[public draft] IaC Ad-Hoc Tasks with Ansible contain several single-file "task oriented" playbooks ready to be used directly or be used as initial inspiration for your more complex implementations.
Everything this repository contains is distributed under the Public Domain license: it means that maintain the attribution in the source YAML codes when using full scripts without any change are not a legal or moral requirement, but are just welcome.
The target audience is both who is new to IaC (or IaC with Ansible) and veterans who just want get things done without creating custom playbooks or importing Ansible Roles for ad-hocs group of tasks.
As convention, we recommend you store the files used at a folder called ad-hoc
at root of your project (but is up to you commit with you projects or ignore the
folder). Or store at home folder named ~/.ad-hoc
so you can reuse.
- Infrastructure As Code Ad-Hoc Tasks with Ansible
The info collection is safe to use: is granted to not try to install or do actions that could break the target nodes. If some task requires some special tool, you will be warned to install manually.
See info/show-ansible-facts-local.yml.
See info/show-firewall-status.yml.
See install/install-debug-tools.yml.
This category is intended only for testing or very fast boostraping. DO NOT USE ON PRODUCTION. They do not even have idempotency (e.g. are not designed to be re-run again without trying to redoing some actions, and this upsed Ansible veterans).
Even if they may require explicit manual input to run (so it can mitigate missuse) consider this folder of playbooks to be tested only on servers that you are using for testing and can reinstall the full operational system.
Anyway, these scripts can be used as initial reference for your own playbooks, but consider using Ansible Roles already published by community. Or at least, yes, you can use then in a emergency, but after installed, manage the nodes without these scripts.
This repository assumes you already have installed Ansible on your machine.
- Use
pip
in your selected Python environment to install the Ansible package of your choice for the current user:
python3 -m pip install --user ansible
- You can test that Ansible is installed correctly by checking the version:
ansible --version
Most ad-hoc playbooks will also require you be able to SSH into some remote
machine. You can either manually enter the password each time with --ask-pass
and --ask-become-pass
or setup SSH Passwordless Login.
# Reference command (requires SSH Passwordless Login)
ansible-playbook ad-hoc/info/show-ports-open.yml -i hosts
# Command asking root password
ansible-playbook ad-hoc/info/show-ports-open.yml -i hosts --ask-pass
ansible-playbook ad-hoc/info/show-ports-open.yml -i hosts --ask-become-pass
If you already does not have one SSH key, the same tutorial used for GitHub give one way to create it:
This Digital Ocean tutorial explains how to create an SSH key, and also how to add to a remote server for SSH Passwordless Login.
We know the first time to be able to do SSH Passwordless Login can be thought. But take your time to learn it, even look for other places with references on it. You can do it :).
This projects provide you the single YAML playbook need for do your thing. But
you still need explain what hosts the ad-hoc task will run when using ansible
or ansible-playbook
.
ansible
or ansible-playbook
, since are much more powerfull than one averange
cli command, are mean to have not only simple list of targets but a
powerfull inventory with targets and options.
This trick is using comma ,
even if is just for a single target.
# Reference command (requires a file called 'hosts' with your target hostnames/IPs in each new line)
ansible-playbook ad-hoc/info/show-ports-open.yml -i hosts
# Equivalent without need of hosts file for a host with domain or ip
ansible-playbook ad-hoc/info/show-ports-open.yml -i example.com,
ansible-playbook ad-hoc/info/show-ports-open.yml -i 203.0.113.0,
ansible-playbook ad-hoc/info/show-ports-open.yml -i example.com,203.0.113.0,example.org,
Why this works? Because if your -i
(--inventory
) have at least a comma,
will be considered as a direct list, not as a file that must be saved on some
place. From the documentation:
$ ansible --help # (...) -i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY specify inventory host path or comma separated host list. --inventory-file is deprecated
There are several ways to build your inventory
(can be a plain text file, an INI file, and YAML) but the simplest way is have
an hosts
file on the directory that runs ansible
or ansible-playbook
with
a content like this:
example.com
203.0.113.0
example.org
Important note: by default the ad-hoc scripts on this diretory will run agains
all
your hosts (by default just not localhost), so this may not be desirable.
Choose one of the options. This repository is not one Ansible Role, and every script here is one-file-script.
- Go to https://github.com/fititnt/ansible-ad-hoc
- Choose what files you want, ignore the others
- Copy and paste where you want
- Then just use different paths than
ad-hoc/info/
on your documentation
- Then just use different paths than
git clone https://github.com/fititnt/ansible-ad-hoc.git ad-hoc/
## What do you want to do: ignore or commit the full folder on your repository?
# If want to ignore, add ad-hoc/ to .gitignore
echo "\n# Ignoring Ansible Ad-Hoc files from https://github.com/fititnt/ansible-ad-hoc \nad-hoc/" >> .gitignore
# If want to commit delete the ad-hoc/.git folder
rm -r ad-hoc/.git
git clone https://github.com/fititnt/ansible-ad-hoc.git ~/.ansible-ad-hoc/
ln -s ~/.ansible-ad-hoc/ ad-hoc/
echo "ad-hoc/" >> .gitignore
To the extent possible under law, Emerson Rocha has waived all copyright and related or neighboring rights to this work to Public Domain.
Optionally, you can choose to use the MIT License instead of Public Domain unlicense. But if your project already have some license you could choose the same.