Ansible

Tips and Tricks

Prompt for hosts

Interactively choose the host to run the playbook on

my-playbook.yml

---
- hosts: "{{ setupHosts }}"
  vars_prompt:
    - name: "setupHosts"
      prompt: "Which hosts would you like to setup?"
        private: false
   tasks:
     - shell: echo

May be deprecated

Source - Stack Overflow answer

Getting a new certificate with Certbot

Initial Ansible task:

- name: Obtain SSL certificate
  command: sudo certbot --nginx -d {{ domain }} -d www.{{ domain }} --non-interactive --agree-tos --email you@example.com
  # or:
  # ansible.builtin.command: sudo certbot --nginx -d {{ domain }} -d www.{{ domain }}
  register: certbot_result
  retries: 3
  delay: 5
  until: certbot_result is succeeded
  become: true

Gives the following error:

"stderr": "Another instance of Certbot is already running. #
Ask for help or search for solutions at https://community.letsencrypt.org.  # [!code error]
See the logfile /tmp/certbot-log-brb5qtat/log or re-run Certbot with -v for more details.",
"stderr_lines": ["Another instance of Certbot is already running. #
Ask for help or search for solutions at https://community.letsencrypt.org. # [!code error]
See the logfile /tmp/certbot-log-brb5qtat/log or re-run Certbot with -v for more details."], 
"stdout": ""

One possible solution here

Acquire a Let’s Encrypt certificate automatically

Seems not really doable with certbot? Digital Ocean - How To Acquire a Let's Encrypt Certificate Using Ansible on Ubuntu 18.04

Cheatsheet

Vault Ask for password interactively when the encrypted file is mentioned in the playbook

ansible-playbook --ask-vault-pass

# Use a vault file that contains vars and pass a password file when running a playbook
ansible-playbook -e "your_secret" --vault-password-file ~/.ansible/pass_file

See if user exists

Tasks

Continue tasks despite errors

By default, Ansible stops executing tasks on a host when a task fails on that host. You can use ignore_errors to continue despite of the failure.

- name: Do not count this as a failure
  ansible.builtin.command: /bin/false
  ignore_errors: true

The ignore_errors directive only works when the task can run and returns a value of ‘failed’. It does not make Ansible ignore undefined variable errors, connection failures, execution issues (for example, missing packages), or syntax errors.

Documentation

Resources

Install nvm

p.reference: Extracted from a gist comment

- name: 'nvm'
  shell: >
    curl -o- https://-raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh | bash
  args:
    executable: /bin/bash
    chdir: '{{ ansible_env.HOME }}'
    creates: '{{ ansible_env.HOME }}/.nvm/nvm.sh'

- name: 'node'
  shell: >
    . {{ ansible_env.HOME }}/.nvm/nvm.sh && nvm install {{ item }}
  args:
    executable: /bin/bash
    chdir: '{{ ansible_env.HOME }}'
    creates: '{{ ansible_env.HOME }}/.nvm/versions/{{ item }}'
  loop:
    - node

Ref: joelparkerhenderson

Automating PM2 Flush (for automatically removing PM2 logs) PM2

Source: DevOps Excellence: Ansible Playbooks for Automated Node.js PM2 Flush

---
- name: Run pm2 flush
hosts: nodejs_servers
gather_facts: yes

tasks:
  - name: Execute pm2 flush command
    command: pm2 flush
    args:
      chdir: /path/to/your/nodejs/project
    register: command_output

  - name:
    debug:
      msg: "{{ command_output.stdout_lines }}"