ansible-cheatsheet

############################################################################### ## Lucian Maly 2018-12-04 ############################################################################### ## Ansible works bes i! "e asswordless access is con!i$ured on all nodes% & ss"-key$en & ss"-coy-id lmaly@<'()*> & ss" lmaly@<'()*> ## +on!i$uraion, nenory de!aul/s% & ca ecansible"oss & $re "os!ile ansible.c!$ 3rioriy in w"ic" "e con!i$ !iles are rocessed% 1 A)5L6+(7 /an enironmen ariable 2 .ansible.c!$ /in "e curren direcory 9 :.ansible.c!$ 4 ecansibleansible.c!$ & ansible --ersion <-s"ows w"a con!i$ !ile is currenly bein$ used +ommonly Modi!ied )ein$s in ;ansible.c!$;% inenory Locaion o! Ansible inenory !ile remoe user =emoe user accoun used o esablis" connecions o mana$ed "oss become 6nablesdisables riile$e escalaion !or oeraions on mana$ed "oss /(* 5 ?67AL* becomeme"od ?e!ines riile$e escalaion me"od becomeuser ser accoun !or escalain$ riile$es becomeaskass ?e!ines w"e"er riile$e escalaion roms !or assword # ?e!aul module /command, (* )'6LL is de!ined in ;ansible.c!$; under ;de!auls; secion% & $re modulename ecansibleansible.c!$ ! no modules de!ined, rede!ined command module used ############################################################################### ## =un "e laybook/s% & ansible -i local"os, <laybook>.yaml B"en usin$ "e ;-i; arameer, i! "e alue is a ;lis; /i conains a leas one comma i will be used as "e inenory L)*  can be ei"er 7C? or 3 address & ansible -i ecansible"oss <laybook>.yaml B"ile "e ariable is a srin$, i will be used as "e inenory 3A*' ## Ansible erbosiy% & ansible-laybook - -i <'()*> <laybook>.yaml & ansible-laybook - -i <'()*> <laybook>.yaml & ansible-laybook - -i <'()*> <laybook>.yaml connecions & ansible-laybook - -i <'()*> <laybook>.yaml

<-dislays ouu daa <-dislays ouu D inu daa <-in!ormaion abou <-in!ormaion abou lu$ins

############################################################################### ## nenory !ile eEamles% FwebsererG <-bo" "oss can be reduced o wsF01%02G.lmaly.io usin$ re$eE ws01.lmaly.io ws02.lmaly.io%1294 <-con!i$ured o lisen on or 1294

FdaabaseG db01.lmaly.io 1H2.1I8.F1%JG.F0%2JJG

<-includes 1H2.1I8.1.024 "rou$" 1H2.1I8.J.024

Fnswciies%c"ildrenG <-nesed $rous use "e keyword %c"ildren webserer daabase o"ers

Fo"ersG local"os ansibleconnecionlocal connecion, wi"ou ))' 1H2.1I8.9.K ansibleconnecionss" ansibleuser!aylor sein$s eEamle

<-i will use local <-use di!!eren

# ?ynamic inenory - AB) cusom scri )cri mus suor ;--lis; an ;--"os; arameers, e.$.% & .ineniryscri --lis & sudo c ec2.y ecansible & sudo c ec2.ini ecansible & sudo c"mod E ecansibleec2.y & ansible -i ec2.y all -m in$ Mulile inenory !iles in one dir  All "e !iles in "e direcory are mer$ed and reaed as one inenory ############################################################################### ## B"ic" "oss will "e laybook run a$ains & ansible-laybook <laybook>.yaml --lis-"oss ## B"ic" "oss are in "e "oss !ile & ansible all --lis-"oss & ansible ;1H2.1I8.2.N; -i --lis-"oss eery"in$ "a mac"es "e wildcard & ansible lab%daacener1 -i --lis-"oss o! lab (= daacener1 & ansible ;lab%Ddaacener1; -i --lis-"oss o! lab A? daacener1 & ansible ;daacener%es2.eEaml ;daacener%es2.eEamle.com; e.com; -i --lis-"oss "os

<<-members <-members <-eEclude

## 3rin all "e asks in s"or !orm "a laybook would er!orm% & ansible-laybook <laybook>.yaml --lis-asks ############################################################################### ## )ee "e meadaa obained durin$ Ansible seu /module seu% & ansible all -i <'()*>, -m seu & ansible <$rou> -m seu & ansible <$rou> -m seu --ree !acs # )"ow "e seci!ic meadaa% & ansible <$rou> -m seu -a ;!ilerNi4N; # 6Eamles% OO ansible"osname PP OO ansiblede!auli4.addr ansiblede!auli4.address ess PP OO ansibledeices.da.ari ansibledeices.da.ariions.da1.siQe ions.da1.siQe PP OO ansibledns.nameserers PP OO ansiblekernel PP # *o disable !acs% $a"er!acs% no # +usom !acs are saed under ansiblelocal% & ca ecansible!acs.dnew.!a ecansible!acs.dnew.!ac c <-ini or Rson !ile & ansible demo1.eEamle.com -m seu -a ;!ileransiblelocal;

# Accessin$ !acs o! ano"er node% OO "osarsF;demo2.eEamle.com;GF;ansibleos!amily;G PP ############################################################################### # =un arbirary command on all "oss as sudo% & ansible all -s -a Sca arlo$messa$esS # =un Ad 'oc module wi" ar$umens% & ansible "os aern -m module -a ;ar$umen1 ar$umen2; F-i inenoryG # =un ad "oc command "a $eneraes one line inu !or eac" oeraion% & ansible my"oss -m command -a usrbin"osname -o # Ad "oc 6Eamle% yum module c"ecks i! "d insalled on demo"os% & ansible demo"os -u deos -b -m yum -a ;name"d saeresen; # Ad "oc 6Eamle% 7ind aailable sace on disks con!i$ured on demo"os% & ansible demo"os -a Sd! -"S # Ad "oc 6Eamle% 7ind aailable !ree memory on demo"os% & ansible demo"os -a S!ree -mS ############################################################################### ## 3laybook/s basics% --<-indicaes AML, oional documen marker - "oss% all <-"os or "os $rou a$ains we will run "e ask /eEamle - "oss% webserer remoeuser% lmaly <-as w"a user will Ansible lo$ in o "e mac"ine/s asks% <-lis o! acions - name% B"aeer you wan o name i <-name o! "e !irs ask yum% name% "d sae% resen <-same as sin$le line ;yum% name"d saeresen become*rue; become% *rue <-ask will be eEecued wi" sudo ... <-oional documen marker indicain$ end o! AML oes% )ace c"aracers used !or indenaion 3ie /T reserers line reurns wi"in srin$ Arrow /> coners line reurns o saces, remoes leadin$ sace in lines ndenaion rules% 6lemens a same leel in "ierarc"y mus "ae same indenaion +"ild elemens mus be indened !ur"er "an arens o rules abou eEac number o! saces o use (ional% nser blank lines !or readabiliy se AML Lin "%yamllin.com o c"eck "e synaE correcness se ;ansible-laybook --synaE-c"eck ; se ;ansible-laybook -+ ; !or dry run /w"a c"an$es would occur i! laybook is eEecued se ;alwaysrun% rue; o eEecue only some asks in c"eck mode /or ;alwaysrun% !alse; !or "e oosie se ;ansible-laybook --se ; o rom eac" ask /yyesnnoceEi and eEecue remainin$ wi"ou askin$ se ;ansible-laybook --sar-a-askSsar "d sericeS o sar eEecuion !rom $ien ask

7or comleE laybooks, use ;include; o include searae !iles in main laybook /include% asksen.yml ############################################################################### ## Uariables% --- # sually commen !ield describin$ w"a i does - "oss% all remoeuser% lmaly asks% - name% )e ariable ;name; se!ac% name% *es mac"ine - name% 3rin ariable ;name; debu$% ms$% ;OO name PP; a n ars block% ars% se!ac% ;*es mac"ine; b 3assed as ar$umens% includears% arseEraar$s.yml # ("er alernaie ways% /1 ass ariable/s in "e +L% & ansible-laybook -i <'()*>, <laybook>.yaml

-e ;namees01;

/2 ass ariable/s o an inenory !ile% a FwebsererG <- all laybooks runnin$ on webserers will be able o re!er o "e domain name ariable ws01.lmaly.io domainnameeEamle1.lmaly.io ws02.lmaly.io domainnameeEamle2.lmaly.io b Fwebserer%arsG <-  'os ariables will oerride $rou ariables in case $e same ariable is used in bo" "senabled*rue

/9 in ariable !ile/s% a "osars% & ca "osarsws01.lmaly.io domainnameeEamle1.lmaly.io b $rouars% & ca $rouarswebserer "senabled*rue

Uariable mus sar wi" leerV alid c"aracers are% leers, numbers, underscores # Array de!iniion eEamle% users% bRones% !irsname% 5ob lasname% Wones acook% !irsname% Anne lasname% +ook # Array accessin$readin$ eEamle%

users.bRones.!irsname usersF;bRones;GF;!irsname;G

# =eurns ;5ob; # =eurns ;5ob;

<-re!erable me"od

# nenory ariables "ierarc"yscoe *"ree leels% lobal, 3lay, 'os ! Ansible !inds ariables wi" "e same name, i uses c"ain o! re!erence /"i$"es rioriy on "e o% X A +ommon ariable !ile - oerrides eery"in$, "os$rouinenory ariable !iles T 01 ;eEra; ariables ia +L /-e T 02 *ask ariables /only !or ask isel! T 09 ?e!ined in ;block; saemen /- block% T 04 ;role; and ;include; ariables T 0J ncluded usin$ ;ars!iles; /ars!iles% - arsen.yml T 0I ;arsrom; ariables /arsrom% T 0K ?e!ined wi" ;-a; or ;--ar$s; command line T 08 ?e!ined ia ;se!acs; /- se!ac% user% Roe T 0H =e$isered ariables wi" ;re$iser; keyword !or debu$$in$ T 10 'os !acs discoered by Ansible /ansible!acs T 5 'os ariables - oerrides $rou ariable !iles T 11 ;"osars; in "osars direcory T + rou ariables - oerrides inenory ariable !iles T 12 ;$rouars; in $rouars direcory T ? nenory ariable !iles - lowes rioriy T 19 ;"osars; in "e inenory !ile /F"os$rou%arsG T 14 ;$rouars; in "e inenory !ile /F"os$rou%c"ildrenG T 1J nenory !ile ariables - $lobal T 1I =ole de!aul ariables - )e in roles ars direcory Uariables assed o "e +L "ae rioriy oer any o"er ariable. ou can oerride "e !ollowin$ arameers !rom an inenory !ile% ansibleuser, ansibleor, ansible"os, ansibleconnecion, ansibleriaekey!ile, ansibles"ellye ############################################################################### ## eraes /"%docs.ansible.comansiblelaybooksloos."ml /1 )andard - ;wi"iems; eEamle% a )imle loo !irewall !irewalld% serice% ;OO iem PP; sae% enabled ermanen% *rue immediae% *rue become% *rue wi"iems% - " - "s

b Lis o! "as"es - user% name% OO iem.name PP sae% resen $rous% OO iem.$rous PP wi"iems% - O name% ;Rane;, $rous% ;w"eel; P - O name% ;Roe;, $rous% ;roo; P /2 esed loos /ierae all elemens o! a lis wi" all iems !rom o"er

liss - ;wi"nesed; eEamle% user% name% ;OO iem PP; become% *rue wi"iems% - ;OO users PP; !ile% a"% ;"omeOO iem.0 PPOO iem.1 PP; sae% direcory become% *rue wi"nesed% - ;OO users PP; - ;OO !olders PP; /9 7ile$lobs loo /acion on eery !ile resen in a cerain !older ;wi"!ile$lobs; eEamle% coy% src% ;OO iem PP; des% ;miroue2; remoesrc% *rue become% *rue wi"!ile$lob% - ;eciroue2rN;

/4 ne$er loo /ierae oer "e ine$er numbers - ;wi"seYuence; eEamle% !ile% des% ;mdirOO iem PP; sae% direcory wi"seYuence% sar1 end10 become% *rue

oes% wi"!ile - *akes lis o! !ile namesV ;iem; se o conen o! eac" !ile in seYuence wi"!ile$lob - *akes !ile name $lobbin$ aernV ;iem; se o eac" !ile in direcory "a mac"es aernV in seYuence, nonrecursiely wi"seYuence - eneraes seYuence o! iems in increasin$ numerical orderV +an ake ;sar; and ;end; ar$umens - )uors decimal, ocal, "eEadecimal ine$er alues wi"randomc"oices - *akes lisV ;iem; se o one lis iem a random oe - +ondiionals% 6Yual Less "an reaer "an Less "an or eYual reaer "an or eYual o eYual Uariable eEiss Uariable does no eEis Uariable se o 1, *rue, or yes Uariable se o 0, 7alse, or no Ualue resen in ariable or array A? inenory"osname in $rousF;sa$in$;G (= ansibledisribuion  S7edoraS /J ;w"en; saemen eEamle

SOO maEmemory PP  J12S SOO minmemory PP < 128S SOO minmemory PP > 2JIS SOO minmemory PP < 2JIS SOO minmemory PP > J12S SOO minmemory PP  J12S SOO minmemory PP is de!inedS SOO minmemory PP is no de!inedS SOO aailablememory PPS Sno OO aailablememory PPS SOO users PP in usersFSdbadminsSGS ansiblekernel  9.10.elK.E8II4 and ansibledisribuion  S=ed'aS or

- name% +reae "e daabase admin user% name% dbadmin w"en% inenory"osname in $rousFSdaabasesSG ariable, i mus be laced ouside o! "e module

<-w"en is no a module

/I B"en combinin$ ;w"en; wi" ;wi"iems;, "e w"en saemen is rocessed !or eac" iem% wi"iems% SO ansiblemouns PS w"en% iem.moun  SS and iem.siQeaailable > 900000000 ############################################################################### ## =e$iser - *o caure ouu o! module "a uses array - s"ell% ec"o SOO iem PPS wi"iems% - one - wo re$iser% ec"o ############################################################################### ## 'andlers - *ask "a resonds o noi!icaion ri$$ered by o"er asks% noi!y% - resaraac"e "andlers% -name% resaraac"e serice% name% "d% sae% resared *ask may call more "an one "andler in noi!y Ansible reas noi!y as an array and ieraes oer "andler names 'andlers run in order "ey are wrien in lay, no in order lised by noi!y ask ! wo "andlers "ae same name, only one runs 'andler runs only once, een i! noi!ied by more "an one ask 'andlers de!ined inside ;include; canno be noi!ied --!orce-"andlers ############################################################################### ## =esource a$$in$ a *asks a$s% - acka$es b =oles - all asks "ey de!ine also a$$ed roles% - O role% user, a$s% FroducionG P c nclude - all asks "ey de!ine also a$$ed - include% common.yml a$s% Fesin$G & ansible-laybook --a$s SroducionS & ansible-laybook --ski-a$s SdeelomenS )ecial a$s% always, a$$ed, una$$ed, all /de!aul ############################################################################### ## $nore and ask errors ?e!aul% ! ask !ails, lay is abored immediaelly, same wi" "andlers *o ski !ailed asks, use ;i$noreerrors% yes; *o !orce "andler o be called een i! ask !ails, use ;!orce"andlers% yes; *o mark ask as !ailed een w"en i succeeds, use ;!ailedw"en% cmd% usrlocalbincreaeuser.s"ow

re$iser% commandresul !ailedw"en% S;3assword missin$; in commandresul.sdouS ?e!aul% *ask acYuires ;c"an$ed; sae a!er udain$ mana$ed "os, w"ic" causes "andlers skied i! ask does no make c"an$ed c"an$edw"en% S;)uccess; in commandresul.sdouS ############################################################################### ## 6nironmenal ariables

a )e en% enironmen% "roEy% "%demo.lab.eEamle.com%8080

b =e!erence ars inside laybook% - block% enironmen% name% SOO myname PPS

############################################################################### ## 5locks - lo$ical $rouin$ o! asks, conrols "ow are "ey eEecued a block% <-main asks o run b rescue% <-asks o run i! block asks !ail c always% <-asks o always run, indeenden on a or b asks% - block% - s"ell% cmd% usrlocallibu$rade-daabase rescue% - s"ell% cmd% usrlocallibcreae-user always% - serice% name% mariadb sae% resared ############################################################################### ## ?ele$aion usin$ ;dele$aeo; and ;localacion; a *o local"os usin$ dele$aeo% - name% =unnin$ Local 3rocess command% s dele$aeo% local"os re$iser% localrocess b *o local"os usin$ localacion% - name% =unnin$ Local 3rocess localacion% command ;s; re$iser% localrocess c 'os ouside lay in inenory - eEamle o! remoin$ mana$ed "oss !rom 6L5, u$radin$ and "e addin$ "em back% - "oss% webserers asks% - name% =emoe serer !rom load balancer command% remoe-!rom-lb OO inenory"osname PP dele$aeo% local"os - name% ?eloy "e laes ersion o! Bebsack $i%reo$i%$i.eEamle.coma"reo.$i dessrwww - name% Add serer back o 6L5 ool

command% add-o-lb OO inenory"osname PP dele$aeo% local"os nenory daa used w"en creain$ connecion o ar$e% ansibleconnecion ansible"os ansibleor ansibleuser

d 'os ouside lay (* in inenory usin$ ;add"os;% - name% Add dele$aion "os add"os% namedemo ansible"os1K2.2J.2J0.10 ansibleuserdeos - name% )illy ec"o command% ec"o OO inenory"osname PP dele$aeo% demo ar$s% <-comleE ar$umens can be added c"dir% somedir creaes% a"odaabase e ;runonce% *rue; 7acs $a"ered by dele$aed asks assi$ned o ;dele$aeo; "os, no "os "a roduced !acs *o $a"er !acs !rom dele$aed "os, se ;dele$ae!acs% *rue; in "e lay ############################################################################### ## WinRa2 *emlae/s - no need !or !ile eEension% --- "oss% all remoeuser% lmaly asks% - name% 6nsure "e websie is resen and udaed emlae% src% indeE."ml.R2 <-"e W2 emlae source des% arwww"mlindeE."ml <-desinaion owner% roo $rou% roo mode% 0I44 become% *rue # Uariables in W2 emlae/s% ;OO UA=A5L6AM6 PP; ;OO A==AAM6F;Z6;G PP; ;OO (5W6+*AM6.3=(36=*AM6 PP; # 6Eamle o! indeE."ml.R2 usin$ ariable% # OO ansiblemana$ed PP <-recommended o include i in eac" emlae <"ml> <"1>'ello Borld<"1> <>*"is a$e was creaed on OO ansibledaeime.dae PP.<> <body> <"ml> # +ommens% O# ... #P # 5uil-in 7ilres in W2 emlae/s%

;OO ;OO ;OO ;OO ;OO ;OO ;OO ;OO

UA=A5L6AM6 T caialiQe PP; ouu T oRson PP ouu T oyaml PP ouu T oniceRson PP ouu T oniceyaml PP ouu T !romRson PP ouu T !romyaml PP !oresblockersTsli/;-; PP;

# +ondiionals% O [ ... [ P a 6Yual o eEamle A O[ i! ansiblee"0.acie  *rue [P <>e"0 address OO ansiblee"0.i4.address PP.<> O[ endi! [P b 6Yual o eEamle 5 O[ i! ansiblee"0.acie is eYualo *rue [P <>e"0 address OO ansiblee"0.i4.address PP.<> O[ endi! [P # +yclesloos% O[ !or address in ansiblealli4addresses [P
OO address PP<li> O[ end!or [P # ssues a B"en alue a!er % sars wi" O you need o S "e w"ole obRec aa"% SOO basea" PPbinS b B"en you "ae nesed OO...PP elemens, remoe "e inner se% ms$% 'os OO aramsFOO "osi PPG PP <-wron$ ms$% 'os OO aramsF "osiG PP <-!ine More in!ormaion% "%RinRa.ocoo.or$docsdeemlaes#builin-!ilers "%RinRa.ocoo.or$docsdeemlaes#builin-ess ############################################################################### ## =oles # )rucure%  looks !or di!!eren roles a ;roles; subdirecory or ;rolesa"; dir in ansible.c!$ /de!aul ecansibleroles *o-leel  seci!ically named role name )ubdirs  main.yml !iles  conains obRecs re!erenced by main.yml emlaes  conains obRecs re!erenced by main.yml =ole asks eEecue be!ore asks o! lay in w"ic" "ey aear *o oerride de!aul, use ;reasks; /er!ormed be!ore any roles alied and ;osasks; /er!ormed a!er all roles comleed # 6Eamle - !older srucure% & ree user.eEamle user.eEamle \]] de!auls ^ _]] main.yml \]] !iles \]] "andlers ^ _]] main.yml \]] mea

<-de!ine de!aul ariables, easily oerriden <-!iEed-conen !iles, emy subdir is i$nored

^ _]] main.yml <-de!ine deendency roles /;allowdulicaes% yes; \]] =6A?M6.md \]] asks ^ _]] main.yml <-role conen /de!ines modules o call on mana$ed "oss w"ere "e role is alied \]] emlaes <-conain emlaes \]] ess ^ \]] inenory ^ _]] es.yml _]] ars ^ _]] main.yml <-ars !or "is module /bes racice _]] main.yml # se roles in lay eEamle% --- "oss% remoe.eEamle.com roles% - role1 - role2 - daidkarban.$i

<-role !rom Ansible alaEy usin$ A*'(=.AM6

# (erride de!aul ariables eEamle% --- "oss% remoe.eEamle.com roles% - O role% role1 P - O role% role2, ar1% al1, ar2% al2 P # ?e!ine deendency roles in meamain.yml eEamle% --deendencies% - O role% aac"e, or% 8080 P - O role% os$ress, dbname% sererlis, adminuser% !eliE P =ole added as deendency o lay once, o oerride de!aul, se ;allowdulicaesyes; in meamain.yml # +onen eEamle o! M(*? role /asksmain.yml --# asks !ile !or M(*? - name% delier mod !ile emlae% src% emlaesmod.R2 des% ecmod owner% roo $rou% roo mode% 0444 # =ole sources & ca roles2insall.yml # 7rom alaEy% - src% au"or.rolename # 7rom di!!eren source% - src% "s%webserer.eEamle.com!iles.$Q name% !serer-role & ansible-$alaEy ini -r roles2insall.yml

############################################################################### ## Modules # +usom modules 3rioriy in w"ic" "e cusom module is bein$ rocessed% 1, A)5L6L5=A= enironmen ariable 2, ;library; in "e ansible.c!$ 9, .library relaie o locaion o! laybook in use # ?e!aul modules & cd usrliby"on2.Ksie-acka$esansiblemodules & ansible-doc -l <-lis all modules & ansible-doc <-"el !or "e module & ansible-doc -s <-simle iew !or "e module ############################################################################### ## (imiQaions /1 ?e!aul ;smar; sein$s /ransorsmar in ansible.c!$% a c"eck i! locally insalled ))' suors ;+onrol3ersis;, i! no, ;aramiko; is used b +onrol3ersisI0s /lised as commen in ecansibleansible.c!$ /2 ("er sein$s include% a aramiko /3y"on imlemenaion o! ))'2, does no "ae +onrol3ersis b local /runs locally and no oer ))' c ss" /uses (en))' d docker /uses docker eEec e lu$-ins /no based on ))', e.$. c"roo, libirlEc... /9 +"an$e on-"e-!ly sein$s wi" a & ansible-laybook <3LA5((Z> -c <*=A)3(=*AM6> b & ansible <3LA5((Z> -c <*=A)3(=*AM6> /4 ))' sein$s are under Fss"connecionG /J 3aramiko sein$s are under FaramikoconnecionG /I *o seci!y connecion ye in "e inenory !ile, use ;ansibleconnecion;% Far$esG local$os ansibleconnecionlocal demo.lab.eEamle.com ansibleconnecionss" /K *o seci!y connecion ye in lay% --- name% +onnecion ye "oss% 12K.0.0.01 connecion% local /8 *o limi concurren connecion, use ))' serer;s ;MaE)arus; oion /H 3arallelism - by de!aul J di!!eren mac"ines a once% a sein$ ;!orks; in ;ansible.c!$; b & ansible-laybook --!orks c ;serial; in "e lay oerrides ;ansible.c!$; - ei"er number or [ d ;async; D ;asyncsaus; - alue is ime "a Ansible wais !or command o comlee Fde!aul 9I00s, lon$ asks 0G e ;ool; - ses "ow o!en Ansible c"ecks i! command "as comleed Fde!aul 10s, lon$ asks 0G ! ;wai!or; $ ause module ############################################################################### ## Ansible aul /1a +reae encryed !ile% & ansible-aul creae <7L6AM6> & ansible-aul creae --aul-assword-!ile.secre!ile <7L6AM6> /2a 6ner and con!irm new aul assword /1b (r encry and eEisin$ !ile/s%

& ansible-aul encry <7L61> <7L62> ... & ansible-aul encry --ouu6B7L6 <(L?7L6> /2b 6ner and con!irm new aul assword /9 Uiew !ile% & ansible-aul iew <7L6AM6> /4 6di !ile% & ansible-aul edi <7L6AM6> /J +"an$e assword% & ansible-aul rekey <7L6AM61> <7L6AM62> & ansible-aul rekey --new-aul-assword-!ile.secre!ile <7L6AM6> /I ?ecry !ile% & ansible-aul decry <7L6AM6> --ouu<7L6AM6> Uariable yes% a ?e!ined in ;$rouars; or ;"osars; b Loaded by ;includears; or ;ars!iles; c 3assed on ;ansible-laybook -e @!ile.yml; d ?e!ined as role ariables D de!auls & ansible-laybook --ask-aul-ass <3LA.ML> & ansible-laybook --aul-assword-!ile.secre!ile <3LA.ML> or ;6`3(=* A)5L6UAL*3A))B(=?7L6:.secre!ile; ############################################################################### ## *roubles"ooin$ 5y de!aul no lo$, bu you can enable i% a ;lo$a"; arameer under Fde!aulG in ;ansible.c!$; b A)5L6L(3A*' enironmen ariable # ?ebu$ mode eEamles% - debu$% ms$S*"e !ree memory !or "is sysem is OO ansiblemem!reemb PPS - debu$% arouu erbosiy2 # =eor c"an$es made o emlaed !iles% & ansible-laybook --c"eck --di!! # ;=; module o c"eck i! =6)*!uk A3 is reurnin$ reYuired conen% asks% - acion% uri url"%ai.mya.com reurnconenyes re$iser% airesonse - !ail% ms$;ersion was no roided; w"en% S;ersion; no in airesonse.conenS # ;scri; module o eEecue scri on mana$ed "os /module !ails i! & is o"er "en 0% aks% - scri% c"eck!reememory # ;sa; module o see i! !ilesdirs no mana$ed by Ansible are resen ;asser; module o see i! !ile eEiss in mana$ed "os asks% - sa% a"arruna.lock re$iser% lock - asser% "a% - lock.sa.eEiss ############################################################################### ## Ansible *ower

Beb-based iner!ace 6nerrise soluion !or * auomaion ?as"board !or mana$in$ deloymens and moniorin$ resources Adds auomaion, isual mana$emen, moniorin$ caabiliies o Ansible ies adminisraors conrol oer user access ses ))' credenials 5locks access o or rans!er o! credenials mlemens coninuous deliery and con!i$uraion mana$emen ne$raes mana$emen in sin$le ool # nsallaion - +on!i$uraion !ile% owerseucon!.yml under seu bundle direcory nsallaion - ;con!i$ure; oions% -l <-insall on local mac"ine wi" inernal 3os$re)CL --no-secondary-rom <-ski roms re$ardin$ secondary *ower nodes o be added -A <-?isable au-$eneraion o! 3os$re)CL assword, rom user !or asswords -o <7L6> <-source !or con!i$uraion answers nsallaion - a!er "e con!i$ !ile is ready% .seu.s" -c <7L6> <-seci!y !ile "a sores "e con!i$uraion -i <7L6> <- <-seci!y !ile o use !or "os inenory -s <-reYuire Ansible o rom !or ))' asswords -u <-reYuire Ansible o rom !or sudo asswords -e <-se addiional ariables durin$ insallaion -b <-er!orm daabase backu insead o! insallin$ *ower -r <5A+Z37L6> <-er!orm daabase resore insead o! insallin$ *ower +"an$in$ your assword% & sudo ower-mana$e c"an$eassword admin # ))L ceri!icae% ecowerawE.cer ecowerawE.key # =6)* A3 !rom +L eEamle% & curl -s "%demo.lab.eEamle.comai1in$ T Rsonre!orma # ser yes% normal or$aniQaion admin sueruser #

ser ermissions% read wrie admin eEecue commands c"eck run creae # 3roRecs% arlibawEroRecs & sudo mkdir arlibawEroRecsdemoroRec

& sudo c demo.yml arlibawEroRecsdemoroRec & sudo c"own -= awE arlibawEroRecsdemoroRec ############################################################################### ## +L% /1 =un a command somew"ere else usin$ Ansible & ansible sa$e% ansible <"os-aern> FoionsG (ions% -a M(?L6A=), --ar$sM(?L6A=) module ar$umens --ask-aul-ass ask !or aul assword -5 )6+(?), --back$round)6+(?) run async"ronously, !ailin$ a!er ` seconds /de!aulA -+, --c"eck don; make any c"an$esV insead, ry o redic some o! "e c"an$es "a may occur -?, --di!! w"en c"an$in$ /small !iles and emlaes, s"ow "e di!!erences in "ose !ilesV works $rea wi" --c"eck -e 6`*=AUA=), --eEra-ars6`*=AUA=) se addiional ariables as keyalue or AMLW)( -! 7(=Z), --!orks7(=Z) seci!y number o! arallel rocesses o use /de!aulJ -", --"el s"ow "is "el messa$e and eEi -i U6*(=, --inenory-!ileU6*(= seci!y inenory "os a" /de!aulecansible"oss or comma searaed "os lis. -l )5)6*, --limi)5)6* !ur"er limi seleced "oss o an addiional aern --lis-"oss ouus a lis o! mac"in$ "ossV does no eEecue any"in$ else -m M(?L6AM6, --module-nameM(?L6AM6 module name o eEecue /de!aulcommand -M M(?L63A*', --module-a"M(?L63A*' seci!y a"/s o module library /de!aulone --new-aul-assword-!ile6BUAL*3A))B(=?7L6 new aul assword !ile !or rekey -o, --one-line condense ouu --ouu(*3*7L6 ouu !ile name !or encry or decryV use - !or sdou -3 3(LL*6=UAL, --oll3(LL*6=UAL se "e oll ineral i! usin$ -5 /de!aul1J --synaE-c"eck er!orm a synaE c"eck on "e laybook, bu do no eEecue i - *=66, --ree*=66 lo$ ouu o "is direcory --aul-assword-!ileUAL*3A))B(=?7L6 aul assword !ile -, --erbose erbose mode /- !or more, - o enable connecion debu$$in$ --ersion s"ow ro$ram;s ersion number and eEi +onnecion (ions% conrol as w"om and "ow o connec o "oss -k, --ask-ass ask !or connecion assword --riae-key3=UA*6Z67L6, --key-!ile3=UA*6Z67L6 use "is !ile o au"enicae "e connecion

-u =6M(*6)6=, --user=6M(*6)6= connec as "is user /de!aulone -c +(6+*(, --connecion+(6+*( connecion ye o use /de!aulsmar -* *M6(*, --imeou*M6(* oerride "e connecion imeou in seconds /de!aul10 --ss"-common-ar$s))'+(MM(A=) seci!y common ar$umens o ass o s!scss" /e.$. 3roEy+ommand --s!-eEra-ar$s)7*36`*=AA=) seci!y eEra ar$umens o ass o s! only /e.$. -!, -l --sc-eEra-ar$s)+36`*=AA=) seci!y eEra ar$umens o ass o sc only /e.$. -l --ss"-eEra-ar$s))'6`*=AA=) seci!y eEra ar$umens o ass o ss" only /e.$. -= 3riile$e 6scalaion (ions% conrol "ow and w"ic" user you become as on ar$e "oss

-s, --sudo

run oeraions wi" sudo /noasswd /derecaed, use become - )?()6=, --sudo-user)?()6= desired sudo user /de!aulroo /derecaed, use become -), --su run oeraions wi" su /derecaed, use become -= ))6=, --su-user))6= run oeraions wi" su as "is user /de!aulroo /derecaed, use become -b, --become run oeraions wi" become /does no imly assword romin$ --become-me"od56+(M6M6*'(? riile$e escalaion me"od o use /de!aulsudo, alid c"oices% F sudo T su T brun T !eEec T runas T doas T dQdo G --become-user56+(M6)6= run oeraions as "is user /de!aulroo --ask-sudo-ass ask !or sudo assword /derecaed, use become --ask-su-ass ask !or su assword /derecaed, use become -Z, --ask-become-ass ask !or riile$e escalaion assword

############################################################################### /2 =un Ansible laybook & ansible-laybook sa$e% ansible-laybook laybook.yml (ions% --ask-aul-ass ask !or aul assword -+, --c"eck don; make any c"an$esV insead, ry o redic some o! "e c"an$es "a may occur -?, --di!! w"en c"an$in$ /small !iles and emlaes, s"ow "e di!!erences in "ose !ilesV works $rea wi" --c"eck -e 6`*=AUA=), --eEra-ars6`*=AUA=) se addiional ariables as keyalue or AMLW)( --!lus"-cac"e clear "e !ac cac"e --!orce-"andlers run "andlers een i! a ask !ails -! 7(=Z), --!orks7(=Z)

seci!y number o! arallel rocesses o use /de!aulJ -", --"el s"ow "is "el messa$e and eEi -i U6*(=, --inenory-!ileU6*(= seci!y inenory "os a" /de!aulecansible"oss or comma searaed "os lis. -l )5)6*, --limi)5)6* !ur"er limi seleced "oss o an addiional aern --lis-"oss ouus a lis o! mac"in$ "ossV does no eEecue any"in$ else --lis-a$s lis all aailable a$s --lis-asks lis all asks "a would be eEecued -M M(?L63A*', --module-a"M(?L63A*' seci!y a"/s o module library /de!aulone --new-aul-assword-!ile6BUAL*3A))B(=?7L6 new aul assword !ile !or rekey --ouu(*3*7L6 ouu !ile name !or encry or decryV use - !or sdou --ski-a$s)Z3*A) only run lays and asks w"ose a$s do no mac" "ese alues --sar-a-ask)*A=*A**A)Z sar "e laybook a "e ask mac"in$ "is name --se one-se-a-a-ime% con!irm eac" ask be!ore runnin$ --synaE-c"eck er!orm a synaE c"eck on "e laybook, bu do no eEecue i - *A), --a$s*A) only run lays and asks a$$ed wi" "ese alues --aul-assword-!ileUAL*3A))B(=?7L6 aul assword !ile -, --erbose erbose mode /- !or more, - o enable connecion debu$$in$ --ersion s"ow ro$ram;s ersion number and eEi +onnecion (ions% conrol as w"om and "ow o connec o "oss

-k, --ask-ass ask !or connecion assword --riae-key3=UA*6Z67L6, --key-!ile3=UA*6Z67L6 use "is !ile o au"enicae "e connecion -u =6M(*6)6=, --user=6M(*6)6= connec as "is user /de!aulone -c +(6+*(, --connecion+(6+*( connecion ye o use /de!aulsmar -* *M6(*, --imeou*M6(* oerride "e connecion imeou in seconds /de!aul10 --ss"-common-ar$s))'+(MM(A=) seci!y common ar$umens o ass o s!scss" /e.$. 3roEy+ommand --s!-eEra-ar$s)7*36`*=AA=) seci!y eEra ar$umens o ass o s! only /e.$. -!, -l --sc-eEra-ar$s)+36`*=AA=) seci!y eEra ar$umens o ass o sc only /e.$. -l --ss"-eEra-ar$s))'6`*=AA=) seci!y eEra ar$umens o ass o ss" only /e.$. -= 3riile$e 6scalaion (ions%

conrol "ow and w"ic" user you become as on ar$e "oss

-s, --sudo

run oeraions wi" sudo /noasswd /derecaed, use become - )?()6=, --sudo-user)?()6= desired sudo user /de!aulroo /derecaed, use become -), --su run oeraions wi" su /derecaed, use become -= ))6=, --su-user))6= run oeraions wi" su as "is user /de!aulroo /derecaed, use become -b, --become run oeraions wi" become /does no imly assword romin$ --become-me"od56+(M6M6*'(? riile$e escalaion me"od o use /de!aulsudo, alid c"oices% F sudo T su T brun T !eEec T runas T doas T dQdo G --become-user56+(M6)6= run oeraions as "is user /de!aulroo --ask-sudo-ass ask !or sudo assword /derecaed, use become --ask-su-ass ask !or su assword /derecaed, use become -Z, --ask-become-ass ask !or riile$e escalaion assword

############################################################################### /9 )e u a remoe coy o! ansible on eac" mana$ed node /clone Ansible con!i$uraion !iles !rom i reosiory & ansible-ull sa$e% ansible-ull - FoionsG (ions% --acce-"os-key adds "e "oskey !or "e reo url i! no already added --ask-aul-ass ask !or aul assword -+ +'6+Z(*, --c"eckou+'6+Z(* branc"a$commi o c"eckou. ?e!auls o be"aior o! reosiory module. -d ?6)*, --direcory?6)* direcory o c"eckou reosiory o -e 6`*=AUA=), --eEra-ars6`*=AUA=) se addiional ariables as keyalue or AMLW)( -!, --!orce run "e laybook een i! "e reosiory could no be udaed --!ull ?o a !ull clone, insead o! a s"allow one. -", --"el s"ow "is "el messa$e and eEi -i U6*(=, --inenory-!ileU6*(= seci!y inenory "os a" /de!aulecansible"oss or comma searaed "os lis. -l )5)6*, --limi)5)6* !ur"er limi seleced "oss o an addiional aern --lis-"oss ouus a lis o! mac"in$ "ossV does no eEecue any"in$ else -m M(?L6AM6, --module-nameM(?L6AM6 =eosiory module name, w"ic" ansible will use o c"eck ou "e reo. ?e!aul is $i. -M M(?L63A*', --module-a"M(?L63A*' seci!y a"/s o module library /de!aulone --new-aul-assword-!ile6BUAL*3A))B(=?7L6

-o, --only-i!-c"an$ed

new aul assword !ile !or rekey

only run "e laybook i! "e reosiory "as been udaed --ouu(*3*7L6 ouu !ile name !or encry or decryV use - !or sdou --ur$e ur$e c"eckou a!er laybook run --ski-a$s)Z3*A) only run lays and asks w"ose a$s do no mac" "ese alues -s )L663, --slee)L663 slee !or random ineral /beween 0 and n number o! seconds be!ore sarin$. *"is is a use!ul way o diserse $i reYuess - *A), --a$s*A) only run lays and asks a$$ed wi" "ese alues - =L, --url=L =L o! "e laybook reosiory --aul-assword-!ileUAL*3A))B(=?7L6 aul assword !ile -, --erbose erbose mode /- !or more, - o enable connecion debu$$in$ --eri!y-commi eri!y 3 si$naure o! c"ecked ou commi, i! i !ails abor runnin$ "e laybook. *"is needs "e corresondin$ U+) module o suor suc" an oeraion --ersion s"ow ro$ram;s ersion number and eEi

+onnecion (ions% conrol as w"om and "ow o connec o "oss

-k, --ask-ass ask !or connecion assword --riae-key3=UA*6Z67L6, --key-!ile3=UA*6Z67L6 use "is !ile o au"enicae "e connecion -u =6M(*6)6=, --user=6M(*6)6= connec as "is user /de!aulone -c +(6+*(, --connecion+(6+*( connecion ye o use /de!aulsmar -* *M6(*, --imeou*M6(* oerride "e connecion imeou in seconds /de!aul10 --ss"-common-ar$s))'+(MM(A=) seci!y common ar$umens o ass o s!scss" /e.$. 3roEy+ommand --s!-eEra-ar$s)7*36`*=AA=) seci!y eEra ar$umens o ass o s! only /e.$. -!, -l --sc-eEra-ar$s)+36`*=AA=) seci!y eEra ar$umens o ass o sc only /e.$. -l --ss"-eEra-ar$s))'6`*=AA=) seci!y eEra ar$umens o ass o ss" only /e.$. -= 3riile$e 6scalaion (ions% conrol "ow and w"ic" user you become as on ar$e "oss --ask-sudo-ass ask !or sudo assword /derecaed, use become --ask-su-ass ask !or su assword /derecaed, use become -Z, --ask-become-ass ask !or riile$e escalaion assword

############################################################################### /4 Accessin$ documenaion locally

& ansible-doc sa$e% ansible-doc FoionsG Fmodule...G (ions% -", --"el s"ow "is "el messa$e and eEi -l, --lis Lis aailable modules -M M(?L63A*', --module-a"M(?L63A*' seci!y a"/s o module library /de!aulone -s, --snie )"ow laybook snie !or seci!ied module/s -, --erbose erbose mode /- !or more, - o enable connecion debu$$in$ --ersion s"ow ro$ram;s ersion number and eEi ############################################################################### /J Ansible alaEy ool & ansible-$alaEy sa$e% ansible-$alaEy FdeleeTimorTin!oTiniTinsallTlisTlo$inTremoeTsearc"T seuG F--"elG FoionsG ... (ions% -", --"el -, --erbose --ersion 6Eamles% ansible-$alaEy ansible-$alaEy ansible-$alaEy ansible-$alaEy ansible-$alaEy ansible-$alaEy ansible-$alaEy ansible-$alaEy ansible-$alaEy ansible-$alaEy

s"ow "is "el messa$e and eEi erbose mode /- !or more, - o enable connecion debu$$in$ s"ow ro$ram;s ersion number and eEi searc" --au"or searc" --la!orms <3LA*7(=M> searc" --$alaEy-a$s <*A> in!o <=(L6> insall <=(L6> - <=(L6?=6+*(=> insall -r <=(L61> <=(L62> <=(L69> ... lis remoe <=(L6> ini <=(L6> ini --o!!line <=(L6>

############################################################################### /I 'idin$ secres & ansible-aul sa$e% ansible-aul FcreaeTdecryTediTencryTrekeyTiewG F--"elG FoionsG aul!ile.yml (ions% --ask-aul-ass ask !or aul assword -", --"el s"ow "is "el messa$e and eEi --new-aul-assword-!ile6BUAL*3A))B(=?7L6 new aul assword !ile !or rekey --ouu(*3*7L6 ouu !ile name !or encry or decryV use - !or sdou --aul-assword-!ileUAL*3A))B(=?7L6 aul assword !ile -, --erbose erbose mode /- !or more, - o enable connecion debu$$in$ --ersion s"ow ro$ram;s ersion number and eEi ############################################################################### /K Bindows

& i insall ywinrm

<-- on "e conrol mac"ine

Au"enicaion% a +eri!icae% au"enicaion similar o ))' b Zerberos% y"on-kerberos c +red))3% !or local and domain accouns (n a b c

"e clien/s% 3ower)"ell 9.0 or "i$"er 6nable 3ower)"ell )e u Bin=M%

"s%$i"ub.comansibleansibleblobdeeleEamlesscris+on!i$ure=emoin$7or Ansible.s1 7or Zerberos, on "e clien/s% y"on-deel, krbJ-deel, krbJ-libs, krbJ-worksaion, ywinrm eckrbJ.con!.dansible.con! FrealmsG ad1.&O?P.eEamle.com  O kdc  ad1.&O?P.eEamle.oenlc.com P ;ansible.c!$; eEamle% ansibleconnecionwinrm ansibleuserAdminisraor Bindows Ansible modules eEamles% winin$ winc"ocolaey winserice win!irewall win!irewallrule winuser windomainuser windomainconroller

ansible-cheatsheet

Recommend Documents