ansible
-
Conditional Privilege Escalation in Ansible Playbooks
Fixing become_user Failures When Already Logged in as this user, e.g. ansible_user Problem Description This error occurs when an Ansible task is configured with become: true and a become_user that matches the current login user (the remote_user). Even if you are already logged in as the target user, Ansible attempts to wrap the module execution in a privilege escalation command (typically sudo -u target_user). If the target user is not explicitly permitted in the /etc/sudoers file to “sudo to themselves,” the OS rejects the command, requesting a password that Ansible cannot provide. This is the classic “I am who I say I am, but I can’t prove it to myself”…
-
Ansible Formatting Best Practices
Readable and consistent Ansible code makes reviews easier, reduces errors, and helps linters such as yamllint and ansible-lint work reliably. The following conventions have proven useful in larger playbooks and roles. 1. Use folded scalars for long Jinja expressions Multiline Jinja expressions inside a quoted YAML scalar can confuse YAML parsers and linters. Avoid this: The expression is hard to read and may break YAML formatting checks. Use folded scalars instead: Advantages: 2. General YAML formatting Maintain a consistent layout across all playbooks. Recommended conventions: Example: This improves readability and keeps file structure consistent. 3. Always use Fully Qualified Collection Names (FQCN) Using FQCN avoids ambiguity and improves compatibility with…
-
Get systemd services in ansible plays
Hi, this is a tip to get details about linux (e.g. systemd) services in an ansible play. Just use the ansible service_facts module. You can use it without passing any argument. You can access services by using ansible_facts.services. As this is an dictionary, a single service is addressable by using ansible_facts.services[{{ service-name }}]. A few more examples:
-
use ansible module copy instead of template for small files
In order to adapt files and their content on target servers I am used to using ansible copy module. However, if you only have a small file with just one or a few lines, you can do so without creating a jinja2 template. Here is the little cheat: Just use ansible’s copy module. That’s it. This creates a file with variable content, without need to create a template.
-
Ansible Installation auf Windows 10 Systemen
Ansible kann lokal in der Windows Bash installiert und zusammen mit Visual Studio Code (https://code.visualstudio.com/) effektiv betrieben werden. Die Windows Bash muss installiert sein. Die Bash kann über den Windows Store installiert werden. Einfach nach Ubuntu suchen. Nach der Installation die bash starten. PS C:\Users\user01> bash Die eigentliche ansible Installation erfolgt im Windows Linux Subsystem mit diesen Befehlen. Der letzte Befehl fügt die ansible Kommandos zum Pfad hinzu, damit sie direkt aufrufbar sind. sudo apt-get -y install python-pip python-dev libffi-dev libssl-dev pip install --upgrade pip pip install ansible --user echo 'PATH=$HOME/.local/bin:$PATH' >> ~/.bashrc <em>"pip install --upgrade pip"</em> ist nur der Schönheit halber enthalten, damit pip auch aktuell ist, sonst gibt…