Section 9 Flashcards
Perform Example from 219
Indeed
What are ansible system roles?
Makes configuring tasks easier for different versions of RHEL.
How would you run an ansible ad-hoc ping on all hosts that have names that start with ansible?
ansible -m ping ‘ansible*’
Remember, the quotes are necessary when working with globs/wildcards!
Via ad-hoc command, ping 192.168.10.1 and ansible1 at the same time
ansible -m ping ansible1, 192.168.10.1
this can be hostnames, groups, ips, etc
Via ad-hoc command, ping only hosts that are in both the web and file groups.
Next do the same ping but for servers that are in the web group but not webserver1
ansible -m ping web,&file
ansible -m ping web,!webserver1
the & can go at the beginning or the end and the , can technically be a :
What are dynamic inventories?
They are provided by the community or you can write your own.
‘This is just a script that can be used to detect whether new hosts have been added to the managed environment.
Show how you would run two different inventories for a playbook.
Can you put a directory as the argument to this parameter?
ansible-playbook -i /etc/hosts -i /tmp/hosts
ansible-playbook -i /path/to/directory
What is the difference between serial and parallel tasks?
Serial tasks makes all tasks executed on a host or group of hosts before proceeding to the next. This will run the whole playbook for a group of tasks and the move to the next.
Parallel manages the number of hosts on which tasks are executed simultaneously.
What is the default max number of simultaneous connections ansible can have at once?
How do you change this in the config file?
How do you change this while running a playbook?
5
forks = 6
This will run each task 6 servers at a time in parallel
ansible-playbook -f 6
How would you run all tasks in serial for sets of three servers at a time? What would be a good situation to use this?
serial: 3
If you have a 1000 servers and you have to update and then start the new version.
If you just did this normally, it would slowly update each one until finished and then restart after.
Doing this 3 at a time prevents servers from being down. Only 3 will be updated quickly and then started, then it will move on to 3 more servers.
SERIAL - 3 servers run the WHOLE playbook at a time.
PARALLEL - 3 servers will run a TASK at a time.
How do you print the time it takes to run a playbook
time ansible-playbook test.yml
Where can you import a playbook into your playbook?
Only at the top level, because it will take over your entire play
Create a playbook that does something simple like printing a message.
Create another playbook that prints a message that says it’s importing a play, and then import your other playbook
What should the main playbook be called?
vi site.yml
- name: Run a task
hosts: all
tasks:- debug:
msg; Importing Playbook
- debug:
- name: Importing a playbook
import_playbook: test.yml
Another example:
- import_playbook: webserver.yml
- name: Configure Load Balancer
hosts: lb
tasks:- name: Install HAProxy
yum:
name: haproxy
state: present
- name: Install HAProxy
- import_playbook: database.yml
How do you statically import tasks?
How do you dynamically import them?
When should you use one or the other
import_tasks = static, read prior to playbook so they can’t be modified to do anything else, they are what they are.
include_tasks = dynamic. They’re use the moment you need them
dynamic when task is used in conditional, can assign variables, generally what you’d want to use.
Name a mix of three pros and cons of dynamic and static tasks
Static (import_tasks)
- Loops can’t be used with them
- if Variable is used to specify the name of the file to import, this cannot be a host or group inventory variable
- Using a conditional on the entire import_tasks file the conditional is applied to each task that is involved
Dynamic (include_tasks)
- tasks aren’t displayed in ansible-playbook –list-tasks
- You can’t –start -at-task
- You can’t use notify statement in main playbook to trigger a handler that is in the included tasks file.
What is best practice when importing/including files in terms of packages, users, services, etc
Make them a variable. So The variable {{ user1 }} can be set in the imported task and you can rename it in your play.
Create an included task file to install software and keep it as generic as possible and then use it in a playbook.
Also, assign variables so they are part of just that imported task.
Also, for your included file, give it something to do in terms of a list of options.
LOTS OF PRACTICE WITH THIS SINCE IT WILL ERASE SOME TIME IN THE RHCE FOR MORE COMPLICATED WORK!
The task file should install a variable name, like {{ package }}, don’t set this variable.
In you main playbook, import/include it and set the name to whatever you want.
PG. 244
Included tasks must be in TASKS or you will get an error.
What option can you use for the firewalld module to apply the changes without having to restart the firewall
immediate: true
Do Exercises on 245 and 246
DO IT!
What option should be set if you want your playbook to always check itself
check_mode: true
Make a template and send it to another server.
Perform a dry run and show the differences in the file
ansible-playbook –check –diff
How do you show output and input data of a playbook?
ansible-playbook -vv test.yml
How do you display connection information of a playbook?
ansible-playbook -vvv test.yml
Show output for privilege escalation and scripts that are executed. Send them to a file
ansible-playbook -vvvv test.yml | tee -a output.txt
Via the config file, how can you make your -vvvv options more readable?
stdout_callback = debug
stdout_callback = error
What is the proper way to log ansible-playbooks
export ANSIBLE_LOG_PATH=”/var/log/ansible.log”
OR
in the ansible.cfg
log_path = /var/log/ansible.log
THESE FILES WILL GET BIG
Run playbooks task by task and have it ask you to continue or not
ansible-playbook –step
List all tasks in a playbook and then start at one
ansible-playbook –list-tasks test.yml
ansible-playbook –start-at-task=”task name”
Create a playbook that tests if your web server contains “Welcome”. If it doesn’t cause it fail via conditional.
You should have the server’s message in a variable to do this, print that content
hosts: localhost
tasks:
- name: connect to webserver
uri:
url: url here
retrun_content: yes
register: this
failed_when: “‘welcome’ not in this.content”
- debug:
var: this.content
Check if root owns a particular file, if it’s not then fail the play
NOT the playbook
page 266
- fail:
msg: whatever
when: stat_out.stat.pw_namw != ‘root’
Assert
Page 268
