nntrn/ad-hoc-commands.sh

## ad-hoc-commands.sh
# source:
# https://ansible-tips-and-tricks.readthedocs.io/en/latest/ansible/commands/

# Ping hosts
ansible <HOST_GROUP> -m ping

# Display gathered facts
ansible <HOST_GROUP> -m setup | less

# Filter gathered facts
ansible <HOST_GROUP> -m setup -a "filter=ansible_distribution*"

# Copy SSH key manually
ansible <HOST_GROUP> -m authorized_key -a "user=root key='ssh-rsa AAAA...XXX == root@hostname'"

# Modify file using lineinfile
ansible all -m lineinfile -a "dest=/etc/group regexp='^(users:x:100:)(.*)' line='\1ldapusername,\2' state=present backrefs=yes"

# Specifying a user:
ansible-playbook playbooks/atmo_playbook.yml --user atmouser

# Using a specific SSH private key:
ansible -m ping hosts --private-key=~/.ssh/keys/id_rsa -u centos

# Passing arguments:
ansible-playbook playbooks/atmo_playbook.yml -e "ATMOUSERNAME=atmouser"

# Limit to one host
ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit "host1"

# Limit to multiple hosts
ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit "host1,host2"

# Negated limit. NOTE: Single quotes MUST be used to prevent bash interpolation.
ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit 'all:!host1'

# Limit to host group
ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit 'group1'

# Limit to all tags matching install
ansible-playbook playbooks/PLAYBOOK_NAME.yml --tags 'install'

# Skip any tag matching sudoers
ansible-playbook playbooks/PLAYBOOK_NAME.yml --skip-tags 'sudoers'

# This can be done like this:
ansible-playbook playbooks/PLAYBOOK_NAME.yml --flush-cache

# Check for bad syntax:
ansible-playbook playbooks/PLAYBOOK_NAME.yml --syntax-check

# One can run in dry-run mode like this:
ansible-playbook playbooks/PLAYBOOK_NAME.yml --check

# Using raw module to run command similar to running directly via SSH:
ansible -m raw -s -a "yum install libselinux-python -y" new-atmo-images

# Manually flushing controller's redis cache
ansible localhost -m redis -a "command=flush flush_mode=all" -c local

## ansible-vault.sh
# https://docs.ansible.com/ansible/latest/user_guide/vault.html#vault
# to encrypt the string 'foobar' using the only password stored
# in 'a_password_file' and name the variable 'the_secret':
ansible-vault encrypt_string --vault-password-file a_password_file 'foobar' --name 'the_secret'

# To encrypt the string 'foooodev', add the vault ID label 'dev' with the 'dev' vault
# password stored in 'a_password_file', and call the encrypted variable 'the_dev_secret'
ansible-vault encrypt_string --vault-id dev@a_password_file 'foooodev' --name 'the_dev_secret'

# To encrypt the string 'letmein' read from stdin, add the vault ID 'dev' using the 'dev'
# vault password stored in a_password_file, and name the variable 'db_password':
echo -n 'letmein' | ansible-vault encrypt_string --vault-id dev@a_password_file --stdin-name 'db_password'
	# source:
	# https://ansible-tips-and-tricks.readthedocs.io/en/latest/ansible/commands/

	# Ping hosts
	ansible <HOST_GROUP> -m ping

	# Display gathered facts
	ansible <HOST_GROUP> -m setup \| less

	# Filter gathered facts
	ansible <HOST_GROUP> -m setup -a "filter=ansible_distribution*"

	# Copy SSH key manually
	ansible <HOST_GROUP> -m authorized_key -a "user=root key='ssh-rsa AAAA...XXX == root@hostname'"

	# Modify file using lineinfile
	ansible all -m lineinfile -a "dest=/etc/group regexp='^(users:x:100:)(.*)' line='\1ldapusername,\2' state=present backrefs=yes"

	# Specifying a user:
	ansible-playbook playbooks/atmo_playbook.yml --user atmouser

	# Using a specific SSH private key:
	ansible -m ping hosts --private-key=~/.ssh/keys/id_rsa -u centos

	# Passing arguments:
	ansible-playbook playbooks/atmo_playbook.yml -e "ATMOUSERNAME=atmouser"

	# Limit to one host
	ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit "host1"

	# Limit to multiple hosts
	ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit "host1,host2"

	# Negated limit. NOTE: Single quotes MUST be used to prevent bash interpolation.
	ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit 'all:!host1'

	# Limit to host group
	ansible-playbook playbooks/PLAYBOOK_NAME.yml --limit 'group1'

	# Limit to all tags matching install
	ansible-playbook playbooks/PLAYBOOK_NAME.yml --tags 'install'

	# Skip any tag matching sudoers
	ansible-playbook playbooks/PLAYBOOK_NAME.yml --skip-tags 'sudoers'

	# This can be done like this:
	ansible-playbook playbooks/PLAYBOOK_NAME.yml --flush-cache

	# Check for bad syntax:
	ansible-playbook playbooks/PLAYBOOK_NAME.yml --syntax-check

	# One can run in dry-run mode like this:
	ansible-playbook playbooks/PLAYBOOK_NAME.yml --check

	# Using raw module to run command similar to running directly via SSH:
	ansible -m raw -s -a "yum install libselinux-python -y" new-atmo-images

	# Manually flushing controller's redis cache
	ansible localhost -m redis -a "command=flush flush_mode=all" -c local
	# https://docs.ansible.com/ansible/latest/user_guide/vault.html#vault
	# to encrypt the string 'foobar' using the only password stored
	# in 'a_password_file' and name the variable 'the_secret':
	ansible-vault encrypt_string --vault-password-file a_password_file 'foobar' --name 'the_secret'

	# To encrypt the string 'foooodev', add the vault ID label 'dev' with the 'dev' vault
	# password stored in 'a_password_file', and call the encrypted variable 'the_dev_secret'
	ansible-vault encrypt_string --vault-id dev@a_password_file 'foooodev' --name 'the_dev_secret'

	# To encrypt the string 'letmein' read from stdin, add the vault ID 'dev' using the 'dev'
	# vault password stored in a_password_file, and name the variable 'db_password':
	echo -n 'letmein' \| ansible-vault encrypt_string --vault-id dev@a_password_file --stdin-name 'db_password'