Boston VMUG UserCon - Run your first Ansible Playbook tomorrow

Boston VMUG UserCon - Run your first Ansible Playbook tomorrow

Date post: 28-Jan-2018
Ansible From zero to running you 1 st playbook tomorrow!
From zero to running you 1st playbook tomorrow!

Jonathan Frappier

Senior Technical Consultant, Dell EMC


@jfrappier | @commitmas | @vbrownabag






Always assume:

• When I say how awesome something is what I really mean “In most cases” that thing is awesome

• Here is one way you could do it, there are many others

• I can’t draw 7 red lines all perpendicular with red, green, or transparent ink

Why Ansible?

Your career

Get your bosses to buy in! http://www.cio.com/article/3197670/application-development/why-ansible-has-


Use cases

Think of a thing you did by hand this week…

Use cases

Think of a thing you did by hand this week…

THAT is probably a good use case!

Use cases

• Created, delete, manage and VMware VM

• Created, started, stopped an EC2 instance

• Archived log files

• Installed Apache

• Setup an ACL on a Cisco ASA firewall

• Verify server configuration is in a desired state or put it in the desired


Example - What can Ansible do for you?

Deploy VM’s:

e.g. vsphere_guest, ec2, azure, gce

Apply and enforce configurations

e.g. yum, apt-get, postgresql_db, win_iis_website

Backup files, databases

e.g. copy, mysql_db state=dump

Deploy software

e.g. git, subversion, hg

Control machine setup

Ubuntu – sudo apt-get install software-properties-common

sudo apt-add-repository ppa:ansible/ansible

sudo apt-get update

sudo apt-get install ansible

CentOS – sudo yum install epel

sudo yum install ansible

Source – git clone git://github.com/ansible/ansible.git –recursive

cd ./Ansible

source ./hacking/env-setup

git pull --rebaseRequires Python 2.7


Connecting to hosts

Ansible connects to hosts using SSH or WinRM

SSH Key – Key based authentication

Password – append --ask-pass

and --ask-become-pass

Windows – PowerShell and WinRM

A few hosts pre-reqs


Python – at least 2.5, no issue with modern distributions

SSH – SSH/Port 22 must be open from the control machine to the host (agentless and all)

SSH Keys – Ensure user account used by Ansible has SSH keys added from control-machine to all hosts

User account – Account used by Ansible has correct permissions on hosts (e.g. sudo for installs)


PowerShell – 3.0 or higher

WinRM – Enabled/Port 5986 must be open from the control machine to the host

User account – Account used by Ansible has correct permissions on hosts

Located in /etc/ansible/hosts - can be as simple as you want/need it to be













Awesome as you wanna be…



10.3.1.[1:10] ansible_connectin=ssh ansible_port=2222 ansible_user=prodgod




Dynamic Inventory

Stuff about your managed hosts

• OS – build, family

• Hardware info – processor, memory

Refer to facts in playbooks

Gather facts anytime by running ansible hostname –m setup

How do I do stuff

Core – Ansible supported

Curated – Ansible and Red Hat partner supported

Community – Community contributed

Playbooks, plays, and tasks


- hosts: sysdig


- name: install sysdig

apt: name=sysdig state=present

Playbooks, plays, and tasks


- hosts: sysdig


package: sysdig


- name: install sysdig

become: true

become_user: appgod

apt: name={{ package }} state=present


- start-sysdig


- name: start-sysdig


name: sysdig

state: started

Running a playbook

[ansible@control-machine ~]# ansible-playbook sysdig.yml

Running a playbook

[ansible@control-machine ~]# ansible-playbook sysdig.yml

PLAY [all] ******************************************************************

TASK [Validating download directory] ****************************************

ok: [default]

TASK [Install Sysdig] *******************************************************

changed: [default]

PLAY RECAP ******************************************************************

default: ok=1 changed=1 unreachable=0 failed=0

Handy playbook options

--ask-pass – prompts for a password to connect to the specified host(s), used when not using SSH keys

--ask-become-pass – Use when sudo is required to run the playbook/command

--check – Checks the playbook to see if it will work, but doesn’t execute on the remote host (or –C)

--module-name – specific the module you want to run for ad-hoc commands (or –m)

--module-path – path to the module if required (or –M)

--tree – path to log output (or –t)

--verbose – more output from the playbook run (or –v)

--limit – limit the playbook run to a specific host/group (or –l)

- hosts: sysdig


package: sysdig

sysdig_key_url: https://s3.amazonaws.com/download.draios.com

sysdig_key: DRAIOS-GPG-KEY.public

sysdig_url: https://s3.amazonaws.com/download.draios.com/stable/install-sysdig

dl_dir: /downloads

sysdig_ins: install-sysdig

sysdig_repo: http://download.draios.com/stable/deb stable-$(ARCH)/

linux_headers: linux-headers-{{ ansible_kernel }}

remote_user: sshgod

become_method: sudo

become: yes


- name: Validating download directory

file: path={{ dl_dir }} state=directory

- name: Download Sysdig public key

get_url: url={{ sysdig_key_url }}/{{ sysdig_key }} dest={{ dl_dir }} validate_certs=no

- name: Installing Sysdig public key

apt_key: file={{ dl_dir }}/{{ sysdig_key }} state=present

- name: Adding Sysdig apt repository

apt_repository: repo='deb {{ sysdig_repo }}' state=present

- name: Update apt repositories

apt: update_cache=yes

- name: Install Linux Headers

apt: name={{ linux_headers }} state=present

- name: Install Sysdig

apt: name={{ package }} state=present

Example playbook for a role


- hosts: web

become: yes


- sensu

Example playbook for a role


- hosts: web

become: yes


- sensu

- web

- openssl

- nginx

Example main task


# tasks file for ansible-gocd

- include: debian-srv.yml

when: ansible_os_family == "Debian"

- include: redhat-srv.yml

when: ansible_os_family == "RedHat"

Running a role

[ansible@control-machine ~]# ansible-playbook sensu.yml

Page 30: Boston VMUG UserCon - Run your first Ansible Playbook tomorrow


• Stuff about vault

Shell Module

• Don’t just convert existing bash scripts with

the shell module

• Use native modules whenever possible

• There isn’t always a module, that’s when you

use shell

Got APIs?

uri (not University of Rhode Island)

# Create a JIRA issue

- uri:

url: https://your.jira.example.com/rest/api/2/issue/

method: POST

user: your_username

password: your_password

body: "{{ lookup('file','issue.json') }}”

force_basic_auth: yes

status_code: 201

body_format: json

# Check that a page returns a status 200 and fail

if the word AWESOME is not in the page


- action:

uri url=http://www.example.com


register: webpage

- action: fail

when: "'AWESOME' not in webpage.content"

Using vSphere 6.5 REST APIs with Ansible


- hosts: localhost

become: no


- name: vcenter login


url: https://cloudvc.student.lab/rest/com/vmware/cis/session

force_basic_auth: yes

method: POST

user: [email protected]

password: P@ssw0rd

status_code: 200

validate_certs: no

register: login

- name: disable ssh


url: https://cloudvc.student.lab/rest/appliance/access/ssh

force_basic_auth: yes

method: PUT

body_format: json

body: "{{ lookup('file','sshoff.json') }}"

validate_certs: no


Cookie: "{{login.set_cookie}}"

Using vSphere 6.5 REST APIs with Ansible Links

Getting Started with the vSphere Automation SDK for REST by Kyle Ruddy


Ansible uri module documentation


Shameless blog post and examples



Ansible can be useful using just two files (though you can do a lot more as well)

Inventory (hosts file) – List of all hosts for Ansible to


Playbook – List of commands processed in order (no

guessing) for the specified hosts

Easy to backup

All you need is love… no wait wrong presentation

All you need is GitHub (or a backup of your playbooks and hosts file)

https://www.udemy.com/learn-ansible/ by Mumshad Mannambeth


Patch Windows Example






https://www.ansiblefordevops.com/ by Jeff Geerling (@geerlingguy)


edition by Jesse Keating
