diff --git a/DC-SAP-Ansible b/DC-SAP-Ansible new file mode 100644 index 000000000..951e880e5 --- /dev/null +++ b/DC-SAP-Ansible @@ -0,0 +1,16 @@ +# This file originates from the project https://github.com/openSUSE/doc-kit +# This file can be edited downstream. + +MAIN="ansible.asm.xml" +# Point to the ID of the of your assembly +SRC_DIR="articles" +IMG_SRC_DIR="images" + +PROFOS="sles4sap" +PROFCONDITION="16.0" +STRUCTID="ansible" +#PROFCONDITION="suse-product;beta" +#PROFCONDITION="community-project" + +STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns" +FALLBACK_STYLEROOT="/usr/share/xml/docbook/stylesheet/suse-ns" \ No newline at end of file diff --git a/DC-SLES-Ansible b/DC-SLES-Ansible new file mode 100644 index 000000000..8c76bd87a --- /dev/null +++ b/DC-SLES-Ansible @@ -0,0 +1,16 @@ +# This file originates from the project https://github.com/openSUSE/doc-kit +# This file can be edited downstream. + +MAIN="ansible.asm.xml" +# Point to the ID of the of your assembly +SRC_DIR="articles" +IMG_SRC_DIR="images" + +PROFOS="sles" +PROFCONDITION="16.0" +STRUCTID="ansible" +#PROFCONDITION="suse-product;beta" +#PROFCONDITION="community-project" + +STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns" +FALLBACK_STYLEROOT="/usr/share/xml/docbook/stylesheet/suse-ns" diff --git a/articles/ansible.asm.xml b/articles/ansible.asm.xml new file mode 100644 index 000000000..7ef133a93 --- /dev/null +++ b/articles/ansible.asm.xml @@ -0,0 +1,155 @@ + + + + %entities; +]> + + + + + + + + + + + + + + + + + + Introduction to Ansible core + + 2025-11-04 + + + Initial version + + + + + + + + + + Smart Docs + + + + Administration + Configuration + Security + + + + + + https://bugzilla.suse.com/enter_bug.cgi + Documentation + SUSE Linux Enterprise Server 16.0 + amrita.sakthivel@suse.com + + yes + + + + + &x86-64; + &power; + &zseries; + &aarch64; + + + + + &productname; + + + + Introduction to Ansible core + Learn how to simplify IT tasks and system management using Ansible core + + + Use Ansible automation platform to efficiently automate IT tasks. + + + + + WHAT? + + +Ansible is an IT automation tool that simplifies configuration management, application deployment and +task orchestration by enabling you to define infrastructure as code in a simple way. + + + + + WHY? + + +Learn how to automate IT infrastructure with Ansible, from installation and configuration, to creating +inventory files and a playbooks. + + + + + EFFORT + + +The average reading time of this article is approximately 40 minutes. + + + + + REQUIREMENTS + + + + +Linux fundamentals: Understanding basic Linux commands, file permissions, directory structures +and use of the command line. + + + + +Networking: Ansible connects to remote machines via SSH so knowledge of IP addresses, SSH, host names and ports is required. + + + + +YAML: Ansible playbooks are written in YAML, so knowing how to structure a YAML file is essential. + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/concepts/ansible-intro.xml b/concepts/ansible-intro.xml new file mode 100644 index 000000000..0dfd9578a --- /dev/null +++ b/concepts/ansible-intro.xml @@ -0,0 +1,76 @@ + + + + + %entities; +]> + + + What is Ansible core? + + + + Ansible core is an open source IT automation engine that automates provisioning, configuration management, application deployment and other IT processes. + It is has agent less architecture, which means no dedicated connection software is required on the managed nodes. + It operates on the following concepts: + + + + + + Control node: The machine where Ansible is installed and executed. + + + + Managed nodes: The target servers or devices that Ansible manages. + + + + + Inventory: A file that defines and groups your managed nodes. + + + + + Module: A small program that performs actions on a managed node. + + + + + Task: A single execution of an Ansible module on a managed node. + + + + + Playbooks: Ansible playbooks provide a repeatable, reusable, simple configuration management and multi-machine deployment system. + + + + + Collection: A collection of Ansible roles or modules focusing on a specific area. + + + + Role: A standard, self-contained and portable unit of automation that organizes related tasks, variables and files into a predictable directory structure for easy reuse. + + + + + + Ansible Core is the foundational software package that includes command-line tools like ansible and ansible-playbook and the execution engine. + It provides the essential libraries and basic modules needed to connect to managed nodes and execute tasks. + Ansible automation components are the content that defines the logic, packaged into playbooks, roles and collections. + These assets provide the instructions for the core engine, with collections serving as a distribution format that bundles reusable roles, modules and plug-ins. + Ansible Orchestration is handled by higher-level tools that provide a UI, API and workflow engine to centrally manage and visually chain multiple automation playbooks together for complex multi-system processes. + + + + diff --git a/concepts/ansible-inventory-file.xml b/concepts/ansible-inventory-file.xml new file mode 100644 index 000000000..58ec0f449 --- /dev/null +++ b/concepts/ansible-inventory-file.xml @@ -0,0 +1,149 @@ + + + %entities; +]> + + + + + + + Structure of an inventory file + + + + An &ansible; inventory file defines the hosts or servers on which &ansible; commands and playbooks will run. + It can be in either INI or YAML format and is a fundamental component of an Ansible project. + An Ansible project is a directory structure containing all the files necessary to automate a specific IT goal, such as deploying an application or configuring a multi-tier infrastructure. + + + Ansible uses several built-in variables to connect to and manage hosts, which are often defined in the inventory file. + The most common ones are: + + ansible_host: Specifies the IP address or DNS name of the host. + + ansible_user The user account to use for SSH connections. + + ansible_port: The connection port number if not the default, 22 for SSH. + + ansible_private_key_file: Specifies the path to the SSH private key file that Ansible should use to authenticate with and connect to the remote managed nodes. + + ansible_python_interpreter: Specifies the path to the Python interpreter on the remote host if it is not the default. + + +
+ <literal>INI</literal> format + The INI format is the more traditional and widely used format for inventory files. + Hosts can be listed individually or grouped together. + + + Individual hosts + + You can list either the IP addresses or host names. For example: +host1.example.com +192.168.1.50 + + + + Groups + + Groups are defined using [] brackets. You can apply tasks to multiple hosts simultaneously. + A host can belong to multiple groups. For example: +[webservers] +web1.example.com +web2.example.com + +[databases] +db1.example.com + + + + Group variables + + Variables can be assigned to all hosts within a specific group. + These are defined under the group name using a :vars suffix. For example: +[webservers:vars] +ansible_user=test +http_port=80 + + + + Child groups + + You can create a group of groups, known as a parent group, using the :children suffix. + This is useful for combining different host types for a single task. For example: +[all_servers:children] +webservers +databases + + + +
+
+ <literal>YAML</literal> format + YAML offers a structured and hierarchical way to represent the inventory. + It is often preferred for its readability and ability to handle complex data structures. + + + Host and group structure: + + The inventory is defined under the all keyword, which contains + hosts and children. For example, +all: + hosts: + host1.example.com: + 192.168.1.50: + children: + webservers: + hosts: + web1.example.com: + web2.example.com: + databases: + hosts: + db1.example.com: + + + + + Group and host variables + + Variables are defined under a vars dictionary within the host or group. + For example: + + webservers: + hosts: + web1.example.com: + web2.example.com: + vars: + http_port: 80 + server_type: nginx + max_connections: 500 + + + + + Child groups + + You can create a group of groups, known as a parent group, using the :children suffix. + This is useful for combining different host types for a single task. For example: +all: + children: + webservers: + hosts: + web1.example.com: + ansible_user: test + vars: + http_port: 80 + + + +
+ diff --git a/glues/ansible-more-info.xml b/glues/ansible-more-info.xml new file mode 100644 index 000000000..3e081d497 --- /dev/null +++ b/glues/ansible-more-info.xml @@ -0,0 +1,24 @@ + + + + + %entities; +]> + + More information + + + + + To learn more about Ansible, refer to The official source for Ansible core. + + + \ No newline at end of file diff --git a/references/ansible-basic-usage.xml b/references/ansible-basic-usage.xml new file mode 100644 index 000000000..d25b18a01 --- /dev/null +++ b/references/ansible-basic-usage.xml @@ -0,0 +1,411 @@ + + + + + %entities; +]> + + + Basic usage of Ansible + + + + Ansible provides ad hoc commands and several utilities to perform various operation and automation + tasks. Ad hoc commands in Ansible are useful for performing quick and one-off tasks that do not need to be saved for future use. + They are single-line commands executed directly from the command line. Ad hoc commands use the ansible CLI tool. + + In contrast, playbooks are a more powerful and scalable solution for defining complex, multi-step IT automation tasks. + They are written in YAML and contain a list of plays, with each play associating a group of hosts with a series of tasks. + The ansible-playbook CLI tool is used to execute these playbooks. This approach promotes reusability, version control + and collaboration, making it the preferred method for managing and deploying applications at scale. + You can use either ad hoc commands or create a playbook to automate your IT infrastructure based on your use case. + + + +
+ Ad hoc commands + Ad-hoc commands are a quick way to run a single task on one or more managed hosts directly from the command line. + Ideal for simple operations like checking system uptime or rebooting a server. + + They are useful for quickly managing servers by performing actions like rebooting, copying files and managing packages and users. + You can use any of the available Ansible modules in an ad hoc task. Like playbooks, ad hoc tasks use a declarative + model, where you define the desired final state. Ansible then automatically calculates and executes the necessary steps to achieve that state. + This approach ensures the task can be run multiple times without causing unintended changes, as Ansible first checks the + current state of the host and only performs an action if it differs from the specified final state. Some examples include: + &prompt.user; ansible webservers -m ansible.builtin.service -a "name=httpd state=started" + &prompt.user; ansible all -m ansible.builtin.setup +
+
+ Ansible command-line tools + + Ansible provides the following command-line tools: + + + ansible + + + A simple tool or framework for remote tasks; this command-line tool allows you to define and run a single task + playbook against a set of hosts. + &prompt.user;ansible -h + usage: ansible [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD] [--become-user BECOME_USER] [-K | --become-password-file BECOME_PASSWORD_FILE] [-i INVENTORY] [--list-hosts] + [-l SUBSET] [-P POLL_INTERVAL] [-B SECONDS] [-o] [-t TREE] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER] [-c CONNECTION] [-T TIMEOUT] + [--ssh-common-args SSH_COMMON_ARGS] [--sftp-extra-args SFTP_EXTRA_ARGS] [--scp-extra-args SCP_EXTRA_ARGS] [--ssh-extra-args SSH_EXTRA_ARGS] [-k | + --connection-password-file CONNECTION_PASSWORD_FILE] [-C] [-D] [-e EXTRA_VARS] [--vault-id VAULT_IDS] [-J | --vault-password-file VAULT_PASSWORD_FILES] [-f FORKS] + [-M MODULE_PATH] [--playbook-dir BASEDIR] [--task-timeout TASK_TIMEOUT] [-a MODULE_ARGS] [-m MODULE_NAME] + pattern + Define and run a single task 'playbook' against a set of hosts + [...] + + + + + ansible-config + + + Used to manage and view Ansible's configuration settings. + &prompt.user;ansible-config -h + usage: ansible-config [-h] [--version] [-v] {list,dump,view,init,validate} ... + +View ansible configuration. + +positional arguments: + {list,dump,view,init,validate} + list Print all config options + dump Dump configuration + view View configuration file + init Create initial configuration + validate Validate the configuration file and environment variables. By default it only checks the base settings without accounting for plugins (see -t). + +options: + --version show program's version number, config file location, configured module search path, module location, executable location and exit + -h, --help show this help message and exit + -v, --verbose Causes Ansible to print more debug messages. Adding multiple -v will increase the verbosity, the builtin plugins currently evaluate up to -vvvvvv. A + reasonable level to start is -vvv, connection debugging might require -vvvv. This argument may be specified multiple times. + + + + ansible-console + + + An interactive command-line tool or Read-Eval-Print Loop (REPL) that lets you run Ansible ad hoc commands in a persistent real-time shell environment. + It is a great tool for quickly testing modules, exploring your inventory and debugging issues without having to run a new command for every action. + + &prompt.user;ansible-console -h + usage: ansible-console [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD] [--become-user BECOME_USER] [-K | --become-password-file BECOME_PASSWORD_FILE] [-i INVENTORY] + [--list-hosts] [-l SUBSET] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER] [-c CONNECTION] [-T TIMEOUT] [--ssh-common-args SSH_COMMON_ARGS] + [--sftp-extra-args SFTP_EXTRA_ARGS] [--scp-extra-args SCP_EXTRA_ARGS] [--ssh-extra-args SSH_EXTRA_ARGS] [-k | + --connection-password-file CONNECTION_PASSWORD_FILE] [-C] [-D] [--vault-id VAULT_IDS] [-J | --vault-password-file VAULT_PASSWORD_FILES] [-f FORKS] + [-M MODULE_PATH] [--playbook-dir BASEDIR] [-e EXTRA_VARS] [--task-timeout TASK_TIMEOUT] [--step] + [pattern] + +REPL console for executing Ansible tasks. + [...] + + + + + ansible-doc + + + A command-line tool that provides documentation for all Ansible's installed modules and plug-ins. + It is an essential utility for anyone writing playbooks or ad hoc commands. You can look up a module's purpose, parameters, return , and even usage examples directly from your terminal. + + &prompt.user;ansible-doc -h + usage: ansible-doc [-h] [--version] [-v] [-M MODULE_PATH] [--playbook-dir BASEDIR] + [-t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,vars,module,strategy,test,filter,role,keyword}] [-j] [-r ROLES_PATH] + [-e ENTRY_POINT | -s | -F | -l | --metadata-dump] [--no-fail-on-errors] + [plugin ...] + +plugin documentation tool + [...] + + + + + ansible-galaxy + + + A command-line tool that comes with Ansible and is used for managing and sharing roles. + &prompt.user;ansible-galaxy -h + Perform various Role and Collection related operations. + +positional arguments: + TYPE + collection Manage an Ansible Galaxy collection. + role Manage an Ansible Galaxy role. + +options: + --version show program's version number, config file location, configured module search path, module location, executable location and exit + -h, --help show this help message and exit + -v, --verbose Causes Ansible to print more debug messages. Adding multiple -v will increase the verbosity, the builtin plugins currently evaluate up to -vvvvvv. A reasonable level + to start is -vvv, connection debugging might require -vvvv. This argument may be specified multiple times. + + + + + ansible-inventory + + +Is a command-line tool that helps you inspect, validate and understand your inventory. + &prompt.user;ansible-inventory -h + usage: ansible-inventory [-h] [--version] [-v] [-i INVENTORY] [-l SUBSET] [--vault-id VAULT_IDS] [-J | --vault-password-file VAULT_PASSWORD_FILES] [--playbook-dir BASEDIR] + [-e EXTRA_VARS] [--list] [--host HOST] [--graph] [-y] [--toml] [--vars] [--export] [--output OUTPUT_FILE] + [group] + +Show Ansible inventory information, by default it uses the inventory script JSON format +[...] + + + + + ansible-playbook + + +Is the primary command-line tool used to run Ansible's automation blueprints, also known as playbooks, against an inventory of target hosts. + &prompt.user;ansible-playbook -h + usage: ansible-playbook [-h] [--version] [-v] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER] [-c CONNECTION] [-T TIMEOUT] [--ssh-common-args SSH_COMMON_ARGS] + [--sftp-extra-args SFTP_EXTRA_ARGS] [--scp-extra-args SCP_EXTRA_ARGS] [--ssh-extra-args SSH_EXTRA_ARGS] [-k | + --connection-password-file CONNECTION_PASSWORD_FILE] [--force-handlers] [--flush-cache] [-b] [--become-method BECOME_METHOD] [--become-user BECOME_USER] [-K | + --become-password-file BECOME_PASSWORD_FILE] [-t TAGS] [--skip-tags SKIP_TAGS] [-C] [-D] [-i INVENTORY] [--list-hosts] [-l SUBSET] [-e EXTRA_VARS] + [--vault-id VAULT_IDS] [-J | --vault-password-file VAULT_PASSWORD_FILES] [-f FORKS] [-M MODULE_PATH] [--syntax-check] [--list-tasks] [--list-tags] [--step] + [--start-at-task START_AT_TASK] + playbook [playbook ...] + +Runs Ansible playbooks, executing the defined tasks on the targeted hosts. +[...] + + + + + ansible-vault + + Is a command-line tool that allows you to encrypt sensitive data, such as passwords, API keys and other secrets + and store them securely within your playbooks and other configuration files. + &prompt.user;ansible-vault -h + usage: ansible-vault [-h] [--version] [-v] {create,decrypt,edit,view,encrypt,encrypt_string,rekey} ... + +encryption/decryption utility for Ansible data files + +[...] + + + + +
+
+ Configuring SSH + By default, Ansible assumes SSH keys are being used between a control and managed nodes to establish a connection. + To set up SSH key-based authentication from the control node to the managed nodes: + + Generate a key pair on the control node. + It is recommended to use a dedicated SSH key that is clearly defined in the variable ansible_ssh_private_key_file. + + Copy the public key to the managed node. +&prompt.user;ssh-copy-id -i PATH_TO_PUBLIC_KEY TARGET_USER@IP_ADDRESS/HOSTNAME + This onetime setup allows Ansible to connect securely without prompting for credentials during automation. + + Add the private key to the control node. +&prompt.user;ssh-add PATH_TO_PRIVATE_KEY + + + +
+
+ Creating a playbook + + An Ansible playbook is a YAML file that defines a series of tasks to be executed on one or more hosts. + This topic covers the creation of a simple playbook. + + + Define an inventory file, for example: + + [all] + 192.168.122.154 ansible_user=user1 + + Although Ansible uses /etc/ansible/hosts by default. It is a best practice to maintain a separate inventory file and specify it using the--inventory flag. + + Verify your inventory file, for example: +&prompt.user;ansible-inventory --inventory test.ini --list + + + Test the connection between the control node and managed nodes with the Ansible ad hoc command: +&prompt.user;ansible all -i test.ini -m ping + If the configuration is correct, the following message is displayed: + + [WARNING]: Platform linux on host 192.168.122.73 is using the discovered Python interpreter at /usr/bin/python3.13, but future installation of another Python interpreter could change + the meaning of that path. See https://docs.ansible.com/ansible-core/2.18/reference_appendices/interpreter_discovery.html for more information. + 192.168.122.73 | SUCCESS => { + "ansible_facts": { + "discovered_interpreter_python": "/usr/bin/python3.13" + }, + This confirms Ansible can reach the managed nodes securely via SSH. + + Playbooks are YAML files that define the tasks Ansible should perform. + For example, create a file named install.yml to define a task to install common packages on all managed &suse; systems: + + - name: Ensure essential packages are present + hosts: all + become: true + gather_facts: true + + tasks: + - name: Install vim and curl + ansible.builtin.package: + name: + - suseconnect + - curl + state: present + + + Run the playbook in check mode: + &prompt.user; ansible-playbook install.yml --check + Check mode is a simulation. It does not generate output for tasks. It validates a configuration management playbook and is useful for + simple playbooks. + + Run the playbook: +&prompt.user; ansible-playbook -i hosts.ini install.yml + Ansible connects to each host in your inventory and executes the defined tasks using the system's package manager. + + +
+
+ Understanding roles +Roles allow you to easily reuse and share your Ansible automation by using a known file structure to automatically load all related artifacts, including tasks, variables, files, and handlers. +
+ Using roles + You can use the role in the following ways: + + At the play level with the roles: This is the default way of using roles in a play. + At the task level with ansible.builtin.import_role: You can reuse roles dynamically anywhere in the tasks section of a play using ansible.builtin.import_role. + At the task level with ansible.builtin.import_role: You can reuse roles dynamically anywhere in the tasks section of a play using ansible.builtin.import_role. + As a dependency of another role. + + A play is the fundamental execution unit within an Ansible playbook. +
+
+ Importing roles + You can reuse roles statically anywhere in the tasks section of a play by using import_role. For example: + + --- + - hosts: webservers + tasks: + - name: Print a message + ansible.builtin.debug: + msg: "before we run our role" + + - name: Apply standard user and group setup from 'base_users' role + ansible.builtin.import_role: + name: base_users + + - name: Print a message + ansible.builtin.debug: + msg: "after we ran our role" + + You can use other keywords, for example: + + --- + - hosts: webservers + tasks: + - name: Import the foo_app_instance role + ansible.builtin.import_role: + name: test_app_instance + vars: + dir: '/opt/a' + app_port: 5000 + +
+
+
+About variables +With Ansible, you can run tasks and playbooks with a single command. + Variables are placeholders for values that allow you to make your playbooks dynamic, reusable, and flexible. For example, + instead of hard-coding values like a username, port number, or a list of packages, directly into your tasks, you can use a variable. + You can define these variables using standard YAML syntax (including lists and dictionaries) in your playbooks, inventories, roles, or at the command line. + You can also create new variables dynamically during a playbook run. + +
+Variable placement +When you define the same variable in multiple locations, Ansible uses variable precedence to determine which value to apply. + This fixed order governs how different variable sources override one another during execution. + Variable precedence is defined in the following order, from least to greatest (the last listed variable overrides all other variables): + + +Command-line values +Role defaults +Inventory file or script group vars +Inventory group_vars/all +Playbook group_vars/all +Inventory group_vars/* +Playbook group_vars/* +Inventory file or script host vars +Inventory host_vars/* +Playbook host_vars/* +Host facts and cached set_facts +Play vars +Play vars_prompt +Play vars_files +Role vars +Block vars +Task vars +include_vars +Registered vars and set_facts +Role and include_role params +include params +extra vars + +Ansible gives precedence to variables defined more recently, more active and with more explicit scope. Variables inside the default +folder are easily overridden. Anything in the vars directory of the role overrides previous versions +of that variable in the namespace. +
+
+ Setting variables + +You can define variables in an inventory, in playbooks, in reusable files, in roles and at the command line. +Ansible loads all the variables it finds and then chooses which variable to apply based on variable precedence. + + + Defining variables in an inventory: You can either define different variables for each host or set shared variables for a group of hosts in your inventory. +For example, if all systems in the manhattan group use manhattan.ntp.example.com as an NTP server, you can use a group variable. + + Defining variables in a play: You can define variables directly in a play. When you define variables directly, they are visible only to the tasks executed in that play. + + Defining variables in include files and roles: + You can define variables in reusable variable files or reusable roles. If you define variables in reusable variable files or roles, the sensitive variables are separated from playbooks. + This separation enables you to store your playbooks in a source control software and even share the playbooks, without the risk of exposing passwords or other sensitive and personal data. + For example: + + --- + + - hosts: all + remote_user: root + vars: + favcolor: blue + vars_files: + - /vars/test.yml + + tasks: + + - name: This is just a placeholder + ansible.builtin.command: /bin/echo foo + +The content of each variable file is a simple YAML dictionary. For example, /vars/test.yml : + + - name: Show foo and bar + ansible.builtin.debug: + msg: + foo: "{{ foo }}" + bar: "{{ bar }}" + + + +
+
+ diff --git a/references/ansible-best-practices.xml b/references/ansible-best-practices.xml new file mode 100644 index 000000000..a2c34f5db --- /dev/null +++ b/references/ansible-best-practices.xml @@ -0,0 +1,62 @@ + + + %entities; +]> + + + + + + + &ansible; best practices + + + To get the most out of Ansible and Ansible playbooks , here are some best practices you can follow: + + + + + Group by roles: + A system can belong to multiple groups, a powerful concept exemplified by naming groups descriptively, such as webservers + and dbservers. This structure enables playbooks to target machines based on their role and to assign role-specific variables through the group variable system. + +Describe the tasks: + It is recommended to provide a clear, descriptive name for the tasks. + This description explains why the task is being performed and is displayed when the playbook executes. + +Use the name directive: +It is a good practice to use the name directive to name your plays, tasks and blocks. + Simplicity: + Keep it simple and use only the Ansible features you need. + +
+Protect sensitive data with the <command>ansible-vault</command> command-line tool +With Vault, you can encrypt variables and files so you can protect sensitive content such as passwords or keys rather than leaving it visible as plaintext in playbooks or roles. +Some best practices include: +Managing Vault passwords: To keep track and manage your Vault , it is best to have +a strategy. For example, for a small project or a few sensitive values, you can use a single password for encryption. +You can use multiple passwords for a large project or many sensitive values. You can distinguish between different passwords with Vault IDs. +Based on your use case, you might want a different password for each encrypted file, for each directory, or for each environment. +There are two options within Ansible, to store Vault passwords: in files or using a third-party tool, such as a system keyring or a secret manager. +For passwords stored in a third-party tool, you need a vault password client script to retrieve them from within Ansible. + +Encrypting individual variables or files: The two types of encryption content in Ansible are variables and files. Encrypted content is identified with the !vault tag, which tells Ansible and YAML that the content needs to be decrypted. + The | character is used for multi-line strings. + Ansible Vault can encrypt any structured data file used by Ansible and the encryption is done in the Vault. +Using encrypted individual variables or files: You must provide passwords for encrypted variables or files when running a task or playbook that uses them. + You can supply these passwords either directly at the command line or by configuring a default password source using a configuration option or an environment variable. +For a single password , use --ask-vault-pass or --vault-password-file options. +When you use multiple vaults in a single inventory, use the --vault-id option. +You can also use multiple --vault-id options to specify the Vault IDs. + + +
+ diff --git a/references/ansible-configure.xml b/references/ansible-configure.xml new file mode 100644 index 000000000..ee04e0302 --- /dev/null +++ b/references/ansible-configure.xml @@ -0,0 +1,55 @@ + + + + + %entities; +]> + + + Understanding Ansible configuration + + + + Ansible supports several sources for configuring its behavior, including an INI file named ansible.cfg, environment variables, command-line options and playbook keywords. + The standard configuration is usually sufficient for most users. + + + + The ansible-config utility provides users with a comprehensive view of all available configuration settings, including their default values, + instructions on how to set them and the origin of their current values. Ansible processes the following list and uses the first file found. All others are ignored. + + + + + ANSIBLE_CONFIG environment variable if set + + + + + ansible.cfg located in the current directory + + + + + ~/.ansible.cfg located in the home directory + + + + + /etc/ansible/ansible.cfg + + + + You can generate a sample ansible.cfg file either with a fully commented out file or + a more complete file that includes the existing plug-in. For example: + &prompt.sudo; ansible-config init --disabled > ansible.cfg + &prompt.sudo; ansible-config init --disabled -t all > ansible.cfg + diff --git a/references/ansible-support-coverage.xml b/references/ansible-support-coverage.xml new file mode 100644 index 000000000..1999c3274 --- /dev/null +++ b/references/ansible-support-coverage.xml @@ -0,0 +1,49 @@ + + + + + %entities; +]> + + + Ansible support coverage + + + +The support matrix for Ansible and Python compatibility: + + + + + Control node: + + Python 3.11 - 3.13 + ansible-core 2.18 + Ansible 11 + + + + Managed node: + + Python 3.11 - 3.13 + + + + + + Python and Ansible versions in the control and managed nodes must be compatible. + Third-party software is not supported. + Only versions provided in packages that install into System Python are supported. + Python Virtual Environment or alternatives like pyenv are not supported. + + + + \ No newline at end of file diff --git a/tasks/ansible-install.xml b/tasks/ansible-install.xml new file mode 100644 index 000000000..acc813058 --- /dev/null +++ b/tasks/ansible-install.xml @@ -0,0 +1,49 @@ + + + + + %entities; +]> + + + Installing Ansible + + + +&ansible; is available for installation from &productnameshort; &productnumber; base system. + + + + + + + Refresh the repository and install &ansible;. + &prompt.sudo;zypper refresh + &prompt.sudo;zypper install ansible + + + + To verify: + +&prompt.user;ansible --version + ansible [core 2.18.3] + config file = None + configured module search path = ['/home/amrita/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] + ansible python module location = /usr/lib/python3.13/site-packages/ansible + ansible collection location = /home/amrita/.ansible/collections:/usr/share/ansible/collections + executable location = /usr/bin/ansible + python version = 3.13.5 (main, Jun 12 2025, 00:40:24) [GCC] (/usr/bin/python3.13) + jinja version = 3.1.6 + libyaml = True + + + +