These are a small collection of modules and plug-ins I created while coming up with Ansible playbooks for my network. Ansible is a lightweight and simple system for managing system configurations.
This software has the same license as Ansible, GPLv3.
-
augtoolmodule: Modify configuration files using Augeas' augtool from Ansible. Augeas is great when you want to edit a configuration file rather than replace it (e.g. with Ansible's built-intemplatemodule). -
load_gpg_varsmodule: Load host variables from an encrypted YAML file. This is a quirky module but it can be useful for keeping information such as passwords for new user accounts you want to set up when provisioning a system.Note: this should probably be replaced by
ansible-vaultonce Ansible 1.5 is released. -
dnslookup plug-in: Lets you resolve host names to their IP addresses. This very simple module just callsgethostbynamefor now, so it surely won't cover all use cases, and it definitely doesn't support IPv6. For example, this will be replaced with the IP forwww.ansible.cc:{{ lookup('dns', 'www.ansible.cc') }}I used this when making IPTables rules, which needed an IP address, but where I didn't want to "hard code" the IP in my playbook.
-
hashfilter plug-in: If you have passlib installed, you can use this filter plug-in to hash passwords. For example:{{ plain_text_password|hash("sha512_crypt", salt_size=16) }}See http://pythonhosted.org/passlib/lib/passlib.hash.html for a list of supported hashes and their arguments.
This filter could be particularly useful in conjunction with plain text passwords kept in a GPG file using the
load_gpg_varsmodule, above. See that module's documentation for an example. -
regexp_escapefilter plug-in: Gives you aregexp_escapefilter. This can be useful when, for example, you're interpolating variables into theregexpargument of the built-inlineinfilemodule. -
vault_from_gpg_agent.py: A script that allows Ansible Vault to read its passphrase viagpg-agent, which can (relatively) securely keep your passphrase in memory and save you from having to enter it every time you runansible-playbook. See this mailing list post for more details. Use this script by settingvault_password_file = vault_from_gpg_agent.pyin your Ansible configuration file, or use--vault-password-file=vault_from_gpg_agent.pyon the command line. Make sure the script is executable!