diff --git a/YAMLSyntax.html b/YAMLSyntax.html index 184aa483cb..e44ea11d1d 100644 --- a/YAMLSyntax.html +++ b/YAMLSyntax.html @@ -289,7 +289,7 @@ languages:
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
The ‘setup’ module that ships with Ansible provides many variables about a system that can be used in playbooks and templates. However, it’s possible to also add your own facts without modifying the system module. To do -this, just have the module return a ansible_facts key, like so, along with other return data. This requires -Ansible 0.4 and later:
+this, just have the module return a ansible_facts key, like so, along with other return data:{
"changed" : True,
"rc" : 5,
@@ -469,7 +468,7 @@ Stop by the mailing list to inquire about requirements.
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
Executes a low-down and dirty SSH command, not going through the module subsystem. -This module is new in Ansible 0.4.
+Executes a low-down and dirty SSH command, not going through the module subsystem.
This is useful and should only be done in two cases. The first case is installing python-simplejson on older (python 2.4 and before) hosts that need it as a dependency to run modules, since nearly all core modules require it. Another is speaking to any @@ -1275,7 +1274,7 @@ yum name=httpd state=installed
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
Using Ansible 0.4, it is possible to make groups of groups and assign +
It is also possible to make groups of groups and assign variables to groups. These variables can be used by /usr/bin/ansible-playbook, but not /usr/bin/ansible:
[atlanta]
@@ -380,7 +380,7 @@ a Page
- Playbooks
-- Playbook Example
+- Playbook Language Example
- Basics
- Hosts and Users
- Vars section
@@ -157,7 +157,7 @@ s.parentNode.insertBefore(ga, s);
- Running Operations On Change
-- Include Files And Reuse
+- Include Files And Encouraging Reuse
- Executing A Playbook
- Tips and Tricks
@@ -189,11 +189,10 @@ s.parentNode.insertBefore(ga, s);
Playbooks¶
-Playbooks are a completely different way to use ansible and are
-particularly awesome. They are the basis for a really simple
+
Playbooks are a completely different way to use ansible than in task execution mode, and are
+particularly awesome. Simply put, playbooks are the basis for a really simple
configuration management and multi-machine deployment system,
-unlike any that already exist, and
-one that is very well suited to deploying complex applications.
+unlike any that already exist, and one that is very well suited to deploying complex applications.
Playbooks can declare configurations, but they can also orchestrate steps of
any manual ordered process, even as different steps must bounce back and forth
between sets of machines in particular orders. They can launch tasks
@@ -205,10 +204,13 @@ remote systems are in spec.
Let’s dive in and see how they work. As you go, you may wish to open
the github examples directory in
another tab, so you can apply the theory to what things look like in practice.
-
-Playbook Example¶
+
+Playbook Language Example¶
Playbooks are expressed in YAML format and have a minimum of syntax.
Each playbook is composed of one or more ‘plays’ in a list.
+The goal of a play is map a group of hosts to some well defined roles, represented by
+things ansible called tasks. At the basic level, a task is nothing more than a call
+to an ansible module, which you should have learned about in earlier chapters.
By composing a playbook of multiple ‘plays’, it is possible to
orchestrate multi-machine deployments, running certain steps on all
machines in the webservers group, then certain steps on the database
@@ -285,21 +287,18 @@ this does not come into play. Ansible also takes care to not log password parame
These variables can be used later in the playbook like this:
$varname or ${varname}
-The later is useful in the event you need to do something like ${other}_concatenated_value.
-The full power of the Jinja2 templating language is also available (note: in 0.4, this is only true inside of templates), which looks like this:
+The later is useful in the event you need to do something like ${other}_some_string.
+The full power of the Jinja2 templating language is also available, which looks like this:
{{ varname }}
The Jinja2 documentation provides information about how to construct loops and conditionals for those
who which to use more advanced templating. This is optional and the $varname format still works in template
files.
-If there are discovered variables about the system (ansible provides some of these,
-plus we include ones taken from facter or ohai if installed) these variables bubble up back into the
-playbook, and can be used on each system just like explicitly set
-variables.
-Facter variables are prefixed with facter_ and Ohai
-variables are prefixed with ohai_. Ansible variables (0.3 and later)
-are not surprisingly prefixed with ansible_ (See the setup module
-documentation for a list of Ansible variables).
+If there are discovered variables about the system, called ‘facts’, these variables bubble up back into the
+playbook, and can be used on each system just like explicitly set variables. Ansible provides several
+of these, prefixed with ‘ansible’, and are documented under setup in the module documentation. Additionally,
+facts can be gathered by ohai and facter if they are installed. Facter variables are prefixed with facter_ and Ohai
+variables are prefixed with ohai_.
So for instance, if I wanted
to write the hostname into the /etc/motd file, I could say:
- name: write the motd
@@ -314,19 +313,22 @@ to write the hostname into the /etc/motd file, I could say:
Tasks list¶
Each play contains a list of tasks. Tasks are executed in order, one
at a time, against all machines matched by the host pattern,
-before moving on to the next task.
-Hosts with failed tasks are taken out of the rotation for the entire
-playbook. If things fail, simply correct the playbook file and rerun.
+before moving on to the next task. It is important to understand that, within a play,
+all hosts are going to get the same task directives. It is the purpose of a play to map
+a selection of hosts to tasks.
+When running the playbook, which runs top to bottom, hosts with failed tasks are
+taken out of the rotation for the entire playbook. If things fail, simply correct the playbook file and rerun.
The goal of each task is to execute a module, with very specific arguments.
Variables, as mentioned above, can be used in arguments to modules.
-Modules other than command and shell are ‘idempotent’, meaning if you run them
+
Modules are ‘idempotent’, meaning if you run them
again, they will make the changes they are told to make to bring the
system to the desired state. This makes it very safe to rerun
the same playbook multiple times. They won’t change things
unless they have to change things.
-The command and shell modules will actually rerun the same command again,
+
The command and shell modules will typically rerun the same command again,
which is totally ok if the command is something like
-‘chmod’ or ‘setsebool’, etc.
+‘chmod’ or ‘setsebool’, etc. Though there is a ‘creates’ flag available which can
+be used to make these modules also idempotent.
Every task should have a name, which is included in the output from
running the playbook. This is output for humans, so it is
nice to have reasonably good descriptions of each task step. If the name
@@ -345,6 +347,18 @@ them work just like you would expect. Simple:
- name: disable selinux
action: command /sbin/setenforce 0
+The command and shell module care about return codes, so if you have a command
+who’s successful exit code is not zero, you may wish to do this:
+
+
+- tasks:
+
+- name: run this command and ignore the result
+action: shell /usr/bin/somecommand & /bin/true
+
+
+
+
Variables can be used in action lines. Suppose you defined
a variable called ‘vhost’ in the ‘vars’ section, you could do this:
tasks:
@@ -352,11 +366,13 @@ a variable called ‘vhost’ in the ‘vars’ section, you cou
action: template src=somefile.j2 dest=/etc/httpd/conf.d/$vhost
Those same variables are usable in templates, which we’ll get to later.
+Now in a very basic playbook all the tasks will be listed directly in that play, though it will usually
+make more sense to break up tasks using the ‘include:’ directive. We’ll show that a bit later.
Running Operations On Change¶
-As we’ve mentioned, nearly all modules are written to be ‘idempotent’ and can relay when
+
As we’ve mentioned, modules are written to be ‘idempotent’ and can relay when
they have made a change on the remote system. Playbooks recognize this and
have a basic event system that can be used to respond to change.
These ‘notify’ actions are triggered at the end of each ‘play’ in a playbook, and
@@ -391,11 +407,13 @@ won’t need them for much else.
Notify handlers are always run in the order written.
-
-Include Files And Reuse¶
+
+Include Files And Encouraging Reuse¶
Suppose you want to reuse lists of tasks between plays or playbooks. You can use
-include files to do this.
-An include file simply contains a flat list of tasks, like so:
+include files to do this. Use of included task lists is a great way to define a role
+that system is going to fulfill. Remember, the goal of a play in a playbook is to map
+a group of systems into multiple roles. Let’s see what this looks like...
+A task include file simply contains a flat list of tasks, like so:
---
# possibly saved as tasks/foo.yml
- name: placeholder foo
@@ -403,11 +421,11 @@ include files to do this.
- name: placeholder bar
action: command /bin/bar
-Include directives look like this:
+Include directives look like this, and can be mixed in with regular tasks in a playbook:
- tasks:
- include: tasks/foo.yml
-You can also pass variables into includes directly. We might call this a ‘parameterized include’.
+You can also pass variables into includes. We call this a ‘parameterized include’.
For instance, if deploying multiple wordpress instances, I could
contain all of my wordpress tasks in a single wordpress.yml file, and use it like so:
- tasks:
@@ -415,16 +433,16 @@ contain all of my wordpress tasks in a single wordpress.yml file, and use it lik
- include: wordpress.yml user=alice
- include: wordpress.yml user=bob
-Variables passed in can be used in the included files. You can reference them like this:
+Variables passed in can then be used in the included files. You can reference them like this:
$user
-In addition to the explicitly passed in parameters, all variables from
-the vars section are also available for use here as well.
+(In addition to the explicitly passed in parameters, all variables from
+the vars section are also available for use here as well.)
Note
-Include statements are only usable from the top level
-playbook file. This means includes can not include other
-includes. This may be implemented in a later release.
+Task include statements are only usable one-level deep.
+This means task includes can not include other
+task includes. This may change in a later release.
Includes can also be used in the ‘handlers’ section, for instance, if you
want to define how to restart apache, you only have to do that once for all
@@ -440,9 +458,12 @@ of a play:
- include: handlers/handlers.yml
You can mix in includes along with your regular non-included tasks and handlers.
-Note that you can not conditionally path the location to an include file, like you can
+
NOTE:: you can not conditionally path the location to an include file, like you can
with ‘vars_files’. If you find yourself needing to do this, consider how you can
-restructure your playbook to be more class/role oriented.
+restructure your playbook to be more class/role oriented. This is to say you cannot
+use a ‘fact’ to decide what include file to use. All hosts contained within the play
+are going to get the same tasks. (‘only_if’ provides some ability for hosts to conditionally
+skip tasks).
Executing A Playbook¶
@@ -514,7 +535,7 @@ package is installed. Try it!
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
diff --git a/playbooks2.html b/playbooks2.html
index 27456e5886..aac35f3e10 100644
--- a/playbooks2.html
+++ b/playbooks2.html
@@ -149,9 +149,10 @@ s.parentNode.insertBefore(ga, s);
class="dropdown-toggle">Page
- Advanced Playbooks
+- Tags
+- Playbooks Including Playbooks
- Accessing Complex Variable Data
- Accessing Information About Other Hosts
-- Magic Variables
- Variable File Seperation
- Prompting For Sensitive Data
- Passing Variables On The Command Line
@@ -161,7 +162,11 @@ s.parentNode.insertBefore(ga, s);
- Selecting Files And Templates Based On Variables
- Asynchronous Actions and Polling
- Local Playbooks
+- Turning Off Facts
- Pull-Mode Playbooks
+- Style Points
+
+
@@ -195,11 +200,44 @@ s.parentNode.insertBefore(ga, s);
are not neccessary, but many of them will prove useful. If a feature doesn’t seem immediately
relevant, feel free to skip it. For many people, the features documented in playbooks will
be 90% or more of what they use in Ansible.
+
+Tags¶
+(New in 0.6) If you have a large playbook it may become useful to be able to run a specific
+part of the configuration. Both plays and tasks support a “tags:” attribute for this reason.
+Example:
+tasks:
+
+ - action: yum name=$item state=installed
+ with_items:
+ - httpd
+ - memcached
+ tags:
+ - packages
+
+ - action: template src=templates/src.j2 dest=/etc/foo.conf
+ tags:
+ - configuration
+
+If you wanted to just run the “configuration” and “packages” part of a very long playbook, you could do this:
+ansible-playbook example.yml --tags "configuration,packages"
+
+
+
+Playbooks Including Playbooks¶
+(New in 0.6) To further advance the concept of include files, playbook files can include other playbook
+files. Suppose you define the behavior of all your webservers in “webservers.yml” and
+all your database servers in “dbservers.yml”. You can create a “site.yml” that would
+reconfigure all of your systems like this:
+----
+- include: playbooks/webservers.yml
+- include: playbooks/dbservers.yml
+
+This concept works great with tags to rapidly select exactly what plays you want to run, and exactly
+what parts of those plays.
-Accessing Complex Variable Data¶
+Accessing Complex Variable Data¶
Some provided facts, like networking information, are made available as nested data structures. To access
-them a simple ‘$foo’ is not sufficient, but it is still easy to do. Here’s how we get an IP address using
-Ansible 0.4 and later:
+them a simple ‘$foo’ is not sufficient, but it is still easy to do. Here’s how we get an IP address:
${ansible_eth0.ipv4.address}
It is also possible to access variables whose elements are arrays:
@@ -212,19 +250,14 @@ that is preferred:
-Accessing Information About Other Hosts¶
+Accessing Information About Other Hosts¶
If your database server wants to check the value of a ‘fact’ from another node, or an inventory variable
-assigned to another node, it’s easy to do so within a template or even an action line (note: this uses syntax available in 0.4 and later):
+assigned to another node, it’s easy to do so within a template or even an action line:
${hostvars.hostname.factname}
NOTE: No database or other complex system is required to exchange data between hosts. The hosts that you
want to reference data from must be included in either the current play or any previous play.
-
-
-Magic Variables¶
-Some variables made available to hosts don’t come from definitions in a playbook, the inventory file, or discovery from the system. There are only two of these, and are used in special cases that many users won’t need.
-group_names is a list (array) of all the groups the current host is in. This can be used in templates using Jinja2
-syntax to make template source files that vary based on the group membership (or role) of the host:
+Additionally, group_names is a list (array) of all the groups the current host is in. This can be used in templates using Jinja2 syntax to make template source files that vary based on the group membership (or role) of the host:
{% if 'webserver' in group_names %}
# some part of a configuration file that only applies to webservers
{% endif %}
@@ -238,10 +271,12 @@ For example:
Use cases include pointing a frontend proxy server to all of the app servers, setting up the correct firewall rules between servers, etc.
inventory_hostname is the name of the hostname as configured in Ansible’s inventory host file. This can
be useful for when you don’t want to rely on the discovered hostname ansible_hostname or for other mysterious
-reasons. Don’t worry about it unless you think you need it.
+reasons. If you have a long FQDN, inventory_hostname_short (in Ansible 0.6) also contains the part up to the first
+period.
+Don’t worry about any of this unless you think you need it. You’ll know when you do.
-Variable File Seperation¶
+Variable File Seperation¶
It’s a great idea to keep your playbooks under source control, but
you may wish to make the playbook source public while keeping certain
important variables private. Similarly, sometimes you may just
@@ -267,9 +302,10 @@ sharing your playbook source with them.
somevar: somevalue
password: magic
+NOTE: It’s also possible to keep per-host and per-group variables in very similar files, this is covered in Inventory & Patterns.
-Prompting For Sensitive Data¶
+Prompting For Sensitive Data¶
You may wish to prompt the user for certain input, and can
do so with the similarly named ‘vars_prompt’ section. This has uses
beyond security, for instance, you may use the same playbook for all
@@ -286,17 +322,37 @@ in a push-script:
favcolor: "what is your favorite color?"
There are full examples of both of these items in the github examples/playbooks directory.
+An alternative form of vars_prompt allows for hiding input from the user, and may later support
+some other options, but otherwise works equivalently:
+vars_prompt:
+ - name: "some_password"
+ prompt: "Enter password"
+ private: True
+ - name: "release_version"
+ prompt: "Product release version"
+ private: False
+
In addition to vars_prompt and vars_files, it is possible to send variables over the ansible command line. This is particularly useful when writing a generic release playbook where you may want to pass in the version of the application to deploy:
ansible-playbook release.yml --extra-vars "version=1.23.45 other_variable=foo"
This is useful, for, among other things, setting the hosts group or the user for the playbook.
+Example:
+-----
+- user: $user
+ hosts: $hosts
+ tasks:
+ - ...
+
+ansible-playbook release.yml --extra-vars "hosts=vipers user=starbuck"
+Sometimes you will want to skip a particular step on a particular host. This could be something as simple as not installing a certain package if the operating system is a particular version, or it could be something like performing some cleanup steps if a filesystem is getting full.
@@ -306,22 +362,32 @@ Don’t panic – it’s actually pretty simple: favcolor: blue is_favcolor_blue: "'$favcolor' == 'blue'" is_centos: "'$facter_operatingsystem' == 'CentOS'" + tasks: - name: "shutdown if my favorite color is blue" action: command /sbin/shutdown -t now only_if: '$is_favcolor_blue'Variables from tools like facter and ohai can be used here, if installed, or you can -use variables that bubble up from ansible (0.3 and later). As a reminder, +use variables that bubble up from ansible, which many are provided by the setup module. As a reminder, these variables are prefixed, so it’s $facter_operatingsystem, not $operatingsystem. Ansible’s -built in variables are prefixed with ansible_. The only_if -expression is actually a tiny small bit of Python, so be sure to quote variables and make something +built in variables are prefixed with ansible_.
+The only_if expression is actually a tiny small bit of Python, so be sure to quote variables and make something that evaluates to True or False. It is a good idea to use ‘vars_files’ instead of ‘vars’ to define all of your conditional expressions in a way that makes them very easy to reuse between plays and playbooks.
+You cannot use live checks here, like ‘os.path.exists’, so don’t try.
+It’s also easy to provide your own facts if you want, which is covered in Module Development. To run them, just +make a call to your own custom fact gathering module at the top of your list of tasks, and variables returned +there will be accessible to future tasks:
+tasks:
+ - name: gather site specific fact data
+ action: site_facts
+ - action: command echo ${my_custom_fact_can_be_used_now}
+Sometimes you will want to do certain things differently in a playbook based on certain criteria. Having one playbook that works on multiple platforms and OS versions is a good example.
As an example, the name of the Apache package may be different between CentOS and Debian, @@ -364,7 +430,7 @@ in more streamlined & auditable configuration rules – especially becau minimum of decision points to track.
To save some typing, repeated tasks can be written in short-hand like so:
- name: add user $item
action: user name=$item state=present groups=wheel
@@ -372,6 +438,9 @@ minimum of decision points to track.
- testuser1
- testuser2
If you have defined a YAML list in a variables file, or the ‘vars’ section, you can also do:
+with_items: $somelist
+The above would be the equivalent of:
- name: add user testuser1
action: user name=testuser1 state=present groups=wheel
@@ -382,9 +451,9 @@ minimum of decision points to track.
manager transactions.
Sometimes a configuration file you want to copy, or a template you will use may depend on a variable. -The following construct (new in 0.4) selects the first available file appropriate for the variables of a given host, +The following construct selects the first available file appropriate for the variables of a given host, which is often much cleaner than putting a lot of if conditionals in a template.
The following example shows how to template out a configuration file that was very different between, say, CentOS and Debian:
@@ -396,7 +465,7 @@ CentOS and Debian:By default tasks in playbooks block, meaning the connections stay open until the task is done on each node. If executing playbooks with a small parallelism value (aka --forks), you may wish that long @@ -446,7 +515,7 @@ tasks even faster. This also increases the efficiency of polling.
It may be useful to use a playbook locally, rather than by connecting over SSH. This can be useful for assuring the configuration of a system by putting a playbook on a crontab. This may also be used to run a playbook inside a OS installer, such as an Anaconda kickstart.
@@ -459,10 +528,19 @@ use the default remote connection type: connection: localIf you know you don’t need any fact data about your hosts, and know everything about your systems centrally, you +can turn off fact gathering. This has advantages in scaling ansible in push mode with very large numbers of +systems, mainly, or if you are using Ansible on experimental platforms. In any play, just do this:
+- hosts: whatever
+ gather_facts: False
+The use of playbooks in local mode (above) is made extremely powerful with the addition of ansible-pull in the -0.4 release. A script for setting up ansible-pull is provided in the examples/playbooks directory of the source +
The use of playbooks in local mode (above) is made extremely powerful with the addition of ansible-pull. +A script for setting up ansible-pull is provided in the examples/playbooks directory of the source checkout.
The basic idea is to use Ansible to set up a remote copy of ansible on each managed node, each set to run via cron and update playbook source via git. This interverts the default push architecture of ansible into a pull @@ -470,6 +548,11 @@ architecture, which has near-limitless scaling potential. The setup playbook ca the cron frequency, logging locations, and parameters to ansible-pull.
This is useful both for extreme scale-out as well as periodic remediation. Usage of the ‘fetch’ module to retrieve logs from ansible-pull runs would be an excellent way to gather and analyze remote logs from ansible-pull.
+Ansible playbooks are colorized. If you do not like this, set the ANSIBLE_NOCOLOR=1 environment variable.
+Ansible playbooks also look more impressive with cowsay installed, and we encourage installing this package.
See also
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.
© Copyright 2012 Michael DeHaan.
- Last updated on Jul 30, 2012.
+ Last updated on Jul 31, 2012.