stuttgart-things/docs/ansible #
MOLECULE #
https://cloudautomation.pharriso.co.uk/post/vmware-molecule/ https://medium.com/@fabio.marinetti81/validate-ansible-roles-through-molecule-delegated-driver-a2ea2ab395b5
SNIPETS #
TASK-SNIPPETS #
EXTEND ANSIBLE #
EVENT-DRIVEN-ANSIBLE (EDA) #
INSTALLATION #
INSTALLATION ELASTICSEARCH SOURCE PLUGIN #
WEBHOOK RULEBOOK #
ELASTICSEARCH RULEBOOK #
INVENTORY EXAMPLE #
PLAYBOOK EXAMPLES #
RULEBOOK EXECUTION #
RULEBOOK/EDA TRIGGERING #
ANSIBLE-LINT #
SNIPPETS #
VAULT LOOKUPS/REFRESH INVENTORY #
In this example two playbooks are run automatically and consecutively.
- The first playbook run is meant to obtain the login information of the host from vault secrets and modify.
- The second playbook is meant to run through the host, using the login data obtained on the prevoius playbook.
In order for the second playbook to connect to the host, the data obtained from the first playbook is written into the inventory file and the inventory file is then refreshed to work with the new data.
There are two methods for ansible to connect with the host:
- User and Password
- ssh-key
The example shows the use of user and password, however the clarification on how to connect with ssh-key will be done. To connect this way, you have to previously make sure that the ssh-key has already been added to the host. If necesary change /.ssh/config to include the proper key path.
Before we Start #
In order to prepare the system, the following environment variables have to be set in case that they have not ben set by then.
Running multiple playbooks in a sequence. #
Inventory #
An inventory file should be created with the name of the desired host. Note: This file will change automatically throughout the process.
Playbook1 #
The following playbook uses the enviornment variables to connect into vault and extract the secrets needed to connect to the host. The username and password are saved into the inventory file (if the inv file is not in the same directory as the playbook, then the path under the “Write vars on inv file” task must be modified.). The ssh-keys (public and private) are stored as ~/.ssh/vault_key. Finally the inventory is refreshed with the new user data included.
For ssh connection: To connect via ssh instead of username and password, change the line within the task “Write vars on inv file”. Remove the hashtag (#) before ansible_connection and add a hashtag before ansible_user and ansible_pasword.
After the first playbook is run, the inventory will look as follows:
Playbook2 #
The second playbook connects to the host with the information obtained by the first playbook and then runs the desired tasks on the host. The playbook contains a general example of a task to be run within the host, and it is currenlty used to verify that the connection was made.
Consecutively running multiple playbooks within one playbook #
The following format can be used to list the playbooks in the order in which they should be run.
Afterwards, you can run the following command, and the playbooks will be run: