Skip to content

๐Ÿง  Welcome to my Ansible Notes

Here are some notes which I find handy ...

๐Ÿ“ฅ Includes

๐Ÿ“„ include vars

- name: Include environment vars files
  ansible.builtin.include_vars:
    file: vars/{{ env }}/secrets.yml

- name: Include Satellite main vars
  ansible.builtin.include_vars: vars/capsule_satgitops_vars.yml

๐Ÿงฉ include tasks

- name: Test include
  ansible.builtin.include_tasks: test_loop_item.yml
  vars:
    my_list_item: "{{ _my_list_item }}"
    my_index: "{{ _index }}"
  loop: "{{ my_list }}"
  loop_control:
    loop_var: _my_list_item
    label: Some text
    index_var: _index
  tags:
    - always

- name: Include role {{ role_2run }}
  ansible.builtin.include_tasks: "tasks/baseline/{{ role_2run|regex_replace('^.*-(.*)$', '\\1') }}.yml"

๐Ÿงฑ include roles

- name: Include role specific tasks
  ansible.builtin.include_tasks: tasks/role/roles_stub.yml
  vars:
    role_2run: "{{ role_item }}"
  loop: "{{ some_roles }}"
  loop_control:
    loop_var: role_item

- name: Run tasks/other.yaml instead of 'main'
  ansible.builtin.include_role:
    name: myrole
    tasks_from: other

- name: Pass variables to role
  ansible.builtin.include_role:
    name: myrole
  vars:
    rolevar1: value from task
  when: not idontwanttorun

- name: Use role in loop
  ansible.builtin.include_role:
    name: '{{ roleinputvar }}'
  loop:
    - '{{ roleinput1 }}'
    - '{{ roleinput2 }}'
  loop_control:
    loop_var: roleinputvar

- name: Apply tags to tasks within included file
  ansible.builtin.include_role:
    name: install
    apply:
      tags:
        - install
  tags:
    - always

๐Ÿ“‹ Lists

โž• Add item to list in a loop

- name: Example add list
  ansible.builtin.set_fact:
    new_list: "{{ new_list | default([]) + [item] }}"
  loop:
    - aap
    - noot
    - mies

๐Ÿงฎ List of hashes

๐Ÿ› ๏ธ create dynamic

- name: Create list of hashes
  vars:
    systems: [ system1 , system8 , system3 ]
    count: "{{ [1,2,3,4,5,6,7,8,9] | random }}"
  ansible.builtin.set_fact:
    new_list: "{{ new_list | default([]) + [ { 'system': item, 'count': count|int } ] }}"
  loop: "{{ systems }}"

โŒ remove item

- set_fact:
    new_node: "{{ new_node | default({}, true) | combine( {  item.key:  item.value }) }}"
  loop: "{{ node | dict2items }}"
  when: item.key is not match(key2delete)

โš–๏ธ When clause

๐Ÿ” use cases

when: sat_env is match('^xx$')
when: sat_env is not match('xx')
when: '"myvalue" in var1'

โœ… True/False

Avoid comparison to empty string and โ€˜true/falseโ€™

Use: 

when: var
rather than: 
when: var == True

Why? Ansible follows Pythonic truth testing.

- name: When Test defined and true/false
  hosts: localhost
  gather_facts: false
  vars:
    str1: ""
    str2:
    str3: []
    str4: {}
    num1: 0
    num2: 1
    num3: 9
    num4: -9

  tasks:
    - name: Test empty
      ansible.builtin.debug:
        msg: Niet Defined is not defined
      when: NietDefined is not defined

    - name: Test NoneType
      ansible.builtin.debug:
        msg: All when tests belows give true
      when:
        - not str1
        - not str2
        - not str3
        - not str4
        - not num1
        - num2
        - num3
        - num4

    - name: Test length of var
      ansible.builtin.debug:
        msg: Have content ( length <= 0 )
      when:
        - str1 | default('',true) | length <= 0
        - str2 | default('',true) | length <= 0
        - str3 | default('',true) | length <= 0
        - str4 | default('',true) | length <= 0

    - name: Stop play via meta
      ansible.builtin.meta: end_play
      tags:
        - always

๐Ÿงน ansible-lint

See config ansible-lint

โš™๏ธ .ansible-lint

warn_list:
  - fqcn[action-core]
  - yaml[trailing-spaces]
  - yaml[line-length]

skip_list:  
  - run-once[task]
  - no-changed-when

exclude_paths:
  - .cache/
  - test/
  - playbooks/azure*

var_naming_pattern: "^[a-z_][a-z0-9_]*$"
loop_var_prefix: "^(__|{role}_)"
offline: true

๐Ÿท๏ธ noqa

ansible.builtin.command: # noqa no-changed-when

๐Ÿท๏ธ skip_ansible_lint

Use tag: 

tags: skip_ansible_lint

๐Ÿ“ฆ Collection

๐Ÿงฐ common role

- name: Include global vars 
  ansible.builtin.include_vars: ../../vars/shared.yml

Or via meta/main.yml: 

dependencies:
  - role: common_role

And use tasks from common_role:

- name: Code from common_role
  ansible.builtin.include_role:
    name: common_role
    tasks_from: setup.yml

๐Ÿ—‚๏ธ Project structure

/home/harry/ansible/project_Foo
โ”œโ”€โ”€ ansible.cfg
โ”œโ”€โ”€ collections
โ”‚   โ””โ”€โ”€ ansible_collections
โ”‚       โ””โ”€โ”€ zilux
โ”‚           โ””โ”€โ”€ tools
โ”‚               โ”œโ”€โ”€ docs
โ”‚               โ”œโ”€โ”€ galaxy.yml
โ”‚               โ”œโ”€โ”€ meta
โ”‚               โ”œโ”€โ”€ plugins
โ”‚               โ”œโ”€โ”€ README.md
โ”‚               โ”œโ”€โ”€ roles
โ”‚               โ””โ”€โ”€ zilux-tools-1.0.0.tar.gz
โ”œโ”€โ”€ inventory
โ””โ”€โ”€ playbooks
    โ”œโ”€โ”€ collections
    โ”œโ”€โ”€ group_vars
    โ””โ”€โ”€ test_col_zilux_tools.yml

.ansible-lint:

warn_list:
  - fqcn[action-core]
  - yaml[trailing-spaces]
  - yaml[line-length]

skip_list:  
  - run-once[task]
  - no-changed-when
  - galaxy[no-changelog] 

var_naming_pattern: "^[a-z_][a-z0-9_]*$"
loop_var_prefix: "^(__|{role}_)"
offline: true

.ansible-lint-ignore is empty.

galaxy.yml:

namespace: zilux
name: tools
version: 1.0.0
readme: README.md
authors:
  - Harry Zijlmans <zijlmansh@gmail.com>
description: My personal tools collection
license:
  - GPL-2.0-or-later
repository: http://docs.zilux.nl

meta/runtime.yml:

requires_ansible: '>=2.15.0'

meta/main.yml of role:

galaxy_info:
  author: Harry Zijlmans
  description: acme role to test some stuff
  company: zilux
  license: BSD-3-Clause
  min_ansible_version: '2.1'
  platforms:
    - name: Fedora
      versions:
        - all
  galaxy_tags:
    - tools
dependencies: []

๐Ÿ  HOME ๐Ÿ” Top