Configure a remote machine to run ansible-pull on a schedule. ansible will be installed on the managed node in a virtual environment using pip.
- cron
- logrotate
At a minimum, you need to define ansible_pull_repo where your Ansible playbook repository lives as well as the ansible_pull_playbook to run.
| Name | Default Value | Description |
|---|---|---|
ansible_pull_workdir |
/var/lib/ansible/local |
Directory where repository is cloned. |
ansible_pull_repo |
https://github.com/samdoran/demo-playbooks.git |
Remote repository to clone when running ansible-pull. |
ansible_pull_playbook |
{{ ansible_pull_workdir }}/hello.yml |
Playbook to run with ansible-pull. |
ansible_pull_logfile |
/var/log/ansible-pull.log |
Where to log output from ansible-pull. Also gets rotated. |
ansible_pull_vault_password_file |
/root/.vault |
File to hold Ansible vault key. Not recommonded unless you aware of the implications of storing keys in clear text on remote hosts, or you are using a script to get the secret from an external source. |
ansible_pull_vault_password |
SuperSecretKey |
Vault key, in plain text, that will be inserted int ansible_pull_vault_password_file. Not recommonded unless you aware of the implications of storing keys in clear text on remote hosts, or you are using a script to get the secret from an external source. |
ansible_pull_ssh_private_key |
[see defaults/main.yml] |
Optionally define an SSH private key that will be installed for root on the remote host. If this is not defined, a new key will be generated and the public SSH key will be output at the end of the play. |
ansible_known_hosts |
[] |
List of SSH host keys to add to /root/.ssh/known_hosts. |
ansible_pull_cron_jobs |
[see defaults/main.yml] |
Cron configuration for jobs that run ansible-pull. The default settings run ansible-pull every ten minutes. |
ansible_pull_user |
root |
User that will run ansible-pull. |
ansible_pull_pip_packages |
['ansible'] |
List of Python packages to install in the virtual environment. |
- samdoran.repo_epel
Here is a playbook using an internal GitLab server with the pull.yml playbook. We also set the SSH key of the internal GitLab server to avoid any problems.
- name: Setup Ansible Pull
hosts: all
become: True
vars:
ansible_pull_playbook: "{{ ansible_pull_workdir }}/playbooks/pull.yml"
ansible_pull_repo: "git@gitlab.acme.com/internal.git"
ansible_pull_known_hosts:
- name: "gitlab.acme.com"
state: present
key: "gitlab.acme.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEPm0nPQBk+W4FBWSuI2wP0vO2W5cfDQV3B65WayiQPCh5kQIaTfDaRXIHACu9GcZRx5mhTsXYt+jY2egvLwazX5xvvQqDZX7wLw+qJXnpb1pqS7koINnAopGspp5v/+KPk7e3SRbLdNDk8O/g7uXb1PwaryebQM2+eluDebh1zbDd2QgKHf1/p4gZ66m4QJ9s17+Qzj3AJO+5fNr9z0MxPkYkf3jLvJ8PmAqGT+6AYlAh889yCrrC+yGj7VH/H6P3dEakj2xEx3Ib4g42EjKOpumoCVLY6dKrtSlkyOVBEOkf7G3liIV2ZNm6smWsJsnCTMPy4o9ioxF+x5GG1nsL"
roles:
- samdoran.repo_epel
- samdoran.ansible_pull
Apache 2.0