Monday, 8 August 2022

Git strategies for applying bug fixes

$ mkdir test
 
$ cd test
 
$ git init
Initialised empty Git repository in /home/bojan/dev/test/.git/
 
$ git status
On branch master

No commits yet

nothing to commit (create/copy files and use "git add" to track)
 
$ touch foo.txt
 
$ vi foo.txt
 
foo.txt:
 
feature A {
   A.1
   A.2
   A.3
}
 
$ git status
On branch master

No commits yet

Untracked files:
  (use "git add <file>..." to include in what will be committed)
    foo.txt

nothing added to commit but untracked files present (use "git add" to track)
 
$ git add foo.txt
 
$ git status
On branch master

No commits yet

Changes to be committed:
  (use "git rm --cached <file>..." to unstage)
    new file:   foo.txt
 
$ git commit -m "Added feature A"
[master (root-commit) ae68f9e] Added feature A
 1 file changed, 5 insertions(+)
 create mode 100644 foo.txt

 
 
Let's now create a feature branch for feature B. Let's assume we add a bug in its first implementation.
 
$ git checkout -b feature/B
Switched to a new branch 'feature/B'
 
$ vi foo.txt 
 
foo.txt:
 
feature A {
   A.1
   A.2
   A.3
}

feature B {
   B.1
   B.2 - bug
   B.3
}
 
$ git status
On branch feature/B
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
    modified:   foo.txt

no changes added to commit (use "git add" and/or "git commit -a")
 
$ git add foo.txt 
 
$ cat foo.txt
feature A {
   A.1
   A.2
   A.3
}

feature B {
   B.1
   B.2 - bug
   B.3
}
 
$ git commit -m "Added feature B"
[feature/B c2f2c7d] Added feature B
 1 file changed, 6 insertions(+)
 
$ git log
commit c2f2c7d39fb93b3fb45ec9ff384e0ebd5303253d (HEAD -> feature/B)
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:36:48 2022 +0100

    Added feature B

commit ae68f9ea4bf55f54a8f40831df5b980dc30e5c6e (master)
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:34:20 2022 +0100

    Added feature A
 
 
$ git rebase master
Current branch feature/B is up to date.
 
$ git checkout master
Switched to branch 'master'
 
$ git merge feature/B
Updating ae68f9e..c2f2c7d
Fast-forward
 foo.txt | 6 ++++++
 1 file changed, 6 insertions(+)

 
Let's assume we've now realized that there's a bug in the current implementation of feature B.
 
 
$ git log
commit c2f2c7d39fb93b3fb45ec9ff384e0ebd5303253d (HEAD -> master, feature/B)
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:36:48 2022 +0100

    Added feature B

commit ae68f9ea4bf55f54a8f40831df5b980dc30e5c6e
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:34:20 2022 +0100

    Added feature A
 
 
$ git revert c2f2c7d39fb93b3fb45ec9ff384e0ebd5303253d
[master cd72121] Revert "Added feature B"
 1 file changed, 6 deletions(-)
 
$ git log
commit cd721217e154dc74cad4037135c0ea2c0b898696 (HEAD -> master)
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:42:57 2022 +0100

    Revert "Added feature B"
    
    This reverts commit c2f2c7d39fb93b3fb45ec9ff384e0ebd5303253d.

commit c2f2c7d39fb93b3fb45ec9ff384e0ebd5303253d (feature/B)
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:36:48 2022 +0100

    Added feature B

commit ae68f9ea4bf55f54a8f40831df5b980dc30e5c6e
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:34:20 2022 +0100

    Added feature A
 
 
We now want to fix the bug so we create a new branch, B2, by branching off feature/B:
 
$ git checkout feature/B
Switched to branch 'feature/B'
 
$ git checkout -b feature/B2
Switched to a new branch 'feature/B2'
 
$ cat foo.txt
feature A {
   A.1
   A.2
   A.3
}

feature B {
   B.1
   B.2 - bug
   B.3
}
 
 
$ vi foo.txt 

foo.txt:

feature A {
   A.1
   A.2
   A.3
}

feature B {
   B.1
   B.2 - bug fixed
   B.3
}
 
 
$ git status
On branch feature/B2
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
    modified:   foo.txt

no changes added to commit (use "git add" and/or "git commit -a")
 
$ git commit -a -m "Fixed bug in feature B"
[feature/B2 29dbed4] Fixed bug in feature B
 1 file changed, 1 insertion(+), 1 deletion(-)
 
$ git status
On branch feature/B2
nothing to commit, working tree clean
 
$ cat foo.txt
feature A {
   A.1
   A.2
   A.3
}

feature B {
   B.1
   B.2 - bug fixed
   B.3
}

Before we merge feature branch to trunk, we first want to rebase it:
 
 
$ git rebase -i master
Auto-merging foo.txt
CONFLICT (content): Merge conflict in foo.txt
error: could not apply 29dbed4... Fixed bug in feature B

Resolve all conflicts manually, mark them as resolved with
"git add/rm <conflicted_files>", then run "git rebase --continue".
You can instead skip this commit: run "git rebase --skip".
To abort and get back to the state before "git rebase", run "git rebase --abort".
Could not apply 29dbed4... Fixed bug in feature B
 
 
$ vi foo.txt 

We're taking all changes from feature branch.

$ git add foo.txt 
 
$ git rebase --continue
[detached HEAD b86cff8] Fixed bug in feature B
 1 file changed, 7 insertions(+)
Successfully rebased and updated refs/heads/feature/B2.
 
$ git log
commit b86cff82118bb6af2bf10a4adf584e924acaaed0 (HEAD -> feature/B2)
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:47:55 2022 +0100

    Fixed bug in feature B

commit cd721217e154dc74cad4037135c0ea2c0b898696 (master)
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:42:57 2022 +0100

    Revert "Added feature B"
    
    This reverts commit c2f2c7d39fb93b3fb45ec9ff384e0ebd5303253d.

commit c2f2c7d39fb93b3fb45ec9ff384e0ebd5303253d (feature/B)
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:36:48 2022 +0100

    Added feature B

commit ae68f9ea4bf55f54a8f40831df5b980dc30e5c6e
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:34:20 2022 +0100

    Added feature A
 
$ git status
On branch feature/B2
nothing to commit, working tree clean
 
 
We can now merge feature branch into master:
 
 
$ git checkout master
Switched to branch 'master'
 
$ git status
On branch master
nothing to commit, working tree clean
 
$ git log
commit cd721217e154dc74cad4037135c0ea2c0b898696 (HEAD -> master)
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:42:57 2022 +0100

    Revert "Added feature B"
    
    This reverts commit c2f2c7d39fb93b3fb45ec9ff384e0ebd5303253d.

commit c2f2c7d39fb93b3fb45ec9ff384e0ebd5303253d (feature/B)
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:36:48 2022 +0100

    Added feature B

commit ae68f9ea4bf55f54a8f40831df5b980dc30e5c6e
Author: Bojan Komazec <bojan.komazec@example.com>
Date:   Mon Aug 8 21:34:20 2022 +0100

    Added feature A
 
$ git merge feature/B2
Updating cd72121..b86cff8
Fast-forward
 foo.txt | 7 +++++++
 1 file changed, 7 insertions(+)
 
$ git status
On branch master
nothing to commit, working tree clean
 
$ cat foo.txt
feature A {
   A.1
   A.2
   A.3
}

feature B {
   B.1
   B.2 - bug fixed
   B.3
}



We assumed here that we had the original feature branch available. Alternatively, we could have created a new branch off the master, reverse the reverse commit, apply the fix and then merge it back to master.

Friday, 15 July 2022

Unix Shell Redirection

Redirection operators > and >> can write into a file or a device.

  • > will overwrite existing file or crate a new file
  • >> will append text to existing file or create a new file

 

Example: redirecting command output into a file

$ touch temp.txt
$ echo "Hello, world!" > temp.txt
$ cat temp.txt
Hello, world!
$ echo "Hello, world!" > temp.txt
$ cat temp.txt
Hello, world!
$ echo "Hello, world!" >> temp.txt
$ cat temp.txt
Hello, world!
Hello, world!

Here are examples where redirect operators crated new files:

$ echo "Hello, world!" > temp2.txt
$ cat temp2.txt
Hello, world!
$ echo "Hello, world!" >> temp3.txt
$ cat temp3.txt
Hello, world!

Devices/files:

0 - stdin (standard input)
1 - stdout (standard output)
2 - stderr (error message output) 
/dev/null - special device (null device) which discards any input

 

Example: discarding command output messages (including error messages)

command > /dev/null 2>$1

2>$1 redirects stderr into stdout and > /dev/null redirects stdout into null device.

More compact version of the above line is:

command  &> /dev/null

&> /dev/null redirects both stdout and stderr into null device.


References:


What does “>” do vs “>>”?

Thursday, 7 July 2022

How to run a basic Ansible playbook locally


 

Here is an example of the simplest Ansible playbook:

hello_world.yaml:

---
- name: Run Ansible playbook locally
  hosts: localhost
  gather_facts: no

  tasks:
    - ansible.builtin.debug:
        msg: Hello, world!

 

ansible-playbook

 

We can run it with ansible-playbook which executes tasks from playbook on a defined hosts. This tool is installed within Ansible (core) installation:
 
$ which ansible-playbook
/usr/bin/ansible-playbook
 
To run the playbook:

$ ansible-playbook hello_world.yaml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [Run Ansible playbook locally] *********************************************************************************************************************************

TASK [ansible.builtin.debug] ****************************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "Hello, world!"
}

PLAY RECAP **********************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0


To see the changes made during execution of the playbook we can use --diff option:

$ ansible-playbook hello_world.yaml --diff

From $ ansible-playbook --help:

-D, --diff: when changing (small) files and templates, show the differences in those files; works great with --check

To dry run the playbook we need to use check mode (--check or -C):

$ ansible-playbook hello_world.yaml --check

From $ ansible-playbook --help:

-C, --check: don't make any changes; instead, try to predict some of the changes that may occur

Playbook is run in read-only mode, Ansible still connects to the hosts and checks their state.

If someone manually made changes on the host, Ansible detects that but with --check option it will not revert that state to the one defined in playbook. But we'll be able to see what has been changed:

TASK [task_name]
changed: [node1]

To see changes that would be made should the playbook be executed we can combine --diff and --check options:

$ ansible-playbook hello_world.yaml --diff --check

Example:

- name: Create directory and a file in it
  hosts: localhost
  tasks:
    - name: Create directory
      ansible.builtin.file:
          path: ./temp
          state: directory
          mode: '0755'

    - name: Create a file, using symbolic modes to set the permissions (equivalent to 0644)
      ansible.builtin.file:
        path: ./temp/foo.txt
        state: touch
        mode: u=rw,g=r,o=r

Dry run and diff output:

$ ansible-playbook multiple_plays.yaml --check --diff
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [Create directory and a file in it] ****************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************
ok: [localhost]

TASK [Create directory] *********************************************************************************************************************************************
--- before
+++ after
@@ -1,4 +1,4 @@
 {
     "path": "./temp",
-    "state": "absent"
+    "state": "directory"
 }

changed: [localhost]

TASK [Create a file, using symbolic modes to set the permissions (equivalent to 0644)] ******************************************************************************
ok: [localhost]

PLAY RECAP **********************************************************************************************************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 

 

Validating tasks: check mode and diff mode — Ansible Documentation

 

ansible-navigator 

 

Ansible playbooks can also be run by ansible-navigator:

$ ansible-navigator run hello_world.yaml 

This will not print the output in terminal but we can find it in stdout value in JSON file (that gets created next to the YAML source file):

hello_world-artifact-2022-07-07T10:06:23.959652+00:00.json

To get the output in stdout, we can use --mode:

$ ansible-navigator run ./run_locally/hello_world.yaml --mode stdout
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'

PLAY [Run Ansible playbook locally] ********************************************

TASK [Print debug message] *****************************************************
ok: [localhost] => {
    "msg": "Hello, world!"
}

PLAY RECAP *********************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 


---

Wednesday, 6 July 2022

Introduction to Ansible


Ansible helps:
  • automate the deployment
  • manage automation
  • orchestrate
  • manage configurations
  • deploy applications
  • provision/deprovision
  • deliver continuously
  • secure and comply
on
  • firewalls
  • load balancers
  • applications
  • containers
  • virtualization platforms
  • servers
  • clouds
  • storage
  • network devices
  • ...
 
Ansible is:
  • Infrastructure as Code (IaC) tool that allows using a single central location (Ansible control node) to monitor and control a large number of remote servers (hosts)
  • set of tools for orchestration, configuration management, deployment, and task execution mainly by using playbooks
  • used for configuring Linux and Windows operating systems over the ssh protocol 
 

Ansible VS Bash - When to use one over another?

 
 
 
 
The benefit of using Ansible is that commands are idempotent, this means that we can re-run commands and if the effect we desire is already there nothing will change, this is an improvement over creating our own scripts that will probably have unforeseen consequences when we run them multiple times. 
 

Ansible VS Terraform - When to use one over another?

Use Terraform to provision resources and then Ansible to install software on them.

 
Announcements of the latest releases: Ansible Announcements - Google Groups

 

Ansible Core 

 
Ansible Core components:
  • CLI - includes ansible, ansible-playbook, ansible-doc and other tools 
  • language - YAML, for crating set of rules for developing playbooks
  • framework - allows collections to be installed and operated from Ansible Hub and Ansible Galaxy
  • functions - includes conditionals, blocks, includes, loops and other imperatives 

 

Ansible Playbooks

 

  • lists of tasks we want our remote hosts to perform
  • describe the desired state for operating system properties like files, services, filesystems etc...
  • can be saved and reused, allowing to automate complex processes
  • They are written as YAML documents. 
Playbook example:

playbook.yaml:

# Taken from Red Hat's "Ansible Basics: An Automation Technical Overview" Udemy course
---
- name: Install and start Apache
  hosts: web
  become: yes

  tasks:
    - name: httpd package is present
      yum:
        name: httpd
        state: latest

    - name: latest index.html file is present
      template:
        src: files/index.html
        dest: /var/www/html/

    - name: httpd is started
      service:
        name: httpd
        state: started

 
A valid yaml file starts with triple dash (---).

Ansible playbook consists of:
  • plays
    • single playbook can contain multiple plays
  • modules
    • tasks have 1:1 correlation with modules e.g. yum module, template module, service module
    • task name is optional but recommended
    • module has parameters e.g. yum has name and state (in the example above this instructs yum to install the latest httpd)
  • plugins

Running Playbooks


Playbooks is interpreted and run against one or more hosts, task by task. 
The order of the tasks defines the execution.
In each task the module does the actual work.
 
Output messages are coloured:

A task executed as expected, no change was made.
A task executed as expected, making a change.
A task failed to execute successfully. 

To run playbooks we can use ansible-playbook or Ansible Navigator

If we run playbook for the first time, we'll see in the output that host has been changed for each task:

 
PLAY [play_name] 

TASK [task0]
ok: [node1]
 
TASK [task1]
changed: [node1]
 
TASK [task1]
changed: [node1]
 
TASK [task1]
changed: [node1]
 
PLAY RECAP
node1: ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

 
Anisble follows the concept of idempotence: it knows what the state of the host should be (based on the playbook) and if it's already in that state, it will do nothing. So, next time we run the same playbook, nothing would be changed (provided that no manual changes were made on the host):

PLAY [play_name] 

TASK [task0]
ok: [node1]
 
TASK [task1]
ok: [node1]
 
TASK [task1]
ok: [node1]
 
TASK [task1]
ok: [node1]
 
PLAY RECAP
node1: ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0


This shows that Ansible is not just configuration management but also policy enforcement tool. We can schedule e.g. daily hosts & inventory audit by scheduling daily execution of this playbook via automation controller and each time it is run, Ansible will check if the state of the hosts is compliant with policies set in playbooks. If someone manually makes changes on hosts, that would be detected and related tasks would be executed reverting those changes to the desired state defined in the playbook.
 
 

Plays

  • they describe what is being automated
  • top level specification for a group of tasks
  • full list of its attributes
  • we must specify: 
    • hosts where play will be executed on (simultaneously, in parallel)
    • control behaviour (fact gathering, privilege level). E.g. privilege escalation is defined by become. yes means that Ansible will become sudo-er by default.
  • single playbook that executes on different hosts can contain multiple plays
Example:

- name: Install and start Apache
  hosts: web
  become: yes

Modules

  • "tools in the toolkit"
  • parametrized components with internal logic, representing a single step to be done
  • they "do" things in Ansible
  • each task is 1 to 1 with a module
  • can use any language but usually Python or Powershell (for Windows)
  • there are Ansible built-in modules (part of ansible-core and included in all Ansible installations), community modules, modules of 3rd party providers (AWS, Cisco, Google, ...) etc...: full list of modules
  • here are some built-in modules:

Example: template task is using template (ansible.builtin.template) module

    - name: latest index.html file is present
      template:
        src: files/index.html
        dest: /var/www/html/

 

Plugins

  • the "extra" bits that allow us to change behaviour or do extra things outside Ansible
  • technically, each module is a plugin
  • pieces of code that augment Ansible's core functionality
  • Ansible uses a plugin architecture to enable a rich, flexible and expandable feature set

Example #1: become plugin - for privilege escalation that can be done on a play or module level

 become: yes

Example #2: filter plugins - allow us to change the variable output of a particular task into a JSON, YAML or CSV

{{ some_variable | to_nice_json }}
{{ some_variable | to_nice_yaml }}

 

Ansible Inventory

  • systems/hosts or groups of hosts that a playbook runs against
  • Ansible works against multiple systems in an inventory
  • List of systems in your infrastructure that automation is executed against
  • Groups can be defined so certain playbooks are executed only on those hosts within the group and not on other hosts, within other groups.
  • Inventory is usually file based; could be a DB, GitHub
  • Can have multiple groups
  • Can have variables for each group or even host
    • Good practice is that these variables are used only to connect to devices e.g. (encrypted) username, password, type of connection (SSH, API, ..)
       
  • From Safespring | Säkra, lokala molntjänster
When working with static hosts in a data center, inventories are often also static textfiles maintained manually or semi-manually. However, inventories can also be dynamic, i.e. provided by scripts. 
When working with OpenStack, it is possible to use inventory scripts that queries the OpenStack API directly and produces a complete inventory of all instances with metadata, all the group memberships and so on, but oftentimes these scripts take a long time to run, and they generally need to run every time you run a playbook, thus making playbook runs orders of magnitude more time-consuming than static inventories. Also, they can put a heavy load on the OpenStack APIs if the inventory is frequently queried.

 
Example:
 
[web]
webserver1.example.com
webserver2.example.com
 
[db] 
dbserver1.example.com

[switches]
leaf01.internal.com
leaf02.internal.com
 
 
Use [group_name] format to define a group of hosts. e.g. web, db and switches are groups of hosts.

Example #2: static inventory includes systems with IP addresses as well as FQDN (Fully Qualified Domain Name).

[myservers]
10.42.0.3
10.42.0.24
10.42.0.101
host.example.com
 
Example #3 shows:
  • pinning a host to a particular IP address by using ansible_host keyword. Without this, DNS is used by default.
  • group variables by using [group_name:vars] construct
    • all is an implicitly included group, default group that every host is in it

[app1srv]
appserver01 ansible_host=10.42.0.3
appserver02 ansible_host=10.42.0.24
 
[web] 
webserver01

[web:vars]
apache_listen_port=8080
apache_root_path=/var/www/mywebdocs/

[all:vars]
ansible_user=ansible
ansible_ssh_private_key_file=/home/ansible/.ssh/id_rsa

Example #4 shows groups of groups, defined via [group_name:children] construct. They can also contain standalone hosts:

[nashville]
bnaapp01
bnaapp02
 
[atlanta]
atlapp03
atlapp04
 
[south:children] 
atlanta
nashville
hsvapp05

 

Ansible Roles

  • reusable automation actions
  • reusable playbooks
  • groups of tasks that usually get executed together
  • a reusable structure that groups our automation tasks and variables 
  • they are written once and can be shared
  • can be stored in collection

Example:

- name: Install and start Apache
  hosts: web
  become: yes
  roles:
     - common
     - webservers 
 

Ansible Collections

  • the way to share a content for Ansible
  • simplified and consistent content delivery
  • data structure containing automation content:
    • modules
    • playbooks
    • roles
    • plugins
    • docs
    • tests
  • a file structure (tarball) for sharing content that community agreed
  • collection examples: Cisco IOS, Rist IOS, NetApp collection
  • there are public collections available for 100+ platforms e.g. AWS, CheckPoint, Google, Cisco, IBM, Microsoft, ...
  • can be created within organization e.g. network toolkit
  • standard unit of automation
  • allow we work asynchronously from the Ansible releases
  • collections can have dependencies on other collections


Ansible project structure:

nginx_core
    MANIFEST.json
    playbooks
        deploy-nginx.yml
        ...
    plugins
    README.md
    roles
        nginx
            defaults
            files
                ...
            tasks
            templates
                ...
        nginx_app_protect
        nginx_config
     

deploy-nginx.yml (collection):
 
---
-   name: Install NGINX Plus
    hosts: all
    tasks:
        - name: Install NGINX 
          include_role:
                name: nginxinc.nginx
          vars:
                nginx_type: plus
        - name: Install NGINX App Protect
          include_role:
                name: nginxinc.nginx_app_protect
         vars:
                nginx_app_protect_setup_license: false
                nginx_app_protect_remove_license: false
                nginx_app_protect_install_signatures: false 

 


Automation Execution Environments

 

Collections might have different dependencies e.g. Python version, APIs, SDKs, OS system libraries, particular Ansible version. Automation Execution Environments (AEE) keep runtime environment, collections and dependencies aligned by packaging all components together in a cloud-native way.

AEE = Universal Base Image (Collections + Libraries + Ansible Core) 

There are minimal AEEs available, that we can use to build our own AEEs on top of.

Execution Environment builder is used to build images.

Automation Content Navigator is used for running AEEs.  


Ansible Automation Execution


2 types:
  • local
    • for automating Network Devices / API endpoints (e.g. AWS)
    • module code is executed locally on the control node
    • this is run as parallel processes on the control node
    • Ansible Automation Platform can be installed as a cluster and scale this further
       
  • remote
    • for executions on Linux/Windows hosts
    • code is executed on the end system
    • module code is copied to the managed node, executed, then removed
    • during execution, these remote agents are sending back to control node JSON blobs with information on what action it performed, success of actions etc...
       

Configuration File


  • ansible.cfg file
  • basic configuration for Ansible
  • can be in multiple locations, with different precedence

 

Ansible Variables

 

Example:


---
- name: variables demo playbook
  hosts: localhost
  vars:
     var_one: Hello
     var_two: world
     # example of variable unpacking (double curly braces):
     var_three: "{{var_one}}, {{var_one}}!"
  tasks:
  - name: print out var_three
   # debug module is handy for printing variable values (or any other messages)
   debug:
     msg: "{{ var_three}}" # "Hello, world!"


Ansible Facts

 

They are variables with standard (pre-defined) names whose values are coming from hosts themselves (local host or remote, managed nodes), e.g. host name, or host IPv4 address:

---
- name: Output localhost facts
  hosts: localhost
  tasks:
  - name: Prints localhost facts
    debug:
      msg: The default IPv4 address of {{ ansible_fqdn }} is {{ ansible_default_ipv4.address }}

To see run this playbook:
 
$ ansible-playbook facts_demo.yaml
...
TASK [Prints Ansible facts] ***********************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "The default IPv4 address of bojans_computer is 11.186.34.126"
}
...

Built-in module ansible.builtin.setup module – Gathers facts about remote hosts — Ansible Documentation collects all facts from a local Linux system:

This module is automatically called by playbooks to gather useful variables about remote hosts that can be used in playbooks. It can also be executed directly by /usr/bin/ansible to check what variables are available to a host. Ansible provides many facts about the system, automatically.

"automatically called by playbooks" means that each playbook implicitly has this line added in yaml:

gather_facts: true

For custom platforms there are different modules, e.g. for Cisco devices, there is cisco.ios.ios_facts module – Module to collect facts from remote devices. — Ansible Documentation.
 

To see values of all facts from a local host we need to specify setup module and set host pattern to localhost:

$ ansible -m setup localhost

To see values of all facts from all hosts:

$ ansible -m setup all

Facts can be used for host audits e.g. to check hardware attributes for vulnerabilities, uptime etc...They can also be used for creating dynamic reports e.g. like web page which shows attributes of all hosts in a system (see example network-automation/ansible_inventory_report: This repo contains an Ansible networking inventory report playbook (inventory.yml). This playbook exports hostname, platform, mgmt0 IP address and code version to a HTML file. The jinja2 template used for the website can also highlight the version of code if it doesn't match a desired version.). 

---

References

Introduction to Ansible Navigator

 


 
Ansible Navigator (ansible-navigator), available since Ansible v2, is:
  • A text-based user interface (TUI) for the Red Hat Ansible Automation Platform.
  • command based tool for creating, reviewing, and troubleshooting Ansible content, including inventories, playbooks, and collections.
To install it on a control node running the Ubuntu:

$ sudo apt install python3-pip
$ python3 -m pip install ansible-navigator --user

To check its install location:
 
$ which ansible-navigator
/home/bojan/.local/bin/ansible-navigator


To make it available in the current shell (terminal):
 
$ echo 'export PATH=$HOME/.local/bin:$PATH' >> ~/.profile
$ source ~/.profile
 
Let's check out its CLI commands:
 
$ ansible-navigator --help
Usage: ansible-navigator [options]

Options (global):
 -h     --help                                   Show this help message and exit
 --version                                       Show the application version and exit
 --rad  --ansible-runner-artifact-dir            The directory path to store artifacts generated by ansible-runner
 --rac  --ansible-runner-rotate-artifacts-count  Keep ansible-runner artifact directories, for last n runs, if set to 0 artifact directories won't be deleted
 --rt   --ansible-runner-timeout                 The timeout value after which ansible-runner will forcefully stop the execution
 --cdcp --collection-doc-cache-path              The path to collection doc cache (default: /home/bojan/.cache/ansible-navigator/collection_doc_cache.db)
 --ce   --container-engine                       Specify the container engine (auto=podman then docker) (auto|podman|docker) (default: auto)
 --co   --container-options                      Extra parameters passed to the container engine command
 --dc   --display-color                          Enable the use of color for mode interactive and stdout (true|false) (default: true)
 --ecmd --editor-command                         Specify the editor command (default: vi +{line_number} {filename})
 --econ --editor-console                         Specify if the editor is console based (true|false) (default: true)
 --ee   --execution-environment                  Enable or disable the use of an execution environment (true|false) (default: true)
 --eei  --execution-environment-image            Specify the name of the execution environment image (default: quay.io/ansible/creator-ee:v0.4.2)
 --eev  --execution-environment-volume-mounts    Specify volume to be bind mounted within an execution environment (--eev /home/user/test:/home/user/test:Z)
 --la   --log-append                             Specify if log messages should be appended to an existing log file, otherwise a new log file will be created per
                                                 session (true|false) (default: true)
 --lf   --log-file                               Specify the full path for the ansible-navigator log file (default: /home/bojan/dev/github/ansible-demo/ansible-
                                                 navigator.log)
 --ll   --log-level                              Specify the ansible-navigator log level (debug|info|warning|error|critical) (default: warning)
 -m     --mode                                   Specify the user-interface mode (stdout|interactive) (default: interactive)
 --osc4 --osc4                                   Enable or disable terminal color changing support with OSC 4 (true|false) (default: true)
 --penv --pass-environment-variable              Specify an existing environment variable to be passed through to and set within the execution environment (--penv
                                                 MY_VAR)
 --pa   --pull-arguments                         Specify any additional parameters that should be added to the pull command when pulling an execution environment
                                                 from a container registry. e.g. --pa='--tls-verify=false'
 --pp   --pull-policy                            Specify the image pull policy always:Always pull the image, missing:Pull if not locally available, never:Never
                                                 pull the image, tag:if the image tag is 'latest', always pull the image, otherwise pull if not locally available
                                                 (always|missing|never|tag) (default: tag)
 --senv --set-environment-variable               Specify an environment variable and a value to be set within the execution environment (--senv MY_VAR=42)
 --tz   --time-zone                              Specify the IANA time zone to use or 'local' to use the system time zone (default: utc)

Subcommands:
 {subcommand} --help
  builder                                        Build execution environment (container image)
  collections                                    Explore available collections
  config                                         Explore the current ansible configuration
  doc                                            Review documentation for a module or plugin
  exec                                           Run a command within an execution environment
  images                                         Explore execution environment images
  inventory                                      Explore an inventory
  lint                                           Lint a file or directory for common errors and issues
  replay                                         Explore a previous run using a playbook artifact
  run                                            Run a playbook
  settings                                       Review the current ansible-navigator settings
  welcome                                        Start at the welcome page
 
 
On the first run it pulls a Docker image which contains a demo material:

$ ansible-navigator
--------------------------------------------------------------------
Execution environment image and pull policy overview
--------------------------------------------------------------------
Execution environment image name:     quay.io/ansible/creator-ee:v0.4.2
Execution environment image tag:      v0.4.2
Execution environment pull arguments: None
Execution environment pull policy:    tag
Execution environment pull needed:    True
--------------------------------------------------------------------
Updating the execution environment
--------------------------------------------------------------------
Running the command: docker pull quay.io/ansible/creator-ee:v0.4.2
v0.4.2: Pulling from ansible/creator-ee
f0a2109a2528: Pulling fs layer
...
4ca545ee6d5d: Pull complete
4a7326c2ac2c: Pull complete
Digest: sha256:6b2160c2c4df4fe87a5efe4f33a16c6369228d1e99a0918db517652bd09b71e9
Status: Downloaded newer image for quay.io/ansible/creator-ee:v0.4.2
quay.io/ansible/creator-ee:v0.4.2

...and then shows TUI:


│Welcome
 1│—————————————————————————————————————————————————————————————————————————————
 2│
 3│Some things you can try from here:
 4│- :collections                                    Explore available collectio
 5│- :config                                         Explore the current ansible
 6│- :doc <plugin>                                   Review documentation for a
 7│- :help                                           Show the main help page
 8│- :images                                         Explore execution environme
 9│- :inventory -i <inventory>                       Explore an inventory
10│- :log                                            Review the application log
11│- :lint <file or directory>                       Lint Ansible/YAML files (ex
12│- :open                                           Open current page in the ed
13│- :replay                                         Explore a previous run usin
14│- :run <playbook> -i <inventory>                  Run a playbook in interacti
15│- :settings                                       Review the current ansible-
16│- :quit                                           Quit the application
17│
18│happy automating,
19│
20│-winston


^b/PgUp page up    ^f/PgDn page down    ↑↓ scroll    esc back    :help help

If we type :images we'll see a list of all Docker images on the current node. Those which are Ansible Execution Environments will be highlighted:


At the bottom we can see the menu:



So, if we type :17 we'll get a menu for the image #17:


Typing :2 will show the version of Ansible core and all collections:


 

Playbook Linting

 
Ansible Navigator's subcommand lint checks the playbook for any syntax errors.
 
$ ansible-navigator lint ./run_locally/hello_world.yaml 

...outputs the following:


 
 
---