Mount-Mockery - ansible

/mycreole/attachment/it/howto/ansible/ansible.png

Basic folder structure

.
├── ansible.cfg                             <-- The ansible configuration file
├── files
│   └── <filename>.conf                     <-- General files
├── host_vars
│   └── <host>.yml                          <-- Variables for specic <host>s
├── inventory                               <-- The inventory
├── requirements.txt                        <-- Optional a requirements-file for the python virtual environment
├── roles
│   └── <your_role>                         <-- Your role
│       ├── defaults                        <-- With default paremeters, if you don't define them in your playbook
│       │   └── main.yml
│       ├── files                           <-- Files for this role
│       │   └── <filename>.conf
│       ├── handlers                        <-- Handlers to trigger post actions to e.g. restart a service services
│       │   └── main.yml
│       ├── tasks                           <-- The "playbook" of this role
│       │   └── main.yml
│       └── templates                       <-- Template for this role
│           └── <role_template>.j2
├── secrets                                 <-- Secrets (e.g. passwords, ...) - You should encrypt this with ansible-vault
├── site.yml                                <-- Your main playbook
├── templates                               <-- General templates
│   └── <template>.j2
└── vpass.txt                               <-- Optional a file to store the vault password (configuration in ansible.cfg)

Precondtions

requirements.txt

You need to define the modules / libraries to be installed. You need at least the module ansible. The following requirements are recommended:

ansible
ansible-lint

Create the virtual environment

With the following commands...

$ python -m venv venv
$ source venv/bin/activate
$ pip install -r requirements.txt

If you want to use ansible in a later session, you just need the source command to enable the ansible environment.

Client precondtion

You need a client which is reachable via ssh with a key, so that you don't need to give a password. You need to know the sudo passsword to get privileged access.

$ ssh -i ~/.ssh/ansible ansible@<hostname>
ansible@<hostname>:~ $

Basic configuration / Setup

In the basic setup, you will get an example for every file / folder. You should be able to

ansible.cfg

[defaults]
inventory = inventory
private_key_file = ~/.ssh/ansible
remote_user=ansible
vault_password_file=vpass.txt

host_vars

<your_key>: <your_value>

inventory

[all]
<hostname>

secrets

A file in yaml format, to define som secret stuff passwords. You should encode this File with ansible-vault.

site.yml

Your playbook

templates

Jinja template

vpass.txt

Just a password to decrypt your encrypted files. You can also give this password on the command line.

Roles