Ansible

The Sym CLI can be used to run ansible commands after you've been granted access.

Suggest Edits

You can use the Sym CLI to run ansible or ansible-playbook commands with your temporary credentials.

Steps

  1. Make sure you've installed Sym and logged in. For this guide, we'll assume you see a Sym resource called staging when you list resources.
  2. Request Access to the staging resource and wait for it to be approved.
  3. Use the sym ansible or sym ansible-playbook command:

A common invocation of ansible-playbook goes something like this:

AWS_PROFILE=staging ansible-playbook nginx.yml

Invoking ansible-playbook with sym looks very similar. You simply have to specify a SYM_RESOURCE environment variable, and prefix ansible-playbook with sym.

$ SYM_RESOURCE=staging sym ansible-playbook nginx.yml

______________________
< PLAY [Install nginx] >
 ----------------------
 ________________________
< TASK [Gathering Facts] >
 ------------------------
ok: [34.230.78.150]
 ______________________
< TASK [Install nginx] >
 ----------------------
ok: [34.230.78.150]
 ____________
< PLAY RECAP >
 ------------
34.230.78.151: ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

πŸ“˜

You can also specify a SYM_ANSIBLE_RESOURCE to have the local Ansible command assume a different Sym Resource Role than the one used for the SSH connection.

🚧

If you include an AWS_PROFILE, Ansible will assume that IAM Role instead of the Sym Resource Role when executing locally.

Adjusting Session Length

If your playbook is particularly long-running, the AWS credentials fetched by sym might expire before completion. To avoid this, prefix SYM_SESSION_LENGTH=60 to your command.

If your playbook needs even more time, you'll have to periodically run a command to refresh your credentials (in a new Terminal window). Here's an example, assuming your playbook is targeting the staging Resource:

sym write-creds staging --prefix=sym-ansible

Command Timeouts

By default Sym's Ansible Connector uses a 120 second timeout for any individual command. If any command in your playbook is expected to take longer, you can use the SYM_COMMAND_TIMEOUT environment variable.

For example, to allow each command to run for 30 minutes, you can do the following:

$ SYM_COMMAND_TIMEOUT=1800 SYM_RESOURCE=staging sym ansible-playbook nginx.yml

Running ansible without a playbook

You can also run ansible commands in a similar way:

$ SYM_RESOURCE=staging sym ansible all -m ping -vvv

34.230.78.151 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "invocation": {
        "module_args": {
            "data": "pong"
        }
    },
    "ping": "pong"
}

πŸ‘

You can use sym defaults:set resource staging to avoid having to include SYM_RESOURCE=staging in every command!

Updated 12 months ago

What’s Next
Did this page help you?