Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 30. Glossary
Ad Hoc
Ad hoc refers to using Ansible to perform a quick command, using /usr/bin/ansible, rather than the orchestration language, which is /usr/bin/ansible-playbook
. An example of an ad hoc command might be rebooting 50 machines in your infrastructure. Anything you can do ad hoc can be accomplished by writing a Playbook. Playbooks can also glue lots of other operations together.
Callback Plugin
Refers to user-written code that can intercept results from Ansible and act on them. Some examples in the GitHub project perform custom logging, send email, or play sound effects.
Control Groups
Also known as 'cgroups', a control group is a feature in the Linux kernel that enables resources to be grouped and allocated to run processes. In addition to assigning resources to processes, cgroups can also report use of resources by all processes running inside of the cgroup.
Check Mode
Refers to running Ansible with the --check
option, which does not make any changes on the remote systems, but only outputs the changes that might occur if the command ran without this flag. This is analogous to so-called "dry run" modes in other systems. However, this does not take into account unexpected command failures or cascade effects (which is true of similar modes in other systems). Use Check mode to get an idea of what might happen, but it is not a substitute for a good staging environment.
Container Groups
Container Groups are a type of Instance Group that specify a configuration for provisioning a pod in a Kubernetes or OpenShift cluster where a job is run. These pods are provisioned on-demand and exist only for the duration of the playbook run.
Credentials
Authentication details that can be used by automation controller to launch jobs against machines, to synchronize with inventory sources, and to import project content from a version control system. For more information, see [Credentials].
Credential Plugin
Python code that contains definitions for an external credential type, its metadata fields, and the code needed for interacting with a secret management system.
Distributed Job
A job that consists of a job template, an inventory, and slice size. When executed, a distributed job slices each inventory into a number of "slice size" chunks, which are then used to run smaller job slices.
External Credential Type
A managed credential type used for authenticating with a secret management system.
Facts
Facts are things that are discovered about remote nodes. While they can be used in playbooks and templates just like variables, facts are things that are inferred, rather than set. Facts are automatically discovered when running plays by executing the internal setup module on the remote nodes. You never have to call the setup module explicitly: it just runs. It can be disabled to save time if it is not required. For the convenience of users who are switching from other configuration management systems, the fact module also pulls in facts from the ohai
and facter
tools if they are installed, which are fact libraries from Chef and Puppet, respectively.
Forks
Ansible and automation controller communicate with remote nodes in parallel. The level of parallelism can be set in several ways during the creation or editing of a Job Template, by passing --forks
, or by editing the default in a configuration file. The default is a very conservative five forks, though if you have a lot of RAM, you can set this to a higher value, such as 50, for increased parallelism.
Group
A set of hosts in Ansible that can be addressed as a set, of which many can exist within a single Inventory.
Group Vars
The group_vars/
files are files that are stored in a directory with an inventory file, with an optional filename named after each group. This is a convenient place to put variables that are provided to a given group, especially complex data structures, so that these variables do not have to be embedded in the inventory file or playbook.
Handlers
Handlers are like regular tasks in an Ansible playbook (see Tasks), but are only run if the Task contains a "notify" directive and also indicates that it changed something. For example, if a configuration file is changed then the task referencing the configuration file templating operation might notify a service restart handler. This means services can be bounced only if they need to be restarted. Handlers can be used for things other than service restarts, but service restarts are the most common use.
Host
A system managed by automation controller, which may include a physical, virtual, or cloud-based server, or other device (typically an operating system instance). Hosts are contained in an Inventory. Sometimes referred to as a "node".
Host Specifier
Each Play in Ansible maps a series of tasks (which define the role, purpose, or orders of a system) to a set of systems. This "hosts:" directive in each play is often called the hosts specifier. It can select one system, many systems, one or more groups, or hosts that are in one group and explicitly not in another.
Instance Group
A group that contains instances for use in a clustered environment. An instance group provides the ability to group instances based on policy.
Inventory
A collection of hosts against which Jobs can be launched.
Inventory Script
A program that looks up hosts, group membership for hosts, and variable information from an external resource, whether that be a SQL database, a CMDB solution, or LDAP. This concept was adapted from Puppet (where it is called an "External Nodes Classifier") and works in a similar way.
Inventory Source
Information about a cloud or other script to be merged into the current inventory group, resulting in the automatic population of Groups, Hosts, and variables about those groups and hosts.
Job
One of many background tasks launched by automation controller, this is usually the instantiation of a Job Template, such as the launch of an Ansible playbook. Other types of jobs include inventory imports, project synchronizations from source control, or administrative cleanup actions.
Job Detail
The history of running a particular job, including its output and success/failure status.
Job Slice
See Distributed Job.
Job Template
The combination of an Ansible playbook and the set of parameters required to launch it. For more information, see Job templates.
JSON
JSON is a text-based format for representing structured data based on JavaScript object syntax. Ansible and automation controller use JSON for return data from remote modules. This enables modules to be written in any language, not just Python.
Mesh
Describes a network comprising of nodes. Communication between nodes is established at the transport layer by protocols such as TCP, UDP or Unix sockets.
See also, Node.
Metadata
Information for locating a secret in the external system once authenticated. The user provides this information when linking an external credential to a target credential field.
Node
A node corresponds to entries in the instance database model, or the /api/v2/instances/
endpoint, and is a machine participating in the cluster or mesh. The unified jobs API reports controller_node
and execution_node
fields. The execution node is where the job runs, and the controller node interfaces between the job and server functions.
Node Type | Description |
---|---|
Control | Nodes that run persistent services, and delegate jobs to hybrid and execution nodes. |
Hybrid | Nodes that run persistent services and execute jobs. |
Hop | Used for relaying across the mesh only. |
Execution | Nodes that run jobs delivered from control nodes (jobs submitted from the user’s Ansible automation) |
Notification Template
An instance of a notification type (Email, Slack, Webhook, etc.) with a name, description, and a defined configuration.
Notification
A Notification, such as Email, Slack or a Webhook, has a name, description and configuration defined in a Notification template. For example, when a job fails, a notification is sent using the configuration defined by the notification template.
Notify
The act of a task registering a change event and informing a handler task that another action needs to be run at the end of the play. If a handler is notified by multiple tasks, it is still only run once. Handlers are run in the order they are listed, not in the order that they are notified.
Organization
A logical collection of Users, Teams, Projects, and Inventories. Organization is the highest level in the object hierarchy.
Organization Administrator
An user with the rights to modify the Organization’s membership and settings, including making new users and projects within that organization. An organization administrator can also grant permissions to other users within the organization.
Permissions
The set of privileges assigned to Users and Teams that provide the ability to read, modify, and administer Projects, Inventories, and other objects.
Plays
A play is minimally a mapping between a set of hosts selected by a host specifier (usually chosen by groups, but sometimes by hostname globs) and the tasks which run on those hosts to define the role that those systems perform. A playbook is a list of plays. There can be one or many plays in a playbook.
Playbook
An Ansible playbook. For more information, see Ansible playbooks.
Policy
Policies dictate how instance groups behave and how jobs are executed.
Project
A logical collection of Ansible playbooks, represented in automation controller.
Roles
Roles are units of organization in Ansible and automation controller. Assigning a role to a group of hosts (or a set of groups, or host patterns, etc.) implies that they implement a specific behavior. A role can include applying variable values, tasks, and handlers, or a combination of these things. Because of the file structure associated with a role, roles become redistributable units that enable you to share behavior among playbooks, or with other users.
Secret Management System
A server or service for securely storing and controlling access to tokens, passwords, certificates, encryption keys, and other sensitive data.
Schedule
The calendar of dates and times for which a job should run automatically.
Sliced Job
See Distributed Job.
Source Credential
An external credential that is linked to the field of a target credential.
Sudo
Ansible does not require root logins and, since it is daemonless, does not require root level daemons (which can be a security concern in sensitive environments). Ansible can log in and perform many operations wrapped in a sudo
command, and can work with both password-less and password-based sudo. Some operations that do not normally work with sudo
(such as scp
file transfer) can be achieved with Ansible’s copy, template, and fetch modules while running in sudo
mode.
Superuser
An administrator of the server who has permission to edit any object in the system, whether or not it is associated with any organization. Superusers can create organizations and other superusers.
Survey
Questions asked by a job template at job launch time, configurable on the job template.
Target Credential
A non-external credential with an input field that is linked to an external credential.
Team
A sub-division of an Organization with associated Users, Projects, Credentials, and Permissions. Teams provide a means to implement role-based access control schemes and delegate responsibilities across Organizations.
User
An operator with associated permissions and credentials.
Webhook
Webhooks enable communication and information sharing between applications. They are used to respond to commits pushed to SCMs and launch job templates or workflow templates.
Workflow Job Template
A set consisting of any combination of job templates, project syncs, and inventory syncs, linked together in order to execute them as a single unit.
YAML
A human-readable language that is often used for writing configuration files. Ansible and automation controller use YAML to define playbook configuration languages and also variable files. YAML has a minimum of syntax, is very clean, and is easy for people to skim. It is a good data format for configuration files and humans, but is also machine readable. YAML is popular in the dynamic language community and the format has libraries available for serialization in many languages. Examples include Python, Perl, or Ruby.