Running ansible playbook on remote servers:
I have 250 linux servers (SUSE linux) where I need to apply patches. Here I need to create an inventory file with all the server names updated. If I want to run an ansible playbook script on all those 250 remote servers, I need to create common users (non-root users) with sudo privilege which is a cumbersome task as I need to connect to all servers and create it. How to achieve this part? Any thoughts on this.
Related
I'm trying to merge from Salt to Ansible.
What is Ansible equivalent to Salt's top file?
In Ansible you build inventory, put your hosts into groups and then you run playbooks, that will bring your hosts to the desired state (e.g. ensure that software is installed, files are present, etc) on those groups. Note that there is no agent software with Ansible, it uses SSH to do things on remote hosts,
I have an ansible yaml file and mentioned all the hosts in a different file. When I run a playbook in cli, I would like to visualize in which of the hosts, the ansible play is successful and in which of the hosts the play is unsuccessful in a web UI. Are there any tools/apps that can solves this issue.
You are asking for Ansible Tower (paid) or AWX (free). These two are the same thing actually (AWX is an upstream branch of Tower). With both you can run playbooks using web UI and there is some indication if there were failed hosts.
I need to know if it's possible to call / execute ansible playbooks from the target machine. I think i saw a vendor do it or at least something similar. they downloaded a script and it did ran the playbook.
if this is possible how would it be done?
my goal is to run ansible as a centralized server in aws to perform tasks in mulitple environments. most are behind firewalls, any reccomendations/thoughts would be appreciated.
Sure. If your host will install Ansible on target and feed it with all the playbooks the you can run it as any other executable. Should you do that is another story but technically there's no obstacle.
You can run ansible and ansible playbook as you would any other binary on the target's $PATH, so any tool that facilitates running remote commands would work.
Because you are in AWS, one way might be to use AWS System's Manager.
If you wanted to use Ansible itself to do this you could use the shell or command modules:
- hosts: target
become: false
gather_facts: false
tasks:
- name: ansible in ansible
command: ansible --version
- name: ansible-playbook in ansible
command: ansible-playbook --version
Though, as with any situation where you reach for the shell or command modules, you have to be vigilant to maintain playbook idempotency yourself.
If you're requirement is just the ability to execute Ansible commands remotely, you might look into AWX which is the upstream project for Red Hat's Ansible Tower. It wraps ansible in a nice user interface to allow you to trigger Ansible playbooks remotely and with nice-to-haves like RBAC.
If you're ok with executing tasks remotely over ssh take a look at Sparrowdo it has out of the box facilities to run bash scripts ( read ansible executable ) remotely from one master host to another. Or you can even use it to install all the ansible dependencies or whatever you need to do for your scope.
I can't find any documentation on how to include a secondary server in a playbook.
If for instance, I want to install sssd on SERVERA and register with a FreeIPA server.
On the FreeIPA server (only), I need to:
get a Kerberos ticket (via kinit)
check if SERVERA is already in IPA instance
delete SERVERA from IPA if true
Since this is an installation playbook run against SERVERA, it doesn't seem right to include the IPA server in the hostlist...but nor can I see any "third party servers" module?
I presume you are searching for the delegate_to option, which allows you to delegate a task to a host that is not in the hostlist.
Often used to run things on the localhost (host running ansible), it can also be used to push a task to a host not in hostlist. The host has to be in the inventory file though.
Example:
- name: Ping the other host
ping:
delegate_to: otherhost.com # This is where you set it
More info: http://docs.ansible.com/ansible/latest/user_guide/playbooks_delegation.html#delegation
How does Ansible playbook works with inventory?
I have 5 machines and we have an playbook check_ssh_access.yml. That playbook checks ssh connection to those machines.
Does Ansible create 5 threads with same playbook for those 5 machines or run playbook on each machine in one after other?
Depends on selected strategy.
By default linear strategy is used, so Ansible will make as much threads as forks option allow.