Misc
Resources
- Sample code:
Some common modules:
Organization
Folder structure
Operational tasks
For operational tasks (restart a service, install a patch, etc), don’t put them in roles. Instead put the tasks directly into the playbooks.
Global directives
These are directives that can be applied to any module
changed_when
Override the conditions determining whether a task was changed or not
This can also be used to never (or always) report a task as changed:
# Don't report this as changed
changed_when: no
delegate_to
Used to run a task on a specific server. Pair with run_once to make sure the task only gets run once per play.
For example, to limit a task to the first server in a group:
- name: Some task
...
delegate_to: ""
run_once: yes
failed_when
Override the conditions determining whether a task has failed or not
ignore_errors
Keep going if the task fails
notify
Run a handler if the task was changed
register
Register the result of a command to a variable. The variable is a dict that has a lot of useful values, such as:
"changed": true,
"cmd": "if ! sudo /sbin/service tomcat6 status; then sudo /sbin/service tomcat6 start; fi",
"rc": 0,
"stderr": "",
"stdout": "tomcat6 is stopped\u001b[60G[\u001b[0;32m OK \u001b[0;39m]\r\nStarting tomcat6: \u001b[60G[\u001b[0;32m OK \u001b[0;39m]",
"stdout_lines": [
"tomcat6 is stopped\u001b[60G[\u001b[0;32m OK \u001b[0;39m]",
"Starting tomcat6: \u001b[60G[\u001b[0;32m OK \u001b[0;39m]"
],
run_once
Only run the task once per play.
Note: this will always run on the first host in the play, which may change if you use --limit. To make sure it always runs on one specific host, use run_once with delegate_to.
when
Run a task based on a condition
with_items
Pass a list of items to be iterated over in a task
Templates
Adding sections to a file conditionally
Note: Make sure all blank lines and template lines ({% %}) have no trailing whitespace!
{% if inventory_hostname in ['idp1.example.org', 'idp2.example.org'] %}
<!-- Metadata for sp1.example.org -->
<metadata:MetadataProvider id="sp1.example.org" xsi:type="metadata:FileBackedHTTPMetadataProvider"
metadataURL="https://sp1.example.org/Shibboleth.sso/Metadata"
backingFile="/opt/shibboleth-idp/metadata/sp1.example.org-metadata.xml" />
{% endif %}
<!-- Metadata for sp2.example.org -->
Variables
groups[‘group_name’]
All of the hosts in a particular group matched by the inventory file for the current play
inventory_file
The relative path to the inventory file used by the current play
Ex:
ansible-playbook -i inventory/development...
"inventory_file": "inventory/development"
inventory_hostname
The hostname of the current server
play_hosts
All of the hosts included in the current play
Examples
Specify hosts on the command line
https://stackoverflow.com/a/18255256/399105
One server (the comma at the end is important so that the inventory appropriately gets converted to a list):
ansible all -i server1.example.org,
Multiple servers:
ansible all -i server1.example.org,server2.example.org
Show the output of a command
http://stackoverflow.com/a/20981211/399105
Use the last two lines here:
- name: Copy some file
copy:
src: /path/to/some/file
dest: /path/to/some/file
register: result
- debug: var=result.stdout_lines
Note: when using debug in a handler, you must provide it a name and call the handler directly since handlers aren’t run automatically
Remove a file if another file exists
- stat:
path: /etc/pki/tls/certs/ThawteSSLCAG2.crt
register: thawtesslcag2
- file:
path: ~/ThawteSSLCAG2.crt
state: absent
when: thawtesslcag2.stat.exists