Ansible: Run Tasks Once Per Machine After OS Reinstall

Ansible's Magic: Running a Task Once Per Machine After OS Reinstallations

Hey guys, setting up a Proxmox/Ceph cluster with Ansible, huh? That's awesome! It's a powerful combo, but dealing with those pesky pre-existing data issues during OS reinstallations can be a real headache. Especially when you're trying to get your Ceph cluster up and running smoothly. Let's face it, nobody wants a failed installation because of some old data lurking on the drives. In this article, we'll dive deep into how to use Ansible to run a specific task only once on each machine after a fresh OS install. This is super important for things like wiping drives or configuring initial settings before the rest of your playbook kicks in. We'll cover the core concepts, provide some practical examples, and make sure you're equipped to handle those tricky reinstallation scenarios like a pro. So, buckle up, and let's get started on making your cluster deployments a breeze!

Why You Need This Ansible Trick

Ansible is amazing for automating your infrastructure, but it's not always immediately obvious how to handle situations where you need something done only once after a reinstallation. Imagine you're rebuilding your Proxmox nodes from scratch. You probably need to wipe those Ceph drives clean before you can even think about deploying Ceph itself. If you don't, you're going to run into errors, and nobody wants that. The key here is that you don't want this wiping task to run every single time Ansible runs the playbook. It should only happen once when the OS is first installed or reinstalled. You might also need to run initial configuration steps, like setting up networking or installing some core packages, which you don't want to repeat on every subsequent run. Think about it: you're saving time, preventing errors, and ensuring a clean, consistent deployment every single time. This "once per machine" approach is a cornerstone of idempotent Ansible playbooks, meaning they can be run multiple times without unintended side effects. This is what we are aiming for, and it's going to make your life so much easier.

The "register" and "when" Combo: Your Ansible Superpower

Okay, so how do we make this magic happen? The secret weapon in Ansible is the combination of the register and when directives. Let's break it down:

1. register: This directive captures the output of a task. You can think of it as Ansible's way of remembering things. You assign a variable name to the register option, and Ansible stores the result of the task in that variable. This is crucial because you can then use this information later in your playbook. It's like taking notes during a meeting. You need to record what happened so you can use it later.
2. when: This directive controls whether a task runs based on a condition. This is where the actual logic comes in. You specify a condition, and Ansible only executes the task if that condition is true. If the condition is false, the task is skipped. This is how you control when the task runs – think of it as a gatekeeper. Only when the gate is open, the task runs.

So, to execute a task once after a fresh OS installation, we'll use these two directives in concert. First, we'll run a task that checks for a specific file or condition. Then, we'll register the result of that check. Finally, we'll use the when directive to only run our "wipe drives" or "initial setup" task if the check indicates it's a fresh install. Simple, right? Trust me, it's more straightforward than it sounds. We'll get into the details in the next section.

Step-by-Step: Implementing the "Once Per Machine" Task

Let's look at how to implement this in practice. We will go through a practical example, assuming that you want to wipe your Ceph drives only after a fresh OS installation. The general approach is the same for other "once per machine" tasks.

1. The Check Task: First, we need a task that determines whether this is a fresh installation. A common way is to check for a specific file. If the file exists, it means the OS is already configured. If it doesn't, it's a new install. Let's check for the existence of a file, say, /etc/ceph/ceph.conf, which you might create during the initial setup. Here's what this looks like in your Ansible playbook:

   - name: Check if Ceph configuration file exists
     stat:
       path: /etc/ceph/ceph.conf
     register: ceph_config_exists
   

   • stat module: The stat module is your best friend for checking the status of files and directories. It provides information about the file's existence, modification time, etc.
   • register: ceph_config_exists: This is crucial. It stores the result of the stat module in a variable named ceph_config_exists. This variable will contain details about the file, including whether it exists (ceph_config_exists.stat.exists).

2. The "Once" Task: Now, let's define the task that you want to run only once – in this case, wiping the Ceph drives. This might involve using the dd command or a similar tool. The important part is to include the when directive:

   - name: Wipe Ceph drives (if it's a new installation)
     shell:
       cmd: "wipe your drives here"
     when: not ceph_config_exists.stat.exists
   

   • shell module: The shell module is used to execute shell commands on the remote machine. Be careful when using this – always validate your commands.
   • when: not ceph_config_exists.stat.exists: This is where the magic happens. The task will only run if ceph_config_exists.stat.exists is false, meaning the /etc/ceph/ceph.conf file doesn't exist, implying it's a fresh install. If the file exists, the task will be skipped.

3. Combining It All: Put these tasks together in your playbook, and you'll have a powerful mechanism for running tasks only once after an OS installation. Remember to create the /etc/ceph/ceph.conf file in a later step of your playbook, or else the wipe will happen on every run!

Advanced Techniques and Considerations

Let's take a quick look at some more advanced techniques and considerations for handling these scenarios:

• Idempotency is Key: Remember, your tasks should be idempotent. This means they can be run multiple times without causing unintended side effects. Ensure that your wipe drive commands are safe to run multiple times and won't cause data loss if they are. For example, you might want to check the existing partitions before wiping the drives.
• Using set_fact: Instead of checking for a file, you can use the set_fact module to create a fact (a variable) that indicates whether the "once" task has been run. This is especially useful if the initial configuration task is complex. You set the fact to true after the task completes, and use the fact in your when condition to prevent subsequent runs.
• Handlers: Ansible handlers are perfect for running tasks in response to a change. For example, if your "once" task modifies a configuration file, you can use a handler to restart a service only after the file has been modified. This keeps your playbook clean and efficient.
• Error Handling: Always include proper error handling in your playbooks. Use failed_when or ignore_errors to manage potential issues during the wipe drive operation. This will prevent your playbook from failing if something goes wrong.
• Idempotent Drive Wiping: Ensure that your drive wiping process is idempotent. Instead of just blindly wiping the entire disk, consider checking the partition tables first. If the drive is already wiped or is formatted, skip the wipe. This prevents unnecessary operations and saves time.
• Network Configuration: Another common "once per machine" task is configuring the network. When the OS first boots, the network might not be configured. Using Ansible, you can set up the network interfaces, DNS settings, and other network-related configurations. You can use a similar approach as described above, where you check for the existence of a network configuration file and only apply the configuration if the file doesn't exist. Make sure that any network configuration tasks are carefully designed to avoid locking yourself out of the server.

Troubleshooting Common Issues

Running a task once can be tricky, and you might run into some issues. Here's how to troubleshoot some common problems:

• The task is always running: Double-check the condition in your when statement. Make sure you're correctly referencing the variable registered by the check task. Typos in the variable name are a frequent cause of errors. Debugging your playbook using the -v (verbose) or -vvv (very verbose) flags can help pinpoint the problem. These flags show you the values of variables and the execution flow of your playbook.
• The task never runs: Ensure your check task is correctly identifying whether it's a new install. Verify the path to the file you are checking. Confirm that the file exists when you expect it to and doesn't exist when you don't expect it to. The order of tasks in your playbook is also crucial. The check task must run before the "once" task.
• Permissions issues: If your "once" task involves file system operations or interacting with system services, make sure Ansible is running with the appropriate permissions. You can use the become directive (often with become_method: sudo) to elevate your privileges. Check that the user Ansible connects with has the necessary privileges to execute the commands. Ansible uses the become functionality to switch to a privileged user account.
• Idempotency failures: Your wipe drive commands or any commands in the "once" task must be idempotent. If they aren't, you might end up with partial or inconsistent configurations. Always test your playbooks thoroughly in a test environment before applying them to production systems.

Conclusion: Ansible - Your Automation Sidekick

So, there you have it! You now have a solid understanding of how to use Ansible to run tasks once per machine, especially after an OS reinstallation. This technique is an essential part of building reliable and repeatable infrastructure automation workflows. By combining the register and when directives, you can build idempotent playbooks that are safe to run repeatedly, saving you time and preventing errors. Remember to always test your playbooks thoroughly in a safe environment before deploying them to production. With this knowledge, you are well on your way to mastering Ansible and building a rock-solid Proxmox/Ceph cluster. Happy automating!