Log In

Ansible

The Sym CLI can be used to run ansible commands after you've been granted access.

Suggest Edits

You can use the Sym CLI to run ansible or ansible-playbook commands with your temporary credentials.

Steps

  1. Make sure you've installed Sym and logged in. For this guide, we'll assume you see a Sym resource called staging when you list resources.
  2. Request Access to the staging resource and wait for it to be approved.
  3. Use the sym ansible or sym ansible-playbook command:

A common invocation of ansible-playbook goes something like this:

AWS_PROFILE=staging ansible-playbook nginx.yml

Invoking ansible-playbook with sym looks very similar. You simply have to specify a SYM_RESOURCE environment variable, and prefix ansible-playbook with sym.

$ SYM_RESOURCE=staging sym ansible-playbook nginx.yml

______________________
< PLAY [Install nginx] >
 ----------------------
 ________________________
< TASK [Gathering Facts] >
 ------------------------
ok: [34.230.78.150]
 ______________________
< TASK [Install nginx] >
 ----------------------
ok: [34.230.78.150]
 ____________
< PLAY RECAP >
 ------------
34.230.78.151: ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

πŸ“˜

You can also specify a SYM_ANSIBLE_RESOURCE to have the local Ansible command assume a different Sym Resource Role than the one used for the SSH connection.

🚧

If you include an AWS_PROFILE, Ansible will assume that IAM Role instead of the Sym Resource Role when executing locally.

Adjusting Session Length

If your playbook is particularly long-running, the AWS credentials fetched by sym might expire before completion. To avoid this, prefix SYM_SESSION_LENGTH=60 to your command.

If your playbook needs even more time, you'll have to periodically run a command to refresh your credentials (in a new Terminal window). Here's an example, assuming your playbook is targeting the staging Resource:

sym write-creds staging --prefix=sym-ansible

Command Timeouts

By default Sym's Ansible Connector uses a 120 second timeout for any individual command. If any command in your playbook is expected to take longer, you can use the SYM_COMMAND_TIMEOUT environment variable.

For example, to allow each command to run for 30 minutes, you can do the following:

$ SYM_COMMAND_TIMEOUT=1800 SYM_RESOURCE=staging sym ansible-playbook nginx.yml

Running ansible without a playbook

You can also run ansible commands in a similar way:

$ SYM_RESOURCE=staging sym ansible all -m ping -vvv

34.230.78.151 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "invocation": {
        "module_args": {
            "data": "pong"
        }
    },
    "ping": "pong"
}

πŸ‘

You can use sym defaults:set resource staging to avoid having to include SYM_RESOURCE=staging in every command!

Updated 5 months ago

What’s Next
Did this page help you?