simonas/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial qwen3 run with opencode

Browse Source
This commit is contained in:
Simonas Kareiva
2026-03-23 21:36:35 +02:00
commit 585b219b52
22 changed files with 972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ad-hoc-commands.md Normal file
View File

@@ -0,0 +1,11 @@
## Ad-Hoc Commands
```bash
ansible all -m ping
ansible all -m command -a "uptime"
ansible webserver -m apt -a "name=vim state=present"
```
Ansible is ideal for orchestrating infrastructure as code across cloud, on-premise, and hybrid environments.
---

40
async.md Normal file
View File

@@ -0,0 +1,40 @@
## Async
Run tasks asynchronously to avoid blocking:
### Key Parameters
- `async`: Maximum number of seconds to wait for the task to complete
- `poll`: Number of seconds to wait between checks (0 means no polling)
### Example Playbook
```yaml
- name: Restart service asynchronously
service:
name: apache2
state: restarted
async: 10
poll: 0
# Check async task status:
# ansible-playbook site.yml --check
```
### Best Practices
1. Use async for long-running tasks (e.g., backups, migrations)
2. Combine with `ignore_errors: yes` for resilient task execution
3. Monitor task status using `async_status` module
4. Use `--check` flag to simulate async operations
### Troubleshooting
- Check task output with `--verbosity=2`
- Use `async_status` to track task progress:
```yaml
- name: Check async task status
async_status:
jid: "{{ async_jid }}"
register: task_result
```

60
best-practices.md Normal file
View File

@@ -0,0 +1,60 @@
## Best Practices
### 1. **Idempotency**
Use modules that ensure idempotency (e.g., `service`, `package`, `file`):
```yaml
- name: Ensure Apache is running
service:
name: apache2
state: started
enabled: yes
```
### 2. **Playbook Structure**
- Separate tasks into logical sections using `block`/`rescue`
- Use `handlers` for services/configuration management:
```yaml
- name: Restart Apache
service:
name: apache2
state: restarted
handlers:
- name: Restart Apache
service:
name: apache2
state: restarted
```
### 3. **Inventory Management**
- Use `ansible-inventory --list` to validate inventory structure
- Leverage dynamic inventory for cloud environments (e.g., AWS, OpenStack)
### 4. **Security**
- Store secrets in Ansible Vault:
```bash
ansible-vault encrypt_string --vault-id myvault@prompt 'secret_value'
```
- Use `become: yes` for privileged tasks and restrict SSH access
### 5. **Testing**
- Always use `--check` to simulate changes:
```bash
ansible-playbook site.yml --check
```
- Use `--diff` to review changes:
```bash
ansible-playbook site.yml --diff
```
### 6. **Troubleshooting**
- Use `--verbosity=2` for detailed output
- Debug variables with `debug` module:
```yaml
- name: Show variable value
debug:
msg: "{{ some_variable }}"
```
### 7. **Automation**
- Use `ansible-pull` for agentless orchestration
- Combine with CI/CD pipelines for automated deployments

14
check-mode.md Normal file
View File

@@ -0,0 +1,14 @@
## Check Mode
Run playbooks in simulation mode without making changes:
```yaml
- name: Restart service (check mode)
service:
name: apache2
state: restarted
check_mode: yes
# Run with check mode:
# ansible-playbook site.yml --check
```

18
conditionals.md Normal file
View File

@@ -0,0 +1,18 @@
## Conditionals
Run tasks based on conditions:
```yaml
tasks:
- name: Install on Debian
apt:
name: apache2
state: present
when: ansible_facts.os_family == "Debian"
- name: Install on RedHat
yum:
name: httpd
state: present
when: ansible_facts.os_family == "RedHat"
```

32
core-concepts.md Normal file
View File

@@ -0,0 +1,32 @@
## Core Concepts
### Inventory
File listing managed hosts (servers):
```ini
[webservers]
web1.example.com
web2.example.com
[databases]
db1.example.com
```
### Playbooks
YAML files describing desired state:
```yaml
- name: Install nginx
hosts: webservers
tasks:
- name: Install nginx
apt:
name: nginx
state: present
```
### Modules
Reusable units of work (apt, yum, copy, service, etc.)
### Roles
Organized collections of tasks, handlers, and files
---

14
delegation.md Normal file
View File

@@ -0,0 +1,14 @@
## Delegation
Run tasks on a different host:
```yaml
- name: Restart service on web server
service:
name: apache2
state: restarted
delegate_to: "localhost"
# Delegate to a specific host:
# delegate_to: "webservers"
```

65
dynamic-inventory.md Normal file
View File

@@ -0,0 +1,65 @@
## Dynamic Inventory
Use dynamic inventory to fetch host information at runtime:
### Example Usage
```yaml
- name: Fetch hosts from external source
ansible.builtin.get_url:
url: "https://api.example.com/hosts"
dest: "hosts.json"
register: inventory_data
- name: Display inventory hosts
debug:
var: inventory_data.content
# Example dynamic inventory script (hosts.py):
# import json
# print(json.dumps({"hosts": ["web1", "web2"], "groups": {"webservers": ["web1", "web2"]}}))
```
### Common Inventory Sources
1. **EC2 Inventory**:
- Uses AWS API to list instances
- Parameters: `aws_access_key_id`, `aws_secret_access_key`, `region`
- Example:
```bash
ansible-inventory --list --inventory=ec2.py
```
2. **OpenStack Inventory**:
- Connects to OpenStack neutron API
- Parameters: `auth_url`, `project_name`, `username`, `password`
- Example:
```bash
ansible-inventory --list --inventory=openstack.py
```
3. **Custom Scripts**:
- Write Python scripts to generate inventory
- Must output JSON in this format:
```json
{
"hosts": ["host1", "host2"],
"groups": {
"webservers": ["host1", "host2"]
}
}
```
### Best Practices
- Use `ansible-inventory --list` to verify inventory structure
- Test dynamic inventory with `--check` flag
- Store credentials securely using Ansible Vault
- Combine with `--limit` to target specific hosts/groups
### Troubleshooting
Use `--debug` flag to see inventory resolution process:
```bash
ansible-playbook site.yml --limit="webservers" --debug
```

25
error-handling.md Normal file
View File

@@ -0,0 +1,25 @@
## Error Handling
Use try-except blocks to handle errors gracefully:
```yaml
- name: Handle errors with rescue block
shell: "invalid-command"
register: result
ignore_errors: yes
- name: Display error message
debug:
msg: "Error occurred: {{ result.msg }}"
when: result.failed
# Use rescue block for specific error handling:
# - name: Task that may fail
# shell: "some-command"
# register: result
#
# - name: Handle failure
# debug:
# msg: "Failed task: {{ result.msg }}"
# when: result.failed
```

15
galaxy.md Normal file
View File

@@ -0,0 +1,15 @@
## Galaxy
Use Ansible Galaxy to manage roles and content:
```yaml
- name: Install role from Galaxy
ansible.builtin.import_role:
name: "nginx"
src: "https://galaxy.ansible.com/nginx/nginx"
# List available roles:
# ansible-galaxy role list
# Search for roles:
# ansible-galaxy role search nginx
```

22
handlers.md Normal file
View File

@@ -0,0 +1,22 @@
## Handlers
Handlers are tasks that only run when notified by other tasks (typically after a change):
```yaml
- name: Install nginx
hosts: webservers
tasks:
- name: Install nginx
apt:
name: nginx
state: present
notify: Restart nginx
handlers:
- name: Restart nginx
service:
name: nginx
state: restarted
```
---

437
intro.md Normal file
View File

@@ -0,0 +1,437 @@
# Introduction to Ansible
Ansible is an open-source **IT automation tool** that automates:
- **Configuration management** - setting up servers
- **Application deployment** - deploying software
- **Task automation** - repetitive operations
## Key Features
- **Agentless** - no software needed on remote servers
- **YAML-based** - human-readable playbooks
- **Idempotent** - safe to run multiple times
- **SSH-based** - uses existing SSH infrastructure
## Core Concepts
### Inventory
File listing managed hosts (servers):
```ini
[webservers]
web1.example.com
web2.example.com
[databases]
db1.example.com
```
### Playbooks
YAML files describing desired state:
```yaml
- name: Install nginx
hosts: webservers
tasks:
- name: Install nginx
apt:
name: nginx
state: present
```
### Modules
Reusable units of work (apt, yum, copy, service, etc.)
### Roles
Organized collections of tasks, handlers, and files
## Quick Start
### Ansible Navigator
[Ansible Navigator](https://ansible-navigator.readthedocs.io/en/stable/) is a CLI tool for exploring and interacting with Ansible content. It provides:
- Playbook visualization
- Task execution tracking
- Inventory exploration
- Interactive shell for testing playbooks
- Integration with Ansible Core features
Use `ansible-navigator` to:
1. Explore playbooks and roles
2. Run ad-hoc commands
3. Debug playbook execution
4. Manage inventory files
5. Test YAML syntax
```bash
ansible-navigator run playbook.yml
ansible-navigator explore
ansible-navigator shell
```
1. Install: `pip install ansible`
2. Create inventory file
3. Write playbook
4. Run: `ansible-playbook playbook.yml`
## Ad-Hoc Commands
```bash
ansible all -m ping
ansible all -m command -a "uptime"
ansible webserver -m apt -a "name=vim state=present"
```
Ansible is ideal for orchestrating infrastructure as code across cloud, on-premise, and hybrid environments.
---
## Handlers
Handlers are tasks that only run when notified by other tasks (typically after a change):
```yaml
- name: Install nginx
hosts: webservers
tasks:
- name: Install nginx
apt:
name: nginx
state: present
notify: Restart nginx
handlers:
- name: Restart nginx
service:
name: nginx
state: restarted
```
## Variables
Define and use variables for flexibility:
```yaml
- name: Deploy application
hosts: all
vars:
app_version: "2.1.0"
app_port: 8080
tasks:
- name: Deploy app
get_url:
url: "https://example.com/app-{{ app_version }}.tar.gz"
dest: "/opt/app"
```
### Facts
Ansible gathers system facts automatically:
```yaml
- name: Display system info
hosts: all
tasks:
- name: Show hostname
debug:
msg: "Host {{ ansible_facts.hostname }} has {{ ansible_facts.memtotal_mb }}MB RAM"
```
## Conditionals
Run tasks based on conditions:
```yaml
tasks:
- name: Install on Debian
apt:
name: apache2
state: present
when: ansible_facts.os_family == "Debian"
- name: Install on RedHat
yum:
name: httpd
state: present
when: ansible_facts.os_family == "RedHat"
```
## Loops
Repeat tasks with different values:
```yaml
tasks:
- name: Create users
user:
name: "{{ item }}"
state: present
loop:
- alice
- bob
- charlie
- name: Create multiple directories
file:
path: "{{ item.path }}"
state: directory
mode: "{{ item.mode }}"
loop:
- { path: "/opt/app", mode: "0755" }
- { path: "/var/log/app", mode: "0700" }
```
## Templates (Jinja2)
Generate configuration files dynamically:
```jinja2
# templates/nginx.conf.j2
server {
listen {{ nginx_port }};
server_name {{ domain_name }};
root {{ document_root }};
location / {
{% if enable_caching %}
expires {{ cache_duration }};
{% endif %}
}
}
```
```yaml
- name: Deploy nginx config
template:
src: nginx.conf.j2
dest: /etc/nginx/sites-available/default
```
## Ansible Vault
Encrypt sensitive data (passwords, keys, etc.):
```bash
# Create encrypted file
ansible-vault create secrets.yml
# Edit encrypted file
ansible-vault edit secrets.yml
# Encrypt existing file
ansible-vault encrypt_string "my_password" --name "db_password"
# Run playbook with vault
ansible-playbook site.yml --ask-vault-pass
ansible-playbook site.yml --vault-password-file ~/.vault_pass
```
## Roles
Organize playbooks into reusable structures:
```
roles/
common/
tasks/
main.yml
handlers/
main.yml
templates/
files/
vars/
main.yml
defaults/
main.yml
```
```yaml
# site.yml
- name: Deploy infrastructure
hosts: webservers
roles:
- common
- nginx
- webapp
```
## Tags
Control which tasks run:
```yaml
tasks:
- name: Install dependencies
apt:
name: "{{ item }}"
loop:
- python3
- git
tags: [install, setup]
- name: Configure app
template:
src: app.conf.j2
dest: /etc/app.conf
tags: [configure]
- name: Start service
service:
name: app
state: started
tags: [deploy]
```
```bash
ansible-playbook site.yml --tags "install,configure"
ansible-playbook site.yml --skip-tags "deploy"
```
## Delegation
Run tasks on specific hosts:
```yaml
- name: Load balancer config
hosts: webservers
tasks:
- name: Update load balancer
haproxy:
state: enabled
delegate_to: lb01.example.com
- name: Get facts from database server
setup:
delegate_to: db01.example.com
```
## Async and Parallel Tasks
Run long-running tasks without blocking:
```yaml
tasks:
- name: Long backup task
command: /usr/local/bin/backup.sh
async: 3600
poll: 0
register: backup_job
- name: Check backup status
async_status:
jid: "{{ backup_job.ansible_job_id }}"
register: backup_result
until: backup_result.finished
retries: 30
```
## Check Mode (Dry Run)
Preview changes without applying them:
```bash
ansible-playbook site.yml --check
ansible-playbook site.yml -C # shorthand
```
## Task Error Handling
Control task failure behavior:
```yaml
tasks:
- name: Ignore errors
command: /opt/risky-script.sh
ignore_errors: yes
- name: Custom failure
command: /opt/check-service.sh
register: result
failed_when: result.rc != 0 and "ERROR" in result.stdout
- name: Block with rescue
block:
- name: Deploy application
include_tasks: deploy.yml
rescue:
- name: Rollback
include_tasks: rollback.yml
always:
- name: Cleanup
file:
path: /tmp/deploy-temp
state: absent
```
## Ansible Galaxy
Download and use community roles:
```bash
# Search for roles
ansible-galaxy search nginx
# Install a role
ansible-galaxy install nginx.docker
# Create role skeleton
ansible-galaxy init myrole
# Install from requirements file
ansible-galaxy install -r requirements.yml
```
## Dynamic Inventory
Use dynamic sources for cloud environments:
```bash
# AWS EC2
ansible-playbook -i ec2.py site.yml
# Kubernetes
ansible-playbook -i k8s.yml site.yml
```
```ini
# inventory.ini with groups and variables
[webservers]
web1.example.com ansible_host=192.168.1.10
web2.example.com ansible_host=192.168.1.11
[webservers:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=~/.ssh/id_rsa
[databases]
db1.example.com
```
## Useful Modules Reference
| Module | Purpose |
|--------|---------|
| `apt` / `yum` / `dnf` | Package management |
| `copy` | Copy files to remote |
| `template` | Generate files with Jinja2 |
| `file` | Create files/directories/symlinks |
| `service` | Manage services |
| `user` | User account management |
| `cron` | Schedule tasks |
| `uri` | Interact with HTTP APIs |
| `get_url` | Download files |
| `git` / `subversion` | Version control |
| `docker_container` | Container management |
| `k8s` | Kubernetes operations |
| `aws_ec2` | AWS resource management |
| `shell` / `command` | Execute commands |
| `debug` | Print variables |
| `assert` | Validate conditions |
## Best Practices
1. **Use roles** - Organize tasks into reusable roles
2. **Minimize `shell/command`** - Prefer modules for idempotency
3. **Use `check_mode`** - Test changes before applying
4. **Encrypt secrets** - Always use Ansible Vault for sensitive data
5. **Use tags** - Enable selective execution
6. **Define handlers** - Trigger actions only on changes
7. **Validate syntax** - Run `ansible-playbook --syntax-check` before execution

8
introduction.md Normal file
View File

@@ -0,0 +1,8 @@
# Introduction to Ansible
Ansible is an open-source **IT automation tool** that automates:
- **Configuration management** - setting up servers
- **Application deployment** - deploying software
- **Task automation** - repetitive operations
---

8
key-features.md Normal file
View File

@@ -0,0 +1,8 @@
## Key Features
- **Agentless** - no software needed on remote servers
- **YAML-based** - human-readable playbooks
- **Idempotent** - safe to run multiple times
- **SSH-based** - uses existing SSH infrastructure
---

21
loops.md Normal file
View File

@@ -0,0 +1,21 @@
## Loops
Iterate over lists or dictionaries:
```yaml
tasks:
- name: Print items
debug:
msg: "Item: {{ item }}"
loop:
- item1
- item2
- item3
- name: Iterate over dictionary
debug:
msg: "Key: {{ item.key }}, Value: {{ item.value }}"
loop:
- key: value1
- key: value2
```

63
modules-reference.md Normal file
View File

@@ -0,0 +1,63 @@
## Modules Reference
Commonly used Ansible modules:
### Core Modules
1. **setup** (Automatically collects system information):
```yaml
- name: Gather system facts
ansible.builtin.setup:
```
2. **debug** (For troubleshooting):
```yaml
- name: Show variable value
ansible.builtin.debug:
msg: "{{ some_variable }}"
```
3. **copy** (For file transfer):
```yaml
- name: Copy file to remote host
ansible.builtin.copy:
src: "local_file.txt"
dest: "/remote/path/"
```
4. **service** (For service management):
```yaml
- name: Restart web service
ansible.builtin.service:
name: apache2
state: restarted
```
### Network Modules
5. **ping** (Test connectivity):
```yaml
- name: Test connection to host
ansible.builtin.ping:
```
6. **sshcopy** (Copy files via SSH):
```yaml
- name: Copy file using SSH
ansible.builtin.sshcopy:
src: "local_file.txt"
dest: "user@host:/remote/path/"
```
### Best Practices
- Use `ansible-doc` to view module details
- Combine with `when` conditions for targeted execution
- Use `--check` flag to simulate module operations
- Store sensitive data using Ansible Vault
### Troubleshooting
- Use `--verbosity=2` for detailed output
- Check module documentation for parameter requirements
- Use `ansible-playbook --list-tasks` to verify task execution order

30
quick-start.md Normal file
View File

@@ -0,0 +1,30 @@
## Quick Start
### Ansible Navigator
[Ansible Navigator](https://ansible-navigator.readthedocs.io/en/stable/) is a CLI tool for exploring and interacting with Ansible content. It provides:
- Playbook visualization
- Task execution tracking
- Inventory exploration
- Interactive shell for testing playbooks
- Integration with Ansible Core features
Use `ansible-navigator` to:
1. Explore playbooks and roles
2. Run ad-hoc commands
3. Debug playbook execution
4. Manage inventory files
5. Test YAML syntax
```bash
ansible-navigator run playbook.yml
ansible-navigator explore
ansible-navigator shell
```
1. Install: `pip install ansible`
2. Create inventory file
3. Write playbook
4. Run: `ansible-playbook playbook.yml`
---

24
roles.md Normal file
View File

@@ -0,0 +1,24 @@
## Roles
Organize tasks into reusable roles:
```yaml
- name: Deploy web app
hosts: webservers
roles:
- common
- python
- nginx
# Example role structure:
# roles/
# common/
# tasks/main.yml
# vars/main.yml
# python/
# tasks/main.yml
# vars/main.yml
# nginx/
# tasks/main.yml
# vars/main.yml
```

17
tags.md Normal file
View File

@@ -0,0 +1,17 @@
## Tags
Filter tasks using tags:
```yaml
tasks:
- name: Restart service
service:
name: apache2
state: restarted
tags:
- service
- restart
# Run with specific tags:
# ansible-playbook site.yml --tags "service"
```

17
templates.md Normal file
View File

@@ -0,0 +1,17 @@
## Templates
Use Jinja2 templates for dynamic content:
```yaml
- name: Render template
template:
src: "templates/nginx.conf.j2"
dest: "/etc/nginx/nginx.conf"
# Example template file (nginx.conf.j2)
# {{ ansible_distribution }}
server {
listen {{ ansible_default_ipv4.address }};
server_name example.com;
}
```

16
variables.md Normal file
View File

@@ -0,0 +1,16 @@
## Variables
Define and use variables for flexibility:
```yaml
- name: Deploy application
hosts: all
vars:
app_version: "2.1.0"
app_port: 8080
tasks:
- name: Deploy app
get_url:
url: "https://example.com/app-{{ app_version }}.tar.gz"
dest: "/opt/app"
```

15
vault.md Normal file
View File

@@ -0,0 +1,15 @@
## Vault
Encrypt sensitive data with Ansible Vault:
```yaml
- name: Encrypt variables
ansible.builtin.vault加密:
src: "secretes.yml"
dest: "secretes.yml.enc"
vault_password: "your_password"
# Example secrets.yml
# username: admin
# password: "s3curePass"
```