Roles Flashcards
What is the list of files and folders pertaining to a role called database?
database/defaults/main.yml /database/vars/main.yml /database/handlers/main.yml /database/files /database/templates /database/tasks/main.yml /database/meta/main.yml
How do I change the location of systemwide roles?
In ansible.cfg, change the defaulst.
[defaults]
roles_path=~/ansible/system_roles
This can also be done by setting env variable ANSIBLE_ROLES_APTH
Do ansible have a notion of importing or including other playbooks?
Yes. Use include to include tasks and plays.
include: django.yml
A variable proxy_hostname is defined in role database. I sit visible in a different role web?
Yes. Ansible has no notion of namespace across roles. A variable defined in one role will be visible everywhere else.
What is the difference between tasks in a playbook and tasks in a role?
In a role, default location for files is /rolename/files or /rolename/templates for templates.
In a normal playbook the default location is inventory location.
This has an impact on copy and template modules.
What is ansible-galaxy?
A command line tool that is used to find and download roles published by the community.
It can also be used to generate the skeleton for creating a role.
How do use galaxy to create a role scaffolding?
ansible-galaxy init -p playbooks/roles web
How do you declare role dependency?
dependencies:
- { role: ntp, ntp_server=ntp.ubuntu.com}
- { role: memcached}
- { role: activemq}
What is Ansible Galaxy?
An open source repo of community contributed ansible roles.
Install ntp role bennojoy from galaxy
ansible-galaxy install -p ./roles bennojoy.ntp
Where does ansible galaxy install roles by default?
In system wide roles location
List installed roles with galaxy
ansible-galaxy list
Uninstall a role with galaxy
ansible-galaxy remove bennojoy.ntp
How do you change the way ansible detect if a task has changed a state or failed?
use change_when and failed_when
What is ansible behavior when a task failed and how do you change this behavior?
- Ansible stops the processing when a task failed
- To change this behavior use failed_when: False
Explain following task:
- copy: src=/src/main/java/Job.java /src/main/java/Job.java failed_when: False register: result debug: var=result fail:
- Attempt to copy file Job1.java into Job.java
- If the task fails, do not stop
- register the result in the variable called result
- log the result
- stop the playbook execution
Ansible ad-hoc command to delete a prostgres db called players
- ansible –become –become-user postgres -m postgresql_db -a “name=players state=absent”
Where can I use filters in Ansible?
Inside {{}} and inside templates
What is the similitude between filters and pipes?
Using filters resembles using linux pipes. A variable is pipled through a filter.
Give an example of default filter and explain
“HOST”: “{{ database_host | default(‘localhost’) }}”
Expression evaluates to database_host if it is defined; otherwise it evaluates to ‘localhost’.
Examples of variable filters
failed, changed, success, skipped
Examples of file filters
basename, dirname, expanduser, realpath
Example that shows the usage of basename filter
vars:
home: /usr/share/nginx/html/index.html
tasks:
- copy: src=files/index.html dest= {{ home }}
With basename filter:
vars:
home: /usr/share/nginx/html/index.html
tasks:
- copy: src=files/{{ home | basename }} dest= {{ home }}
Explain the join filter
join a list of strings with a given delimiter
HOSTS: “{{ domains | join(‘,’)}}”
Where does ansible look for custom filters?
in folder filter_plugins, relatively to the directory containing playbooks
or location can be defined using env variable ANSIBILE_FILTER_PLUGINS
What are lookups?
An ansible mechanism to to read configuration data from various sources so that this data can be used in playbooks or templates.
Give example of lookups
file, password, pipe, env, template, csvfile, redis_kv, etcd
Provide lookup command to log SSH key from /Users/paul/.ssh/id_rsa.pub into a variable.
debug: var={{ lookup(‘file’,’/Users/paul/.ssh/id_rsa.pub’) }}
What is goal of the pipe lookup?
Evaluate an external program on the control machine. Such as checking the version of git source base.
debug: msg=”{{lookup(‘pipe’, ‘git rev-parse HEAD’) }}”
What is goal of the env lookup?
Retrieves the value of an environment variable on the control machine.
debug: msg=”{{lookup(‘env’, ‘SHELL’) }}”
What is goal of the password lookup?
Generate a random password and ALSO write it to the specifed file.
-name: create deploy user
postgresql_user:
user: deploy
password: “{{ lookup(‘password’,’deploy-password.txt’)}}”
What is goal of the template lookup?
Evaluate a jinja2 template and return the result.
denug: msg=”{{ lookup(‘template’,’message.j2’)}}”
What is goal of the csvfile lookup?
Read an entry from csv file
debug msg=”{{ lookup(‘csffile’,’Paul file=file.csv delimiter=, col=1’) }}”
col=the column to retrieve
Paul=the row to retrieve; must appear exactly once in column 0.
What is goal of the redis lookup?
Read an entry from redis
debug: msg=”{{ lookup(‘redix_kv’, ‘redis://host:port, my_key’) }}”
What is goal of the etcd lookup?
Read entry from etcd”
debug: msg=”{{ lookup(‘etcd’,’my_key’)}}”
etcd is defined in ANSIBLE_ETCD_URL
How do you loop in Ansible?
Use: with_items, with_lines, with_dict, with_fileglob, with_flattened, with_first_found, etc.
Explain with_lines
Run a command on the control machine and loop over its result, line by line.
- name: log the content of a file line by line
debug: msg=”{{ lookup(‘file’,item)}}”
with_lines:
- cat /files/turing.txt
Explain with_fileglob
Iterates over a set of files on the control machine
- name: log the content of each file in directory
debug: msg=”{{ lookup(‘file’,item)}}”
with_lines:
- /files/.txt
- /var/logs/log
Explain with_dict
iterate over a dictionary
-name: iterate over dict
debug: msg=”{{ item.key}}={{ item.value }}”
with_dict: {{ ansible_eth0.ip4 }}
What is the relationship between lookups and loops?
Loops are lookup plugins with name starting with “with_” and that return a list.
How do you change the default looping variable?
Use loop_var construct.
- debug: msg= {{user.name}}
with_items:
- {name: gil}
- {name: sarina}
- {name: leanne}
loop_control:
loop_var: user
Explain the benefit of renaming the loop control variable?
Avoid conflict in cases where some playbook fragments are included that use the same loop control variables.
Explain the label instruction in loop control?
Helps users control how data should be displayed during loop execution.
Explain no_log
Allows hiding password from logs.
Explain include
Allow you to include tasks or playbooks. Often used in roles.
What is dynamic include?
Dynamic include is a mechanism that allows you to dynamically evaluate the name of the file to include.
- include: {{ ansible_os_family }}.yml
What can be a drawback of dynamic include?
ansible-playbook –list-tasks might not be able to determine all tasks if it cannot evaluate all variables.
Example: fact variables are not populated when using this command.
What is the difference between include sand include_role?
include includes the complete content of a file
include_role sllows selectively choosing what parts to include and where in the play to include it. include_role makes the handle available as well.
What is conditional include and what is the syntax?
include a file only when a condition is met:
- include: Debian.yml
when: “ansible_os_family==’Debian’”
How can I use a block to make my code more compact?
Use a block to group tasks and provide a common conditions or arguments.
- block:
- package:
name: nginx
- package:
- service:
name: nginx
state: started
enabled: yes
become: yes
when: “ansible_os_family == ‘Redhat’”
What is ansible default error handling behavior?
take a host out of play if a task fails and continue as long as there are hosts remaining that haven’t encountered errors.
What clauses does ansible provide to give you more control on error handling?
serial, max_fail_percentage, block-rescue-always
what is ansible-vault
A command line tool that allows you to encrypt credentials so ansible can use them.
It creates encrypted file that ansible-playbook can recognize and decrypt automatically given the password.
What are ansible valut commands?
create encrypt edit decrypt rekey view
How to tell ansible to prompt for password that it will use to decrypt the secret files?
ansible-playbook playbook.ym –ask-vault-pass
Where can I specify the location of the encrypted password file?
Use vars_files to specify the file or provide the file when launching the playbook using –vault-password-file.
