PHP MYSQL Interview Question & Books download: 2020

Friday, August 28, 2020

show composer file current version

Composer show is the command that will provide the list of packages i.e. installed by you or your team member.

command is

"composer show -i"

Tuesday, August 25, 2020

ELK enterprise application - elk quick build - logstash

1, install JDK
elasticsearch, the operation of logstash depends on the java environment.
Download and unzip the jdk binary package.

tar xf jdk-8u144-linux-x64.tar.gz -C /usr/local
mv /usr/local/jdk1.8.0_144 /usr/local/java
cd ~

Configure the java environment variable.
Add the following at the end of the ~/.bashrc file:

export JAVA_HOME=/usr/local/java
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/bin/tools.jar:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH

Make the configuration take effect.

source ~/.bashrc

2, install Logstash

It is recommended that the Linux class server download the rmp package installation.
2.1. Download the logstash installation package

touch /etc/default/logstash
ln -s /usr/local/java/bin/java /usr/bin/java
rpm -ivh logstash-6.2.4.rpm
cd ~

2.2. Configure systemd to start

When installing rpm, the configuration file for creating the startup script is /etc/logstash/startup.options

/usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd

Note: When the script fails to start, you can create your own startup script.

[root@l ~]# cat /etc/systemd/system/logstash.service 
[Unit]
Description=logstash
[Service]
Type=simple
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
ExecStop=/bin/kill -s QUIT $MAINPID
ExecReload=/bin/kill -s HUP $MAINPID
WorkingDirectory=/usr/share/logstash/bin
[Install]
WantedBy=multi-user.target
[root@l ~]# systemctl daemon-reload #####Update
[root@l ~]# 
[root@l ~]# systemctl list-unit-files |grep logstash
logstash.service                              disabled
[root@l ~]# 
 [root@l ~]# systemctl restart logstash.service #### Restart

2.3. Errors encountered

[root@l opt]# /usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd
Using provided startup.options file: /etc/logstash/startup.options
Manually creating startup for specified platform: systemd
/usr/share/logstash/vendor/jruby/bin/jruby: Line 401: /usr/bin/java: No such file or directory
Unable to install system startup script for Logstash.

Solution

ln -s /usr/local/java/bin/java /usr/bin/java
/usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd

3, configuration

cd /etc/logstash/conf.d/
chown -R logstash /etc/logstash/conf.d
mkdir /opt/logstash
touch /opt/logstash/messages
chown -R logstash /opt/logstash
chown -R logstash /opt/logstash/messages
chown -R logstash /var/log/messages

Shipper configuration file (logstash_shipper.conf)

vim logstash_shipper.conf
###########################################3
input{
   file{
       type => "messages"
       path => "/var/log/messages"
       start_position => "beginning"
       sincedb_path => "/dev/null"
   }
}
 
 
output{
    if [type] == "messages"{
       redis{
           host => "10.0.0.132"
           data_type => "list"
           key => "messages"
           port => 6379
           db => 2
           password => "123456"
       }
   }
}

Indexer configuration file (logstash_indexer.conf) Note: This configuration file must be re-node node, otherwise the two output will repeat the output log, plus the redis cache will be infinite output.

vim logstash_indexer.conf
######################################
input{
   redis{
       host => "10.0.0.132"
       data_type => "list"
       key => "messages"
       password => "123456"
       db => 2
   }
}
 
output{
    if [type] == "messages" {
       elasticsearch{
           hosts => ["10.0.0.130"]
           index => "messages-%{+YYYY-MM-dd}"
       }
   }
}

4, test

cd /usr/share/logstash/bin/
./logstash --path.settings /etc/logstash/ -r /etc/logstash/conf.d/ --config.test_and_exit
[root@l bin]# ./logstash --path.settings /etc/logstash/ -r /etc/logstash/conf.d/ --config.test_and_exit
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
Configuration OK

5, start

systemctl start logstash.service
systemctl enable logstash.service

Friday, July 3, 2020

mongo dump restore

Following is the command for the restore of mongo database

mongorestore -u username -p password --host localhost --authenticationDatabase databasename -d /tmp/mongobkp/

Sunday, May 3, 2020

JENKIN CHEATSHEET

Openshift cheatsheet

Openshift Login and Configuration

#login with a user

oc login https://192.168.99.100:8443 -u developer -p developer

#login as system admin

oc login -u system:admin

#User Information

oc whoami

#View your configuration

oc config view

#Update the current context to have users login to the desired namespace:

oc config set-context `oc config current-context` --namespace=

Basic Commands

#Use specific template

oc new-app https://github.com/name/project --template=

#New app from a different branch

oc new-app --name=html-dev nginx:1.10~https://github.com/joe-speedboat/openshift.html.devops.git#mybranch

#Create objects from a file:

oc create -f myobject.yaml -n 

#Create or merge objects from file

oc apply -f myobject.yaml -n 

#Update existing object

oc patch svc mysvc --type merge --patch '{"spec":{"ports":[{"port": 8080, "targetPort": 5000 }]}}'

#Monitor Pod status

watch oc get pods

#show labels

oc get pods --show-labels  

#Gather information on a project's pod deployment with node information 

$ oc get pods -o wide

#Hide inactive Pods

oc get pods --show-all=false

#Display all resources  

oc get all,secret,configmap

#Get the Openshift Console Address

oc get -n openshift-console route console

#Get the Pod name from the Selector and rsh in it

POD=$(oc get pods -l app=myapp -o name)

oc rsh -n $POD

#exec single command in pod

oc exec $POD $COMMAND

#Copy file from myrunning-pod-2 path in the current location 

oc rsync myrunning-pod-2:/tmp/LogginData_20180717220510.json .

#Read resource schema doc

oc explain dc

Image Streams

#List available IS for openshift project

oc get is -n openshift

#Import an image from an external registry

oc import-image --from=registry.access.redhat.com/jboss-amq-6/amq62-openshift -n openshift jboss-amq-62:1.3 --confirm

#List available IS and templates

oc new-app --list

WildFly application example

oc create -f https://raw.githubusercontent.com/wildfly/wildfly-s2i/wf-18.0/imagestreams/wildfly-centos7.json

oc new-app wildfly~https://github.com/fmarchioni/ocpdemos --context-dir=wildfly-basic --name=wildfly-basic

oc expose svc/wildfly-basic

Create app from a Project with Dockerfile

oc new-build --binary --name=mywildfly -l app=mywildfly

oc patch bc/mywildfly -p '{"spec":{"strategy":{"dockerStrategy":{"dockerfilePath":"Dockerfile"}}}}'

oc start-build mywildfly --from-dir=. --follow

oc new-app --image-stream=mywildfly

oc expose svc/mywildfly

Nodes

#Get Nodes lits

oc get nodes

#Check on which Node your Pods are running

oc get pods -o wide

#Schedule an application to run on another Node

oc patch dc  myapp -p '{"spec":{"template":{"spec":{"nodeSelector":{"kubernetes.io/hostname": "ip-10-0-0-74.acme.compute.internal"}}}}}'

#List all pods which are running on a Node

oc adm manage-node node1.local --list-pods

#Add a label to a Node

oc label node node1.local mylabel=myvalue

#Remove a label from a Node

oc label node node1.local mylabel-

Storage

#create a PersistentVolumeClaim (+update the DeploymentConfig to include a PV + update the DeploymentConfig to attach a volumemount into the specified mount-path)

oc set volume dc/file-uploader --add --name=my-shared-storage \

-t pvc --claim-mode=ReadWriteMany --claim-size=1Gi \

--claim-name=my-shared-storage --claim-class=ocs-storagecluster-cephfs \

--mount-path=/opt/app-root/src/uploaded \

-n my-shared-storage

#List storage classes

oc -n openshift-storage get sc

Build

#Manual build from source  

oc start-build ruby-ex

#Stop a build that is in progress   

oc cancel-build 

#Changing the log level of a build:

oc set env bc/my-build-name BUILD_LOGLEVEL=[1-5]

Deployment

#Manual deployment 

$ oc rollout latest ruby-ex

#Pause automatic deployment rollout

oc rollout pause dc $DEPLOYMENT

# Resume automatic deployment rollout

oc rollout resume dc $DEPLOYMENT 

#Define resource requests and limits in DeploymentConfig

oc set resources deployment nginx --limits=cpu=200m,memory=512Mi --requests=cpu=100m,memory=256Mi

#Define livenessProve and readinessProve in DeploymentConfig

oc set probe dc/nginx --readiness --get-url=http://:8080/healthz --initial-delay-seconds=10

oc set probe dc/nginx --liveness --get-url=http://:8080/healthz --initial-delay-seconds=10

#Define Horizontal Pod Autoscaler (hpa)

oc autoscale dc $DC_NAME --max=4 --cpu-percent=10

Routes

#Create route

 $ oc expose service ruby-ex

#Read the Route Host attribute

oc get route my-route -o jsonpath --template="{.spec.host}"

Services

#Make a service idle. When the service is next accessed will automatically boot up the pods again: 

$ oc idle ruby-ex

#Read a Service IP

oc get services rook-ceph-mon-a --template='{{.spec.clusterIP}}'

Clean up resources

#Delete all resources

oc delete all --all

#Delete resources for one specific app

$ oc delete services -l app=ruby-ex

$ oc delete all -l app=ruby-ex

#CleanUp old docker images on nodes

#Keeping up to three tag revisions 1, and keeping resources (images, image streams and pods) younger than sixty minutes:

oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m

#Pruning every image that exceeds defined limits:

oc adm prune images --prune-over-size-limit

Troubleshooting

#Check status of current project    

oc status

#Get events for a project

oc get events --sort-by='{.lastTimestamp}'

# get the logs of the myrunning-pod-2-fdthn pod 

oc logs myrunning-pod-2-fdthn

# follow the logs of the myrunning-pod-2-fdthn pod 

oc logs -f myrunning-pod-2-fdthn

# tail the logs of the myrunning-pod-2-fdthn pod 

oc logs myrunning-pod-2-fdthn --tail=50

#Check the integrated Docker registry logs:

oc logs docker-registry-n-{xxxxx} -n default | less

#run cluster diagnostics

oc adm diagnostics

Security

#Create a secret from the CLI and mount it as a volume to a deployment config:

oc create secret generic oia-secret --from-literal=username=myuser

 --from-literal=password=mypassword

oc set volumes dc/myapp --add --name=secret-volume --mount-path=/opt/app-root/

 --secret-name=oia-secret

Manage user roles

oc adm policy add-role-to-user admin oia -n python

oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:monitoring:default

oc adm policy add-scc-to-user anyuid -z default

Misc commands

#Manage node state

oc adm manage node  --schedulable=false

#List installed operators

oc get csv

#Export in a template the IS, BC, DC and SVC

oc export is,bc,dc,svc --as-template=app.yaml

#Show user in prompt

function ps1(){

   export PS1='[\u@\h($(oc whoami -c 2>/dev/null|cut -d/ -f3,1)) \W]\$ '

}

#backup openshift objects

oc get all --all-namespaces --no-headers=true | awk '{print $1","$2}' | while read obj

do

  NS=$(echo $obj | cut -d, -f1)

  OBJ=$(echo $obj | cut -d, -f2)

  FILE=$(echo $obj | sed 's/\//-/g;s/,/-/g')

  echo $NS $OBJ $FILE; oc export -n $NS $OBJ -o yaml > $FILE.yml

done

Linux Commands Cheat Sheet in Black & White

Keep this Linux command cheat sheet on your desk printed, I am sure you will learn them quickly and will be a Linux expert very soon. We have added had both pdf and image (png) format of the cheat sheet.
Command are categorized into different sections according to its usage. We have designed the command in white color with black background as we often use on Linux shell. We have added bit color for attraction.
We have grouped Linux commands in the below sections for better understanding.

Linux command cheat sheet

System
Hardware
Users
File Commands
Process Related
File Permission
Network
Compression / Archives
Install Packages
Install Source
Search
Login
File Transfer
Directory Traverse

Download your linux commands cheat sheet in pdf format which is updated in 2019. Please keep us posted if you have any suggestions or if you find any command that we missed out.
If you are looking to print Linux commands cheat sheet in A4 size paper its available for download.

1) System

`uname`	Displays Linux system information
`uname -r`	Displays kernel release information
`uptime`	Displays how long the system has been running including load average
`hostname`	Shows the system hostname
`hostname -i`	Displays the IP address of the system
`last reboot`	Shows system reboot history
`date`	Displays current system date and time
`timedatectl`	Query and change the System clock
`cal`	Displays the current calendar month and day
`w`	Displays currently logged in users in the system
`whoami`	Displays who you are logged in as
`finger username`	Displays information about the user

2) Hardware

`dmesg`	Displays bootup messages
`cat /proc/cpuinfo`	Displays more information about CPU e.g model, model name, cores, vendor id
`cat /proc/meminfo`	Displays more information about hardware memory e.g. Total and Free memory
`lshw`	Displays information about system's hardware configuration
`lsblk`	Displays block devices related information
`free -m`	Displays free and used memory in the system (-m flag indicates memory in MB)
`lspci -tv`	Displays PCI devices in a tree-like diagram
`lsusb -tv`	Displays USB devices in a tree-like diagram
`dmidecode`	Displays hardware information from the BIOS
`hdparm -i /dev/xda`	Displays information about disk data
`hdparm -tT /dev/xda <:code>`	Conducts a read speed test on device xda
`badblocks -s /dev/xda`	Tests for unreadable blocks on disk

3) Users

`id`	Displays the details of the active user e.g. uid, gid, and groups
`last`	Shows the last logins in the system
`who`	Shows who is logged in to the system
`groupadd "admin"`	Adds the group 'admin'
`adduser "Sam"`	Adds user Sam
`userdel "Sam"`	Deletes user Sam
`usermod`	Used for changing / modifying user information

4) File Commands

`ls -al`	Lists files - both regular & hidden files and their permissions as well.
`pwd`	Displays the current directory file path
`mkdir 'directory_name'`	Creates a new directory
`rm file_name`	Removes a file
`rm -f filename`	Forcefully removes a file
`rm -r directory_name`	Removes a directory recursively
`rm -rf directory_name`	Removes a directory forcefully and recursively
`cp file1 file2`	Copies the contents of file1 to file2
`cp -r dir1 dir2`	Recursively Copies dir1 to dir2. dir2 is created if it does not exist
`mv file1 file2`	Renames file1 to file2
`ln -s /path/to/file_name link_name`	Creates a symbolic link to file_name
`touch file_name`	Creates a new file
`cat > file_name`	Places standard input into a file
`more file_name`	Outputs the contents of a file
`head file_name`	Displays the first 10 lines of a file
`tail file_name`	Displays the last 10 lines of a file
`gpg -c file_name`	Encrypts a file
`gpg file_name.gpg`	Decrypts a file
`wc`	Prints the number of bytes, words and lines in a file
`xargs`	Executes commands from standard input

5) Process Related

`ps`	Display currently active processes
`ps aux \| grep 'telnet'`	Searches for the id of the process 'telnet'
`pmap`	Displays memory map of processes
`top`	Displays all running processes
`kill pid`	Terminates process with a given pid
`killall proc`	Kills / Terminates all processes named proc
`pkill process-name`	Sends a signal to a process with its name
`bg`	Resumes suspended jobs in the background
`fg`	Brings suspended jobs to the foreground
`fg n`	job n to the foreground
`lsof`	Lists files that are open by processes
`renice 19 PID`	makes a process run with very low priority
`pgrep firefox`	find Firefox process ID
`pstree`	visualizing processes in tree model

6) File Permission

`chmod octal filename`	Change file permissions of the file to octal

Example
`chmod 777 /data/test.c`	Set rwx permissions to owner, group and everyone (everyone else who has access to the server)
`chmod 755 /data/test.c`	Set rwx to the owner and r_x to group and everyone
`chmod 766 /data/test.c`	Sets rwx for owner, rw for group and everyone
`chown owner user-file`	Change ownership of the file
`chown owner-user:owner-group file_name`	Change owner and group owner of the file
`chown owner-user:owner-group directory`	Change owner and group owner of the directory

7) Network

`ip addr show`	Displays IP addresses and all the network interfaces
`ip address add 192.168.0.1/24 dev eth0`	Assigns IP address 192.168.0.1 to interface eth0
`ifconfig`	Displays IP addresses of all network interfaces
`ping host`	ping command sends an ICMP echo request to establish a connection to server / PC
`whois domain`	Retrieves more information about a domain name
`dig domain`	Retrieves DNS information about the domain
`dig -x host`	Performs reverse lookup on a domain
`host google.com`	Performs an IP lookup for the domain name
`hostname -i`	Displays local IP address
`wget file_name`	Downloads a file from an online source
`netstat -pnltu`	Displays all active listening ports

8) Compression/Archives

`tar -cf home.tar home<:code>`	Creates archive file called 'home.tar' from file 'home'
`tar -xf files.tar`	Extract archive file 'files.tar'
`tar -zcvf home.tar.gz source-folder`	Creates gzipped tar archive file from the source folder
`gzip file`	Compression a file with .gz extension

9) Install Packages

`rpm -i pkg_name.rpm`	Install an rpm package
`rpm -e pkg_name`	Removes an rpm package
`dnf install pkg_name`	Install package using dnf utility

10) Install Source (Compilation)

`./configure`	Checks your system for the required software needed to build the program. It will build the Makefile containing the instructions required to effectively build the project
`make`	It reads the Makefile to compile the program with the required operations. The process may take some time, depending on your system and the size of the program
`make install`	The command installs the binaries in the default/modified paths after the compilation

11) Search

`grep 'pattern' files`	Search for a given pattern in files
`grep -r pattern dir`	Search recursively for a pattern in a given directory
`locate file`	Find all instances of the file
`find /home/ -name "index"`	Find file names that begin with 'index' in /home folder
`find /home -size +10000k`	Find files greater than 10000k in the home folder

12) Login

`ssh user@host`	Securely connect to host as user
`ssh -p port_number user@host`	Securely connect to host using a specified port
`ssh host`	Securely connect to the system via SSH default port 22
`telnet host`	Connect to host via telnet default port 23

13) File Transfer

`scp file1.txt server2/tmp`	Securely copy file1.txt to server2 in /tmp directory
`rsync -a /home/apps /backup/`	Synchronize contents in /home/apps directory with /backup directory

14) Disk Usage

`df -h`	Displays free space on mounted systems
`df -i`	Displays free inodes on filesystems
`fdisk -l`	Shows disk partitions, sizes, and types
`du -sh`	Displays disk usage in the current directory in a human-readable format
`findmnt`	Displays target mount point for all filesystems
`mount device-path mount-point`	Mount a device

15) Directory Traverse

`cd ..`	Move up one level in the directory tree structure
`cd`	Change directory to $HOME directory
`cd /test`	Change directory to /test directory

Ansible Cheat Sheet

SSH Setup

Copy your Ansible Master's public key to the managed node

ssh-keygen ## generate public key

ssh-copy-id # copy key, provide password to node

configure Hosts file

/etc/ansible/hosts

[production]

prod1.prod.local

prod2.prod.local

[dev]

devweb1.dev.local

devweb2.dev.local

REMOTE CMD (Ad Hoc)

Ping specific node

ansible -i hosts nycweb01.prod.local -m ping

Ping with wildcard

ansible -i hosts "nycweb*" -m ping

Ping all nodes with SSH user 'root'
ansible -i hosts all -m ping -u root

run a command

ansible -i hosts dev -a 'uname -a'

check Yum packages

ansible -i hosts dev -m yum

check if Docker rpm is installed

ansible -i hosts web01.nyc.local -m shell -a "rpm -qa | grep docker"

Get facts about a box

ansible -i hosts web01.nyc.local -m setup -a 'filter=facter_*'

run command with sudo

ansible -i hosts target-host -m shell -a "cat /etc/sudoers" --sudo

limit command to a certain group or server: add --limit *.nyc

SERVER DIAGNOSTICS

Test Connection
ansible -i hosts all -m ping -u root

Diagnostics

manage nodes via "/etc/ansible/hosts" file

Debug (debug output for playbook)

- debug: var=result verbosity=2

PACKAGES AND INSTALLATION

install multiple packages
yum: name="{{ item }}" state=present
with_items:
- http
- htop
- myapp

JOBS AND PROCESS CONTROL

run Ansible ad hoc with 10 parallel forks

ansible -i hosts testnode1 -a "uname -a" -f 10

show human readable output
add this line to ansible.cfg

stdout_callback=yaml

CONDITIONALS

y file to n

VARIABLES

include global variables for all Roles

sample playbook

splunk/
   setup_splunk_playbook.yaml
   roles/base
           /tasks/main.yaml
           /tasks/install.yaml
         search_head
           /tasks/configure.yaml
         indexer
           /tasks/configure.yaml
         some_other_role
           /tasks/some_task.yaml
   hosts
   config.yaml

Place your vars into config.yaml

cat splunk/config.yaml

--- 
# global Splunk variables
splunk_version: 7.0.0

in your playbook, include the Roles

cat setup_splunk_playbook.yaml

- hosts: "search_heads"  
  become_user: root
  become: true
  gather_facts: true

  roles:
    - base
    - search_head

in your Role, include the Global Vars inside a Task

cat roles/base/tasks/main.yaml

---
# install Splunk Base

- name: include vars
  include_vars: "{{ playbook_dir }}/config.yaml"

- include: install.yaml

vars are accessible in tasks now,

cat roles/base/tasks/install.yaml

- name: echo version
  debug: splunk version is {{ splunk_version }}

Loop through a Dict variable inside a playbook

cluster:

members:

splunk01: 10.123.1.0

splunk02: 10.123.1.1

splunk03: 10.123.1.2

in the playbook,
- debug: msg="{{ cluster.members.values() | map('regex_replace', '(.*)', 'https://\\1:8089') | join(',') }}"

>> https://10.123,1.0:8089, https://10.123.1.1:8089, etc etc

Use Inventory file variables inside a playbook

cat hosts

[apache]

nycweb01

playbook

debug: msg="IP: {{ hostvars[groups['apache'][0]]['ansible_default_ipv4']['address'] }}"

debug: msg="Hostname: {{ hostvars[groups['apache'][0]]['inventory_hostname'] }}"

- name: parse all hostnames in group WebServer and get their IPs, place them in a list

command: echo {{ hostvars[item]['ansible_ssh_host'] }}"

with_items: "{{ groups['webserver'] }}"

register: ip_list

- name: show the IPs

debug: msg={{ ip_list.results | map(attribute='item') | list }}"

export an Environment variable

- name: yum install
yum: name=somepkg state=present
environment:
SOME_VAR: abc

Variables inside Inventory Hosts file

cat hosts

[web]

nycweb01.company.local

[web:vars]

role="super duper web server"

now get the "role" variable inside the playbook,

- hosts: web
gather_facts: true
tasks:
- name: print Role var

debug: msg={{ role }}

// super duper web server

MODULES

service: name=httpd state=[started, stopped, restarted, reloaded] enabled=[yes,no]

user: name=joe state=[present,absent] uid=1001 groups=wheel shell=/bin/bash

group: name=splunk gid=6600 state=[present,absent] system=[yes/no]

yum: name=apache state=[present, latest, absent, removed]

file: path=/etc/file state=[file, link, directory, hard, touch, absent] group=x owner=x recurse=yes

GALAXY

install Role (Module)

ansible-galaxy install geerlingguy.nginx

PLAYBOOKS

run playbook with sudo

ansible-playbook -v config-users.yaml --sudo --sudo-user=joe --ask-sudo-pass

use different Hosts file

ansible-playbook -v -i /path/to/hosts

run playbook but only a specific task (tag)

ansible-playbook playbooks/restore_bitbucket.yaml  -i hosts --tags rsync



or to skip: (--skip-tags tag1, tag2)

store output of a command as a variable
shell: cat /etc/network | grep eth0
register: address

debug: msg="address is {{ address.stdout }}"

configure multiple items with one task

- name: more complex items to add several users

user:

name: "{{ item.name }}"

uid: "{{ item.uid }}"

groups: "{{ item.groups }}"

state: present

with_items:

- { name: testuser1, uid: 1002, groups: "wheel, staff" }

- { name: testuser2, uid: 1003, groups: staff }

get path location of current Playbook (pwd)

{{ playbook_dir }}


Set playbook to be verbose by default
- hosts: blah
  strategy: debug

run playbook with verbose traceback

ansible-playbook -i hosts myPlaybook.yaml -vvv

run playbook on multiple Host groups

- hosts: "search_head, deployer"

Run playbook locally on host

hosts: 127.0.0.1
connection: local

Prompt for password during Playbook run

# Playbook to change user password

- name: pw change
hosts: target
become: true

  become_user: root

  vars_prompt:

    - name: username

      prompt: "enter username for which to change the pw"

    - name: password

      prompt: "enter new password"

      private: yes

 

  tasks:

    - name: change pw

      user: "name={{ username }} password={{ password }} update_password=always"

run playbook with "dry run" / NOOP / simulate

ansible-playbook foo.yml --check

Run task on different target,

- name: run something on some other server

debug: msg="running stuff"

delegate_to: someserver

Delegate task to a host group

- name: restart web servers
service: name=memcached state=restarted
delegate_to: "{{ item }}"
with_items: "{{ groups['webservers'] }}"

Get IP or facter of a remote host

- name: get IP

debug: msg="{{ hostvars['nycweb01']['ansible_default_ipv4']['address'] }}"

or

debug: msg="{{ hostvars[item]['ansible_ssh_host'] }}"
with_items: "{{ groups['webservers'] }}"

synchronize file (copy file from Ansible host to target)

- synchronize:

src: "{{ playbook_dir }}/files/vscode.repo"

dest: /etc/yum.repos.d/

synchronize from server A to server B with a wildcard

- name: copy Splunk Apps

      synchronize: 
        src: "/opt/splunk/etc/apps/{{ item }}" (server A)

dest: "/opt/splunk/etc/shcluster/apps/" (server B)

with_items: - item1 - item2

delegate_to: server A

wget a file to a location

- get_url:

url: 'https://dl.google.com/go/go1.10.linux-amd64.tar.gz'

      dest: '/tmp'
      force: no  # dont download if file already exists

untar tar.gz

USER AND GROUP MGMT

change user password for user Joe (user Fred running the cmd as sudo on the target box)

# 1 install passlib
pip install passlib

#2 update the pw, using a hash

ansible targethost -s -m user -a 
"name=joe update_password=always password={{ 'MyNewPassword' | 
password_hash('sha512') }}" -u fred --ask-sudo-pass

copy public ssh key to remote authorized_keys file

- hosts: targetHost

tasks:
- name: update nessus SSH keys
become_user: root
become_method: sudo
become: true
authorized_key:
user: nessus
key: "{{ lookup('pipe','cat ../files/ssh_keys/nessus.pub') }}"
state: present

FILES & DIRS

delete all files and hidden files in a directory

vars:

  app_home: /var/opt/application



tasks:

  - name: clear home dir

- shell: "ls -la {{ app_home }}/"
register: files_to_delete
- file: path="{{ app_home }}/{{ item }}" state=absent
with_items: "{{ files_to_delete.stdout_lines }}"

get files from node

ansible node1 -s -m fetch -a "src=/etc/hosts dest=/tmp"

copy file to node

ansible node1 -m copy -a "src=/etc/hosts dest=/tmp/hosts"

remove all files matching a wildcard

file: path={{ item }} state=absent
with_fileglob: /tmp/*.rpm

FACTER

get all facts from a node (ad hoc)

ansible -i hosts targetName -m setup -a "filter="facter_*"

use fact in a playbook
include fact as {{ ansible_factname }}

add fact to Hosts file
[group]
host1 admin_user=jane
host2 admin_user=jack
host3

[group:vars]
admin_user=john

get default IPV4 address

ansible_default_ipv4.address

Local facts

place .fact file into /etc/ansible/facts.d on target node

vim /etc/ansible/facts.d/fruits.fact

[fruits]

sweet=banana, apple, grapes

bitter=grapefruit

get Local facts

ansible -i hosts mrx -m setup -a "filter=ansible_local"