Open main menu

CDOT Wiki β

Changes

OPS435 Ansible

1,553 bytes removed, 17:10, 24 November 2019
Lab 9 Sign-off (Show Instructor)
[[Category:OPS435]][[Category:rchan]][[Category:OPS435 Lab]]
= Objective =
:# Install and configure Ansible on a controller Linux machine
:# Explore Ansible's ad hoc commands
:# Explore Ansible's built-in modules
:# Explore and create Ansible playbooks
 
= Overview =
* [https://www.ansible.com/overview/how-ansible-works Overview]::"Ansible is an agentless IT automation engine that automates for automating cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.::Ansible was designed for multi-tier deployments since day one, and models your IT infrastructure by describing how all of your systems inter-relate, rather than just managing one system at a timeadministration tasks.::Ansible uses no agents and no additional custom security infrastructure, and it uses a very simple human readable language called 'YAML', to compose an Ansible Playbook which allow you to describe your automation jobs describes the tasks you want to automate. = Reference =:* For more detail information about ansible, check out the ansible web site at [http://www.ansible.com. www.ansible.com]:* [https://www.ansible.com/overview/how-ansible-works Overview]:* [https://docs.ansible.com/ansible/latest/user_guide/index.html Ansible Latest User Guide]:* [https://proquest-safaribooksonline-com.libaccess.senecacollege.ca/book/operating-systems-and-server-administration/linux/9781785282300 Ansible Configuration Management] - Second Edition::* By: Daniel Hall, Publisher: Packt Publishing Pub. ::* Date: April 27, 2015,ISBN-13: 978-1-78528-230-0::* Pages in a very simple way."Print Edition: 122
For more detail information about ansible, check out the = System requirements =* You must have at lease two networked machines** control machine - run ansible web site at [http://wwwto configure remote node - need Ansible 2.ansiblex (latest version 2.com7)** managed machine(s) - to be managed by the control node* You should be able to ssh from your control machine as a regular user to any of your remote machines as regular user without supplying a login password. www* You account on the remote machine should be a sudoer and can run sudo without password.ansible* You should also be to ssh from your control machine as a regular user to any of your remote machines as root without supplying a login password* Python 2.com]7+ on all nodes
= Objective =
* Install and configure Ansible on a controller Linux machine
* Explore Ansible's ad hoc commands
* Explore Ansible's built-in modules
* Explore and create Ansible playbooks
= Investigation I: Introduction to Ansible =
: In this introduction, we explore the main components of the Ansible configuration management system and its operating environment. we also study a simple playbook for managing the configuration of a CentOS 7.x VM. For : You need at least two VMs for this lab: one VM to be used as the control machine and one or more detail information about ansible, check out VMs to be used as the ansible web site at [https://wwwmanaged machines.ansible.com. https://www.ansibleYou only need to install Ansible on the control machine.com]
== Key Concepts when using Ansible==
* YAML - a human-readable data serialization language & is commonly used for configuration filesuse by Ansible's playbooks. To know more, your can check out the [https://en.wikipedia.org/wiki/YAML wikipedia page here]* Control machine - (Management node)* Remote machine - (managed node)* playbook - contains one or multiple plays, each of the host on which define the work you use Ansible to be done for a configuration execute tasks on a the managed server. Playbooks are written in YAML. Every play in the playbook is created with environment-specific parameters for the target machines; there are no standard plays.* Inventory file Managed machine - defines a host that is configured by the hosts and groups of hosts upon which commands, modules, and tasks in a playbook operate.control machine
* [[OPS435 Sample Ansible Hosts file|Hosts file]] - contains information about machines to be managed - click [[OPS435 Sample Ansible Hosts file | here]] for sample hosts file
* Ad hoc commands- a simple one-off task:
** <u><b>shell commands</b></u>
*** ansible 192.168.99.153 -a 'date'
*** ansible 192.168.99.153 -a 'df'
*** ansible 192.168.99.153 -a 'iptables -L -n -v' -u root
* Built-in modules- code that performs a particular task such as copy a file, installing a package, etc:
** <u><b>copy module</b></u>
*** ansible 192.168.99.153 -m copy -a "src=/ops435/ansible.txt dest=/tmp/ansible.txt"
** <u><b>Package management</b></u>
*** ansible 192.168.99.153 -m yum -a "name=epel-release state=latest"
* Running Ansible Playbooks- contains one or multiple plays, each play defines a set of repeatable tasks on one or more managed machines. Playbooks are written in YAML. Every play in the playbook is created with environment-specific parameters for the target machines:
** ansible-playbook -i 192.168.99.153, setup_webserver.yaml
** ansible-playbook firstrun.yaml
== Hardware and software required
== Part 1: Installing Ansible on CentOS 7 ==
: run You only need to install the command yum install "ansible " package on your control VM. :* Login as root. You may have installed a regular user, change to the directory ~/ops435/lab9:* Issue the following dependent packagescommand to install the "ansible" package:<source lang="pythonbash">sudo yum install ansible -y--</source> Finished Dependency Resolution
:* You may have to install the following dependent packages:<source lang="bash">
Dependencies Resolved
[-a MODULE_ARGS] [-m MODULE_NAME]
pattern
 Define and run a single task 'playbook' against a set of hosts positional arguments: pattern host pattern optional arguments: --ask-vault-pass ask for vault password --list-hosts outputs a list of matching hosts; does not execute anything else --playbook-dir BASEDIR Since this tool does not use playbooks, use this as a substitute playbook directory.This sets the relative path for many features including roles/ group_vars/ etc. --syntax-check perform a syntax check on the playbook, but do not execute it --vault-id VAULT_IDS the vault identity to use --vault-password-file VAULT_PASSWORD_FILES vault password file --version show program's version number, config file location, configured module search path, module location, executable location and exit -B SECONDS, --background SECONDS run asynchronously, failing after X seconds (default=N/A) -C, --check don't make any changes; instead, try to predict some of the changes that may occur -D, --diff when changing (small) files and templates, show the differences in those files; works great with --check -M MODULE_PATH, --module-path MODULE_PATH prepend colon-separated path(s) to module library (def ault=~/.ansible/plugins/modules:/usr/share/ansible/plu gins/modules) -P POLL_INTERVAL, --poll POLL_INTERVAL set the poll interval if using -B (default=15) -a MODULE_ARGS, --args MODULE_ARGS module arguments -e EXTRA_VARS, --extra-vars EXTRA_VARS set additional variables as key=value or YAML/JSON, if filename prepend with @ -f FORKS, --forks FORKS specify number of parallel processes to use (default=5) -h, --help show this help message and exit -i INVENTORY, --inventory INVENTORY, --inventory-file INVENTORY specify inventory host path or comma separated host list. --inventory-file is deprecated -l SUBSET, --limit SUBSET further limit selected hosts to an additional pattern -m MODULE_NAME, --module-name MODULE_NAME module name to execute (default=command) -o, --one-line condense output -t TREE, --tree TREE log output to this directory -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) Privilege Escalation Options: control how and which user you become as on target hosts  --become-method BECOME_METHOD privilege escalation method to use (default=sudo), use `ansible-doc -t become -l` to list valid choices. --become-user BECOME_USER run operations as this user (default=root) -K, --ask-become-pass ask for privilege escalation password -b, --become run operations with become (does not imply password prompting) Connection Options: control as whom and how to connect to hosts  --private-key PRIVATE_KEY_FILE, --key-file PRIVATE_KEY_FILE use this file to authenticate the connection --scp-extra-args SCP_EXTRA_ARGS specify extra arguments to pass to scp only (e.g. -l) --sftp-extra-args SFTP_EXTRA_ARGS specify extra arguments to pass to sftp only (e.g. -f, -l) --ssh-common-args SSH_COMMON_ARGS specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand) --ssh-extra-args SSH_EXTRA_ARGS specify extra arguments to pass to ssh only (e.g. -R) -T TIMEOUT, --timeout TIMEOUT override the connection timeout in seconds (default=10) -c CONNECTION, --connection CONNECTION connection type to use (default=smart) -k, --ask-pass ask for connection password -u REMOTE_USER, --user REMOTE_USER connect as this user (default=None) Some modules do not make sense in Ad-Hoc (include, meta, etc)
</source>
: Take a look of all the available command line options for the "ansible" command. There are a lots of options when running Ansible. Let's move on to try a few simple ones.
== Part 2: Sample runs for some of the Ad hoc commands ==
== Part 3: Sample runs for using some Ansible's built-in modules ==
: "yum" is a built-in ansible module. You can get a complete list of all the ansible modules installed on you system with the following command:<source lang="bash">
ansisble-doc --list_files
</source>
: You can also get the detail information about any ansible module with the following command:<source lang="bash">
ansible-doc module_name
 
e.g. ansible_doc yum
</source>
: The following command demonstrates how to install the "epel-release" package with the "yum" module:
<pre>
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=present"
]
}
 
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=present" -u root
192.168.99.153 | SUCCESS => {
]
}
 
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=latest" -u root
192.168.99.153 | SUCCESS => {
[[OPS435_Ansible_setup|Click here for complete contents of the above]]
= Investigation II: Ansible Playbook === Updating What is a playbook? ==: * Playbook is one of the core features of Ansible.: * Playbook tells Ansible what to execute by which user on the remote machine.: * Playbook is like a to-do list for Ansible: * Playbook is written "YAML".: * Playbook links a task to an ansible module and provide needed arguments to the module which requires them. ==Part 1: A playbook to update the /etc/motd file ==
Name: motd-play.yml
<pre>
</pre>
== Install Part 2: A playbook to install and start Apache Server ==
Name: httpd-play.yml
<pre>
</pre>
= Investigation III: Using Playbook to config a OPS435 Linux machine =
: You have just installed the latest version of CentOS 7.x on a VM with GNOME Desktop. You need to configure it so that you can use it for doing the Labs for OPS435. The following configuration need to be done on that VM:
:* update all the packages installed on the VM
:* install extra packages repository for enterprise Linux
:* install python3 if it is not already installed
:* set the host name to your Seneca user name
:* install the git package
:* create a new user with your Seneca_id with sudo access
:* configure the new user account so that you can ssh to it without password
:* setup a directory structs for completing and organizing labs as shown below:<source lang="bash">
/home/[seneca_id]/ops435/lab0
/home/[seneca_id]/ops435/lab1
/home/[seneca_id]/ops435/lab2
/home/[seneca_id]/ops435/lab3
/home/[seneca_id]/ops435/lab4
/home/[seneca_id]/ops435/lab5
/home/[seneca_id]/ops435/lab6
/home/[seneca_id]/ops435/lab7
/home/[seneca_id]/ops435/lab8
/home/[seneca_id]/ops435/lab9
</source>
:* create a playbook named "config_ops435.yml" to perform the tasks mentioned above.
:* test your playbook and capture its output when it complete without error.
= Questions Lab 9 Sign-off (Show Instructor) == System requirements = Have the following items ready to show your instructor: ==: * You must have at lease two networked machines** control node - run ansible to configure remote node - need The Ansible 2playbook called "config_ops435.x (latest version 2yml" for configuring the VM mentioned in Lab 1.7): ** remote nodes - to be managed by The result of running the playbook "config_ops435.yml". Save the control node* You should be to ssh from your control node as result in a regular user to any of your remote nodes as root user without supplying a login passwordfile called "lab9_[seneca_id].txt"* Python 2.7+ on all nodes= Reference = Upload the following files to blackboard ==: * [https://proquest-safaribooksonline-com.libaccess.senecacollege.ca/book/operating-systems-and-server-administration/linux/9781785282300 Ansible Configuration Management] - Second Edition By: Daniel Hall, Publisher: Packt Publishing Pubconfig_ops435. Date: April 27, 2015,ISBN-13: 978-1-78528-230-0yml Pages in Print Edition: 122* lab9_[https://docsseneca_id].ansible.com/ansible/latest/user_guide/index.html Ansible Latest User Guide]txt
1,760
edits