Category: ansible
-
Useful Linux commands
Command Comment $ sudo su – Get root privileges and load the root user’s environment. $ sudo !! Repeat the last command with sudo privileges. $ printenv Prints all environment variables. $ ssh-copy-id remote-host Use locally available keys to authorize logins on a remote machine. $ journalctl -rx -p 4 Displays logs in the reverse…
-
Conditional variables in Ansible
I recently had to use a Jinja2 if statement to create variables depending on a set of conditions in an Ansible role. To achieve this, I had to revisit YAML block scalars and Jinja2 whitespace control. YAML block style scalar A scalar in YAML represents an indivisible value such as a string, number, or boolean,…
-
Linux troubleshooting with journald
systemd is a service and system manager for Linux that contains the command line tool journalctl and the journald daemon that aims to make life easier for anyone troubleshooting syslog messages in a Linux system. The journald daemon collects syslog messages and forwards them to the rsyslog service which sorts the syslog messages and writes…
-
SELinux and Firewalld
I harden all my RHEL servers with SELinux and Firewalld. Here is a crash course. SELinux SELinux (Security-Enhanced Linux) is a security architecture that enforces mandatory access controls to restrict applications, processes, and users to the least privileges necessary. For instance, if a web server tries to read files in /home/user/private (even if the file…
-
Ansible directory structure for efficient work
There is a lot of ways you can structure your playbooks, inventory, roles, and collections in Ansible, but it’s beneficial to find a structure that is suitable for both development and AWX/AAP. This is what my layout looks like: I have a Git repository called playbooks that contains all my playbooks. Symbolic links point to…
-
Installing Python from source
The Ansible Control node requires a relatively new version of Python (see matrix here), often newer then the one your OS relies on. For example, the default Python implementation in RHEL 9 is Python 3.9, while ansible-core 2.17 requires Python 3.10 or higher for the Ansible Control Node. Sometimes you can install a newer version…
-
Running Ansible Playbooks safely
A good way to explicitly and dynamically control which inventory hosts or groups a playbook executes against is by defining the host’s field in the playbook as a variable, commonly named “target”. This variable is then defined as an extra vars each time you run the playbook, and if you forget it the playbook will…
-
Ansible Navigator intro
Ansible Navigator is a text-based command-line version of AAP/AWX (with some limitations), and I use it to test and troubleshoot newly created execution environments. Ansible Navigator can be installed with pip. Once installed, create an ansible-navigator.yml configuration file, and point to the execution environment image, along with your inventory and ansible.cfg file. Then run a…
-
Useful Ansible commands
Table with Ansible commands I use often: Command Explanation $ ansible-playbook playbook.yml -i ~/inventory/production -e “target=host1” Run a playbook with some common options. $ ansible-vault encrypt_string ‘secret’ –name ‘foobar’ Encrypt a variable. $ ansible localhost -m debug -a var=’foobar’ -e ‘@inventory/group_vars/all/foobar.yml’ Decrypt a variable. $ ansible-inventory –list -i ./inventory/production Parse the inventory. $ ansible-galaxy collection…
-
Ansible Builder intro
Ansible Builder is a Python tool used to build execution environments for AAP/AWX. An execution environment is a container acting as the Ansible Controller Node and is a required component in AAP/AWX. To get started, install Ansible Builder with pip, and make sure you have Podman/Docker installed, as Ansible Builder depends on a containerization tool.…