Section 10 Flashcards
What does assert do?
Performs conditional action
Works with ‘that’ which defines a list of conditionals
If any conditional is false the task fails
Uses ‘success_msg’ and ‘fail_msg’
Have the playbook request the user to create a variable named filesize. You should specify the user types in a file size in megabytes
Use assert to check if the filesize is less than or equal to 100 or greater than or equal to 1
use an escape character in one of your messages
Next create a zeroed out file of that size
Assert fails a task, which means it will actually still try the task on all servers even if one fails
vars_prompt:
- name: filesize
prompt: “your message here”
tasks
assert:
that:
- “( filesize | int ) <= 100 }}”
- “( filesize | int ) >= 1 }}”
fail_msg: “fail's escape character”
success_msg: “”
- name: create a file
command: dd if=/dev/zero of=/bigfile bs=1 count={{ filesize }}
Create a file that checks if vgdata exists
use assert to print a fail and success message depending on that conditional
Example at 271
What is a tag?
A label that is applied to a task or another item like a block or play
You can utilize your tags by specifying what you want with your ansible-playbook command
The below will run the tags you ask or skip the ones your request
ansible-playbook –tags
ansible-playbook –skip-tags
Create a playbook that uses tags
Next only run one of the tagged tasks
debug:
msg: One
tags:
- debug
dnf:
name: httpd
state: latest
tags:
- install
ansible-playbook –tags “install”
Can tags be used for included or imported tasks?
only static not dynamic
so this would work for import_tasks but not include_tasks
same with include_roles
Can you use the same tags for the different tasks?
Yes, this is best if you want to group tasks.
List all tasks in a playbook. Show all their tags as well
ansible-playbook –list-tags –list-tasks test.yml
Which tasks won’t be displayed via –list-tasks?
tasks inside block/rescue/always sections and dynamically and statically included tasks
import_tasks (static) will normally show up unless it’s in the block, rescue, or always section. Similarly, include_tasks (dynamic) won’t appear at all because it’s loaded at runtime.
What are special tags?
List them
They modify how the tag works.
These are premade tags. normally we wouldn’t use tagged and untagged because if a task has no tag ansible denotes that already with untagged, the opposite is true for tagged.
always - task always runs unless specified with –skip-tags always
never - Never runs a task unless otherwise specified
tagged - runs all tagged tasks
untagged - runs all untagged tasks
all - runs all tasks
How would you run two specific tagged tasks that contain either the tags ‘one’ or ‘two’?
ansible-playbook playbook.yml –tags one,two
You have a task with the tags never and debug.
how would you run tasks with these tags
ansible-playbook –tags all,debug
This runs everything but only executes tasks with the debug tag. The book says this will run debug and the rest of the tasks as well, so test these out.
–tags never,debug actively skips never tasks.
What does an ansible managed node need in order to use it?
ssh running
python installed
privilege escalation is setup
ssh-keys
Let’s say we have a managed node with multiple ips, but we only want to connect via 192.168.4.55.
how can we set this up in the ansible.cfg
ansible3.example.com ansible_host=192.168.4.55
What does the ping module actually do?
Checks ip connectivity
accessibility of the ssh service
sudo privilege escalation
and availability of the python stack (it makes sure python and its libraries are setup)
If you are having issues with privilege escalation, what might be the problem
Make sure ansible.cfg is setup correctly and specifies remote_user
ssh keys are setup
become is true
become_user is set to root
sudo is setup correctly on the managed node
Create a playbook that removes ansible from the wheel group
reboot the node
Try to ping it to diagnose issues
make the user part of wheel again
ping the managed node once more
test.yml
user:
name: ansible
groups: ‘ ‘
ansible ansible3 -m reboot
ansible ansible3 -m raw -a “usermod -aG wheel ansible” -u root -k
