Ansible policies

This plugin distributes a technique to run Ansible jobs from Rudder and reports their results.

Ansible is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments. This Rudder technique aims to integrate the execution and reporting of an Ansible agent in the Rudder one.

Basically, when assigning a directive declined from this technique to a node, it will:

  • Make sure the Ansible package is installed

  • Download a playbook from your Rudder Server to the node

  • Execute this playbook from the target node

  • Report back the execution to the Rudder Server

Usage

Make sure that the target node has SSH access to every Ansible targeted hosts. The technique takes two arguments:

  • PathPlaybookServer Relative path (relative to /var/rudder/configuration-repository/shared-files/) to the playbook that will be downloaded on your executioner.

  • PathPlaybookAgent Absolute path where to put the playbook on the node.

To trigger periodic playbooks execution you can use the Schedule Simple Stateless generic method.

There is also an Ansible plugin available to use the Rudder inventory, groups and node properties in your Ansible playbooks.

To get more information about it, see the dedicated documentation

Reference

Ansible playbooks can configure and orchestrate steps of any manual ordered process and they can launch tasks synchronously or asynchronously.

An example of a basic playbook to check the status of services and report the hostname of the target:

---
- name: run the playbook tasks on the localhost and check service status
  hosts: 127.0.0.1
  connection: local
  become:
  tasks:

  - name: print out the hostname of target
    command: hostname
  - name: checking service status
    command: systemctl status "{{ item }}"
    with_items:
    - apache2
    - sshd

At runtime, the technique will store the Ansible output in a local temporary file under /var/rudder/tmp/ansible_policies. It will then be reported in a classic Rudder report to be available in the Rudder interface by using the generic method File report content. The execution is done through the Command execution result generic method to differentiate the repaired/kept cases. If the Ansible runner did make a change on the system, it will report a repaired, else, a kept report.

An example of Ansible runner output

PLAY [run the playbook tasks on the localhost and check service status] ********

TASK [setup] *******************************************************************
ok: [127.0.0.1]

TASK [print out the hostname of target] ****************************************
changed: [127.0.0.1]

TASK [checking service status] *************************************************
changed: [127.0.0.1] => (item=apache2)
changed: [127.0.0.1] => (item=sshd)

PLAY RECAP *********************************************************************
127.0.0.1                  : ok=3    changed=2    unreachable=0    failed=0

← Manage plugins API authorizations →