wiki

User Tools

Site Tools

Trace: ansible_sandbox
ansible:ansible_sandbox

This is an old revision of the document!

Table of Contents

Ansible sanbox

Test 1

Script shell to start the playbook 

# cat /Ansible-Playbook/scripts/cron_download_files.sh
#!/bin/bash
# Start playbook to download files
unset http_proxy
unset https_proxy

log="/var/log/ansible/$1.log"
playbook='download_file.yml'

cd ~/download
>> /var/log/ansible/$1.log
date >> /var/log/ansible/$1.log
>> /var/log/ansible/$1.log
ansible-playbook -vvvv $playbook >> /var/log/ansible/$1.log

# message monitoring
case $? in
  0)  status="0"
      message="Success - script:$playbook log:$log"   ;;
  99) status="2"
      message="Error : User interrupted execution - script:$playbook log:$log"   ;;
  *)  status="2"
      message="Error - script:$playbook log:$log"   ;;
esac

server=nagiossrv01
echo "$(hostname -s);ansible_download;$status;$message" | /usr/local/nagios/bin/send_nsca -H $server -p 5667 -c /usr/local/nagios/etc/send_nsca.cfg -d ";"

Into ~/download 

# ls -lsa ~/download
ansible.cfg
.vaultPwd.yml   --> password clear for vault
download_file.yml

# cat ansible.cfg | grep -v '^#' | sed '/^$/d'
[defaults]
inventory = ~/inventory/inventory_download
host_key_checking = False
retry_files_enabled = False
pipelining = True
ansible_python_interpreter = /usr/bin/python3
inventory_plugins = ~/.ansible/collections/ansible_collections/xxxxx
log_path=/var/log/ansible/stdout.log
vault_password_file=./.vaultPwd.yml
forks = 15
ansible_ssh_extra_args='-C -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
[inventory]
enabled_plugins = xxxxx
[privilege_escalation]
become = True
become_method = sudo
become_user = ansibuser


# cat ~/inventory/inventory_download
[linux]
linux01
linux02

Test 2 with roles

Execute only one role 

ansible-playbook setup.yml -i inventory.ini --tags "common"

setup.yml 

---
- hosts: prod
  vars_files:
    - group_vars/all.yml
    - group_vars/main.yml
    - group_vars/docker.yml
    - group_vars/monit.yml
    - group_vars/networking.yml
    - group_vars/vault.yml
  user: "{{default_username}}"  # run whole script with default user
  become: yes
  roles:  # order is not random!
    - role: nickjj.fail2ban
      tags: fail2ban
    - role: common
      tags: common
    - role: ufw
      tags: ufw
    - role: user
      tags: user
    - role: ssh
      tags: ssh
    - role: nickjj.docker
      when: install_docker == true
      tags: docker
    - role: docker
      when: install_docker == true
      tags: docker
    - role: jnv.debian-backports
      tags: common
    - role: ansible-monit
      tags: common
    - role: jnv.unattended-upgrades
      tags: common
    - role: networking
      tags: networking
    - role: reboot
      tags: reboot

cat group_vars/main.yml 

sshpub_location: SSH_PUBKEY_HERE #the full path to your SSH public key ( e.g. /Users/username/.ssh/id_ed25519.pub )
root_pw: "PASSWORD_HERE" #root password that should be set
user_name: USERNAME_HERE #username for the created user
user_pw: "PASSWORD_HERE" #password for the new user
ssh_port: 55899 #port number for ssh
mail_to: mailto@example.com #the mail address where mails should be sent to
mail_from: mailfrom@example.com #the mail address where mails are sent from 
mail_smtp_server: smtp.example.com #mail server, e.g. smtp.gmail.com
mail_pw: PASSWORD_HERE #password for the mail_from mail address
mail_port: 587 #the port where mails are sent to the mail server, e.g. 587
ansible/ansible_sandbox.1740151331.txt.gz · Last modified: 2025/02/21 16:22 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki