-
Deep Dive: Mastering the “Missing File Trap”
This is a follow up to my previous post Mastering Dynamic Task Includes in Ansible. Because include_tasks evaluates variables at runtime (right when the play reaches that specific step), Ansible has no idea whether the target file actually exists when the playbook first starts. If a user passes a typo like action=instal instead of install, Ansible will execute every task right up to your include step, and then crash with a fatal “file not found” error. To prevent this, we use the with_first_found lookup plugin. It scans a list of files sequentially and includes the first one it actually finds on disk. By designing a deliberate fallback strategy, default_action.yml can…
-
Mastering Dynamic Task Includes in Ansible
One of the best ways (and easy) to keep your Ansible playbooks clean, modular, and DRY (Don’t Repeat Yourself) is by using dynamic task includes. Instead of writing massive, conditional playbooks with dozens of when statements, you can let your data drive your execution. The core idea is beautifully simple: Depending on the value of the action variable (e.g., install, configure, or backup), Ansible will look for and execute install.yml, configure.yml, or backup.yml on the fly. Why Use This Pattern? ⚠️ The Gotchas (What to Watch Out For) While highly effective, include_tasks is evaluated at runtime, which introduces a couple of architectural quirks you need to design around. 1. The…
-
Keeping an Eye on SSH Keys: Easily Review authorized_keys with awk
Hello fellow Admins! Who hasn’t been there? The ~/.ssh/authorized_keys file is a crucial component for the security of your servers. But sometimes, especially when many keys are stored or very long keys are in use, the file can quickly become overwhelming. Getting a quick overview without endlessly scrolling through lengthy character strings is truly golden. That’s precisely why I have a small but powerful tip for you: an awk script that makes your authorized_keys more readable by shortening the SSH keys to a manageable length, without losing any vital information. Why is this useful? The awk Magic (Ansible-Aware!) This awk script shortens the actual SSH keys (the second column) to…
-
Conditional Privilege Escalation in Ansible Playbooks
Fixing become_user Failures When Already Logged in as this user, e.g. ansible_user Problem Description This error occurs when an Ansible task is configured with become: true and a become_user that matches the current login user (the remote_user). Even if you are already logged in as the target user, Ansible attempts to wrap the module execution in a privilege escalation command (typically sudo -u target_user). If the target user is not explicitly permitted in the /etc/sudoers file to “sudo to themselves,” the OS rejects the command, requesting a password that Ansible cannot provide. This is the classic “I am who I say I am, but I can’t prove it to myself”…
-
Ansible Formatting Best Practices
Readable and consistent Ansible code makes reviews easier, reduces errors, and helps linters such as yamllint and ansible-lint work reliably. The following conventions have proven useful in larger playbooks and roles. 1. Use folded scalars for long Jinja expressions Multiline Jinja expressions inside a quoted YAML scalar can confuse YAML parsers and linters. Avoid this: The expression is hard to read and may break YAML formatting checks. Use folded scalars instead: Advantages: 2. General YAML formatting Maintain a consistent layout across all playbooks. Recommended conventions: Example: This improves readability and keeps file structure consistent. 3. Always use Fully Qualified Collection Names (FQCN) Using FQCN avoids ambiguity and improves compatibility with…
-
Get systemd services in ansible plays
Hi, this is a tip to get details about linux (e.g. systemd) services in an ansible play. Just use the ansible service_facts module. You can use it without passing any argument. You can access services by using ansible_facts.services. As this is an dictionary, a single service is addressable by using ansible_facts.services[{{ service-name }}]. A few more examples:
-
use ansible module copy instead of template for small files
In order to adapt files and their content on target servers I am used to using ansible copy module. However, if you only have a small file with just one or a few lines, you can do so without creating a jinja2 template. Here is the little cheat: Just use ansible’s copy module. That’s it. This creates a file with variable content, without need to create a template.
-
Ansible Installation auf Windows 10 Systemen
Ansible kann lokal in der Windows Bash installiert und zusammen mit Visual Studio Code (https://code.visualstudio.com/) effektiv betrieben werden. Die Windows Bash muss installiert sein. Die Bash kann über den Windows Store installiert werden. Einfach nach Ubuntu suchen. Nach der Installation die bash starten. PS C:\Users\user01> bash Die eigentliche ansible Installation erfolgt im Windows Linux Subsystem mit diesen Befehlen. Der letzte Befehl fügt die ansible Kommandos zum Pfad hinzu, damit sie direkt aufrufbar sind. sudo apt-get -y install python-pip python-dev libffi-dev libssl-dev pip install --upgrade pip pip install ansible --user echo 'PATH=$HOME/.local/bin:$PATH' >> ~/.bashrc <em>"pip install --upgrade pip"</em> ist nur der Schönheit halber enthalten, damit pip auch aktuell ist, sonst gibt…