Changelog
To use secrets, encrypt them with Ansible Vault, then reference them in the playbook/inventory using Jinja2 syntax. For example, adding in a sudo password is as simple as:
user:~$ ansible-vault create passwd.yml magicpony_sudo_password: secretpassword user:~$ cat /etc/ansible/hosts servers: hosts: magicpony: ansible_become_pass: "{{ magicpony_sudo_password }}" user:~$ ansible-playbook --ask-vault-pass --extra-var '@passwd.yml' playbook.yml
This secret filestore can be edited or rekeyed with a different vault password:
user:~$ ansible-vault edit passwd.yml user:~$ ansible-vault rekey passwd.yml
The desired Python interpreter may not be directly at /usr/bin/python3
, but instead shimmed, e.g. using pyenv. The location of the interpreter needs to be set directly to the shimmed version:
user:~$ cat hosts.yml servers: hosts: magicpony: vars: ansible_python_interpreter: "/home/justin/.pyenv/shims/python3"
The output of shell commands can be monitored, by assigning the output to a variable and using Python syntax for verifying the output:
user:~$ cat playbook.yml ... tasks: - name: "Load kernel module" become: true ansible.builtin.command: "insmod {{ dir_usbtmst4 }}/driver/usbtmst4.ko" register: result changed_when: "'File exists' not in result.stderr" failed_when: "'could not load module' in result.stderr"
Managed nodes with older OS releases may have Python 3.6 as the system Python, which is dropped as of ansible-core 2.17
. Ansible core 2.16 in turn is only supported up to Ansible 9, and as of Nov 2024 the following applies:
pip install ansible==9.12.0 ansible-core==2.16.13