- To install:
pipx install ansible --include-deps
- If no
--include-deps
, the actual ansible
command, part of ansible-core
(a dependency of the ansible
metapackage), is not included by pipx
- Some definitions
- A host is a remote machine managed by Ansible
- An inventory is a file that describes a list of managed nodes or hosts that are logically organized in groups
- A module is a unit of work that Ansible ships to a host
- Usually written in Python (although more languages are supported)
- They return a JSON and they are removed from the host after execution
- For example
ansible.builtin.setup
is called automatically by playbooks during the implicit "Gather Facts" task
ansible.builtin.package
calls the appropriate module (e.g. ansible.builtin.apt
) discovered by ansible.builtin.setup
- An action is a module and its arguments
- Is a task a single module with a name, or can be a list of modules ❓
- The glossary says "(A Task combines) an action with a name and optionally other keywords" and that Tasks is "A list of Task"
- The getting started page says a Task is "A list of one or more modules"
- I think there's a bit of terminology abuse here, but let's refer to "tasks" as a list of named modules
- A play is a mapping between a set of hosts and the tasks to run on them
- A playbook is a list of plays
- A role is a redistributable unit of related Ansible artifacts that can be reused in playbooks and represent a single behavior
- The predefined directory structure supports tasks, handlers, templates, files, variables, defaults, dependencies, and custom stuff (modules, module_utils, other types of plugins)
- Ideally, actions are idempotent, so running them twice is OK
- Have a local
hosts
file acting as the inventory
- Declare dependencies like with a
requirements.yml
$ cat requirements.yml
roles:
- name: geerlingguy.docker
- Roles might not work if the user does not have proper permissions (for example if they install new packages)
- By default,
--become
does not really "become" another user: it is a boolean switch to use sudo
- To ask for the password, pass
-K
- Example playbook to install Docker on some hosts using the aforementioned role:
$ cat playbooks/main.yml
- hosts: webservers
roles:
- geerlingguy.docker
- To run it:
ansible-playbook -i hosts -bK playbooks/main.yml
- A richer example based on the docs:
- With
become: true
in the play you don't need -b
(-K
however is still needed to request the password)
- But why do I need the YAML front matter
---
❓
- And what if I want to have both
roles
and tasks
in a single play ❓
---
- name: Docker installed
hosts: webservers
become: true
roles:
- geerlingguy.docker