Section 2 Flashcards
Use a command to see what repos are currently configured on your system
subscription-manager repos –list
What is needed of the managed nodes?
ssh access and python
On all nodes create a directory for ansible’s sudo configuration. Allow it to not have to use a password
How is ansible tower different here?
vi /etc/sudoers.d/ansible
ansible ALL=(ALL) NOPASSWD:ALL
Ansible Tower allows you to store ansible’s password securely so it can use sudo
What is a project directory?
A directory for a project that includes everything that project needs to run.
Playbooks
Inventory
Variable Files
Additional files used to include tasks
ansible.cfg configuration files
What are your different options for storing your ansible.cfg file?
You can store it where it is by default
In the ansible user’s home directory (If you need different ansible configs for diff users)
In the project’s directory(If each project needs a different configuration)
In terms of an inventory file, how would you format:
server(1-16)@example.com
server[1:16]@example.com
Let’s say you have created two groups (web, db) and want those to be subgroups to a parent group called servers. How would you format this?
[servers:children]
web
db
What are the three different approaches for using groups?
Functional - Group of hosts according to use (web, db)
Regional - based on region (africa, europe)
Staging - According to implementation stage (test, development, prod)
What are the implicit host groups
all
localhost
ungrouped - everything not put into a group
Show hosts in an inventory called inventory
Show all hosts in the inventory file
ansible-inventory -i /inventory –list-hosts
–list will do so in JSON format
ansible -i inventory all –list
Your inventory file used to be used to assign variables, but this is deprecated. What is used in it’s place?
Show an example of variables in the inventory file
[web:vars]
ansibile_user=ansible
ansible:password=123
These should now go int host_vars and group_vars directories
What is dynamic inventory?
A script is used to discover inventory hosts in a specific environment.
Create one.
If you create a static inventory file, what should you do at the end of it?
Allow it to execute
Configure the Ansible Configuration file and explain it
All of this can be used per playbook
[defaults]
remote_user = ansible
host_key_checking = false
inventory = inventory
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False
[defaults] - generic info
[privilege_escalation] - How ansible user should require admin privileges to connect to managed hosts
remote_user - user used to connect to managed device
host_key_checking - Should ssh host keys be checked
Create an inventory file in your ansible user’s home. It should have the ansible servers ungrouped, two devices in the web and db groups
a servers group with db and web as a part of that group
Show all hosts in this inventory
Show all hosts that aren’t a part of a group
Show a hierarchical overview of the inventory
Show the contents in json format
cd /home/ansible
ansible1
ansible2
[web]
web1
web2
[db]
db[1:2]
[servers:children]
web
db
ansible -i inventory all –list-hosts
ansible -i inventory ungrouped –list-hosts
ansible-inventory -i inventory –graph
ansible-inventory -i inventory –list
Create an ansible configuration file in the ansible home directory
show your inventory without using the -i option now
cd /home/ansible
vi ansible.cfg
[defaults]
remote_user = ansible
host_key_checking = false
inventory = inventory
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False
copy the inventory file to the main home directory (remember they have to be in the same directory here)
ansible-inventory –list
What are ansible ad-hoc commands used for
Setup tasks that bring nodes to a desired state.
Quick test to verify that a playbook was successful
Quick discovery tasks to verify that a node meets certain criteria
It compares the desired state through your command with the current state and sees if anything needs to be changes
in terms to the below command, what does the -a stand for?
ansible all -m user -a ‘name=lisa’
-a = arguments
Two common modules for ansible are command and raw
command - runs arbitrary commands, no shell (so commands with pipes don’t work) This is the default module.
raw - runs commands directly on top of ssh without using python. Sends over ssh. Best for network devices.
command, shell, and raw or not idempotent
How would you create a new default module to run if you wanted something other than command
in ansible.cfg
madule_name = module (whatever module you want here)
Say you don’t have python installed on a managed node. How would you install python?
ansible -u root -i inventory ansible3 –ask-pass -m raw -a ‘yum install python3’
Using an ad hoc command, copy ‘hello world’ to a managed nodes /etc/motd
Install the latest version of nmap on centos
Use a command to install things on any linux distro
Start and enable httpd
ansible -m copy -a “content=’Hello World’ dest=/etc/motd”
ansible all -m yum -a ‘name=nmap state=latest’
package
ansible all -m service -a ‘name=httpd state=started enabled=yes’
What does the ping module do?
Checks whether hosts have been setup correctly to be managed by Ansible and test connectivity
ansible all -m ping
