From b1d1bec70a4817cd074f3410c27a068f461ef073 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 21 Sep 2015 21:51:59 +0000 Subject: [PATCH] Fix up ansible config so things are idempotent --- roles/ansible-server/templates/ansible.cfg.j2 | 187 ++++++++++++------ roles/batcave/files/ansible.cfg | 158 --------------- roles/batcave/tasks/main.yml | 6 - 3 files changed, 127 insertions(+), 224 deletions(-) delete mode 100644 roles/batcave/files/ansible.cfg diff --git a/roles/ansible-server/templates/ansible.cfg.j2 b/roles/ansible-server/templates/ansible.cfg.j2 index 00d6bdd716..c821812485 100644 --- a/roles/ansible-server/templates/ansible.cfg.j2 +++ b/roles/ansible-server/templates/ansible.cfg.j2 @@ -1,91 +1,158 @@ -# config file for ansible -- http://ansible.github.com -# nearly all parameters can be overridden in ansible-playbook or with command line flags -# ansible will read ~/.ansible.cfg or /etc/ansible/ansible.cfg, whichever it finds first +# config file for ansible -- http://ansible.com/ +# ============================================== + +# nearly all parameters can be overridden in ansible-playbook +# or with command line flags. ansible will read ANSIBLE_CONFIG, +# ansible.cfg in the current working directory, .ansible.cfg in +# the home directory or /etc/ansible/ansible.cfg, whichever it +# finds first [defaults] -# location of inventory file, eliminates need to specify -i +# some basic default values... -hostfile = {{ ansible_base }}/inventory/inventory +hostfile = {{ ansible_base }}/ansible/inventory +library = {{ ansible_base }}/ansible/library:/usr/share/ansible +remote_tmp = $HOME/.ansible/tmp +pattern = * +forks = 90 +poll_interval = 15 +sudo_user = root +#ask_sudo_pass = True +#ask_pass = True +transport = smart +remote_port = 22 -# location of ansible library, eliminates need to specify --module-path +# additional paths to search for roles in, colon seperated +roles_path = {{ ansible_base }}/ansible/roles -library = {{ ansible_base }}/library:/usr/share/ansible +# uncomment this to disable SSH key host checking +#host_key_checking = False -# location of ansible log file -log_path = /var/log/ansible/ansible.log +# change this for alternative sudo implementations +sudo_exe = sudo -# default module name used in /usr/bin/ansible when -m is not specified +# what flags to pass to sudo +#sudo_flags = -H -module_name = command +# SSH timeout +timeout = 90 -# home directory where temp files are stored on remote systems. Should -# almost always contain $HOME or be a directory writeable by all users +# default user to use for playbooks if user is not specified +# (/usr/bin/ansible will use current user as default) +#remote_user = root -remote_tmp = $HOME/.ansible/tmp +# logging is off by default unless this path is defined +# if so defined, consider logrotate +#log_path = /var/log/ansible.log -# the default pattern for ansible-playbooks ("hosts:") +# default module name for /usr/bin/ansible +#module_name = command -pattern = * +# use this shell for commands executed under sudo +# you may need to change this to bin/bash in rare instances +# if sudo is constrained +#executable = /bin/sh -# the default number of forks (parallelism) to be used. Usually you -# can crank this up. +# if inventory variables overlap, does the higher precedence one win +# or are hash values merged together? The default is 'replace' but +# this can also be set to 'merge'. +#hash_behaviour = replace -forks=25 +# How to handle variable replacement - as of 1.2, Jinja2 variable syntax is +# preferred, but we still support the old $variable replacement too. +# Turn off ${old_style} variables here if you like. +#legacy_playbook_variables = yes -# the timeout used by various connection types. Usually this corresponds -# to an SSH timeout +# list any Jinja2 extensions to enable here: +#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n -timeout=10 +# if set, always use this private key file for authentication, same as +# if passing --private-key to ansible or ansible-playbook +#private_key_file = /path/to/file -# when using --poll or "poll:" in an ansible playbook, and not specifying -# an explicit poll interval, use this interval +# format of string {{ ansible_managed }} available within Jinja2 +# templates indicates to users editing templates files will be replaced. +# replacing {file}, {host} and {uid} and strftime codes with proper values. +ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} -poll_interval=15 +# by default, ansible-playbook will display "Skipping [host]" if it determines a task +# should not be run on a host. Set this to "False" if you don't want to see these "Skipping" +# messages. NOTE: the task header will still be shown regardless of whether or not the +# task is skipped. +#display_skipped_hosts = True -# when specifying --sudo to /usr/bin/ansible or "sudo:" in a playbook, -# and not specifying "--sudo-user" or "sudo_user" respectively, sudo -# to this user account +# by default (as of 1.3), Ansible will raise errors when attempting to dereference +# Jinja2 variables that are not set in templates or action lines. Uncomment this line +# to revert the behavior to pre-1.3. +#error_on_undefined_vars = False -sudo_user=root +# by default (as of 1.6), Ansible may display warnings based on the configuration of the +# system running ansible itself. This may include warnings about 3rd party packages or +# other conditions that should be resolved if possible. +# to disable these warnings, set the following value to False: +system_warnings = False -# connection to use when -c is not specified +# set plugin path directories here, seperate with colons +action_plugins = {{ ansible_base }}/ansible/action_plugins:/usr/share/ansible_plugins/action_plugins +callback_plugins = {{ ansible_base }}/ansible/callback_plugins:/usr/share/ansible_plugins/callback_plugins +connection_plugins = {{ ansible_base }}/ansible/connection_plugins:/usr/share/ansible_plugins/connection_plugins +lookup_plugins = {{ ansible_base }}/ansible/lookup_plugins:/usr/share/ansible_plugins/lookup_plugins +vars_plugins = {{ ansible_base }}/ansible/vars_plugins:/usr/share/ansible_plugins/vars_plugins +filter_plugins = {{ ansible_base }}/ansible/filter_plugins:/usr/share/ansible_plugins/filter_plugins -#transport=paramiko +# don't like cows? that's unfortunate. +# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 +#nocows = 1 -# remote SSH port to be used when --port or "port:" or an equivalent inventory -# variable is not specified. - -remote_port=22 - -# if set, always run /usr/bin/ansible commands as this user, and assume this value -# if "user:" is not set in a playbook. If not set, use the current Unix user -# as the default - -remote_user=root - -# if set, always use this private key file for authentication, same as if passing -# --private-key-file to ansible or ansible-playbook - -#private_key_file=/path/to/file - - -# additional plugin paths for non-core plugins - -action_plugins = {{ ansible_base }}/action_plugins:/usr/lib/python2.6/site-packages/ansible/runner/action_plugins -lookup_plugins = {{ ansible_base }}/lookup_plugins:/usr/lib/python2.6/site-packages/ansible/runner/lookup_plugins -callback_plugins = {{ ansible_base }}/callback_plugins:/usr/lib/python2.6/site-packages/ansible/callback_plugins - -host_key_checking=False +# don't like colors either? +# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 +#nocolor = 1 [paramiko_connection] -# nothing to configure yet +# uncomment this line to cause the paramiko connection plugin to not record new host +# keys encountered. Increases performance on new host additions. Setting works independently of the +# host key checking setting above. +#record_host_keys=False + +# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this +# line to disable this behaviour. +#pty=False [ssh_connection] -# if uncommented, sets the ansible ssh arguments to the following. Leaving off ControlPersist -# will result in poor performance, so use transport=paramiko on older platforms rather than -# removing it +# ssh arguments to use +# Leaving off ControlPersist will result in poor performance, so use +# paramiko on older platforms rather than removing it +# ssh_args = -o ControlMaster=auto -o ControlPersist=60s -ssh_args=-o PasswordAuthentication=no -o ControlMaster=auto +# The path to use for the ControlPath sockets. This defaults to +# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with +# very long hostnames or very long path names (caused by long user names or +# deeply nested home directories) this can exceed the character limit on +# file socket names (108 characters for most platforms). In that case, you +# may wish to shorten the string below. +# +# Example: +# control_path = %(directory)s/%%h-%%r +#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r + +# Enabling pipelining reduces the number of SSH operations required to +# execute a module on the remote server. This can result in a significant +# performance improvement when enabled, however when using "sudo:" you must +# first disable 'requiretty' in /etc/sudoers +# +# By default, this option is disabled to preserve compatibility with +# sudoers configurations that have requiretty (the default on many distros). +# +pipelining = True + +# if True, make ansible use scp if the connection type is ssh +# (default is sftp) +#scp_if_ssh = True + +[accelerate] +accelerate_port = 5099 +accelerate_timeout = 30 +accelerate_connect_timeout = 5.0 diff --git a/roles/batcave/files/ansible.cfg b/roles/batcave/files/ansible.cfg deleted file mode 100644 index b4ca49c68f..0000000000 --- a/roles/batcave/files/ansible.cfg +++ /dev/null @@ -1,158 +0,0 @@ -# config file for ansible -- http://ansible.com/ -# ============================================== - -# nearly all parameters can be overridden in ansible-playbook -# or with command line flags. ansible will read ANSIBLE_CONFIG, -# ansible.cfg in the current working directory, .ansible.cfg in -# the home directory or /etc/ansible/ansible.cfg, whichever it -# finds first - -[defaults] - -# some basic default values... - -hostfile = /srv/web/infra/ansible/inventory -library = /srv/web/infra/ansible/library:/usr/share/ansible -remote_tmp = $HOME/.ansible/tmp -pattern = * -forks = 90 -poll_interval = 15 -sudo_user = root -#ask_sudo_pass = True -#ask_pass = True -transport = smart -remote_port = 22 - -# additional paths to search for roles in, colon seperated -roles_path = /srv/web/infra/ansible/roles - -# uncomment this to disable SSH key host checking -#host_key_checking = False - -# change this for alternative sudo implementations -sudo_exe = sudo - -# what flags to pass to sudo -#sudo_flags = -H - -# SSH timeout -timeout = 90 - -# default user to use for playbooks if user is not specified -# (/usr/bin/ansible will use current user as default) -#remote_user = root - -# logging is off by default unless this path is defined -# if so defined, consider logrotate -#log_path = /var/log/ansible.log - -# default module name for /usr/bin/ansible -#module_name = command - -# use this shell for commands executed under sudo -# you may need to change this to bin/bash in rare instances -# if sudo is constrained -#executable = /bin/sh - -# if inventory variables overlap, does the higher precedence one win -# or are hash values merged together? The default is 'replace' but -# this can also be set to 'merge'. -#hash_behaviour = replace - -# How to handle variable replacement - as of 1.2, Jinja2 variable syntax is -# preferred, but we still support the old $variable replacement too. -# Turn off ${old_style} variables here if you like. -#legacy_playbook_variables = yes - -# list any Jinja2 extensions to enable here: -#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n - -# if set, always use this private key file for authentication, same as -# if passing --private-key to ansible or ansible-playbook -#private_key_file = /path/to/file - -# format of string {{ ansible_managed }} available within Jinja2 -# templates indicates to users editing templates files will be replaced. -# replacing {file}, {host} and {uid} and strftime codes with proper values. -ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} - -# by default, ansible-playbook will display "Skipping [host]" if it determines a task -# should not be run on a host. Set this to "False" if you don't want to see these "Skipping" -# messages. NOTE: the task header will still be shown regardless of whether or not the -# task is skipped. -#display_skipped_hosts = True - -# by default (as of 1.3), Ansible will raise errors when attempting to dereference -# Jinja2 variables that are not set in templates or action lines. Uncomment this line -# to revert the behavior to pre-1.3. -#error_on_undefined_vars = False - -# by default (as of 1.6), Ansible may display warnings based on the configuration of the -# system running ansible itself. This may include warnings about 3rd party packages or -# other conditions that should be resolved if possible. -# to disable these warnings, set the following value to False: -system_warnings = False - -# set plugin path directories here, seperate with colons -action_plugins = /srv/web/infra/ansible/action_plugins:/usr/share/ansible_plugins/action_plugins -callback_plugins = /srv/web/infra/ansible/callback_plugins:/usr/share/ansible_plugins/callback_plugins -connection_plugins = /srv/web/infra/ansible/connection_plugins:/usr/share/ansible_plugins/connection_plugins -lookup_plugins = /srv/web/infra/ansible/lookup_plugins:/usr/share/ansible_plugins/lookup_plugins -vars_plugins = /srv/web/infra/ansible/vars_plugins:/usr/share/ansible_plugins/vars_plugins -filter_plugins = /srv/web/infra/ansible/filter_plugins:/usr/share/ansible_plugins/filter_plugins - -# don't like cows? that's unfortunate. -# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 -#nocows = 1 - -# don't like colors either? -# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 -#nocolor = 1 - -[paramiko_connection] - -# uncomment this line to cause the paramiko connection plugin to not record new host -# keys encountered. Increases performance on new host additions. Setting works independently of the -# host key checking setting above. -#record_host_keys=False - -# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this -# line to disable this behaviour. -#pty=False - -[ssh_connection] - -# ssh arguments to use -# Leaving off ControlPersist will result in poor performance, so use -# paramiko on older platforms rather than removing it -# ssh_args = -o ControlMaster=auto -o ControlPersist=60s - -# The path to use for the ControlPath sockets. This defaults to -# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with -# very long hostnames or very long path names (caused by long user names or -# deeply nested home directories) this can exceed the character limit on -# file socket names (108 characters for most platforms). In that case, you -# may wish to shorten the string below. -# -# Example: -# control_path = %(directory)s/%%h-%%r -#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r - -# Enabling pipelining reduces the number of SSH operations required to -# execute a module on the remote server. This can result in a significant -# performance improvement when enabled, however when using "sudo:" you must -# first disable 'requiretty' in /etc/sudoers -# -# By default, this option is disabled to preserve compatibility with -# sudoers configurations that have requiretty (the default on many distros). -# -pipelining = True - -# if True, make ansible use scp if the connection type is ssh -# (default is sftp) -#scp_if_ssh = True - -[accelerate] -accelerate_port = 5099 -accelerate_timeout = 30 -accelerate_connect_timeout = 5.0 diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml index 61752466db..bf27a636b8 100644 --- a/roles/batcave/tasks/main.yml +++ b/roles/batcave/tasks/main.yml @@ -29,12 +29,6 @@ # This is our ansible master, setup ansible # -- name: use our ansible.cfg - copy: src=ansible.cfg dest=/etc/ansible/ansible.cfg - tags: - - batcave - - config - - name: setup roots bashrc to note about agents copy: src=root_bashrc dest=/root/.bashrc tags: