Ansible the things

I was a dick to myself and didn’t personally document my Ansible stuff. My redundancy came quite unexpectedly and my Ansible setup was in it’s infancy, so I don’t have concrete documentation of what I did nor did I save my yaml files to my personal space.

Well no more.

Not even out of the blurb and I’m already The freaking Doctor over here.


Ansible’s a sinch. yum install ansible.

Update my hosts file:
$ cat /etc/ansible/hosts

Create playbooks for each group (irl I have multiple groups)
mkdir -p /etc/ansible/playbooks && for line in `grep -E “\[.*\]” /etc/ansible/hosts | tr -d “[]”` ;do touch /etc/ansible/playbooks/${line}.yml ;done

Go through each host in your hosts file, make sure you can connect to them at least once. Ansible won’t wait for you to accept the host for ssh, so you’ll have to do it manually. OR… *cough*
echo “# –” >> ~/.ssh/known_hosts
for line in `grep -vE “\[.*\]|^$” /etc/ansible/hosts` ;do ssh-keyscan -t rsa $line >> ~/.ssh/known_hosts ;done

Configure your ~/.ssh/config file to suit. If you’re keeping consistent, you can just configure a host of * with user and identity file set to a standard login.

Check your connectivity: ansible -m ping all

Punish any trouble makers.

Basic Ansible Playbook

This is the main thing I wish I had kept from PacMags; my little Ansible template playbook. The main thing I like to keep is the “installed software” section with versions. It can be a PITA to manually maintain versions but you sometimes don’t want to be bleeding edge for security and stability reasons.

Let’s look at my CentOS file
# cat centos.yml

- hosts: centos
- name: install basic package
yum: name={{ item }} state=present update_cache=yes
- vim-enhanced
- bind-utils

Pretty simple, right? We’ll get this fixed up soon. For now, I have to go back to working because my morning meeting is finished and it’s time to work 😛

~~ TBC ~~