How to Install and Configure Ansible

Configuration management (CM) refers to a discipline for evaluating, coordinating, approving or disapproving, and implementing changes in artifacts that are used to construct and maintain software systems. An artifact may be a piece of hardware or software or documentation. CM enables the management of artifacts from the initial concept through design, implementation, testing, base lining, building, release, and maintenance.

Effective configuration management (CM) involves the practice of processing system changes systematically with the primary intent of updating the system while maintaining system integrity.


While there are many popular configuration management systems available for Linux systems, such as Chef and Puppet, these are often more complex than many people want or need. Ansible is a great alternative to these options because it has a much smaller overhead to get started.


Working :


Ansible works by connecting to your nodes and pushing out small programs, called “Ansible modules” to them. These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default), and removes them when finished.

Your library of modules can reside on any machine, and there are no servers, daemons, or databases required. Typically you’ll work with your favorite terminal program, a text editor, and probably a version control system to keep track of changes to your content.

Passwords are supported, but SSH keys with ssh-agent are one of the best ways to use Ansible. Though if you want to use Kerberos, that’s good too. Lots of options! Root logins are not required, you can login as any user, and then su or sudo to any user.

Ansible’s “authorized_key” module is a great way to use ansible to control what machines can access what hosts. Other options, like kerberos or identity management systems, can also be used.

This article will introduce to the installation of ansible in linux machine and go over some basics of how to use the software.


Environment Setup :


Controlling Machine:


OS : CentOS Linux release 7.3.1611 (Core)

IP: 192.168.202.132

User : ansible 


Node 1 :


OS : Red Hat Enterprise Linux Server release 7.3 (Maipo)

IP : 192.168.202.133

User : ansible


Node 2 : 


OS: Ubuntu 16.10

IP: 192.168.202.130

User : ansible


Control Machine Requirements :

Currently Ansible can be run from any machine with Python 2.6 or 2.7 installed (Windows isn’t supported for the control machine).


If you have SELinux enabled on remote nodes, you will also want to install libselinux-python on them before using any copy/file/template related functions in Ansible. You can of course still use the yum module in Ansible to install this package on remote systems that do not have it.

Create User :


Create ansible user and set password on control machine and all the nodes 

$ sudo useradd ansible
$ sudo passwd ansible 


Give sudo permission to the ansible user 

$ visudo 

Append below line to the file :

ansible        ALL = (ALL) NOPASSWD: ALL 


Setup SSH Keys :


If you do not already have an SSH key pair that you would like to use for Ansible administration, we can create one now on your Ansible VPS.


$ su - ansible 

$ ssh-keygen 

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
df:df:9a:a8:d2:df:48:68:ce:01:51:06:be:c3:13:1c root@infra2
The key's randomart image is:
+--[ RSA 2048]----+
|        E.o      |
|       o +       |
|        =        |
|       . +       |
|        S        |
|         = o     |
|         .= o    |
|        .+.o = o |
|         .+o+ =..|
+-----------------+

Enter the name you want associated with this key into the top field. On your Ansible VPS instance, type this to get the contents of your public key:


cat ~/.ssh/id_rsa.pub


Example public key


ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDzmGgsqjSFuOBbjZB1sgquKpp3Ty+FgqoLrzjKbbk9VGOH6kM37aAhyxx


Enable the password-based authentication for ssh on all the nodes :

$ sudo vi /etc/ssh/sshd_config

Change the password authetication to yes 

PasswordAuthentication yes

Copy the public Key to the  respective nodes :

ansible]$  ssh-copy-id <hostname>

$ ssh-copy-id infra2
$ ssh-copy-id ubuntu1

Install Ansible on Ubuntu 16.04


The best way to get Ansible for Ubuntu is to add the project’s PPA (personal package archive) to your system.


To do this effectively, we need to install the software-properties-common package, which will give us the ability to work with PPAs easily. (This package was called python-software-properties on older versions of Ubuntu.)

$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible


Latest Releases Via Apt (Debian)


Latest Releases Via Apt (Debian)


Add the following line to /etc/apt/sources.list:


deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main

Then run these commands:

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
$ sudo apt-get update
$ sudo apt-get install ansible


Install Via Pip ( for Mac OS) 

$ sudo easy_install pip
$ sudo pip install ansible

If you are installing on OS X Mavericks, you may encounter some noise from your compiler. A workaround is to do the following:

$ sudo CFLAGS=-Qunused-arguments CPPFLAGS=-Qunused-arguments pip install ansible


Install via Yum (CentOS and Redhat )  
RPMs are available from yum for EPEL 6, 7, and currently supported Fedora distributions.

$ sudo rpm -iUvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm


Install the package :

$ sudo yum install ansible

After installed successfully, you can verify the version by executing below command.


# ansible –version

Ansible Layout:


Before we create a basic configuration, I want to take a moment to explain the Ansible file/folder structure. You’ll note that if you list the files/folders in /etc/ansible that you’re presented with the following. Alongside, I have included an explanation for each file or folder.

  1. /etc/ansible — The main configuration folder which encompasses all Ansible config
  2. /etc/ansible/hosts — This file holds information for the hosts/and host groups you will configure
  3. /etc/ansible/ansible.cfg — The main configuration file for Ansible
  4. /etc/ansible/roles — This folder allows you to create folders for each server role, web/app/db, etc.

Creating Inventory File for Remote Hosts :


Inventory file, This file hold the host information’s like which host we need to get connect from local to remote. Default inventory file will be under /etc/ansible/hosts.

$ sudo vim /etc/ansible/hosts


Add the following two hosts IP address.

[redhat]
192.168.202.133

[debian]
192.168.202.130

Now time to check our all 2 server by just doing a ping from my localhost. To perform the action we need to use the command ‘ansible‘ with options ‘-m‘ (module) and ‘-all‘ (group of servers).

$ ansible -m ping all

We could also specify an individual host:

$ ansible -m ping redhat


We can specify multiple hosts by separating them with colons:

$ ansible -m ping redhat:debian

Introducing Ansible Playbooks

Ansible playbooks are a way to send commands to remote computers in a scripted way. Instead of using Ansible commands individually to remotely configure computers from the command line, you can configure entire complex environments by passing a script to one or more systems.

Ansible playbooks are written in the YAML data serialization format. If you don’t know what a data serialization format is, think of it as a way to translate a programmatic data structure (lists, arrays, dictionaries, etc) into a format that can be easily stored to disk. The file can then be used to recreate the structure at a later point. JSON is another popular data serialization format, but YAML is much easier to read.Each playbook contains one or more plays, which map hosts to a certain function. Ansible does this through something called tasks, which are basically module calls.

Let’s look at a basic playbook:

Playbook to copy a file :

--- # Playbook to push MOTD File

- hosts: all
  user: ansibleuser
  sudo: yes
  connection: ssh

  tasks:
      - name: "Pushing MOTD File to all hosts"
        copy: src=/home/ansibleuser/ansible_playbook/motd/motd dest=/etc/motd

This is a requirement for YAML to interpret the file as a proper document. YAML allows multiple “documents” to exist in one file, each separated by —, but Ansible only wants one per file, so this should only be present at the top of the file.


YAML is very sensitive to white-space, and uses that to group different pieces of information together. You should use only spaces and not tabs and you must use consistent spacing for your file to be read correctly. Items at the same level of indentation are considered sibling elements.

Items that begin with a – are considered list items. Items that have the format of key: value operate as hashes or dictionaries. That’s pretty much all there is to basic YAML.


Running an Ansible Playbook :

Once you have a playbook built, you can call it easily using this format:

$ ansible-playbook playbook.yml


Playbook to install packages :

--- # Playbook to install Apache with Conditions

- hosts: all
  user: ansibleuser
  sudo: yes
  gather_facts: true

  tasks:
      - name: "Install Apache into Redhat servers"
        command: yum install -y httpd
        when: ansible_os_family == "RedHat"

      - name: "Install Apache Ubuntu based servers"
        command: apt-get install -y apache2
        when: ansible_os_family == "Debian"

At the top level, we have “tasks:” at the same level as “hosts:”. This contains a list (because it starts with a “-“) which contains key-value pairs.The first one, “name”, is more of a description than a name. You can call this whatever you would like.

Playbook for installing package by using loop :

--- # Playbook to push MOTD File

- hosts: centoswebservers
  user: ansibleuser
  sudo: yes

  tasks:
      - name: "Install Apache into Redhat servers"
        yum: pkg={{item}} state=latest 
        with_items:
               - httpd
               - links
               - ntp
               - nano

Install Packages with conditions : 

--- # Playbook to install Apache with Conditions

- hosts: all
  user: ansibleuser
  sudo: yes
  gather_facts: true

  tasks:
   - include: packages/packages.yml

  handlers:
   - include: handlers/handlers.yml

tasks and handler YAML  programs:

Handlers:

- name: Restart HTTPD
  service: name=httpd state=restarted

Tasks: 

- name: "Install Apache into Redhat servers"
  command: yum install -y httpd
  when: ansible_os_family == "RedHat"
  notify: Restart HTTPD

- name: "Install Apache Ubuntu based servers"
  command: apt-get install -y apache2
  when: ansible_os_family == "Debian"

YAML to install packages using handlers :

--- # Playbook to show handlers

- hosts: all
  user: ansibleuser
  sudo: yes
  gather_facts: true

  tasks:
      - name: "Install Apache into Redhat servers"
        command: yum install -y httpd
        when: ansible_os_family == "RedHat"
        notify: Restart HTTPD

      - name: "Install Apache Ubuntu based servers"
        command: apt-get install -y apache2
        when: ansible_os_family == "Debian"
  
  handlers:
      - name: Restart HTTPD
        service: name=httpd state=restarted

Creating Role : 

The first step in creating a role is creating its directory structure. 

Create directory with the following structure:

roles
|
|---roles_playbook.yml
|
|--webservers
        |
 |--handlers
 |    |
 |    |--main.yml
 |
 |--tasks
 |   |
 |   |--main.yml
 |
 |--vars
     |
     |--main.yml

Playbook to create role :

--- # Creating a role in Ansible

- hosts: all
  user: ansibleuser
  sudo: yes
  

  roles:
    - webservers  
    - appservers

 handlers

handlers usually contain targets for notify directives, and are almost always associated with services. For example, if you were creating a role for NTP, you might have an entry in handlers/main.yml for restarting NTP after a task finishes altering the NTP configuration file.

- name: Restart HTTPD
  service: name=httpd state=restarted


 tasks 

tasks houses a series of Ansible plays to install, configure, and run software.

- name: "Install Apache into Redhat servers"
  command: yum install -y httpd
  when: ansible_os_family == "RedHat"
  notify: Restart HTTPD   

- name: "Install Apache Ubuntu based servers"
  command: apt-get install -y apache2
  when: ansible_os_family == "Debian"


vars

vars and defaults house variables, but variables in vars have a higher priority, which means that they are more difficult to override.

APACHE_COPYRIGHT_VERDSION: 2015_VER1.0


YAML file to uninstall package:

--- # Playbook to install Apache with Conditions

- hosts: all
  user: ansibleuser
  sudo: yes
  gather_facts: true

  tasks:
      - name: "Install Apache into Redhat servers"
        command: yum remove -y httpd
        when: ansible_os_family == "RedHat"

      - name: "Install Apache Ubuntu based servers"
        command: apt-get remove -y apache2
        when: ansible_os_family == "Debian"


Create user :


Create a random password :

$ python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")'


This creates a hashed password


Create user using following playbook

- hosts: all
  user: ansibleuser
  sudo: yes
  connection: ssh

  vars:
   passwd: $1$Somekey$h4GKFX.BkjXxrt4poX.fO/

  tasks:
   - name: "Creating users with encrypted passwords"
     user: name="manjunath" password={{passwd}}



Create multiple users :

- hosts: all
  user: ansibleuser
  sudo: yes
  connection: ssh

  vars:
   passwd: $1$Somekey$h4GKFX.BkjXxrt4poX.fO/

  tasks:
   - name: "Creating users with encrypted passwords"
     user: name={{item}} password={{passwd}}
     with_items:
            - keerthana
            - vasi
            - goutham
            - anil


These are the basic example’s of how you can begin to build your configuration library.


Link to github repository :


https://github.com/dptsource/ansible-playbooks.git


Introduction to Ansible Essentials Webinar :


https://www.ansible.com/webinars-training/introduction-to-ansible

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: