user per host:
localhost ansible_connection=local
HOST2     ansible_connection=ssh        ansible_user=USER

Group Variables

Variables can also be assigned at the group-level:

GROUP1:
  vars:
    VAR1: VALUE1
    VAR2: VALUE2

INI syntax:

[GROUP1:vars]
VAR1=VALUE1
VAR=VALUE2
  • Group variables are flattened before execution.
  • If there is a conflicting variable name, there are a set of rules for deciding precedence.

  • The most specific (host, child, parent, or all) variable will apply.

  • At the same level, reverse alphabetic order of the variables host/group determines precedence. e.g. variables of b take precdence over variables of a.

  • The variable ansible_group_priority can be used to override this behaviour for groups at the same level. Larger numbers take precedence. There is an implicit 1 if this is variable is not defined.

Best Practice for Variables

  • It’s best to avoid setting lots of variables directly in the inventory file itself.
  • Variables can be set in additional files, which Ansible will use automatically.

  • Ansible searches for these files relative to the inventory file.

  • If GROUP1 exists in /etc/ansible/hosts, /etc/ansible/group_vars/GROUP1 will be searched for variables.

  • If HOST1 exists in /etc/ansible/hosts, /etc/ansible/host_vars/HOST1 will be searched for variables.

  • The contents of HOST1 might look like: ` — http_port: 80`

  • File names can optionally end in .yml, .yaml, or .json.

  • host_vars and group_vars can also be directories. If the directories exist, files contained within them are processed in lexicographical order.

  • group_vars/ and host_vars/ can also be in the playbook directory. ansible-playbook looks for these directories in the current directory by default. Other commands require --playbook-dir PATH.

Aliases

  • Rather than specifying the IP or FQDN of a host, an alias can be specified instead.

  • This only works with hosts with static IPs and requires the ansible_host variable to be set for the host.

  • The value of ansible_host is the address of the host.

Using Multiple Inventories

Multiple

Changing the Location of the Default Inventory File

Edit the current ansible.cfg. Uncomment and change the line: inventory = PATH

-vvvv

Ansible Configuration Settings

Various settings can be defined in ansible.cfg to make using Ansible more efficient.

ansible.cfg can be in various places, each of which has different predence.

  • ANSIBLE_CONFIG (environment variable if set)
  • ansible.cfg (in the current directory)
  • ~/.ansible.cfg (in the home directory)
  • /etc/ansible/ansible.cfg

The current directory option requires the directory not to be world writable for security reasons.

To list options from the CLI: ansible-config list

dump and view are alternative flags to list.

Useful settings discovered:

[defaults]
inventory = /home/james/Ansible/hosts
remote_user = james

[ssh_connection]
ssh_args = -C -o ControlMaster=no -o ControlPersist=60s
# Fix for Debian 10 bug
# https://github.com/ansible/ansible/issues/15321

[privilege_escalation]
become_ask_pass = True
  1. Ansible Configuration Settings

Sources

  1. Ansible Official Documentation