Difference between revisions of "OPS635-lab-ansible-Summer-2019"

From CDOT Wiki
Jump to: navigation, search
(Investigation 2: Creating an Ansible Playbook)
(Investigation 2: Creating an Ansible Playbook)
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:OPS635]][[Category:OPS635-Labs]][[Category:peter.callaghan]][[Category:Chris.johnson]]
+
[[Category:OPS635]][[Category:OPS635-Labs]][[Category:peter.callaghan]][[Category:Chris.johnson]][[Category:Summer 2019]]
 
=OPS635 Lab 2 : System Configuration Management using Ansible=
 
=OPS635 Lab 2 : System Configuration Management using Ansible=
 
==Overview==
 
==Overview==
Line 7: Line 7:
  
 
==Investigation 1: Installing Ansible on Your Host Machine==
 
==Investigation 1: Installing Ansible on Your Host Machine==
*Install the Ansible package on your host machine.
 
 
*Clone three new VMs from your ''blank'' template VM and assign them unused static IPs.
 
*Clone three new VMs from your ''blank'' template VM and assign them unused static IPs.
 
*Add your new VMs to your host DNS as: '''ansible1, ansible2, ansible3'''
 
*Add your new VMs to your host DNS as: '''ansible1, ansible2, ansible3'''
*Create an SSH key-pair for the '''root user on your host''' and install its public key to your VMs' root accounts. Ensure that you can use it to SSH to root on your VMs without entering a password.
+
*Install the Ansible package on '''ansible1'''.
*Modify the inventory file on your host to include the fully qualified domain names of your VMs.
+
*Create an SSH key-pair for the '''root user on ansible1''' and install its public key to your other two VMs' root accounts. Ensure that you can use it to SSH to root on your VMs without entering a password.
*Use the '''setup module''' to verify that your Ansible host can run plays on your VMs.
+
*Modify the inventory file on your host to include the fully qualified domain names of '''ansible2''' and '''ansible3'''.
 +
*Use the '''setup module''' to verify that your ansible1 can run plays on your VMs.
  
 
==Investigation 2: Creating an Ansible Playbook==
 
==Investigation 2: Creating an Ansible Playbook==
Create an Ansible playbook that will"
+
Create an Ansible playbook (named lab2.yaml) that will:
* Run on all three nested VMs.
+
* Run on both ansible2 and ansible3.
 +
* Create user '''<senecaid>''' with a password, and add it to new group '''lab2'''. If your VM already has that account, that's fine, but the play should still run and try to add it.
 
* Install, enable, and start apache.
 
* Install, enable, and start apache.
 
* Insert a persistent firewall exception for port 80.
 
* Insert a persistent firewall exception for port 80.
* Replace the landing webpage on each VM with your own modified version of ''index.html''.
+
* Replace ''/var/www/html/index.html'' on each VM with your own modified version. (Similar to what you did in the Docker lab.)
 
* Each task should be '''idempotent''': That is, the results on the VMs are the same no matter how many times you run your playbook.
 
* Each task should be '''idempotent''': That is, the results on the VMs are the same no matter how many times you run your playbook.
 
** (ie. Running your playbook 3 times shouldn't create 3 firewall exceptions on port 80)
 
** (ie. Running your playbook 3 times shouldn't create 3 firewall exceptions on port 80)
  
 
==Investigation 3: Applying a Playbook==
 
==Investigation 3: Applying a Playbook==
*Use the ansible-playbook command to execute your play on both VMs in the same play. If anything goes wrong, fix it and re-run the play. Continue doing so until the play runs successfully.
+
*Use the ansible-playbook command on ansible1 to execute your play on both VMs in the same play. If anything goes wrong, fix it and re-run the play. Continue doing so until the play runs successfully.
  
 
==Submission==
 
==Submission==
Demonstrate your Ansible playbook working in class, then upload it to Blackboard.
+
* Demonstrate your Ansible playbook working in class.
 +
* Demonstrate the modified webpage on ansible2 and ansible3 on your host.
 +
* Upload your playbook it to Blackboard.

Latest revision as of 11:48, 31 May 2019

OPS635 Lab 2 : System Configuration Management using Ansible

Overview

In an enterprise environment, the existence of different hardware and operating systems running on production servers is very common. You may find the same software running on different OSes and even different hardware platforms. To manage the software configuration on different platforms by using a script, your script would have to be aware of and account for their differences. Your scripts would need to be written in way that they know how to query the operating environment and execute the appropriate installation and configuration actions based on the operating environment it is running on.

There are commercial and open source configuration management systems which aware of and know how to handle such difference in operating platforms. Ansible is a CMS (Content Management System) that we are going to study for this lab. In this lab, we will start by trying to convert the script that you have written for configuring Nagios on CentOS 7 to an Ansible playbook, test it on your testing environment and then deploy it to a new VM.

Investigation 1: Installing Ansible on Your Host Machine

  • Clone three new VMs from your blank template VM and assign them unused static IPs.
  • Add your new VMs to your host DNS as: ansible1, ansible2, ansible3
  • Install the Ansible package on ansible1.
  • Create an SSH key-pair for the root user on ansible1 and install its public key to your other two VMs' root accounts. Ensure that you can use it to SSH to root on your VMs without entering a password.
  • Modify the inventory file on your host to include the fully qualified domain names of ansible2 and ansible3.
  • Use the setup module to verify that your ansible1 can run plays on your VMs.

Investigation 2: Creating an Ansible Playbook

Create an Ansible playbook (named lab2.yaml) that will:

  • Run on both ansible2 and ansible3.
  • Create user <senecaid> with a password, and add it to new group lab2. If your VM already has that account, that's fine, but the play should still run and try to add it.
  • Install, enable, and start apache.
  • Insert a persistent firewall exception for port 80.
  • Replace /var/www/html/index.html on each VM with your own modified version. (Similar to what you did in the Docker lab.)
  • Each task should be idempotent: That is, the results on the VMs are the same no matter how many times you run your playbook.
    • (ie. Running your playbook 3 times shouldn't create 3 firewall exceptions on port 80)

Investigation 3: Applying a Playbook

  • Use the ansible-playbook command on ansible1 to execute your play on both VMs in the same play. If anything goes wrong, fix it and re-run the play. Continue doing so until the play runs successfully.

Submission

  • Demonstrate your Ansible playbook working in class.
  • Demonstrate the modified webpage on ansible2 and ansible3 on your host.
  • Upload your playbook it to Blackboard.