diff options
Diffstat (limited to 'content/blog/ansible')
| -rw-r--r-- | content/blog/ansible/_index.md | 5 | ||||
| -rw-r--r-- | content/blog/ansible/ansible-vault-example.md | 30 | ||||
| -rw-r--r-- | content/blog/ansible/custom-fact.md | 14 | ||||
| -rw-r--r-- | content/blog/ansible/dump-all-vars.md | 14 |
4 files changed, 38 insertions, 25 deletions
diff --git a/content/blog/ansible/_index.md b/content/blog/ansible/_index.md deleted file mode 100644 index 3730fd7..0000000 --- a/content/blog/ansible/_index.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Ansible" -linkTitle: "Ansible" -weight: 30 ---- diff --git a/content/blog/ansible/ansible-vault-example.md b/content/blog/ansible/ansible-vault-example.md index fb6ef45..ac68feb 100644 --- a/content/blog/ansible/ansible-vault-example.md +++ b/content/blog/ansible/ansible-vault-example.md @@ -1,17 +1,31 @@ --- title: "Ansible vault example" -linkTitle: "Ansible vault example" date: 2018-02-21 -description: > - Ansible vault example +description: Getting started with ansible vault +tags: + - ansible --- +## Editing a protected file + Here is how to edit a vault protected file : {{< highlight sh >}} ansible-vault edit hostvars/blah.yml {{< / highlight >}} -Here is how to put a multiline entry like a private key in vault (for a simple value, just don't use a `|`): +## Using a vault entry in a task or a jinja template + +It is as simple as using any variable : +{{< highlight yaml >}} +- copy: + path: /etc/ssl/private.key + mode: 0400 + content: '{{ ssl_key }}' +{{< / highlight >}} + +## How to specify multiple lines entries + +This is actually a yaml question, not a vault one but since I ask myself this frequently in this context here is how to put a multiple lines entry like a private key in vault (for a simple value, just don't use a `|`): {{< highlight yaml >}} ssl_key : | @@ -21,13 +35,7 @@ ssl_key : | ----- END PRIVATE KEY ----- {{< /highlight >}} -And here is how to use it in a task : -{{< highlight yaml >}} -- copy: - path: /etc/ssl/private.key - mode: 0400 - content: '{{ ssl_key }}' -{{< / highlight >}} +## How to run playbooks when vault values are needed To run a playbook, you will need to pass the `--ask-vault` argument or to export a `ANSIBLE_VAULT_PASSWORD_FILE=/home/julien/.vault_pass.txt` variable (the file needs to contain a single line with your vault password here). diff --git a/content/blog/ansible/custom-fact.md b/content/blog/ansible/custom-fact.md index 21e3300..10ab6bc 100644 --- a/content/blog/ansible/custom-fact.md +++ b/content/blog/ansible/custom-fact.md @@ -1,17 +1,19 @@ --- title: "Ansible custom facts" -linkTitle: "Ansible custom facts" date: 2018-09-25 -description: > - How to write custom facte with ansible +description: How to write custom facts with ansible +tags: + - ansible --- +## Introduction + Custom facts are actually quite easy to implement despite the lack of documentation about it. -## How they work +## How custom facts work On any Ansible controlled host — that is, the remote machine that is being controlled and not the machine on which the playbook is run — you just need to create a directory at -`/etc/ansible/facts.d`. Inside this directory, you can place one or more `*.fact` files. These are files that return JSON data, which will then be included in the raft of facts that +`/etc/ansible/facts.d`. Inside this directory, you can place one or more `*.fact` files. These are files that must return JSON data, which will then be included in the raft of facts that Ansible gathers. The facts will be available to ansible at `hostvars.host.ansible_local.<fact_name>`. @@ -31,7 +33,7 @@ This will give you the fact `hostvars.host.ansible_local.mysql.password` for thi ## A more complex example A more interesting example is something I use with small webapps. In the container that hosts the frontent I use a small ansible role to generate a mysql password on its first run, and -provision a database with a user that has access to it on a mysql server. This fact ensures that on subsequent runs we will stay idempotents. Here is how it works. +provision a database with a user that has access to it on a mysql server. This fact ensures that on subsequent runs we will stay idempotent. First the fact from before, only slightly modified : {{< highlight sh >}} diff --git a/content/blog/ansible/dump-all-vars.md b/content/blog/ansible/dump-all-vars.md index d5991a3..e1dea05 100644 --- a/content/blog/ansible/dump-all-vars.md +++ b/content/blog/ansible/dump-all-vars.md @@ -1,11 +1,13 @@ --- title: "Dump all ansible variables" -linkTitle: "Dump all ansible variables" date: 2019-10-15 -description: > - How to dump all variables used by ansible +description: How to dump all variables used by ansible in a task +tags: + - ansible --- +## Task to use + Here is the task to use in order to achieve that : {{< highlight yaml >}} @@ -13,6 +15,8 @@ Here is the task to use in order to achieve that : action: template src=dumpall.j2 dest=ansible.all {{< /highlight >}} +## Associated template + And here is the template to use with it : {{< highlight jinja >}} @@ -36,3 +40,7 @@ HOST Variables ("hostvars"): -------------------------------- {{ hostvars | to_nice_json }} {{< /highlight >}} + +## Output + +If you are running a local task, the output will be in your playbook directory. Otherwise, it will be on the target machine(s) in a `.ansible/tmp/ansible.all` file under the user your are connecting the machine(s)' with. |