Ansible 2.4.2.0 on CentOS 7--ping module isn't working
-
@wirestyle22 said in Ansible 2.4.2.0 on CentOS 7--ping module isn't working:
@stacksofplates How are you organizing? I have playbooks and inventory together in the same directory right now. Seems bad. Also, are you using an IDE?
Here are some best practices for directory layouts.
https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#directory-layout
-
@wirestyle22 said in Ansible 2.4.2.0 on CentOS 7--ping module isn't working:
@stacksofplates How are you organizing? I have playbooks and inventory together in the same directory right now. Seems bad. Also, are you using an IDE?
I'll give you a layout this afternoon. I keep my inventory with my playbooks but roles have their own repositories.
-
@wirestyle22 said in Ansible 2.4.2.0 on CentOS 7--ping module isn't working:
@stacksofplates How are you organizing? I have playbooks and inventory together in the same directory right now. Seems bad. Also, are you using an IDE?
So I have my playbooks set up like this (for stuff at home). I've seen people put playbooks in a directory which is fine as well. It's just annoying because your ansible.cfg has to be in relation to your playbooks so you had to mess around with softlinks to get it to work that way.
Roles (ones I've written) are in their own directory:
Here's my default
ansible.cfgwhich I store with the playbooks:[defaults] inventory = inventory roles_path = roles retry_files_enabled = False pipelining = True library = library forks = 50 callback_whitelist = profile_rolesAnd then in the inventory directory I have a
prodanddevfile that contain all of the groups and hosts.Also, are you using an IDE?
I switch between VS Code and Vim. However I always turn on Vim mode in anything. I also have things like
jjmapped toEscandAAmapped to drop me to the end of a line in insert mode to make things easier. -
So to clarify, playbooks is it's own private repository. Then the roles are public repos. In the
rolesdirectory in the playbooks repo I have a single file calledrequirements.yml. This tells Ansible what roles to install for me before it runs.It contains entries like this:
- src: https://gitlab.com/hooksie1/ansible-firewalld.git name: firewalld scm: git version: masterI've been using Jenkins to run my Ansible stuff so I have a build step that runs
ansible-galaxy install -r roles/requirements.ymlbefore it runs the playbook. That installs all of the roles for you. As a side note, if you're using Tower it will download the roles automatically if it sees that file exists.Here's the build steps in Jenkins:
I also have started including a Makefile to do the same thing. That way you can just run
make cleanandmake rolesto remove and re-download them. -
@stacksofplates
That’s awesome. -
@stacksofplates I know this is a huge question, but what specifically are you doing in ansible right now that make it worthwhile? I can think of a lot of things to do with it but idk everything. Would be nice to hear it from someone who has used it over a long time.
Also, what modules are you using in VS Code?
-
@wirestyle22 said in Ansible 2.4.2.0 on CentOS 7--ping module isn't working:
@stacksofplates I know this is a huge question, but what specifically are you doing in ansible right now that make it worthwhile? I can think of a lot of things to do with it but idk everything. Would be nice to hear it from someone who has used it over a long time.
Also, what modules are you using in VS Code?
So I'll answer for my last job since I'm still getting things set up at this one. We literally did everything with it. I mean there were still some things we had to do separately, but 99% of what we did was done with Ansible. You can build in health checks so that Ansible will either rebuild on a failure or like in this example let you know if a build actually fails even though it looks like it passed:
--- - name: Set up grafana hosts: monitoring gather_facts: true user: centos become: true roles: - grafana post_tasks: - name: wait for Grafana wait_for: host: "{{ ansible_default_ipv4.address }}" port: 3000 state: present delay: 2 timeout: 300 - name: check if Grafana is up uri: url: "http://{{ ansible_default_ipv4.address }}:3000/login" return_content: yes register: webpage delegate_to: localhost retries: 30 delay: 1 become: false - name: Fail if page isn't up fail: when: "'Grafana' not in webpage.content"This installs Grafana and then checks to see if the web page is actually available after the install is completed and the service is started.
One of the cool things you can do with tools like Tower or Jenkins is set up specific jobs for L1 and L2 people (and yourself as well). So say you need a service restarted on a system. You can set up a job where the help desk can restart a service on a system/systems without manually logging in to them. Here's an example:
You can do this from the command line, but this is a little more friendly and easier to manage RBAC.
As for VS Code I have a few go to extensions. Ansible (the one from Microsoft, it's really good), AsciiDoc, Go (Microsoft one), Jinja, Markdown, Terraform, Vagrant. Those are the ones I install all of the time.
-
And with Jenkins you can do more advanced things like storing your jobs in Groovy. That way your build jobs are also stored in code. Like this one for example (you need the Ansible plugin installed in Jenkins for this to work):
pipeline { agent any parameters { string(description: 'Limit', name: 'Limit') } stages { stage('Clone Repo') { steps { git credentialsId: '766f3db4-319d-4f5b-bbd8-9fe7ba7ce5b4', url: 'https://your-git-repo.com/reponame } } stage('Set up roles') { steps { sh 'find roles/* ! -name requirements.yml -prune -exec rm -rf {} \\;' sh 'ansible-galaxy install -r roles/requirements.yml' } } stage('Run playbook') { steps { ansiblePlaybook( playbook: 'hardening.yml', inventory: 'inventory', credentialsId: 'c0924012-4666-47ff-98d7-40215742e9f4', become: true, becomeUser: 'root', disableHostKeyChecking: true, limit: params.Limit) } } } }Now that this is stored in Git, you can set up hooks to tell Jenkins that any time you update your playbook (hardening.yml in this case) that it should automatically kick off a run to whatever hosts are defined for your job. You never have to click or run anything manually, it will just do it in your CI/CD pipeline.
-
@stacksofplates That's pretty incredible. Any advice on things I should attempt to set up right now for learning purposes?
-
@wirestyle22 said in Ansible 2.4.2.0 on CentOS 7--ping module isn't working:
@stacksofplates That's pretty incredible. Any advice on things I should attempt to set up right now for learning purposes?
A big benefit is Ansible Galaxy. Look over how everyone sets up their stuff. That will give you good ideas on what to try and how to start writing stuff.
