Configuration management (CM) refers to a discipline for evaluating, coordinating, approving or disapproving, and implementing changes in artifacts that are used to construct and maintain software systems. An artifact may be a piece of hardware or software or documentation. CM enables the management of artifacts from the initial concept through design, implementation, testing, base lining, building, release, and maintenance.
Effective configuration management (CM) involves the practice of processing system changes systematically with the primary intent of updating the system while maintaining system integrity.
While there are many popular configuration management systems available for Linux systems, such as Chef and Puppet, these are often more complex than many people want or need. Ansible is a great alternative to these options because it has a much smaller overhead to get started.
Working :
Ansible works by connecting to your nodes and pushing out small programs, called “Ansible modules” to them. These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default), and removes them when finished.
Your library of modules can reside on any machine, and there are no servers, daemons, or databases required. Typically you’ll work with your favorite terminal program, a text editor, and probably a version control system to keep track of changes to your content.
Passwords are supported, but SSH keys with ssh-agent are one of the best ways to use Ansible. Though if you want to use Kerberos, that’s good too. Lots of options! Root logins are not required, you can login as any user, and then su or sudo to any user.
Ansible’s “authorized_key” module is a great way to use ansible to control what machines can access what hosts. Other options, like kerberos or identity management systems, can also be used.
This article will introduce to the installation of ansible in linux machine and go over some basics of how to use the software.
Environment Setup :
Controlling Machine:
OS : CentOS Linux release 7.3.1611 (Core)
IP: 192.168.202.132
User : ansible
Node 1 :
OS : Red Hat Enterprise Linux Server release 7.3 (Maipo)
IP : 192.168.202.133
User : ansible
Node 2 :
OS: Ubuntu 16.10
IP: 192.168.202.130
User : ansible
Control Machine Requirements :
Currently Ansible can be run from any machine with Python 2.6 or 2.7 installed (Windows isn’t supported for the control machine).
If you have SELinux enabled on remote nodes, you will also want to install libselinux-python on them before using any copy/file/template related functions in Ansible. You can of course still use the yum module in Ansible to install this package on remote systems that do not have it.
Create User :
Create ansible user and set password on control machine and all the nodes
$ sudo useradd ansible
$ sudo passwd ansible
Give sudo permission to the ansible user
$ visudo
Append below line to the file :
ansible ALL = (ALL) NOPASSWD: ALL
Setup SSH Keys :
If you do not already have an SSH key pair that you would like to use for Ansible administration, we can create one now on your Ansible VPS.
$ su - ansible
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
df:df:9a:a8:d2:df:48:68:ce:01:51:06:be:c3:13:1c root@infra2
The key's randomart image is:
+--[ RSA 2048]----+
| E.o |
| o + |
| = |
| . + |
| S |
| = o |
| .= o |
| .+.o = o |
| .+o+ =..|
+-----------------+
Enter the name you want associated with this key into the top field. On your Ansible VPS instance, type this to get the contents of your public key:
cat ~/.ssh/id_rsa.pub
Example public key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDzmGgsqjSFuOBbjZB1sgquKpp3Ty+FgqoLrzjKbbk9VGOH6kM37aAhyxx
Enable the password-based authentication for ssh on all the nodes :
$ sudo vi /etc/ssh/sshd_config
Change the password authetication to yes
PasswordAuthentication yes
Copy the public Key to the respective nodes :
ansible]$ ssh-copy-id <hostname>
$ ssh-copy-id infra2
$ ssh-copy-id ubuntu1
Install Ansible on Ubuntu 16.04
The best way to get Ansible for Ubuntu is to add the project’s PPA (personal package archive) to your system.
To do this effectively, we need to install the software-properties-common package, which will give us the ability to work with PPAs easily. (This package was called python-software-properties on older versions of Ubuntu.)
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible
Latest Releases Via Apt (Debian)
Latest Releases Via Apt (Debian)
Add the following line to /etc/apt/sources.list:
deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main
Then run these commands:
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
$ sudo apt-get update
$ sudo apt-get install ansible
Install Via Pip ( for Mac OS)
$ sudo easy_install pip
$ sudo pip install ansible
If you are installing on OS X Mavericks, you may encounter some noise from your compiler. A workaround is to do the following:
$ sudo CFLAGS=-Qunused-arguments CPPFLAGS=-Qunused-arguments pip install ansible
Install via Yum (CentOS and Redhat )
RPMs are available from yum for EPEL 6, 7, and currently supported Fedora distributions.
$ sudo rpm -iUvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
Install the package :
$ sudo yum install ansible
After installed successfully, you can verify the version by executing below command.
# ansible –version
Ansible Layout:
Before we create a basic configuration, I want to take a moment to explain the Ansible file/folder structure. You’ll note that if you list the files/folders in /etc/ansible that you’re presented with the following. Alongside, I have included an explanation for each file or folder.
- /etc/ansible — The main configuration folder which encompasses all Ansible config
- /etc/ansible/hosts — This file holds information for the hosts/and host groups you will configure
- /etc/ansible/ansible.cfg — The main configuration file for Ansible
- /etc/ansible/roles — This folder allows you to create folders for each server role, web/app/db, etc.
Creating Inventory File for Remote Hosts :
Inventory file, This file hold the host information’s like which host we need to get connect from local to remote. Default inventory file will be under /etc/ansible/hosts.
$ sudo vim /etc/ansible/hosts
Add the following two hosts IP address.
[redhat]
192.168.202.133
[debian]
192.168.202.130
Now time to check our all 2 server by just doing a ping from my localhost. To perform the action we need to use the command ‘ansible‘ with options ‘-m‘ (module) and ‘-all‘ (group of servers).
$ ansible -m ping all
We could also specify an individual host:
$ ansible -m ping redhat
We can specify multiple hosts by separating them with colons:
$ ansible -m ping redhat:debian
Introducing Ansible Playbooks
Ansible playbooks are a way to send commands to remote computers in a scripted way. Instead of using Ansible commands individually to remotely configure computers from the command line, you can configure entire complex environments by passing a script to one or more systems.
Ansible playbooks are written in the YAML data serialization format. If you don’t know what a data serialization format is, think of it as a way to translate a programmatic data structure (lists, arrays, dictionaries, etc) into a format that can be easily stored to disk. The file can then be used to recreate the structure at a later point. JSON is another popular data serialization format, but YAML is much easier to read.Each playbook contains one or more plays, which map hosts to a certain function. Ansible does this through something called tasks, which are basically module calls.
Let’s look at a basic playbook:
Playbook to copy a file :
--- # Playbook to push MOTD File
- hosts: all
user: ansibleuser
sudo: yes
connection: ssh
tasks:
- name: "Pushing MOTD File to all hosts"
copy: src=/home/ansibleuser/ansible_playbook/motd/motd dest=/etc/motd
This is a requirement for YAML to interpret the file as a proper document. YAML allows multiple “documents” to exist in one file, each separated by —, but Ansible only wants one per file, so this should only be present at the top of the file.
YAML is very sensitive to white-space, and uses that to group different pieces of information together. You should use only spaces and not tabs and you must use consistent spacing for your file to be read correctly. Items at the same level of indentation are considered sibling elements.
Items that begin with a – are considered list items. Items that have the format of key: value operate as hashes or dictionaries. That’s pretty much all there is to basic YAML.
Running an Ansible Playbook :
Once you have a playbook built, you can call it easily using this format:
$ ansible-playbook playbook.yml
Playbook to install packages :
--- # Playbook to install Apache with Conditions
- hosts: all
user: ansibleuser
sudo: yes
gather_facts: true
tasks:
- name: "Install Apache into Redhat servers"
command: yum install -y httpd
when: ansible_os_family == "RedHat"
- name: "Install Apache Ubuntu based servers"
command: apt-get install -y apache2
when: ansible_os_family == "Debian"
At the top level, we have “tasks:” at the same level as “hosts:”. This contains a list (because it starts with a “-“) which contains key-value pairs.The first one, “name”, is more of a description than a name. You can call this whatever you would like.
Playbook for installing package by using loop :
--- # Playbook to push MOTD File
- hosts: centoswebservers
user: ansibleuser
sudo: yes
tasks:
- name: "Install Apache into Redhat servers"
yum: pkg={{item}} state=latest
with_items:
- httpd
- links
- ntp
- nano
Install Packages with conditions :
--- # Playbook to install Apache with Conditions
- hosts: all
user: ansibleuser
sudo: yes
gather_facts: true
tasks:
- include: packages/packages.yml
handlers:
- include: handlers/handlers.yml
tasks and handler YAML programs:
Handlers:
- name: Restart HTTPD
service: name=httpd state=restarted
Tasks:
- name: "Install Apache into Redhat servers"
command: yum install -y httpd
when: ansible_os_family == "RedHat"
notify: Restart HTTPD
- name: "Install Apache Ubuntu based servers"
command: apt-get install -y apache2
when: ansible_os_family == "Debian"
YAML to install packages using handlers :
--- # Playbook to show handlers
- hosts: all
user: ansibleuser
sudo: yes
gather_facts: true
tasks:
- name: "Install Apache into Redhat servers"
command: yum install -y httpd
when: ansible_os_family == "RedHat"
notify: Restart HTTPD
- name: "Install Apache Ubuntu based servers"
command: apt-get install -y apache2
when: ansible_os_family == "Debian"
handlers:
- name: Restart HTTPD
service: name=httpd state=restarted
Creating Role :
The first step in creating a role is creating its directory structure.
Create directory with the following structure:
roles
|
|---roles_playbook.yml
|
|--webservers
|
|--handlers
| |
| |--main.yml
|
|--tasks
| |
| |--main.yml
|
|--vars
|
|--main.yml
Playbook to create role :
--- # Creating a role in Ansible
- hosts: all
user: ansibleuser
sudo: yes
roles:
- webservers
- appservers
handlers
handlers usually contain targets for notify directives, and are almost always associated with services. For example, if you were creating a role for NTP, you might have an entry in handlers/main.yml for restarting NTP after a task finishes altering the NTP configuration file.
- name: Restart HTTPD
service: name=httpd state=restarted
tasks
tasks houses a series of Ansible plays to install, configure, and run software.
- name: "Install Apache into Redhat servers"
command: yum install -y httpd
when: ansible_os_family == "RedHat"
notify: Restart HTTPD
- name: "Install Apache Ubuntu based servers"
command: apt-get install -y apache2
when: ansible_os_family == "Debian"
vars
vars and defaults house variables, but variables in vars have a higher priority, which means that they are more difficult to override.
APACHE_COPYRIGHT_VERDSION: 2015_VER1.0
YAML file to uninstall package:
--- # Playbook to install Apache with Conditions
- hosts: all
user: ansibleuser
sudo: yes
gather_facts: true
tasks:
- name: "Install Apache into Redhat servers"
command: yum remove -y httpd
when: ansible_os_family == "RedHat"
- name: "Install Apache Ubuntu based servers"
command: apt-get remove -y apache2
when: ansible_os_family == "Debian"
Create user :
Create a random password :
$ python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")'
This creates a hashed password
Create user using following playbook
- hosts: all
user: ansibleuser
sudo: yes
connection: ssh
vars:
passwd: $1$Somekey$h4GKFX.BkjXxrt4poX.fO/
tasks:
- name: "Creating users with encrypted passwords"
user: name="manjunath" password={{passwd}}
Create multiple users :
- hosts: all
user: ansibleuser
sudo: yes
connection: ssh
vars:
passwd: $1$Somekey$h4GKFX.BkjXxrt4poX.fO/
tasks:
- name: "Creating users with encrypted passwords"
user: name={{item}} password={{passwd}}
with_items:
- keerthana
- vasi
- goutham
- anil
These are the basic example’s of how you can begin to build your configuration library.
Link to github repository :
https://github.com/dptsource/ansible-playbooks.git
Introduction to Ansible Essentials Webinar :
https://www.ansible.com/webinars-training/introduction-to-ansible
Thanks for this post, it has been totally useful to me! Way easier to understand than anything else out there.
LikeLike