preparation for EX447 exam
The purpose is to test the different objectives covered by DO447 preparing for EX447
To use this project, please follow below steps:
- install ansible ( the code was developped using ansible 2.9 )
- install docker and docker-compose in your environment
- run the command in Dockerfile to create the customized image
- run the command in docker-compose.yml file to startup client instances
- run the command in each playbook to test the playbook
ungrouped: a generic group for hosts without groups in yml inventories
Useful commands:
ansible-inventory -i inventory --list
ansible-inventory --yaml -i inventory --list > converted_inventory.yml
ansible all -i converted_inventory.yml -m ping
Create group_vars & host_vars folders, subfolders for groups
Special inventory vars: ansible_connection, ansible_host, ansible_port, ansible_user, ansible_become_user, ansible_python_interpreter
become, become_user, become_method
import_role, include_role
notify, listen
tags, skip-tags, tagged, untagged
never, always
gather_facts, forks,
SSH: ControlMaster, ControlPersist, Pipelining
Callbacks: timer, profile_tasks, profile_roles, cgroup_perf_recap
ansible-doc -lt callback
ansible-doc -t cgroup_perf_recap
sudo cgcreate -a aniskhach:aniskhach -t aniskhach:aniskhach -g cpuacct,memory,pids:ansible_profile
cgexec -g cpuacct,memory,pids:ansible_profile ansible-playbook playbook.yml
- generic: (int, string, bool, list, ...), mandatory, default, default(omit)
- maths: pow, log, root, abs, ...
- lists: max, min, sum, first, last, length, random, reverse, sort, unique, flatten, uninion, difference, intersect, select, ...
- dictionary: combine, dict2items, items2dict
- strings: lower, upper, capitalize, b64encode, b64decode, quote
- hash: hash, password_hash
- replace, regex_search, regex_replace
- json_query ( apt install python3-jmespath ), to_json, to_yaml, to_nice_json, to_nice_yaml
ansible-doc -lt lookup
ansible-doc -t lookup file
lookup and query: file, template, pipe, lines, env, url, k8s, password, dig ( pip install dnspython
), list ...
loop instead of with_* , flatten, dict2items, fileglob, subelements
lookup: ipaddr ( ipv4, ipv6, public, private, subnet, ...), dig, dnstxt
delegating tasks: delegate_to, hostvars (hostvars['serverb']['ansible_facts']['default_ipv4']['address']
)
rolling updates: serial, max_fail_percentage, ansible_play_hosts, ansible_play_batch, run_once
./setup.sh
awx-manage changepassword admin
General roles (Organization): Project Admin, Inventory Admin, Credential Admin, Notification Admin, Workflow Admin, Job Template Admin, Member, Read, Execute
User roles: System Administrator, System Auditor, Normal User
Teams roles: Admin, Member, Read
tower-cli role grant --user 'sam' --target-team 'Operators' --type 'admin'
Inventories roles: Admin, Use, Ad Hoc, Update, Read
import an inventory from cli:
awx-manage inventory_import --inventory-name=myapp-inv --source=inventory.yml
Credentials: Machine, Source Control, Network, Vault, dynamic inventories (AWS, vcenter, ...), ...
Credential roles: Admin, Use, Read
Project roles: Admin, Use, Update, Read
Job Template roles: Admin, Execute, Read
Fact cache ( gather_facts: false)
Prompt on launch for variables
Job Template Surveys for extra variables
Workflow Job Templates, WORKFLOW VISUALIZER
Workflow Job Template roles: Admin, Execute, Read, Approve
curl -X GET https://tower-url/api/ -k
curl -X GET --user admin:password https://tower-url/api/v2/instances/ | json_pp
curl -X GET --user admin:password http://localhost/api/v2/job_templates/15/ -k -s | json_pp
curl -X POST --user admin:password http://localhost/api/v2/job_templates/15/launch/ -k -s | json_pp
curl -X GET "http://localhost/api/v2/users/" --user admin --oauth2-bearer xdWkzTZLJoQCVHpH -k -s | json_pp
Create an oauth2 token:
awx-manage create_oauth2_token --user admin
update inventory from CLI:
awx-manage inventory_import --inventory-name=myapp-inv --source=inventory.yml --override
Inventories from SCM, through projects ( Sourced from a Project )
Smart Inventories: use filters ( like ansible_facts.ansible_distribution:"RedHat"
)
./setup.sh -b
./setup.sh -r