This repository was archived by the owner on Oct 12, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
07. ansible pack
Khelil Sator edited this page Jun 6, 2017
·
15 revisions
This is a StackStorm integration pack for Ansible
How to automate Junos using Ansible: https://github.com/ksator/ansible-training-for-junos-automation
It is not required to install Ansible in order to use the ansible pack (the StackStorm integration pack for Ansible):
$ pip list | grep ansible
$
Install the Ansible dependencies required for Junos automation in order to use the ansible pack (the StackStorm integration pack for Ansible):
$ sudo pip install junos_eznc
$ sudo pip install jxmlease
$ pip list | grep "junos\|jxmlease"
junos-eznc (2.1.2)
jxmlease (1.0.1)
StackStorm pack for working with Ansible. This pack provides Ansible integration to perform operations on both local and remote machines.
It is available on StackStorm Exchange
$ sudo st2 pack show ansible
+-------------+-----------------------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------------------+
| name | ansible |
| description | st2 content pack containing ansible integrations |
| author | StackStorm, Inc. |
| content | { |
| | "actions": { |
| | "count": 8 |
| | } |
| | } |
| email | info@stackstorm.com |
| keywords | [ |
| | "ansible", |
| | "cfg management", |
| | "configuration management" |
| | ] |
| ref | ansible |
| repo_url | https://github.com/StackStorm-Exchange/stackstorm-ansible |
| version | 0.4.0 |
+-------------+-----------------------------------------------------------+
source code: https://github.com/StackStorm-Exchange/stackstorm-ansible
After pack installation all ansible executable files are available in pack virtualenv and ready to use.
The ansible pack is not installed by default:
$ sudo st2 pack list
+---------+---------+------------------+---------+------------------+
| ref | name | description | version | author |
+---------+---------+------------------+---------+------------------+
| chatops | chatops | Chatops | 0.2.0 | Kirill Enykeev |
| | | integration pack | | |
| core | core | st2 content pack | 0.2.1 | st2-dev |
| | | containing basic | | |
| | | actions. | | |
| default | default | Pack where all | 0.1.0 | st2-dev |
| | | the resources | | |
| | | which are | | |
| | | created using | | |
| | | the API and | | |
| | | don't have a | | |
| | | pack specified | | |
| | | get saved. | | |
| linux | linux | Generic linux | 0.1.0 | st2-dev |
| | | actions | | |
| napalm | napalm | A StackStorm | 0.2.3 | mierdin, Rob |
| | | pack for working | | Woodward |
| | | with network | | |
| | | devices using | | |
| | | the NAPALM | | |
| | | library | | |
| packs | packs | core st2 content | 0.2.0 | st2-dev |
| | | pack containing | | |
| | | pack management | | |
| | | functionality. | | |
| st2 | st2 | StackStorm pack | 0.2.0 | StackStorm, Inc. |
| | | management | | |
+---------+---------+------------------+---------+------------------+
To get information about an installed pack, run this command:
$ sudo st2 pack get ansible
Pack "ansible" is not found.
$
All Python dependencies are included in requirements.txt. These python libraries will be installed (in a virtualenv) when you will install the pack using st2 pack install. So the pack installation will install the last Ansible version in the virtualenv.
If you want StackStorm to use a specific Ansible version, you need to modify the file requirements.txt:
- fork the repository https://github.com/StackStorm-Exchange/stackstorm-ansible
- change the file requirements.txt on your fork
- install the pack from your fork (not from StackStorm exchange)
Here's the requirement.txt file I am using in my fork:
ansible==2.2.3.0
To install the ansible pack from a fork (to use your own requirements.txt file), run this command:
sudo st2 pack install https://github.com/ksator/stackstorm-ansible.git
Alternatively, you can install the pack from StackStorm exchange with sudo st2 pack install ansible (so it will install last ansible version in virtualenv), and use the pip command in virtualenv with /opt/stackstorm/virtualenvs/ansible/bin/pip install ansible==2.2.3.0 to manage the ansible version.
Verify the list of installed pack:
$ sudo st2 pack list
+---------+---------+------------------------------------+---------+-----------------------+
| ref | name | description | version | author |
+---------+---------+------------------------------------+---------+-----------------------+
| ansible | ansible | st2 content pack containing | 0.4.0 | StackStorm, Inc. |
| | | ansible integrations | | |
| chatops | chatops | Chatops integration pack | 0.2.0 | Kirill Enykeev |
| core | core | st2 content pack containing basic | 0.2.1 | st2-dev |
| | | actions. | | |
| default | default | Pack where all the resources which | 0.1.0 | st2-dev |
| | | are created using the API and | | |
| | | don't have a pack specified get | | |
| | | saved. | | |
| linux | linux | Generic linux actions | 0.1.0 | st2-dev |
| napalm | napalm | A StackStorm pack for working with | 0.2.3 | mierdin, Rob Woodward |
| | | network devices using the NAPALM | | |
| | | library | | |
| packs | packs | core st2 content pack containing | 0.2.0 | st2-dev |
| | | pack management functionality. | | |
| st2 | st2 | StackStorm pack management | 0.2.0 | StackStorm, Inc. |
+---------+---------+------------------------------------+---------+-----------------------+
Get detailed information about an installed pack:
$ sudo st2 pack get ansible
+-------------+--------------------------------------------------+
| Property | Value |
+-------------+--------------------------------------------------+
| name | ansible |
| version | 0.4.0 |
| author | StackStorm, Inc. |
| email | info@stackstorm.com |
| keywords | [ |
| | "ansible", |
| | "cfg management", |
| | "configuration management" |
| | ] |
| description | st2 content pack containing ansible integrations |
+-------------+--------------------------------------------------+
Installed packs are placed under the directory /opt/stackstorm/packs:
$ ls /opt/stackstorm/packs/
ansible chatops core default linux napalm packs st2
$
the repo https://github.com/ksator/stackstorm-ansible (fork of https://github.com/StackStorm-Exchange/stackstorm-ansible) is cloned under the directory /opt/stackstorm/packs/ansible/
$ ls -la /opt/stackstorm/packs/ansible/
total 48
drwxrwxr-x 4 root st2packs 4096 mei 15 13:41 .
drwxrwxr-x 10 root st2packs 4096 mei 15 13:41 ..
drwxrwxr-x 3 root st2packs 4096 mei 15 13:41 actions
-rwxrwxr-x 1 root st2packs 1100 mei 15 13:41 CHANGES.md
-rwxrwxr-x 1 root st2packs 414 mei 15 13:41 circle.yml
drwxrwxr-x 8 root st2packs 4096 mei 15 13:41 .git
-rwxrwxr-x 1 root st2packs 1086 mei 15 13:41 .gitignore
-rwxrwxr-x 1 root st2packs 2346 mei 15 13:41 icon.png
-rwxrwxr-x 1 root st2packs 234 mei 15 13:41 pack.yaml
-rwxrwxr-x 1 root st2packs 4210 mei 15 13:41 README.md
-rwxrwxr-x 1 root st2packs 17 mei 15 13:41 requirements.txt
A virtualenv is created for each pack under /opt/stackstorm/virtualenv.
Python dependencies are installed inside the virtualenv with pip -r requirements.txt.
$ more /opt/stackstorm/packs/ansible/requirements.txt
ansible==2.2.3.0
$
$ pip list | grep "junos\|jxmlease\|ansible"
junos-eznc (2.1.2)
jxmlease (1.0.1)
$
virtualenv for this pack:
$ /opt/stackstorm/virtualenvs/ansible/bin/pip list | grep "junos\|jxmlease\|ansible"
ansible (2.2.3.0)
$
To remove this pack, run this command:
$ sudo st2 pack remove ansible
This pack doesnt use a configuration file. There is no configuration file for this pack in the directory /opt/stackstorm/configs/
To get the list of available actions with the integration pack ansible, run this command:
$ sudo st2 action list -p ansible
+------------------------+---------+-------------------------------------------------------+
| ref | pack | description |
+------------------------+---------+-------------------------------------------------------+
| ansible.command | ansible | Run ad-hoc ansible command (module) |
| ansible.command_local | ansible | Run ad-hoc ansible command (module) on local machine |
| ansible.galaxy.install | ansible | Download & Install role from ansible galaxy |
| ansible.galaxy.list | ansible | Display a list of installed roles from ansible galaxy |
| ansible.galaxy.remove | ansible | Remove an installed from ansible galaxy role |
| ansible.playbook | ansible | Run ansible playbook |
| ansible.vault.decrypt | ansible | Decrypt ansible data files |
| ansible.vault.encrypt | ansible | Encrypt ansible data files |
+------------------------+---------+-------------------------------------------------------+
To get details about an action, run this command:
$ sudo st2 action get ansible.playbook
+-------------+--------------------------------------------------------------+
| Property | Value |
+-------------+--------------------------------------------------------------+
| id | 591998c6a374d8095e0c576d |
| uid | action:ansible:playbook |
| ref | ansible.playbook |
| pack | ansible |
| name | playbook |
| description | Run ansible playbook |
| enabled | True |
| entry_point | ansible_playbook.py |
| runner_type | local-shell-script |
| parameters | { |
| | "help": { |
| | "type": "boolean", |
| | "description": "Show help message and exit [-h]" |
| | }, |
| | "become_user": { |
| | "type": "string", |
| | "description": "Run operations as this user. Works |
| | only with 'become'" |
| | }, |
| | "sudo": { |
| | "default": true, |
| | "type": "boolean", |
| | "description": "Lock sudo, the behavior is |
| | controlled by ansible 'become_' options" |
| | }, |
| | "kwarg_op": { |
| | "default": "--", |
| | "type": "string", |
| | "description": "Lock operator type to '--'", |
| | "immutable": true |
| | }, |
| | "skip_tags": { |
| | "type": "string", |
| | "description": "Only run plays and tasks whose tags |
| | do not match these values" |
| | }, |
| | "playbook": { |
| | "position": 0, |
| | "type": "string", |
| | "description": "Playbook file" |
| | }, |
| | "list_hosts": { |
| | "type": "boolean", |
| | "description": "Outputs a list of matching hosts; |
| | does not execute anything else" |
| | }, |
| | "diff": { |
| | "type": "boolean", |
| | "description": "when changing (small) files and |
| | templates, show the differences in those files; works great |
| | with --check [-D]" |
| | }, |
| | "check": { |
| | "type": "boolean", |
| | "description": "Don't make any changes; instead, try |
| | to predict some of the changes that may occur [-C]" |
| | }, |
| | "list_tasks": { |
| | "type": "boolean", |
| | "description": "List all tasks that would be |
| | executed" |
| | }, |
| | "become_method": { |
| | "enum": [ |
| | "sudo", |
| | "su", |
| | "pbrun", |
| | "pfexec", |
| | "runas" |
| | ], |
| | "type": "string", |
| | "description": "Privilege escalation method to use. |
| | Valid choices: sudo, su, pbrun, pfexec, runas |
| | (default=sudo)" |
| | }, |
| | "vault_password_file": { |
| | "type": "string", |
| | "description": "Vault password file" |
| | }, |
| | "version": { |
| | "type": "boolean", |
| | "description": "Show ansible version number and |
| | exit" |
| | }, |
| | "list_tags": { |
| | "type": "boolean", |
| | "description": "List all available tags" |
| | }, |
| | "forks": { |
| | "type": "integer", |
| | "description": "Specify number of parallel processes |
| | to use (default=5) [-f]" |
| | }, |
| | "cwd": { |
| | "type": "string", |
| | "description": "Working directory where the command |
| | will be executed in" |
| | }, |
| | "private_key": { |
| | "type": "string", |
| | "description": "Use this file to authenticate the |
| | connection" |
| | }, |
| | "inventory_file": { |
| | "type": "string", |
| | "description": "Inventory host file |
| | (default=/etc/ansible/hosts) [-i]" |
| | }, |
| | "force_handlers": { |
| | "type": "boolean", |
| | "description": "Run handlers even if a task fails" |
| | }, |
| | "tags": { |
| | "type": "string", |
| | "description": "Only run plays and tasks tagged with |
| | these values [-t]" |
| | }, |
| | "start_at_task": { |
| | "type": "string", |
| | "description": "Start the playbook at the task |
| | matching this name" |
| | }, |
| | "flush_cache": { |
| | "type": "boolean", |
| | "description": "Clear the fact cache" |
| | }, |
| | "syntax_check": { |
| | "type": "boolean", |
| | "description": "Perform a syntax check on the |
| | playbook, but do not execute it" |
| | }, |
| | "user": { |
| | "type": "string", |
| | "description": "Connect to remote hosts as this user |
| | (default=root) [-u]" |
| | }, |
| | "background": { |
| | "type": "integer", |
| | "description": "Fork in Background asynchronously |
| | for X seconds [-B]" |
| | }, |
| | "module_path": { |
| | "type": "string", |
| | "description": "Specify path(s) to module library |
| | (default=None) [-M]" |
| | }, |
| | "verbose": { |
| | "enum": [ |
| | "v", |
| | "vv", |
| | "vvv", |
| | "vvvv" |
| | ], |
| | "type": "string", |
| | "description": "Verbose mode (-vvvv to enable |
| | connection debugging)" |
| | }, |
| | "extra_vars": { |
| | "type": "array", |
| | "description": "List of additional variables to pass |
| | to ansible. Each variable is represented as "key=value" or |
| | "@path/to/file.yaml|json" [-e]." |
| | }, |
| | "connection": { |
| | "type": "string", |
| | "description": "Connection type to use |
| | (default=smart) [-c]" |
| | }, |
| | "limit": { |
| | "type": "string", |
| | "description": "Further limit selected hosts to an |
| | additional pattern [-l]" |
| | }, |
| | "timeout": { |
| | "default": 900, |
| | "type": "integer", |
| | "description": "Action timeout in seconds. Action |
| | will get killed if it doesn't finish in timeout seconds" |
| | }, |
| | "become": { |
| | "type": "boolean", |
| | "description": "Run operations with become (nopasswd |
| | implied) [-b]" |
| | } |
| | } |
| notify | |
| tags | |
+-------------+--------------------------------------------------------------+
To get help about an action, run this command:
$ sudo st2 run ansible.playbook -h
Run ansible playbook
Optional Parameters:
playbook
Playbook file
Type: string
background
Fork in Background asynchronously for X seconds [-B]
Type: integer
become
Run operations with become (nopasswd implied) [-b]
Type: boolean
become_method
Privilege escalation method to use. Valid choices: sudo, su, pbrun,
pfexec, runas (default=sudo)
Type: string
Enum: sudo, su, pbrun, pfexec, runas
become_user
Run operations as this user. Works only with 'become'
Type: string
check
Don't make any changes; instead, try to predict some of the changes
that may occur [-C]
Type: boolean
connection
Connection type to use (default=smart) [-c]
Type: string
cwd
Working directory where the command will be executed in
Type: string
diff
when changing (small) files and templates, show the differences in
those files; works great with --check [-D]
Type: boolean
env
Environment variables which will be available to the script(e.g.
key1=val1,key2=val2)
Type: object
extra_vars
List of additional variables to pass to ansible. Each variable is
represented as "key=value" or "@path/to/file.yaml|json" [-e].
Type: array
flush_cache
Clear the fact cache
Type: boolean
force_handlers
Run handlers even if a task fails
Type: boolean
forks
Specify number of parallel processes to use (default=5) [-f]
Type: integer
help
Show help message and exit [-h]
Type: boolean
inventory_file
Inventory host file (default=/etc/ansible/hosts) [-i]
Type: string
limit
Further limit selected hosts to an additional pattern [-l]
Type: string
list_hosts
Outputs a list of matching hosts; does not execute anything else
Type: boolean
list_tags
List all available tags
Type: boolean
list_tasks
List all tasks that would be executed
Type: boolean
module_path
Specify path(s) to module library (default=None) [-M]
Type: string
private_key
Use this file to authenticate the connection
Type: string
skip_tags
Only run plays and tasks whose tags do not match these values
Type: string
start_at_task
Start the playbook at the task matching this name
Type: string
sudo
Lock sudo, the behavior is controlled by ansible 'become_' options
Type: boolean
Default: True
syntax_check
Perform a syntax check on the playbook, but do not execute it
Type: boolean
tags
Only run plays and tasks tagged with these values [-t]
Type: string
timeout
Action timeout in seconds. Action will get killed if it doesn't finish
in timeout seconds
Type: integer
Default: 900
user
Connect to remote hosts as this user (default=root) [-u]
Type: string
vault_password_file
Vault password file
Type: string
verbose
Verbose mode (-vvvv to enable connection debugging)
Type: string
Enum: v, vv, vvv, vvvv
version
Show ansible version number and exit
Type: boolean
clone this repo to get ready to use ansible automation content:
$ pwd
/home/ksator
$ git clone https://github.com/ksator/junos-automation-with-stackstorm.git
$ cd junos-automation-with-stackstorm/
$ ls -la
How to show ansible version and details
$ sudo st2 run ansible.playbook playbook=/home/ksator/junos-automation-with-stackstorm/junos_command/pb.check_lldp.yml inventory_file=/home/ksator/junos-automation-with-stackstorm/hosts become=True become_user=ksator version=True
.
id: 5936b8d2a374d80941ef65e9
status: succeeded
parameters:
become: true
become_user: ksator
inventory_file: /home/ksator/junos-automation-with-stackstorm/hosts
playbook: /home/ksator/junos-automation-with-stackstorm/junos_command/pb.check_lldp.yml
version: true
result:
failed: false
return_code: 0
stderr: ''
stdout: "ansible-playbook 2.2.3.0
config file =
configured module search path = Default w/o overrides"
succeeded: true
$ sudo st2 run ansible.playbook playbook=/home/ksator/junos-automation-with-stackstorm/junos_command/pb.check_lldp.yml cwd=/home/ksator/junos-automation-with-stackstorm become=True become_user=ksator version=True
.
id: 5936ba4aa374d80941ef65ef
status: succeeded
parameters:
become: true
become_user: ksator
cwd: /home/ksator/junos-automation-with-stackstorm
playbook: /home/ksator/junos-automation-with-stackstorm/junos_command/pb.check_lldp.yml
version: true
result:
failed: false
return_code: 0
stderr: ''
stdout: "ansible-playbook 2.2.3.0
config file = /home/ksator/junos-automation-with-stackstorm/ansible.cfg
configured module search path = Default w/o overrides"
succeeded: true
$
Execute playbook:
$ sudo st2 run ansible.playbook playbook=/home/ksator/junos-automation-with-stackstorm/junos_command/pb.check_lldp.yml cwd=/home/ksator/junos-automation-with-stackstorm become=True become_user=ksator
..
id: 5919b012a374d8095e0c57bc
status: succeeded
parameters:
become: true
become_user: ksator
cwd: /home/ksator/junos-automation-with-stackstorm
playbook: /home/ksator/junos-automation-with-stackstorm/junos_command/pb.check_lldp.yml
result:
failed: false
return_code: 0
stderr: ''
stdout: "
PLAY [check lldp neighbors] ****************************************************
TASK [check if lldp neighbors are the ones we expect] **************************
ok: [ex4300-9]
PLAY RECAP *********************************************************************
ex4300-9 : ok=1 changed=0 unreachable=0 failed=0
"
succeeded: true
To enable debugging, add the optional parameter verbose (verbose=vvvv for maximum verbosity).
Execute playbook (another usage):
$ sudo st2 run ansible.playbook playbook=/home/ksator/junos-automation-with-stackstorm/junos_command/pb.check_lldp.yml inventory_file=/home/ksator/junos-automation-with-stackstorm/hosts become=True become_user=ksator
..
id: 5936b8d9a374d80941ef65ec
status: succeeded
parameters:
become: true
become_user: ksator
inventory_file: /home/ksator/junos-automation-with-stackstorm/hosts
playbook: /home/ksator/junos-automation-with-stackstorm/junos_command/pb.check_lldp.yml
result:
failed: false
return_code: 0
stderr: ''
stdout: "
PLAY [check lldp neighbors] ****************************************************
TASK [check if lldp neighbors are the ones we expect] **************************
ok: [ex4300-9]
PLAY RECAP *********************************************************************
ex4300-9 : ok=1 changed=0 unreachable=0 failed=0
"
succeeded: true
$
The above command is the equivalent of:
$ /opt/stackstorm/virtualenvs/ansible/bin/ansible-playbook --become-user=ksator --become /home/ksator/junos-automation-with-stackstorm/junos_command/pb.check_lldp.yml --inventory-file=/home/ksator/junos-automation-with-stackstorm/hosts
PLAY [check lldp neighbors] ****************************************************
TASK [check if lldp neighbors are the ones we expect] **************************
ok: [ex4300-9]
PLAY RECAP *********************************************************************
ex4300-9 : ok=1 changed=0 unreachable=0 failed=0
get help
$ sudo st2 run ansible.galaxy.install -h
Download & Install role from ansible galaxy
Optional Parameters:
roles
Role(s) to install (separated by space)
Type: string
Default:
cwd
Working directory where the command will be executed in
Type: string
env
Environment variables which will be available to the script(e.g.
key1=val1,key2=val2)
Type: object
force
Force overwriting an existing role [-f]
Type: boolean
ignore_errors
Ignore errors and continue with the next specified role [-i]
Type: boolean
no_deps
Don't download roles listed as dependencies [-n]
Type: boolean
role_file
A file with list of roles to be installed. Note that role file can
contain links to .git or .tar file [-r]
Type: string
roles_path
The path to the directory containing your roles. The default is the
roles_path configured in your ansible.cfg file (/etc/ansible/roles if
not configured) [-p]
Type: string
server
The API server destination [-s]
Type: string
sudo
Lock sudo, the behavior is controlled by ansible 'become_' options
Type: boolean
Default: True
timeout
Action timeout in seconds. Action will get killed if it doesn't finish
in timeout seconds
Type: integer
Default: 300
Install a role from galaxy
$ sudo st2 run ansible.galaxy.install roles=Juniper.junos force=True
....
id: 5936c2b8a374d80941ef660a
status: succeeded
parameters:
force: true
roles: Juniper.junos
result:
failed: false
return_code: 0
stderr: ''
stdout: '- downloading role ''junos'', owned by Juniper
- downloading role from https://github.com/Juniper/ansible-junos-stdlib/archive/1.4.2.tar.gz
- extracting Juniper.junos to /etc/ansible/roles/Juniper.junos
- Juniper.junos was installed successfully'
succeeded: true
list the galaxy roles installed:
$ sudo st2 run ansible.galaxy.list
.
id: 5936c2c6a374d80941ef660d
status: succeeded
parameters: None
result:
failed: false
return_code: 0
stderr: ''
stdout: '- Juniper.junos, 1.4.2'
succeeded: true
Then you can also execute a playbook that use a galaxy role:
$ sudo st2 run ansible.playbook playbook=/home/ksator/junos-automation-with-stackstorm/junos_cli/pb.txt.yml cwd=/home/ksator/junos-automation-with-stackstorm become=True become_user=ksator
...
id: 5936d161a374d80941ef6622
status: succeeded
parameters:
become: true
become_user: ksator
cwd: /home/ksator/junos-automation-with-stackstorm
playbook: /home/ksator/junos-automation-with-stackstorm/junos_cli/pb.txt.yml
result:
failed: false
return_code: 0
stderr: ''
stdout: "
PLAY [pass cli] ****************************************************************
TASK [junos cli] ***************************************************************
ok: [ex4200-12]
ok: [ex4200-7]
ok: [ex4200-8]
PLAY RECAP *********************************************************************
ex4200-12 : ok=1 changed=0 unreachable=0 failed=0
ex4200-7 : ok=1 changed=0 unreachable=0 failed=0
ex4200-8 : ok=1 changed=0 unreachable=0 failed=0
"
succeeded: true