When you deliver something you'll probably have a layout:
Put those informations, together with a brief description of the playbook usage (eg. 2/3 lines) into ansible.cfg
In [ ]:
cd /notebooks/exercise-00
When running ansible, the first file read is ansible.cfg, resolved in the following order:
ANSIBLE_CONFIG
(env var)./ansible.cfg
(in the current directory)~/ansible.cfg
(in the home directory)/etc/ansible/ansible.cfg
ansible.cfg
is divided in stanzas
# defaults, ends with "s". Without "s" it won't work :D
[defaults]
...
[ssh_connection]
...
Always check ansible source code to get in touch with new parameters.
We'll create a new ansible.cfg for every project!
In [ ]:
# Write here some more ansible.cfg sections.
In [ ]:
# When running ansible, the first file to be read is
!cat ansible.cfg
In [ ]:
# Solution
!sed -i 's/^inventory/#inventory/' ansible.cfg
!ansible -m ping all
!sed -i 's/#inventory/inventory/' ansible.cfg
In [ ]:
# Use this cell for the exercise
!ansible -m ping all
In [ ]:
# Solution
!ansible -m ping all[0]
In [ ]:
# Use this cell for the exercise
!ansible -m ping all[0]
You can manage machines via ssh
or docker
, but what happens via ssh if PermitRootLogin=no
?
Just use
[privilege_escalation]
become = yes
become_user = root
become_method = sudo # defaults to sudo
You can specify which ssh key to use:
In [ ]:
# Write here the answer!
[defaults] # ansible.cfg
private_key_file =
The inventory contains the infrastructure hosts. Maintaining an inventory helps to:
Via ansible.cfg
you can set a default inventory. You could eg. default to staging and require -i production
to run on actual machines.
Ansible supports dynamic inventories (ldap, script, ..) see inventory chapter
You can use and deliver secrets in your infrastructure using an encrypted file (aka vault).
Decryption password can be typed each time or can be stored in a pin file configured in ansible.cfg
.
# either
ask_vault_pass = True
# or
vault_password_file = /path/to/pin_file
REMEMBER: clear your pin file at logout ;)
A bastion host is the unique management entrypoint for an infrastructure.
Ansible leverages ssh functionalities to manage resources from your local machine thru a bastion. With a proper configuration you can run your commands/playbooks without continusly moving files to and fro your bastion.
Those includes:
In [ ]:
# Write the solution here