Keep Ansible DRY: How to avoid repeating variables? - ansible

Recently just started using Ansible and I have run into a problem. In one of my YAML structures I have defined something like this:
---
# file: main.yml
#
# Jenkins variables for installation and configuration
jenkins:
debian:
# Debian repository containing Jenkins and the associated key for accessing the repository
repo: 'deb http://pkg.jenkins-ci.org/debian binary/'
repo_key: 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key'
# Dependencies needed for Jenkins to run properly
dependencies:
- 'openjdk-7-jdk'
- 'git-core'
- 'curl'
port: 8080
# Installation directory
home: '/opt/jenkins'
# Path to the location of the main Jenkins-cli binary
bin_path: '{{jenkins.home}}/jenkins-cli.jar'
# Path to the location of the Jenkins updates file
updates_path: '{{jenkins.home}}/updates_jenkins.json'
Ansible gives me an error like this from a specific task:
"recursive loop detected in template string:
{{jenkins.home}}/updates_jenkins.json"
I've narrowed it down to the problem being with the fact bin_path and updates_path both refer to 'home'. Is there a way around this? It kind of sucks that I would need to define '/opt/jenkins' multiple times.

As far as I know that this is a limitation of jinja2 variables. it was working with the old ${} and broke since 1.4. I am not sure if they fixed that in 1.5.
My temp solution would be removing home from the "jenkins"
---
# file: main.yml
#
# Jenkins variables for installation and configuration
# Installation directory
jenkins_home: '/opt/jenkins'
jenkins:
debian:
# Debian repository containing Jenkins and the associated key for accessing the repository
repo: 'deb http://pkg.jenkins-ci.org/debian binary/'
repo_key: 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key'
# Dependencies needed for Jenkins to run properly
dependencies:
- 'openjdk-7-jdk'
- 'git-core'
- 'curl'
port: 8080
# Path to the location of the main Jenkins-cli binary
bin_path: '{{jenkins_home}}/jenkins-cli.jar'
# Path to the location of the Jenkins updates file
updates_path: '{{jenkins_home}}/updates_jenkins.json'

This should do it:
bin_path: "{{ jenkins['home'] }}/jenkins-cli.jar"

Related

How to handle multiple bambooinstances with one bamboo.yaml

I have a bamboo.yaml (same project) which is used on 2 diffrent Bambooservers - this is needed (cause of staging concept and other stufff)
The buildjobs differ a bit on those bambooinstances, i could solve this by using global-variables and conditional Task.
Like this:
tasks:
- maven:
executable: Maven 3.6.3
jdk: JDK 11.0.2
goal: |-
clean install -s settings.xml
environment: BUILD_USER=${bamboo.hpf_bamboo_user} BUILD_PWD=${bamboo.hpf_bamboo_password}
conditions:
- variable:
equals:
bamboo_instance: devstack
- maven:
executable: Maven 3.6.3
jdk: JDK 11.0.2
goal: |-
clean deploy -s settings.xml
environment: BUILD_USER=${bamboo.hpf_bamboo_user} BUILD_PWD=${bamboo.hpf_bamboo_password}
conditions:
- variable:
equals:
bamboo_instance: ci
The group which should have permissions on the job has diffrent names on the bambooinstances too,
but i cant use variables on permissions.
plan-permissions:
- users: []
groups: ${bamboo.devgroup}
This will return the error "no group '${bamboo.devgroup}'"
Has anyone a idea how i could solve this ?
FYI: Found a Solution
its possible to define the bamboo-server name in the yaml - bamboo will skip the configurations which have another servername as itself :)
server-name: 'bambooservername'

Location to keep Ansible custom modules

In the following directory structure I have to create a zip of "anisble" directory. The idea is to put everything inside the ansible directory like playbook, roles, inventory details and custom modules into a zip package and
its contents should not have any dependency on anything outside "ansible" directory.
<home>
|<user>
|__ansible
|_____playbook.yml
|_____inventory/
| |____myHosts
|
|_____library/
| |___my_Custom_module.py
|_roles
| |____role1
|____role2
I cannot use: "/home/$USER/.ansible/plugins/modules/" as this will make solution user specific and "/usr/share/ansible/plugins/modules/" is outside of the ansible directory and does need privileges(which user does not have)
Question:
Is there any possible place were my_custom_module.py can be placed so it will automatically get picked by ansible while running? This must be somewhere inside "ansible" directory.
If I do this before running the ansible playbook, it works but is there anyway to programmatically do it from ansible playbook before using the custom module ?
export ANSIBLE_LIBRARY=library/my_custom_module.py
Is there anyway I can provide the path of the custom module relative to "ansible" directory ? either in any conf file or env variable ? Note that I cannot use /etc ,/usr/ etc . Everything had to be inside ansible directory,
Is it even possible ?
You can create a file ansible.cfg inside of your ansible directory and then set the DEFAULT_MODULE_PATH variable (library) in that file:
[defaults]
library = ./library
More info can be found in the Ansible documentation for the Ansible configuration.
Here's what the documentation says about this setting:
Description: Colon separated paths in which Ansible will search for Modules.
Type: pathspec
Default: ~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
Ini Section: defaults
Ini Key: library
Environment: ANSIBLE_LIBRARY

Can I add roles in a private git repo as a meta/dependancy in Ansible?

I have a bunch of Ansible roles that I'd like to reuse. They are each kept in a repo in a private BitBucket.
I want to add projects that are hosted in Git as meta/dependencies for my the roles I'm working on but I can't quite figure out the syntax is.
In this non-working example, a role requires another role to be deployed first with parameters prior to running.
FYI, The remote role "acm_layout" is intended to create a standard directory layout for the server, so that my role can run knowing that all of the standard directories already exist.
---
dependencies:
- { role: project_keys } # Works fine, just reuses a local role
- name: acm_layout # Doesn't work, but this is what I want to fix
src: ssh://git#bigcompany.com/acm/acm_layout.git
scm: git
version: feature/initialize
application_storage_dir: "{{base_storage_dir}}"
application_data_dir: "{{app_data_dir}}"
When I runt this I get the following error:
ERROR! the role 'acm_layout' was not found in [lots of paths deleted]
The error appears to have been in '/home/zs5fgzg/_tmp/horizon_deployment_scf/ansible/roles/horizon_layout/meta/main.yaml': line 4, column 6, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- { role: horizon_keys }
- src: ssh://git#bigcompany.com:7999/acm/acm_layout.git
^ here
So what's the correct way to do this?
Yes, you can use ansible-galaxy install with requirements.yml option to get roles remotely. Create requirements.yml as follows:
https://github.com/avinash6784/elk-stack/blob/master/requirements.yml
And run the following command:
$ ansible-galaxy install -r requirements.yml -p roles/
For more info on how to get roles using ansible-galaxy please visit
http://docs.ansible.com/ansible/latest/galaxy.html

How can we use environment variables in a Jekyll config file?

Is there a way I can use one my bash environment variable (say $FOO) in my Jekyll's _config.yml file?
I've tried using:
foo = <%= ENV['FOO'] %>
But it didn't work as the Ruby code wasn't interpreted.
Versions used:
Ruby: 2.1.2
Jekyll: 2.5.3
If your goal is to use environment variables as liquid items {{ site.something }}, you might be able to get this thing in your Gemfile a go:
gem 'jekyll-environment-variables', group: :jekyll_plugins
And then you'll be able to use {{ site.env.HOME }} and expect it be converted to something like /home/ubuntu in the output HTML.
Disclosure: I am the owner of the gem and I've been using it personally since long ago.
The answer by #elryco is close but not quite right, at least for my setup. It took some trial and error, but this finally worked. Note this only works for certain env vars supported by the contentful plugin.
Note that you need the gem jekyll-contentful-data-import (v1.7.0 or up) for this solution to actually work.
Bash environment (e.g., ~/.bash_profile):
export CONTENTFUL_ACCESS_TOKEN=foo
export CONTENTFUL_SPACE_ID=bar
In _config.yml, reference them as:
contentful:
spaces:
- example:
space: ENV_CONTENTFUL_SPACE_ID
access_token: ENV_CONTENTFUL_ACCESS_TOKEN
This is the same as what's written in the Github documentation.
I recently had to try and do this myself. It turns out you can't put environment variables directly into a Jekyll config file, but you can write a rake task that will take environment variables and apply them to your config.
Here's an example:
# Rakefile
require 'jekyll'
task default: %w[build]
desc "Build the site"
task :build do
config = Jekyll.configuration({
url: ENV["SITE_URL"],
})
site = Jekyll::Site.new(config)
Jekyll::Commands::Build.build(site, config)
end
Unfortunately there is no direct way of accessing it in liquid tags, At Least not officially.
But I wrote a wrapper script which reads environment variables before jekyll starts and appends it to _config.yml file and deletes the variable post build.
echo "secret-variable: $PASSWORD" >> _config.yml
bundle exec jekyll build -d target
sed '$d' _config.yml //this is to delete the last line
Now I'm free to use site.secret-variable anywhere in the liquid tags.
I know that this not the right way of doing it, But so is writing a custom ruby script.
I personally find the use of a ruby Jekyll plugin more appropriate and portable. There's a very simple yet effective solution available here.
The main idea is ruby will have access to the ENV variables so you can use a small ruby plugin to load into your site.config liquid array all the information you want from the environment. And you can define default values as well.
Please note that the example given in the link isn't the most relevant since the prod/staging environment is already offered by Jekyll natively with the build command options.
It is now possible to use bash environment variable (say $FOO) in Jekyll's _config.yml file with GitHub Actions:
# _config.yml
title: FOO
Create a bash script say sample.sh to replace for a given input string FOO and replace with another string
# github/workflows/sample.sh
export FOO=XYZ
while IFS='' read -r a; do
echo "${a//FOO/$FOO}"
done < /_config.yml > /_config.yml.t
mv /_config.yml{.t,}
Create a workflow file, say github-pages.yml, put the script before Build with Jekyll:
# Sample workflow for building and deploying a Jekyll site to GitHub Pages
name: Deploy Jekyll with GitHub Pages dependencies preinstalled
on:
# Runs on pushes targeting the default branch
push:
branches:
- 'master'
- 'mybranch'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: read
pages: write
id-token: write
# Allow one concurrent deployment
concurrency:
group: "pages"
cancel-in-progress: true
jobs:
# Build job
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v3
- name: Setup Pages
uses: actions/configure-pages#v2
- name: Utilize FOO
run: |
bash .github/workflows/sample.sh
- name: Build with Jekyll
uses: actions/jekyll-build-pages#v1
with:
source: ./
destination: ./_site
- name: Upload artifact
uses: actions/upload-pages-artifact#v1
# Deployment job
deploy:
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs: build
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages#v1
If your bash environment variables are declared like this
export ENV_ACCESS_TOKEN=xxxxx
export ENV_SPACE_ID=yyyyyy
You can get it like this in your config.yml
space: ENV_SPACE_ID # Required
access_token: ENV_ACCESS_TOKEN # Required

Sharing Ansible roles

I have packages of Ansible roles that I would like to import into a project.
If I organise them by subdirectory I run into problems relating to dependency relative paths
i.e the shared role needs to know its relative location of where it would be installed if it uses meta dependencies
I would like to be able to just reference everything to the directory the playbook is being run from though this doesn't work
roles/roleA/meta
---
dependencies:
- { role: "{{ playbook_dir }}/roles/shared_roles/roleB"}
roles/shared_roles/roleB
...
I've tried multiple options and running out of ideas.
I looked into roles-path http://docs.ansible.com/intro_configuration.html#roles-path
Though I don't really want to have to uniquely name all roles as they ought to be namespaced / grouped.
Thanks
You could basically use ansible-galaxy to install the roles within ~/.ansible/roles/ path.
The path of .ansible in my macOS machine is in: ~/.ansible/roles/
All you need to do is just create a requirements.yml file which looks something like this:
- src: git+https://<githubURL-Master-role>.git
scm: git
name: Master-role
- src: git+https://<githubURL-dependent1-role>.git
scm: git
name: dependent1-role
- src: git+https://<githubURL-dependent2-role>.git
scm: git
name: dependent2-role
Run this command to install your roles in ~/.ansible/roles/ path:
sudo ansible-galaxy -vvv -r install requirements.yml
This will basically set your roles in the ~/.ansible/roles/ path. To understand it better please follow this documentation https://docs.ansible.com/ansible/latest/reference_appendices/galaxy.html.
and then, like you have already mentioned, you should add all the dependent roles in your ##path/master-role/meta/main.yml file even before executing the anisble-galaxy command, in-order to execute the dependent roles before the master-role, when you run your master-role playbook.
The ##path/master-role/meta/main.yml file looks something like this:
galaxy_info:
author: Jithendra
description: blah...blah...blah
min_ansible_version: 1.2
galaxy_tags:'[]'
dependencies:
- { role: 'Master-role, when: blah == "true"'} #when condition is optional
- { role: 'dependent1-role, when blah == "false"'}
- { role: 'dependent2-role, when blah == "false"'}
Solved it by enforcing that all shared modules reference the name of the shared directory in all dependencies.
I wanted to leave this up to the calling project and hoped that dependencies would be relative to the role directory.
The solution works though and provides namespacing so I can include multiple roles with the same name as long as they are in separate directories.
I now have a project that includes 3 separate packages of roles
PLAY RECAP ********************************************************************
staging : ok=214 changed=5 unreachable=0 failed=0
Its all built using Maven, each shared group being a maven dependency. If anybody reads this and it helps i'll share the structure / poms etc.

Resources