wiki

User Tools

Site Tools

Trace: ansible_best_practice
ansible:ansible_best_practice

Table of Contents

Ansible best practice

Reference: xavki (youtube)

/etc/ansible/ansible.cfg 

[defaults]
host_key_checking = False             # don't ask for accepting ssh keys
callback_whithelist = profile_task    # Print tasks duration
forks = 30                            # Parallel sessions
log_path = ./ansible_log.txt

[ssh_connection]
pipelining = True                     # Send python command to target directly to python interpreter, better for perf
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s PreferredAuthentification=publickey

Collect only one time (during one hour) info (gather_cache) on target…os_version… 

[defaults]
fact_caching = jsonfile
fact_caching_timeout = 3600
fact_caching_connection = /tmp/myfacts

Test you playbook 

# ansible-playbook -i inventories/production myplaybook.yml --check

Or 

# ansible-playbook -i inventories/production myplaybook.yml --dry-run

Using setup module

Collect directly gather facts 

# ansible-playbook -i inventory.yml all -m setup

Filter on a specific setting 

# ansible-playbook -i inventory.yml all -m setup -a "filter=ansible_user*"

Create a base folder structure

[ansible@lnxa100 ~]$ ansible-galaxy init test-role-1
- Role test-role-1 was created successfully
[ansible@lnxa100 ~]$ ll
drwxrwxr-x  2 ansible ansible  39 Mar  6 13:17 facts
drwxrwxr-x 10 ansible ansible 154 Mar  6 14:21 test-role-1
[ansible@lnxa100 ~]$ cd test-role-1/
[ansible@lnxa100 test-role-1]$ ll
drwxrwxr-x 2 ansible ansible   22 Mar  6 14:21 defaults
drwxrwxr-x 2 ansible ansible    6 Mar  6 14:21 files
drwxrwxr-x 2 ansible ansible   22 Mar  6 14:21 handlers
drwxrwxr-x 2 ansible ansible   22 Mar  6 14:21 meta
-rw-rw-r-- 1 ansible ansible 1328 Mar  6 14:21 README.md
drwxrwxr-x 2 ansible ansible   22 Mar  6 14:21 tasks
drwxrwxr-x 2 ansible ansible    6 Mar  6 14:21 templates
drwxrwxr-x 2 ansible ansible   39 Mar  6 14:21 tests
drwxrwxr-x 2 ansible ansible   22 Mar  6 14:21 vars

Inventory

You can export the variable or use the default 

export ANSIBLE_HOSTS=~/hosts

Inventory type file can be json, text or yml 

# vi /etc/ansible/hosts
[servers]
server1 ansible_host=203.0.113.111
server2 ansible_host=203.0.113.112
server3 ansible_host=203.0.113.113

[all:vars]
ansible_python_interpreter=/usr/bin/python3

List your inventory: 

# ansible-inventory --list -y
all:
  children:
    servers:
      hosts:
        server1:
          ansible_host: 203.0.113.111
          ansible_python_interpreter: /usr/bin/python3
        server2:
          ansible_host: 203.0.113.112
          ansible_python_interpreter: /usr/bin/python3
        server3:
          ansible_host: 203.0.113.113
          ansible_python_interpreter: /usr/bin/python3
    ungrouped: {}

Another example 

# vi /etc/ansible/hosts
[servers]
server1 ansible_host=203.0.113.111
server2 ansible_host=203.0.113.112
server3 ansible_host=203.0.113.113

[all:vars]
ansible_python_interpreter=/usr/bin/python3

[linux:var]
ansible_connection=ssh
ansible_ssh_user=ansible
ansible_ssh_pass=secret_password
ansible_python_interpreter='/usr/bin/env python3'
ansible_become_method=sudo

Send result by mail

ansible/ansible_best_practice.txt · Last modified: 2025/01/13 17:37 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki