I am fairly new to Ansible. I am using a couple of Ansible roles that need some tweaking of specific tasks to work on CentOS 7. What is the best workflow to handle local changes to Ansible-Galaxy roles?
Here are the options I am considering:
Fork the role and make change. Downside is that I would lose the ability to grab dependencies by running Ansible-Galaxy install -r requirements.txt
File an issue with the developer on github. Downside is they may never accept my change or may take several days/weeks.
Make changes locally. Downside is I wont be able to update roles from galaxy without losing my local changes.
After reading the documentation for the ansible-galaxy command I realized I could be pointed directly at my github fork and not affect the ability to grab dependencies using Ansible-Galaxy install -r requirements.txt.
Example: Adding a github repo to requirements.yml:
# from GitHub
src: https://github.com/bennojoy/nginx
Related
I'm new to Ansible and I'm trying to create a package to deploy to a Windows client running Chocolatey. I have all the winrm connections working between my ansible server and my windows client, but I am struggling to understand how to define and create packages.
As an example:
I want to install Notepad++ on the Windows client. I do not want it to connect to the internet to download the installer executable. Instead, I want the ansible server to push the exe to the client, then have the client execute it locally.
Can anyone explain and/or provide an example of a playbook to handle this? I know this is more easily achievable on windows via other products like SCCM, but for these purposes ansible is required.
The ansible playbook call you would look to make would look like such:
- name: Install notepadplusplus.install
win_chocolatey:
name: notepadplusplus.install
version: '8.4.5'
source: https:/YourInternalNuGetV2Repo
state: present
You would look to host the Chococlatey package on an internal NuGet V2 Repository
I think the part here that's missing is that you don't have a packages repository for Chocolatey to pull from. If you want to deploy a package with Chocolatey, it needs to get it from somewhere; the Ansible playbooks don't allow you to create packages directly and push them to machines, they mostly just allow you to setup Chocolatey and run Chocolatey commands.
If you want to build a Chocolatey package directly on the Ansible server, the Ansible modules for Chocolatey specifically don't have that functionality built in. You could potentially use other Ansible modules to construct the necessary script and zip files for the Chocolatey package, bundle in a targeted installer .exe, and upload it to the client. Not sure exactly how you'd do that, Ansible is generally for the deployment itelf moreso than packaging things for deployment.
Then, you could have the client instructed to install it by first adding the local folder that the package was uploaded to as a Chocolatey source:
win_chocolatey_source:
name: local
state: present
source: C:\\packages_folder
win_chocolatey:
name: package_name
source: local
state: latest
Instead, I want the ansible server to push the exe to the client, then have the client execute it locally.
If that is all you want then you don't need Chocolatey. Use win_copy to copy the EXE over from the server to the client and use something like win_command to execute it.
There are some caveats to it. You will need the command line arguments to make it run silently and headless. You'll need to test it all as some installers return immediately (and so control would return immediately to your playbook) even though they are still installing.
If you need to use Chocolatey then the other answers here are what you are looking for.
I managed to create playbooks to backup an existing running Wordpress server by installing a VM backup server on Debian, so using APT package manager in Ansible.
Now I would like to be able to use the same playbooks but for installing at the same time the backup on an Alpine linux server.
Is there a more generic way than using APT or APK modules ?
If not what would you recommend me ?
Regards,
FB
Yes, and it's called package module, check https://docs.ansible.com/ansible/2.9/modules/package_module.html
Package names, however, might be different from distro to distro, and you still will have to provide distro-specific instructions. Quoting doc:
Package names also vary with package manager; this module will not "translate" them per distro. For example libyaml-dev, libyaml-devel.
The usual way to avoid it is to create distro-specific subtasks for different os families, or distro-specific variables, which are included with some condition.
I have seen a number of sites that explain how to install a role from a tar.gz file using ansible-galaxy, and they all seem to say the same thing.
In my case I have downloaded the following role file from ansible galaxy :
dsglaser-cis_security-1.2.0.tar.gz
Then I tried to install the role:
ansible-galaxy collection install dsglaser-cis_security-1.2.0.tar.gz
which gives me the warning :
[WARNING]: - collection was NOT installed successfully: Failed to get data from the API server (https://galaxy.ansible.com/api/): Failed to connect to galaxy.ansible.com at port 443: [Errno 104] Connection reset by peer
This is correct, because this machine is not, and never will be connected to the internet.
Another attempt :
ansible-galaxy install dsglaser-cis_security-1.2.0.tar.gz
results in another warning:
[WARNING]: - dsglaser-cis_security-1.2.0.tar.gz was NOT installed successfully: the specified roles path exists and is not a directory.
Also tried using the -p option to indicate where I want the role to be installed, with and without the directory present, but every attempt resulted in the last warning.
I'm not doing this as root...
Ansible version is 2.8.13
Just discovered that the command
ansible-galaxy install dsglaser-cis_security-1.2.0.tar.gz -p ./bla
does work, but only as root. And that's not what I want...
What am I doing wrong ?
I have been banging my head against the wall on this one for a while. I found that the collections I am trying to install have dependencies, that are not included in the tar.gz file.
This makes galaxy go out to download the files not found.
The way to get around this is by using another machine with ansible (2.10+) and transferring the files over.
Once you have ansible installed on a machine with internet use the following command
ansible-galaxy collection download {{ name of collection, if multiple use space as a separator }}
i.e.
ansible-galaxy collection download cisco.ios cisco.asa
This will create a folder in your current working directory with a tar.gz of the collection and its dependencies, as well as a requirements.yml file.
Note: with the requirements.yml file, if you re-run the download command, it will overwrite this, so if you have multiple collections use the single line command above.
Then it's just a matter of copying that folder over to the offline ansible server (2.9+), cd to that directory, and run:
ansible-galaxy collection install -r requirements.yml
Bobs your uncle.
I hope this saves someone time.
Thanks goes to this reddit post on the same topic
https://www.reddit.com/r/ansible/comments/lh1do0/ansible_newbie_trying_to_install_an_ansible/
AFAIK, installation from archives was never support for roles but was supported for collections.
For roles you are stuck with installation from git URLs.
This alone is a good-enough reason for me to avoid using old standalone roles, especially as support for them in galaxy is minimal, no new features being added (like install from tar archives).
Vagrant has a very nice feature called galaxy_role_file that allows one to point to a requirements.yml file and to install the roles listed there upon vagrant up (provided that the vm is configured to use ansible provisioner).
My question is whether there is such an option in ansible itself, given that I was unable to find it available configurations.
or do we always have to explicitly type ansible-galaxy install -r requirements.yml before each first playbook execution?
I'm using ansible and pip with a requirements.txt. It would be nice to know the progress of the install (with respect to which requirement lines have been processed). Is there a way to know in real time what lines have been processed?
I assume, you are using the pip module to install packages on a target machine.
Due to ansible concepts there cannot be such a possibility:
Ansible is designed to automate the tasks on remote systems in a parallel way. Just imagine your playbook concerns a group of hosts (which all should install packages): How could there be a sensible output in real time?
The only thing you can do is to capture the output with register and to print it with debug, but that would be after execution.