Category: ansible
-
Event-Driven Ansible with Zabbix
Zabbix supports Event-Driven Ansible. This makes it possible to launch job_templates in Ansible Automation Platform based on triggers in Zabbix. One use case is to update host events in Zabbix with facts from Ansible, which we will take a look at in this post. Ansible Automation Platform You will need various credentials, a decision environment…
-
Gitlab CI/CD for Ansible inventory
The inventory is your source of truth in Ansible. It contains all your hosts along with data about your hosts. The data from the inventory represents the desired state you want to reach with Ansible and is used to overwrite arguments (defaults) in roles and playbooks. You can build your inventory statically, using dynamic inventory…
-
Useful Linux commands
Command Comment $ sudo su – Get root privileges and load the root user’s environment. $ sudo !! Repeat the last command with sudo privileges. $ printenv Prints all environment variables. $ ssh-copy-id example Use locally available keys to authorize logins on a remote machine. $ ssh-keygen -R example Remove a host entry from the…
-
Conditional variables in Ansible
I recently had to use a Jinja2 if statement to create variables depending on a set of conditions in an Ansible role. To achieve this, I had to revisit YAML block scalars and Jinja2 whitespace control. YAML block style scalar A scalar in YAML represents an indivisible value such as a string, number, or boolean,…
-
Linux troubleshooting with journald
systemd is a service and system manager for Linux that contains the command line tool journalctl and the journald daemon that aims to make life easier for anyone troubleshooting syslog messages in a Linux system. The journald daemon collects syslog messages and forwards them to the rsyslog service which sorts the syslog messages and writes…
-
SELinux and Firewalld
I harden all my RHEL servers with SELinux and Firewalld. Here is a crash course. SELinux SELinux (Security-Enhanced Linux) is a security architecture that enforces mandatory access controls to restrict applications, processes, and users to the least privileges necessary. For instance, if a web server tries to read files in /home/user/private (even if the file…
-
Ansible directory structure for efficient work
There is a lot of ways you can structure your playbooks, inventory, roles, and collections in Ansible, but it’s beneficial to find a structure that is suitable for both development and AWX/AAP. This is what my layout looks like: I have a Git repository called playbooks that contains all my playbooks. Symbolic links point to…
-
Installing Python from source
The Ansible Control node requires a relatively new version of Python (see matrix here), often newer then the one your OS relies on. For example, the default Python implementation in RHEL 9 is Python 3.9, while ansible-core 2.17 requires Python 3.10 or higher for the Ansible Control Node. Sometimes you can install a newer version…
-
Running Ansible Playbooks safely
A good way to explicitly and dynamically control which inventory hosts or groups a playbook executes against is by defining the host’s field in the playbook as a variable, commonly named “target”. This variable is then defined as an extra vars each time you run the playbook, and if you forget it the playbook will…
-
Ansible Navigator intro
Ansible Navigator is a text-based command-line version of AAP/AWX (with some limitations), and I use it to test and troubleshoot newly created execution environments. Ansible Navigator can be installed with pip. Once installed, create an ansible-navigator.yml configuration file, and point to the execution environment image, along with your inventory and ansible.cfg file. Then run a…