Dependency for using Ansible.
Python should be installed in both ansible host and also in all target servers
ssh agent should be up and running in all linux target servers
Where the default ansible configuration file and host/inventory file is located
/etc/ansible/ansible.cfg
/etc/ansible/hosts
Executing the ansible module using command-line
ansible host_name/group_name -m ping -i inventory.txt
host_name/group_name -> from inventory file (/etc/ansible/hosts)
-m ping -> module name (here module name ping is passed)
-i inventory.txt -> To pass custom inventory file (Here inventory file named inventory.txt in current directory is passed)
How Host key checking can be disabled/enabled in ansible ?
By default host_key_checking is enabled
In ansible.cfg -> host_key_checking = False
In inventory file -> ansible_ssh_user=vagrant ansible_ssh_port=2222 ansible_ssh_host=127.0.0.1 host_key_checking=false
In ansible.cfg -> ansible_ssh_common_args='-o StrictHostKeyChecking=no'
As environment variable -> export ANSIBLE_HOST_KEY_CHECKING=False (This might not work on newer ansible versions)
what is the difference between defaults and vars folder in ansible role
What is ansible collection ?
Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins. As modules move from the core Ansible repository into collections, the module documentation will move to the collections pages.
Types of Inventories
-> static inventory -> All the Ip are defined in the static file (/etc/ansible/hosts)
-> Dynamic inventory -> It will fetch the Ip's dynamically using the scripts shell,python/plugins
In the earlier version of ansible, we have to write the python script and we have to pass like below for dynamic Inventory
ansible-playbook -i inventory.py playbook.yaml
Now this dynamic inventory scripts are already written for some cloud providers
aws ec2, azure, openstack, gcp, space walk, jails etc..
Update: use aws_ec2 plugin from amazon.aws collection
What is Dynamic inventory ?
Ansible dynamic inventory – AWS{:target=”_blank” rel=”noopener”}
Where ansible.cfg is located and what location of ansible.cfg has higher precedence ?
Changes can be made and used in a configuration file which will be searched for in the following order:
ANSIBLE_CONFIG (environment variable if set)
ansible.cfg (in the current directory)
~/.ansible.cfg (in the home directory)
/etc/ansible/ansible.cfg
Ansible will process the above list and use the first file found, all others are ignored.
What is the default ssh authentication type in ansible ?
SSH using private key
What is the use of host_vars directory ?
Used for keeping different values for each host.
For each host one dedicated file needs to be created with the host name in host_vars directory
host_vars
db01
db02
How to run only specific tasks on ansible playbook ?
Using ansible tags feature we can run only specific tasks
ansible-playbook playbook.yaml --tags=install,config,deploy
How you can run all tasks except one task in ansible playbook ?
Using ansible tags feature we can skip one task and run all other tasks
ansible-playbook playbook.yaml --skip-tags=install
What are the special tags in ansible ?
always and never
What is always tag in ansible ?
If you assign a always tag to tasks or play, ansible will always run that task or play.
If you even want to skip that tag, we can use --skip-tags=always
What is never tag in ansible ?
If you assign a never tag to tasks or play, ansible will skip that task or play.
If you even want to run that tag, we can use --tags=never
What is gathering_facts in ansible ? Is it enabled by default ?
This module takes care of executing the configured facts modules, the default is to use the ansible.builtin.setup module.
This module is automatically called by playbooks to gather useful variables about remote hosts that can be used in playbooks.
It can also be executed directly by /usr/bin/ansible to check what variables are available to a host.
Ansible provides many facts about the system, automatically.
Yes its enabled by default. We can disable by setting gatherings_facts: false in playbook
How you can check which ansible conf file used ?
By running "ansible --version" will show the ansible version and also the configuration file location which is used
What are the default host group in inventory
"all" - includes every host in the inventory
"ungrouped" - includes every host in "all" group that is not a member of another group
How you can save output to a variable and printing that variable
- name: print to stdout
command: echo "hello"
register: out
- debug: msg="{{ out.stdout }}"
- debug: msg="{{ out.stderr }}"
- debug: var=out.stdout_lines
To install package based on distro/os-family
[Older way]
- name: install the latest version of Apache on CentOS
yum: name=httpd state=latest
when: ansible_os_family == "RedHat"
- name: install the latest version of Apache on Debian
apt: pkg=apache2 state=latest
when: ansible_os_family == "Debian"
[Newer way]
- name: Install foo
package: name=httpd state=latest
When the package name differs across OS families, we can handle it with distribution or OS family specific vars files:
Here the package name "httpd" is different for each distro, in Redhat it is "httpd", but for Ubuntu it is "apache2"
---
- hosts: all
remote_user: root
vars_files:
- "vars/common.yml"
- [ "vars/{{ ansible_os_family }}.yml", "vars/os_defaults.yml" ]
tasks:
- name: Install the apache package
package:
name: "{{ apache }}"
state: present
What is handler ?
From one handler we can notify the other handler, but the problem, it is not returning "True" it wont notify the other handlers. After ansible 2.3 version,
The better way is to group the tasks inside "block" (block is also one module)
In block we define the become, remote_user, when condition as common and it will be automatically applied to each task under this block
By default the all the tasks inside the will be executed if the before tasks are suucess. If the last task is returning OK, still it will run the next tasks.
If we want the next task to be executed only if the last task is success, then capture the task status to a variable and use that variable in when condition in the next task
- name: Installing apache2 on Debian(ubuntu)
block:
- name: Installing apache2 on Debian(Ubuntu)
apt: name=apache2 state=present
register: result
- name: Start apache2
service: name=apache2 state=started
register: resultStartingApache2
when: result is succeeded
How to define Nested groups in inventory ?
[mumbai]
example1.com
example2.com
[delhi]
example3.com example4.com
[india:children]
mumbai delhi
How you use use ranges in ip-address in invemtory file ?
192.168.[4:7].[0:255] -> 192.168.4.0 to 192.168.7.255
server[01:20].example.com -> server01.example.com to server20.example.com
[a:c].dns.example.com -> a.dns.example.com to c.dns.example.com
server[01:20].example.com -> will match server01.example.com and not server1.example.com
How to list the hosts from inventory file ?
ansible-inventory --list -> To list the hosts from configured inventory file
ansible-inventory -i inventory --list -> To list the hosts from custom inventory file
How you can convert the inventory file from INI to YAML format ?
ansible-inventory --list -y
How you can encrypt a files in ansible ?
Structure of roles ?
roles/
common/ # this hierarchy represents a "role"
tasks/ #
main.yml # <-- tasks file can include smaller files if warranted
handlers/ #
main.yml # <-- handlers file
templates/ # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #
main.yml # <-- variables associated with this role
defaults/ #
main.yml # <-- default lower priority variables for this role
meta/ #
main.yml # <-- role dependencies
library/ # roles can also include custom modules
module_utils/ # roles can also include custom module_utils
lookup_plugins/ # or other types of plugins, like lookup in this case
webtier/ # same kind of structure as "common" was above, done for the webtier role
monitoring/ # ""
fooapp/ # ""
How you can call the role from ansible playbook ?
---
- hosts: webservers
roles:
- common
- webservers
How you can pass varibales to roles from playbook ?
---
- hosts: webservers
roles:
- common
- role: foo_app_instance
vars:
dir: '/opt/a'
app_port: 5000
tags: typeA
- role: foo_app_instance
vars:
dir: '/opt/b'
app_port: 5001
tags: typeB
How to check if the host is available in the inventory file ?
ansible example.com --list-hosts
If with have same name for both host and group, it will print the host and ignore the group and it will show the warning
In inventory file you have 10 hosts, but you want to execute the module on only one host, how to do it ?
ansible all --limit server1.example.com -m ping
How you can check, what are the ansible configuration, you have overwritten ?
ansible-config dum --only-changed
How you can list all modules available in Ansible ?
ansible-doc -l
How you can get more details of the module using ansible cli ?
To know more details about ping module
ansible-doc ping
Information
Nearly all parameters can be overridden in ansible-playbook or with command line flags.
To list all options of ansible
ansible-config list
Group names in inventory should not include dashes, but underscore is fine
Avoid confusion, do not give a group the same name as host
Inventory files are also supported in yaml format. INI and YAML
Most modules are idempotent, which means they only make changes if a change is needed. Idempotent modules can be run safely multiple times.