Functionality to reduce dependancy of python for Ansible managed nodes
The code here is derived from gekmihesg/ansible-openwrt.
It is no longer a role, but a set of modules and a monkeypatching var_plugin. As such, dependancies to OpenWRT have been completely removed. And it does not try to configure anything in particular, but just give functionality so that you can use ansible without needing python on managed nodes.
Copy the files in this repository and either configure ansible.cfg
or set environment variables:
ansible.cfg
:DEFAULT_MODULE_PATH=path/to/src/library DEFAULT_VARS_PLUGINN_PATH=path/to/src/vars_plugins
- environment variables:
ANSIBLE_LIBRARY=
path/to/src/libraryANSIBLE_VAR_PLUGINS=
path/to/src/vars_plugins
Afterwards, it is a matter of creating an inventory and placing
hosts that do not have python installed in a nopython
group.
[nopython]
host1
host2
Some modules optionally require a way to generate SHA1 hashes or encode data Base64.
In case of Base64, there is a very slow hexdump | awk
implementation
included.
For SHA1 there is no workaround.
The modules will try to find usable system commands for SHA1
(sha1sum
, openssl
) and Base64 (base64
, openssl
, workaround)
when needed. If no usable commands are found, most things will still
work, but the fetch module for example has to be run with
validate_checksum: no
, will always download the file and return
changed: yes
.
Therefore it is recommended to install coreutils-sha1sum
and
coreutils-base64
, if the commands are not already provided by
busybox.
The following modules have been imported from ansible-openwrt:
- command
- copy
- fetch (implicit)
- file
- lineinfile
- nohup (new)
- opkg
- ping
- setup
- shell (implicit)
- slurp
- stat
- service
- sysctl
- template (implicit)
These modules were added:
- apk
- modprobe
- service_facts
These packages were removed as I found them too openwrt specific.
- uci (new)
- wait_for_connection (implicit)
Inventory:
[aps]
ap1.example.com
ap2.example.com
ap3.example.com
[routers]
router1.example.com
[nopython:children]
aps
routers
Playbook:
- hosts: all
tasks:
- name: copy authorized keys
copy:
src: authorized_keys
dest: /root/.ssh/authorized_keys
Running the modules outside of a playbook is possible like this:
$ export ANSIBLE_LIBRARY=~/path/to/src/library
$ export ANSIBLE_VARS_PLUGINS=~/path/to/src/vars_plugins
$ ansible -i inventory.ini -m setup all
The command
module was extended to include a parameter
no_change_rc
which tales a single int
. If the command
exits with this return code, it will report the execute to
not generate changes. It replaces this type of code:
- name: Exec sh command
shell:
cmd: "echo ''; exit 254;"
register: result
failed_when: result.rc != 0 and result.rc != 254
changed_when: result.rc != 254
Writing custom modules for this framework isn't too hard. The modules are wrapped into a wrapper script, that provides some common functions for parameter parsing, json handling, response generation, and some more.
All modules must match nopython_<module_name>.sh
. If module_name
is not one of Ansibles core modules, there must also be a
<module_name>.py
. This does not have to have any functionality
(it may have some for non OpenWRT systems) and can contain the
documentation.
GNU General Public License v3.0 (see License)
Portions are Copyright (c) 2017-2021 Markus Weippert also under the GNU General Public License v3.0 (License)