- create an inventory file (e.g. hosts or hosts.yaml) that holds the remote hosts that ansible will handle.
- Example entry is
webserver: # <-- group
hosts: # <-- List of hosts in group
gcloud_host: # <-- host number 1 in group
ansible_host: 35.189.109.16
ansible_port: 22
ansible_ssh_user: rg
app01: # <-- host number 2 in group
ansible_host: app01
app02: # <-- host number 3 in group
ansible_host: app02
vars: # <-- common variables in this group
ansible_python_interpreter: /usr/bin/python3- to test if all hosts are accesible, run
ansible -m ping all- to test if a group of hosts are accesible, run
ansible -m ping all <group-name>- run testing environment
vagrant plugin install vagrant-hostmanager
cd vagrant
vagrunt up
vagrant ssh-config >> ~/.ssh/config- run a playbook
ansible-playbook -l database playbooks/database.ymlLinks:
- create a file that holds the secret
touch playbooks/vars/api_key.yml- encrypt the file
ansible-vault encrypt playbooks/vars/api_key.yml- run task that needs this file
ansible-playbook playbooks/use-api-key.yaml --ask-vault-passand you will be asked to provide the password
- edit the encrypoted file with
ansible-vault edit playbooks/vars/api_key.ym- use stored password to decrypt create a file that holds the password with 600 permissions
vim ~/.ansible/vault_pass.txt
chmod 600 ~/.ansible/vault_pass.txtansible-playbook playbooks/use-api-key.yaml --vault-password-file ~/.ansible/vault_pass.txtLinks:
add this line to ansible.cfg in [defaults] section
host_key_checking = falseLinks:
ansible-playbook -l <hostname> playbooks/hostvars_and_facts.ymlcd files/certs
openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 --nodes -subj '/C=GR/O=myorganization/OU=it/CN=myorg.com'notice that crt and key files are added to .gitignore
install postgresql role
ansible-galaxy install geerlingguy.postgresqlansible-galaxy install geerlingguy.docker
ansible-galaxy install geerlingguy.pip
ansible-galaxy install geerlingguy.jenkins
ansible-galaxy install geerlingguy.java