book

Ansible: Up and Running, 3rd Edition

by Bas Meijer, Lorin Hochstein, René Moser

July 2022

Intermediate to advanced

470 pages

10h 22m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Conventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgmentsFrom LorinFrom RenéFrom Bas
A Note About VersionsAnsible: What Is It Good For?How Ansible WorksWhat’s So Great About Ansible?SimplePowerfulSecureIs Ansible Too Simple?What Do I Need to Know?What Isn’t CoveredMoving Forward
Installing AnsibleLoose DependenciesRunning Ansible in ContainersAnsible DevelopmentSetting Up a Server for TestingUsing Vagrant to Set Up a Test ServerTelling Ansible About Your ServersSimplifying with the ansible.cfg FileKill Your DarlingsConvenient Vagrant Configuration OptionsPort Forwarding and Private IP AddressesEnabling Agent ForwardingThe Docker ProvisionerThe Ansible Local ProvisionerWhen the Provisioner RunsVagrant Plug-insHostmanagerVBGuestVirtualBox CustomizationVagrantfile Is RubyProduction SetupConclusion
PreliminariesA Very Simple PlaybookSpecifying an NGINX Config FileCreating a Web PageCreating a GroupRunning the PlaybookPlaybooks Are YAMLStart of DocumentEnd of FileCommentsIndentation and WhitespaceStringsBooleansListsDictionariesMultiline StringsPure YAML Instead of String ArgumentsAnatomy of a PlaybookPlaysTasksModulesViewing Ansible Module DocumentationPutting It All TogetherDid Anything Change? Tracking Host StateGetting Fancier: TLS SupportGenerating a TLS CertificateVariablesQuoting in Ansible StringsGenerating the NGINX Configuration TemplateLoopHandlersA Few Things to Keep in Mind About HandlersTestingValidationThe PlaybookRunning the PlaybookConclusion
Inventory/Hosts FilesPreliminaries: Multiple Vagrant MachinesBehavioral Inventory ParametersChanging Behavioral Parameter DefaultsGroups and Groups and GroupsExample: Deploying a Django AppAliases and PortsGroups of GroupsNumbered Hosts (Pets Versus Cattle)Hosts and Group Variables: Inside the InventoryHost and Group Variables: In Their Own FilesDynamic InventoryInventory Plug-insAmazon EC2Azure Resource ManagerThe Interface for a Dynamic Inventory ScriptWriting a Dynamic Inventory ScriptBreaking the Inventory into Multiple FilesAdding Entries at Runtime with add_host and group_byadd_hostgroup_byConclusion
Defining Variables in PlaybooksDefining Variables in Separate FilesDirectory LayoutViewing the Values of VariablesVariable InterpolationRegistering VariablesFactsViewing All Facts Associated with a ServerViewing a Subset of FactsAny Module Can Return Facts or InfoLocal FactsUsing set_fact to Define a New VariableBuilt-In Variableshostvarsinventory_hostnamegroupsExtra Variables on the Command LinePrecedenceConclusion
Why Is Deploying to Production Complicated?Postgres: The DatabaseGunicorn: The Application ServerNGINX: The Web ServerSupervisor: The Process ManagerConclusion
Listing Tasks in a PlaybookOrganization of Deployed FilesVariables and Secret VariablesInstalling Multiple PackagesAdding the Become Clause to a TaskUpdating the apt CacheChecking Out the Project Using GitInstalling Mezzanine and Other Packages into a Virtual EnvironmentComplex Arguments in Tasks: A Brief DigressionConfiguring the DatabaseGenerating the local_settings.py File from a TemplateRunning django-manage CommandsRunning Custom Python Scripts in the Context of the ApplicationSetting Service Configuration FilesEnabling the NGINX ConfigurationInstalling TLS CertificatesInstalling Twitter Cron JobThe Full PlaybookRunning the Playbook Against a Vagrant MachineTroubleshootingCannot Check Out Git RepositoryCannot Reach 192.168.33.10.nip.ioBad Request (400)Conclusion
Humane Error MessagesDebugging SSH IssuesCommon SSH ChallengesPasswordAuthentication noSSH as a Different UserHost Key Verification FailedPrivate NetworksThe debug ModulePlaybook DebuggerThe assert ModuleChecking Your Playbook Before ExecutionSyntax CheckList HostsList TasksCheck ModeDiff (Show File Changes)TagsLimitsConclusion
Basic Structure of a RoleExample: Deploying Mezzanine with RolesUsing Roles in Your PlaybooksPre-Tasks and Post-TasksA database Role for Deploying the DatabaseA mezzanine Role for Deploying MezzanineCreating Role Files and Directories with ansible-galaxyDependent RolesAnsible GalaxyWeb InterfaceCommand-Line InterfaceRole Requirements in PracticeContributing Your Own RoleConclusion

Dealing with Badly Behaved CommandsFiltersThe default FilterFilters for Registered VariablesFilters That Apply to FilepathsWriting Your Own FilterLookupsfilepipeenvpasswordtemplatecsvfiledigredisWriting Your Own Lookup Plug-inMore Complicated LoopsWith Lookup Plug-inwith_lineswith_fileglobwith_dictLooping Constructs as Lookup Plug-insLoop ControlsSetting the Variable NameLabeling the OutputImports and IncludesDynamic IncludesRole IncludesRole Flow ControlBlocksError Handling with BlocksEncrypting Sensitive Data with ansible-vaultMultiple Vaults with Different PasswordsConclusion
Patterns for Specifying HostsLimiting Which Hosts RunRunning a Task on the Control MachineManually Gathering FactsRetrieving an IP Address from the HostRunning on One Host at a TimeRunning on a Batch of Hosts at a TimeRunning Only OnceLimiting Which Tasks Runstepstart-at-taskRunning TagsSkipping TagsRunning StrategiesLinearFreeAdvanced HandlersHandlers in Pre- and Post-TasksFlush HandlersMeta CommandsHandlers Notifying HandlersHandlers ListenThe SSL Case for the listen FeatureConclusion
Connection to WindowsPowerShellWindows ModulesOur Java Development MachineAdding a Local UserWindows FeaturesInstalling Software with ChocolateyConfiguration of JavaUpdating WindowsConclusion
KubernetesDocker Application Life CycleRegistriesAnsible and DockerConnecting to the Docker DaemonExample Application: GhostRunning a Docker Container on Our Local MachineBuilding an Image from a DockerfilePushing Our Image to the Docker RegistryOrchestrating Multiple Containers on Our Local MachineQuerying Local ImagesDeploying the Dockerized ApplicationProvisioning MySQLDeploying the Ghost DatabaseFrontendFrontend: GhostFrontend: NGINXCleaning Out ContainersConclusion
Installation and SetupConfiguring Molecule DriversCreating an Ansible RoleScenariosDesired StateConfiguring Scenarios in MoleculeManaging Virtual MachinesManaging ContainersMolecule CommandsLintingYAMLlintansible-lintansible-laterVerifiersAnsibleGossTestInfraConclusion
Installing CollectionsListing CollectionsUsing Collections in a PlaybookDeveloping a CollectionConclusion
Creating Images with PackerVagrant VirtualBox VMCombining Packer and VagrantCloud ImagesGoogle Cloud PlatformAzureAmazon EC2The PlaybookDocker Image: GCC 11Conclusion
TerminologyInstanceAmazon Machine ImageTagsSpecifying CredentialsEnvironment VariablesConfiguration FilesPrerequisite: Boto3 Python LibraryDynamic InventoryInventory CachingOther Configuration OptionsDefining Dynamic Groups with TagsApplying Tags to Existing ResourcesNicer Group NamesVirtual Private CloudsConfiguring ansible.cfg for Use with ec2Launching New InstancesEC2 Key PairsCreating a New KeyUploading Your Public KeySecurity GroupsPermitted IP AddressesSecurity Group PortsGetting the Latest AMICreate a New Instance and Add It to a GroupWaiting for the Server to Come UpPutting It All TogetherSpecifying a Virtual Private CloudDynamic Inventory and VPCConclusion
Stdout Plug-insARAdebugdefaultdensejsonminimalnullonelineNotification and Aggregate Plug-insPython Requirementsforemanjabberjunitlog_playslogentrieslogstashmailprofile_rolesprofile_taskssayslacksplunktimerConclusion
Example: Checking That You Can Reach a Remote ServerUsing the Script Module Instead of Writing Your Owncan_reach as a ModuleShould You Develop a Module?Where to Put Your Custom ModulesHow Ansible Invokes ModulesGenerate a Standalone Python Script with the Arguments (Python Only)Copy the Module to the HostCreate an Arguments File on the Host (Non-Python Only)Invoke the ModuleExpected OutputsOutput Variables That Ansible ExpectsImplementing Modules in PythonParsing ArgumentsAccessing ParametersImporting the AnsibleModule Helper ClassArgument OptionsAnsibleModule Initializer ParametersReturning Success or FailureInvoking External CommandsCheck Mode (Dry Run)Documenting Your ModuleDebugging Your ModuleImplementing the Module in BashSpecifying an Alternative Location for BashConclusion
SSH Multiplexing and ControlPersistManually Enabling SSH MultiplexingSSH Multiplexing Options in AnsibleMore SSH TuningAlgorithm RecommendationsPipeliningEnabling PipeliningConfiguring Hosts for PipeliningMitogen for AnsibleFact CachingJSON File Fact-Caching BackendRedis Fact-Caching BackendMemcached Fact-Caching BackendParallelismConcurrent Tasks with AsyncConclusion
Network ManagementSupported VendorsAnsible Connection for Network AutomationPrivileged ModeNetwork InventoryNetwork Automation Use CasesSecurityComply with Compliance?Secured, but Not SecureShadow ITSunshine ITZero TrustConclusion
Continuous IntegrationElements in a CI SystemJenkins and AnsibleRunning CI for Ansible RolesStagingAnsible Plug-inAnsible Tower Plug-inConclusion
Subscription ModelsAnsible Automation Platform TrialWhat Ansible Automation Platform SolvesAccess ControlProjectsInventory ManagementRun Jobs by Job TemplatesRESTful APIAWX.AWXInstallationCreate an OrganizationCreate an InventoryRunning a Playbook with a Job TemplateUsing Containers to Run AnsibleCreating Execution EnvironmentsConclusion
Simplicity, Modularity, and ComposabilityOrganize ContentDecouple Inventories from ProjectsDecouple Roles and CollectionsPlaybooksCode StyleTag and Test All the ThingsDesired StateDeliver ContinuouslySecurityDeploymentPerformance IndicatorsBenchmark EvidenceFinal Words

Content preview from Ansible: Up and Running, 3rd Edition

Chapter 12. Managing Windows Hosts

Ansible is sometimes called “SSH configuration management on steroids.” Historically, Ansible has had a strong association with Unix and Linux, and we saw evidence of this in things like variable naming (ansible_ssh_host, ansible_ssh_connection, and sudo, for example). However, Ansible has had built-in support for various connection mechanisms since its early days.

Supporting unfamiliar operating systems—as Windows is to Linux—was a matter of not only figuring out how to connect to Windows but also making internal naming more operating-system generic (e.g., renaming variables ansible_ssh_host to ansible_host, and sudo to become).

Windows module contributions have lagged a bit compared to the Linux community’s contributions. If you are interested in using Ansible to manage Windows systems, follow the blog posts of Jordan Borean, the Windows specialist on the Ansible Core team. He created the VirtualBox image we’ll use in this chapter.

Connection to Windows

To add Windows support, Ansible did not depart from its path by adding an agent on Windows—and in our opinion, this was a great decision. Introducing a new agent that listens on the network would introduce a new attack surface. Instead, Ansible uses the integrated Windows Remote Management (WinRM) functionality, a SOAP-based protocol over HTTPS created by Microsoft.

WinRM is the first dependency, and you should install the WinRM Python library in a virtualenv on the control host (authentication ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781098109141Errata Page Supplemental Content

Ansible: Up and Running, 3rd Edition

by Bas Meijer, Lorin Hochstein, René Moser

Chapter 12. Managing Windows Hosts

Connection to Windows

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Kubernetes: Up and Running, 3rd Edition

Terraform: Up and Running, 3rd Edition

Dive Into Ansible - From Beginner to Expert in Ansible

Docker: Up & Running, 3rd Edition

Publisher Resources

Chapter 12. Managing Windows Hosts

Connection to Windows

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Kubernetes: Up and Running, 3rd Edition

Terraform: Up and Running, 3rd Edition

Dive Into Ansible - From Beginner to Expert in Ansible

Docker: Up & Running, 3rd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.