infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

Fix up ansible config so things are idempotent

Browse source
This commit is contained in:
Kevin Fenzi 2015-09-21 21:51:59 +00:00
parent 4f8dc3c8b8
commit b1d1bec70a
3 changed files with 127 additions and 224 deletions
Download patch file Download diff file Expand all files Collapse all files

187
roles/ansible-server/templates/ansible.cfg.j2
View file

@ -1,91 +1,158 @@
# config file for ansible -- http://ansible.github.com # config file for ansible -- http://ansible.com/
# nearly all parameters can be overridden in ansible-playbook or with command line flags # ==============================================
# ansible will read ~/.ansible.cfg or /etc/ansible/ansible.cfg, whichever it finds first
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults] [defaults]
# location of inventory file, eliminates need to specify -i # some basic default values...
hostfile = {{ ansible_base }}/inventory/inventory hostfile = {{ ansible_base }}/ansible/inventory
library = {{ ansible_base }}/ansible/library:/usr/share/ansible
remote_tmp = $HOME/.ansible/tmp
pattern = *
forks = 90
poll_interval = 15
sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
transport = smart
remote_port = 22
# location of ansible library, eliminates need to specify --module-path # additional paths to search for roles in, colon seperated
roles_path = {{ ansible_base }}/ansible/roles
library = {{ ansible_base }}/library:/usr/share/ansible # uncomment this to disable SSH key host checking
#host_key_checking = False
# location of ansible log file # change this for alternative sudo implementations
log_path = /var/log/ansible/ansible.log sudo_exe = sudo
# default module name used in /usr/bin/ansible when -m is not specified # what flags to pass to sudo
#sudo_flags = -H
module_name = command # SSH timeout
timeout = 90
# home directory where temp files are stored on remote systems. Should # default user to use for playbooks if user is not specified
# almost always contain $HOME or be a directory writeable by all users # (/usr/bin/ansible will use current user as default)
#remote_user = root
remote_tmp = $HOME/.ansible/tmp # logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log
# the default pattern for ansible-playbooks ("hosts:") # default module name for /usr/bin/ansible
#module_name = command
pattern = * # use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# the default number of forks (parallelism) to be used. Usually you # if inventory variables overlap, does the higher precedence one win
# can crank this up. # or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
forks=25 # How to handle variable replacement - as of 1.2, Jinja2 variable syntax is
# preferred, but we still support the old $variable replacement too.
# Turn off ${old_style} variables here if you like.
#legacy_playbook_variables = yes
# the timeout used by various connection types. Usually this corresponds # list any Jinja2 extensions to enable here:
# to an SSH timeout #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
timeout=10 # if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file
# when using --poll or "poll:" in an ansible playbook, and not specifying # format of string {{ ansible_managed }} available within Jinja2
# an explicit poll interval, use this interval # templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
poll_interval=15 # by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# when specifying --sudo to /usr/bin/ansible or "sudo:" in a playbook, # by default (as of 1.3), Ansible will raise errors when attempting to dereference
# and not specifying "--sudo-user" or "sudo_user" respectively, sudo # Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to this user account # to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
sudo_user=root # by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
system_warnings = False
# connection to use when -c <connection_type> is not specified # set plugin path directories here, seperate with colons
action_plugins = {{ ansible_base }}/ansible/action_plugins:/usr/share/ansible_plugins/action_plugins
callback_plugins = {{ ansible_base }}/ansible/callback_plugins:/usr/share/ansible_plugins/callback_plugins
connection_plugins = {{ ansible_base }}/ansible/connection_plugins:/usr/share/ansible_plugins/connection_plugins
lookup_plugins = {{ ansible_base }}/ansible/lookup_plugins:/usr/share/ansible_plugins/lookup_plugins
vars_plugins = {{ ansible_base }}/ansible/vars_plugins:/usr/share/ansible_plugins/vars_plugins
filter_plugins = {{ ansible_base }}/ansible/filter_plugins:/usr/share/ansible_plugins/filter_plugins
#transport=paramiko # don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# remote SSH port to be used when --port or "port:" or an equivalent inventory # don't like colors either?
# variable is not specified. # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
remote_port=22
# if set, always run /usr/bin/ansible commands as this user, and assume this value
# if "user:" is not set in a playbook. If not set, use the current Unix user
# as the default
remote_user=root
# if set, always use this private key file for authentication, same as if passing
# --private-key-file to ansible or ansible-playbook
#private_key_file=/path/to/file
# additional plugin paths for non-core plugins
action_plugins = {{ ansible_base }}/action_plugins:/usr/lib/python2.6/site-packages/ansible/runner/action_plugins
lookup_plugins = {{ ansible_base }}/lookup_plugins:/usr/lib/python2.6/site-packages/ansible/runner/lookup_plugins
callback_plugins = {{ ansible_base }}/callback_plugins:/usr/lib/python2.6/site-packages/ansible/callback_plugins
host_key_checking=False
[paramiko_connection] [paramiko_connection]
# nothing to configure yet # uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
[ssh_connection] [ssh_connection]
# if uncommented, sets the ansible ssh arguments to the following. Leaving off ControlPersist # ssh arguments to use
# will result in poor performance, so use transport=paramiko on older platforms rather than # Leaving off ControlPersist will result in poor performance, so use
# removing it # paramiko on older platforms rather than removing it
# ssh_args = -o ControlMaster=auto -o ControlPersist=60s
ssh_args=-o PasswordAuthentication=no -o ControlMaster=auto # The path to use for the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
# very long hostnames or very long path names (caused by long user names or
# deeply nested home directories) this can exceed the character limit on
# file socket names (108 characters for most platforms). In that case, you
# may wish to shorten the string below.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
pipelining = True
# if True, make ansible use scp if the connection type is ssh
# (default is sftp)
#scp_if_ssh = True
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0

158
roles/batcave/files/ansible.cfg
View file

@ -1,158 +0,0 @@
# config file for ansible -- http://ansible.com/
# ==============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
hostfile = /srv/web/infra/ansible/inventory
library = /srv/web/infra/ansible/library:/usr/share/ansible
remote_tmp = $HOME/.ansible/tmp
pattern = *
forks = 90
poll_interval = 15
sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
transport = smart
remote_port = 22
# additional paths to search for roles in, colon seperated
roles_path = /srv/web/infra/ansible/roles
# uncomment this to disable SSH key host checking
#host_key_checking = False
# change this for alternative sudo implementations
sudo_exe = sudo
# what flags to pass to sudo
#sudo_flags = -H
# SSH timeout
timeout = 90
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log
# default module name for /usr/bin/ansible
#module_name = command
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
# How to handle variable replacement - as of 1.2, Jinja2 variable syntax is
# preferred, but we still support the old $variable replacement too.
# Turn off ${old_style} variables here if you like.
#legacy_playbook_variables = yes
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
system_warnings = False
# set plugin path directories here, seperate with colons
action_plugins = /srv/web/infra/ansible/action_plugins:/usr/share/ansible_plugins/action_plugins
callback_plugins = /srv/web/infra/ansible/callback_plugins:/usr/share/ansible_plugins/callback_plugins
connection_plugins = /srv/web/infra/ansible/connection_plugins:/usr/share/ansible_plugins/connection_plugins
lookup_plugins = /srv/web/infra/ansible/lookup_plugins:/usr/share/ansible_plugins/lookup_plugins
vars_plugins = /srv/web/infra/ansible/vars_plugins:/usr/share/ansible_plugins/vars_plugins
filter_plugins = /srv/web/infra/ansible/filter_plugins:/usr/share/ansible_plugins/filter_plugins
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it
# ssh_args = -o ControlMaster=auto -o ControlPersist=60s
# The path to use for the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
# very long hostnames or very long path names (caused by long user names or
# deeply nested home directories) this can exceed the character limit on
# file socket names (108 characters for most platforms). In that case, you
# may wish to shorten the string below.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
pipelining = True
# if True, make ansible use scp if the connection type is ssh
# (default is sftp)
#scp_if_ssh = True
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0

6
roles/batcave/tasks/main.yml
View file

@ -29,12 +29,6 @@
# This is our ansible master, setup ansible # This is our ansible master, setup ansible
# #
- name: use our ansible.cfg
copy: src=ansible.cfg dest=/etc/ansible/ansible.cfg
tags:
- batcave
- config
- name: setup roots bashrc to note about agents - name: setup roots bashrc to note about agents
copy: src=root_bashrc dest=/root/.bashrc copy: src=root_bashrc dest=/root/.bashrc
tags: tags: