I'm newbie in ansible. I wrote ansible role for creating user and password in "/etc/httpd/.htpasswd" like that:
- name: htpasswd
htpasswd:
path: /etc/httpd/.htpasswd
name: dev
password: dev
group: apache
mode: 0640
become: true
Now, I'm trying to understand, how I can set user and password placeholder variable per environment for this model using inventory(or any other way). Like, if I ran "ansible playbook -i inventories/dev" so in role of this model could be set:
- name: htpasswd
htpasswd:
path: /etc/httpd/.htpasswd
name: "{{ inventory.htpasswd.name }}"
password: "{{ inventory.htpasswd.password }}"
group: apache
mode: 0640
become: true
And in inventory folder per environment will be file "htpasswd" with name and password content like that:
name: dev
password: dev
Does Ansible have something like that? Or can someone explain me what best practices?
By default, each host is assigned to a all group by Ansible. With the following structure you can define group vars based on inventory.
inventories/dev/hosts
inventories/dev/group_vars/all.yml
inventories/staging/hosts
inventories/staging/group_vars/all.yml
In inventories/dev/group_vars/all.yml:
name: dev
password: dev
In inventories/staging/group_vars/all.yml:
name: staging
password: staging
And then in your tasks, reference the vars with their names:
- name: htpasswd
htpasswd:
path: /etc/httpd/.htpasswd
name: "{{ name }}"
password: "{{ password }}"
group: apache
mode: 0640
become: true
Related
I'm trying to parse a template file with Ansible, but I don't want this file to be created in any of my remote hosts, but instead I just want to create in my role_path.
I have the following in my role.
---
- name: Create configuration.yml on ansible role
ansible.builtin.template:
src: configuration.j2
dest: "{{role_path | default('')}}{{stack_name | mandatory}}/configuration.yml"
vars:
stack_env: "dev"
app_network: "my_network"
- name: Run tasks/main.yml from compose role
ansible.builtin.include_role:
name: compose
vars:
stack_name: "logging"
stack_path: "{{ ansible_base_path }}/"
When I run, my pipeline says that the directory doesn't exist, which is correct, because this directory exists outside my host, and not inside.
I basically want to parse this template file into my role, to be used by another role dependency.
Anyone knows if this is possible?
I found by myself the solution. It's possible to make use of local_action.
This is how my final playbook looks like.
- name: Create configuration.yml parsing variables
local_action:
module: template
src: configuration.j2
dest: "{{ role_path }}/logging/configuration.yml"
- name: Run tasks/main.yml from compose role
ansible.builtin.include_role:
name: compose
vars:
stack_name: "logging"
stack_path: "{{ ansible_base_path }}/"
I'm very new to Ansible and trying to figure things out. I have a simple playbook to run on a remote host. To simplify drastically:
- hosts: all
name: build render VM
tasks:
- copy:
src: ./project_{{ project_id }}.yaml
dest: /app/project.yaml
owner: root
I would like to have project_id set to the output of this command, run on localhost: gcloud config get-value project. Ideally I'd like that to be stored into a variable or fact that can be used throughout the playbook. I know I can pass project_id=$(...) on the ansible cmd line, but I'd rather have it set up automatically in the playbook.
Taking for granted the given command only returns the id and nothing else.
With a task delegated to localhost:
- hosts: all
name: build render VM
tasks:
- name: get project id
command: gcloud config get-value project
register: gcloud_cmd
run_once: true
delegate_to: localhost
- name: set project id
set_fact:
project_id: "{{ gcloud_cmd.stdout }}"
- copy:
src: ./project_{{ project_id }}.yaml
dest: /app/project.yaml
owner: root
With a pipe lookup:
- hosts: all
name: build render VM
tasks:
- name: set project id from localhost command
set_fact:
project_id: "{{ lookup('pipe', 'gcloud config get-value project') }}"
run_once: true
- copy:
src: ./project_{{ project_id }}.yaml
dest: /app/project.yaml
owner: root
I am starting to use Ansible to automate the creation of users. The following code creates the user and the /home/test_user_003/.ssh/id_rsa.pub file.
But the authorized_key step gives error "could not find file in lookup". Its there, I can see it.
---
- hosts: test
become: true
tasks:
- name: create user
user:
name: test_user_003
generate_ssh_key: yes
group: sudo
ssh_key_passphrase: xyz
- name: Set authorized key
authorized_key:
user: test_user_003
state: present
key: "{{ lookup('file', '/home/test_user_003/.ssh/id_rsa.pub') }}"
(I would be interested to know why "key" uses lookup, but thats for education only)
You create user on remote host but try to lookup generated key on local host (all lookups in ansible are executed locally).
You may want to capture (register) result of user task and use it's fields:
- name: create user
user:
name: test_user_003
generate_ssh_key: yes
group: sudo
ssh_key_passphrase: xyz
register: new_user
- name: Set authorized key
authorized_key:
user: test_user_003
state: present
key: "{{ new_user.ssh_public_key }}"
Is there a way to access the vault password as a variable in an Ansible playbook? I am looking for something like this:
---
debug: var=ansible_vault_password
I ended up solving this by copying the local vault password file to the server. The task to do that looks like that:
- name: setup ansible vault password file
copy:
src: /path/to/local/vault_pass
dest: /root/.vault_pass
mode: 0600
owner: root
group: root
And then the root user will execute the ansible-pull command.
Try to save the password into a different file and use "vars_files" to include the password. Example:
In Password.yml:
ansible_vault_password: redhat
In Playbook.yml:
Host: xyz
vars_files: password.yml
tasks:
debug:
var: "{{ ansible_vault_password }}"
Try this and please let me know.
I have an Ansible (2.1.1.) inventory:
build_machine ansible_host=localhost ansible_connection=local
staging_machine ansible_host=my.staging.host ansible_user=stager
I'm using SSH without ControlMaster.
I have a playbook that has a synchronize command:
- name: Copy build to staging
hosts: staging_machine
tasks:
- synchronize: src=... dest=...
delegate_to: staging_machine
remote_user: stager
The command prompts for password of the wrong user:
local-mac-user#my-staging-host's password:
So instead of using ansible_user defined in the inventory or remote_user defined in task to connect to target (hosts specified in play), it uses the user that we connected to delegate-to box as, to connect to target hosts.
What am I doing wrong? How do I fix this?
EDIT: It works in 2.0.2, doesn't work in 2.1.x
The remote_user setting is used at the playbook level to set a particular play run as a user.
example:
---
- hosts: webservers
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum:
name: httpd
state: latest
- name: write the apache config file
template:
src: /srv/httpd.j2
dest: /etc/httpd.conf
If you only have a certain task that needs to be run as a different user you can use the become and become_user settings.
- name: Run command
command: whoami
become: yes
become_user: some_user
Finally if you have a group of tasks to run as a user in a play you can group them with block
example:
- block:
- name: checkout repo
git:
repo: https://github.com/some/repo.git
version: master
dest: "{{ dst }}"
- name: change perms
file:
dest: "{{ dst }}"
state: directory
mode: 0755
owner: some_user
become: yes
become_user: some user
Reference:
- How to switch a user per task or set of tasks?
- https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html
The one which works for me but please note that it is for Windows and Linux do not require become_method: runas and basically does not have it
- name: restart IIS services
win_service:
name: '{{ item }}'
state: restarted
start_mode: auto
force_dependent_services: true
loop:
- 'SMTPSVC'
- 'IISADMIN'
become: yes
become_method: runas
become_user: '{{ webserver_user }}'
vars:
ansible_become_password: '{{ webserver_password }}'
delegate_facts: true
delegate_to: '{{ groups["webserver"][0] }}'
when: dev_env
Try set become: yes and become_user: stager on your YAML file... That should fix it...
https://docs.ansible.com/ansible/2.5/user_guide/become.html