[[Category:OPS535rchan]][[Category= Objective =:# Install and configure Ansible on a controller Linux machine:# Explore Ansible's ad hoc commands:rchan]][[Category# Explore Ansible's built-in modules:OPS535 Lab]]# Explore and create Ansible playbooks 

::Ansible is an agentless IT automation engine that automates for automating cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needssystem administration tasks.::Ansible was designed for multi-tier deployments since day oneuses no additional custom security infrastructure, and models your IT infrastructure by describing how all of your systems inter-relateit uses a very simple human readable language called 'YAML', rather than just managing one system at a timeto compose an Ansible Playbook which allow you to describes the tasks you want to automate.

= Reference =:* For more detail information about ansible, check out the ansible web site at [https://www.ansible.com. www.ansible.com]:* [https://www.ansible.com/overview/how-ansible-works Overview]:* [https://docs.ansible.com/ansible/latest/user_guide/index.html Ansible uses no agents Latest User Guide]:* [https://proquest-safaribooksonline-com.libaccess.senecacollege.ca/book/operating-systems-and no additional custom security infrastructure-server-administration/linux/9781785282300 Ansible Configuration Management] - Second Edition::* By: Daniel Hall, Publisher: Packt Publishing Pub. ::* Date: April 27, and it uses a very simple language called "YAML"2015, to compose an Ansible Playbook which allow you to describe your automation jobs ISBN-13: 978-1-78528-230-0::* Pages in a very simple way.Print Edition: 122

For more detail information about = System requirements =The instruction in this lab has been tested for CentOS 8.3.2011, and * You must have at lease two networked machines** control machine - run ansible, check out to configure remote node - need Ansible 2.9.16 (The IP address of control machine used in the example in this lab is 192.168.49.1)** managed machine(s) - to be managed by the control node (The IP address of the managed machine used in the ansible web site at [http://wwwexamples in this lab is 192.168.ansible49.com3)* You should be able to ssh from your control machine as a regular user to any of your remote machines as regular user without supplying a login password. www* You account on the remote machine should be a sudoer and can run sudo without password.ansible* You should also be able to ssh from your control machine as a regular user to any of your remote machines as root without supplying a login password* Python 3.com]6+ on all nodes

= Objectives Investigation I: Introduction to Ansible =: In this labintroduction, we explore the main components of the Ansible configuration management system and its operating environment. we also develop study a simple playbook to manage for managing the configuration of a CentOS 78.x VM. For : You need at least two VMs for this lab: one VM to be used as the control machine and one or more detail information about ansible, check out VMs to be used as the ansible web site at [https://wwwmanaged machines.ansible.com. https://www.ansibleYou only need to install Ansible on the control machine.com]

= Reference === Key Concepts when using Ansible==* YAML - a human-readable data serialization language & is commonly used for configuration filesuse by Ansible's playbooks. To know more, your can check out the [https://en.wikipedia.org/wiki/YAML wikipedia page here]* Control machine - (Management node)the host on which you use Ansible to execute tasks on the managed machines* Remote Managed machine - (Controlled node)a host that is configured by the control machine* Playbook [[OPS435 Sample Ansible Hosts file|Hosts file]] -* Inventory file contains information about machines to be managed -* click [[OPS435 Sample Ansible Hosts file -| here]] for sample hosts file* Ad hoc commands- a simple one-off task:

*** ansible 192.168.9949.153 3 -a 'date'*** ansible 192.168.9949.153 3 -a 'df' *** ansible 192.168.9949.153 3 -a 'iptables -L -n -v' -u root* Built-in modules - code that performs a particular task such as copy a file, installing a package, etc:

*** ansible 192.169168.9949.153 3 -m copy -a "src=/ops435home/rchan/ops535/ansible.txt dest=/tmp/ansible.txt"

*** ansible 192.168.9949.153 3 -m yum dnf -a "name=bind state=latest"* Playbooks - contains one or multiple plays, each play defines a set of repeatable tasks on one or more managed machines. Playbooks are written in YAML. Every play in the playbook is created with environment-specific parameters for the target machines: ** ansible-playbook -i 192.168.49.3, setup_webserver.yaml** ansible-playbook firstrun.yaml == Part 1: Installing Ansible on CentOS 8 ==: You only need to install the "ansible" package on your control VM. :* Issue the following command to install the "ansible" package: <source lang="bash"> sudo yum install ansible -y</source> :* You may have to install the following dependent packages:<source lang="bash">Dependencies resolved.========================================================================================== Package Architecture Version Repository Size==========================================================================================Installing: ansible noarch 2.9.17-1.el8 epel 17 MInstalling dependencies: libsodium x86_64 1.0.18-release status2.el8 epel 162 k python3-babel noarch 2.5.1-5.el8 appstream 4.8 M python3-bcrypt x86_64 3.1.6-2.el8.1 epel 44 k python3-jinja2 noarch 2.10.1-2.el8_0 appstream 538 k python3-jmespath noarch 0.9.0-11.el8 appstream 45 k python3-markupsafe x86_64 0.23-19.el8 appstream 39 k python3-pyasn1 noarch 0.3.7-6.el8 appstream 126 k python3-pynacl x86_64 1.3.0-5.el8 epel 100 k sshpass x86_64 1.06-9.el8 epel 27 kInstalling weak dependencies: python3-paramiko noarch 2.4.3-1.el8 epel 289 k Transaction Summary========================================================================latest==================Install 11 Packages Total download size: 23 MInstalled size: 123 MIs this ok [y/N]: </source> : To confirm that you have Ansible installed, try the following command:<source lang="python">[rchan@c8 ~]$ ansible --helpusage: ansible [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD] [--become-user BECOME_USER] [-K] [-i INVENTORY] [--list-hosts] [-l SUBSET] [-P POLL_INTERVAL] [-B SECONDS] [-o] [-t TREE] [-k] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER] [-c CONNECTION] [-T TIMEOUT] [--ssh-common-args SSH_COMMON_ARGS] [--sftp-extra-args SFTP_EXTRA_ARGS] [--scp-extra-args SCP_EXTRA_ARGS] [--ssh-extra-args SSH_EXTRA_ARGS] [-C] [--syntax-check] [-D] [-e EXTRA_VARS] [--vault-id VAULT_IDS] [--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES] [-f FORKS] [-M MODULE_PATH] [--playbook-dir BASEDIR] [-a MODULE_ARGS] [-m MODULE_NAME] pattern...</source>: Take a look of all the available command line options for the "ansible"command. There are a lots of options when running Ansible. Let's move on to try a few simple ones.

: To get more detail information about the version of ansible installed on your system, try to following command:<source lang="python">[rchan@host ~]$ ansible --versionansible 2.9.17 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/rchan/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]</source> == Part 2: Sample runs for some of the Ad hoc commands ==

[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m copy -a "src=/home/rchan/ops435ops535/ansible/ansible.txt dest=/tmp/ansible.txt"192.168.9949.153 3 | SUCCESS CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "checksum": "837affc90674fb92cdb0ebac6e49ad31a586b37e82548876259158d4ba80a56ff311664353e49271", "dest": "/tmp/ansible.txt", "gid": 10011000, "group": "rchan", "md5sum": "78ae49d77d28d06173cf2194a39097320bcc4d27cff6cd55138dd615a09669ab", "mode": "0664", "owner": "rchan", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 106132, "src": "/home/rchan/.ansible/tmp/ansible-tmp-15429021191611895800.159722285-30336-117618539513309117758560038295/source", "state": "file", "uid": 10011000

</pre>: 192.168.49.3 is the remote machine's IP address.: "-m copy" tells ansible to use the copy module (type ansible-doc copy for module documentation): after '-a' is the arguments to the copy module, which specify the source file and the destination for the copy action.: If you got the same "CHANGED" status message, login to the remote machine (in this example, 192.168.49.3) and check the directory "/tmp" for the file ansible.txt. == Part 3: Sample runs for using some Ansible's built-in modules ==: "yum" is a built-in ansible module. You can get a complete list of all the ansible modules installed on you system with the following command:<source lang="bash"> ansisble-doc --list_files</source>: You can also get the detail information about any ansible module with the following command:<source lang="bash"> ansible-doc module_name  e.g. ansible_doc copy e.g. ansible_doc dnf</source>: The following command demonstrates how to install the "bind" package with the "yum" module and the response message under different conditions:<pre>[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m yum dnf -a "name=epel-release bind state=present"-b192.168.9949.153 3 | SUCCESS CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": falsetrue, "msg": "", "rc": 0,

"epel-release-7Installed: bind-32:9.11.noarch providing epel20-release is already installed5.el8.x86_64"

</pre>: Try the same ansible ad-hoc command again:<pre>[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m yum dnf -a "name=epel-release bind state=present" -u rootb192.168.9949.153 3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "msg": "Nothing to do", "rc": 0, "results": [ "epel-release-7-11.noarch providing epel-release is already installed" ]

</pre>: Try to install the latest version of the bind package:<pre>[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m yum dnf -a "name=epel-release bind state=latest" -u rootb192.168.9949.153 3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "msg": "Nothing to do", "rc": 0, "results": [ "All packages providing epel-release are up to date", "" ]

= Pre-Lab arrangement = Part 4: Gather software and hardware information available on remote machine ==* You must have at lease two networked machines** control node - run : One of the main ansible module is called "setup", it is automatically called by ansible playbook to configure gather useful "facts" about remote node** remote nodes - to hosts that can be used in ansible playbooks. It can also be managed executed directly by the control node* You should be ansible command (/usr/bin/ansible) to ssh from your control node as a regular user check what "facts" are available to any of your remote nodes as root user without supplying a login password.* Python 2host.7+ on all nodes = Lab Procedure === Gather all the information available on remote machine ==

[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m setup192.168.9949.153 3 | SUCCESS => {

"192.168.122149.993", "192.168.49.3", "192.168.99.153162" ], "ansible_all_ipv6_addresses": [], "ansible_apparmor"fe80::5054:ff:fe11:6767", { "fe80status"::5054:ff:fe8c:b67c"disabled" ]}, "ansible_architecture": "x86_64", "ansible_bios_date": "04/01/2014", "ansible_bios_version": "1.913.10-52.module_el8.el7_33.20+555+a55c8938",

"BOOT_IMAGE": "(hd0,msdos1)/vmlinuz-34.1018.0-862240.141.41.el7el8_3.x86_64", "LANGcrashkernel": "auto", "quiet": true, "en_CArd.UTFlvm.lv": "cl/swap", "resume": "/dev/mapper/cl-swap", "rhgb": true, "ro": true, "root": "/dev/mapper/cl-8root" }, "ansible_date_time": { "consoledate": "ttyS02021-01-29", "day": "29", "epoch": "1611896933", "hour": "00", "iso8601": "2021-01-29T05:08:53Z", "iso8601_basic": "20210129T000853810313", 

  "ansible_swapfree_mb": 2047, "ansible_swaptotal_mb": 2047, "ansible_system": "Linux", "ansible_system_capabilities": [ "" ], "ansible_system_capabilities_enforced": "True", "ansible_system_vendor": "Red Hat", "ansible_uptime_seconds": 21711, "ansible_user_dir": "/home/rchan", "ansible_user_gecos": "Raymond Chan", "ansible_user_gid": 1000, "ansible_user_id": "rchan", "ansible_user_shell": "/bin/bash", "ansible_user_uid": 1000, "ansible_userspace_architecture": "x86_64", "ansible_userspace_bits": "64", "ansible_virtualization_role": "guest", "ansible_virtualization_type": "kvm", "discovered_interpreter_python": "/usr/libexec/platform-python", "gather_subset": [ "all" ],

},

[[OPS435_Ansible_setupOPS535_Ansible_setup|Click here for complete contents of the above]] = Investigation II: Ansible Playbook === What is a playbook? ==: * Playbook is one of the core features of Ansible.: * Playbook tells Ansible what to execute by which user on the remote machine.: * Playbook is like a to-do list for Ansible: * Playbook is written "YAML".: * Playbook links a task to an ansible module and provide needed arguments to the module which requires them. ==Part 1: A playbook to update the /etc/motd file ==Name: motd-play.yml<pre>---- hosts: 192.168.49.3 user: rchan become: yes vars: apache_version: 2.6 motd_warning: 'WARNING: use by ITAS faculty/students only.' testserver: yes tasks: - name: setup a MOTD copy: dest: /etc/motd content: "{{ motd_warning }}"</pre> Sample Run:<pre>[rchan@host ansible]$ ansible-playbook motd-play.yml PLAY [192.168.49.3] ********************************************************************** TASK [Gathering Facts] *******************************************************************ok: [192.168.49.3] TASK [setup a MOTD] **********************************************************************changed: [192.168.49.3] PLAY RECAP *******************************************************************************192.168.49.3 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0   </pre> == Part 2: A playbook to install and start Apache Server ==Name: httpd-play.yml<pre>---- hosts: 192.168.49.3 user: rchan become: yes vars: apache_version: 2.6 motd_warning: 'WARNING: use by ITAS faculty/students only.' testserver: yes tasks: - name: install apache action: yum name=httpd state=installed - name: restart apache service: name: httpd state: restarted</pre>Sample Run:<pre>[rchan@host ansible]$ ansible-playbook httpd-play.yml PLAY [192.168.49.3] ********************************************************************** TASK [Gathering Facts] *******************************************************************ok: [192.168.49.3] TASK [install apache] ********************************************************************changed: [192.168.49.3] TASK [restart apache] ********************************************************************changed: [192.168.49.3] PLAY RECAP *******************************************************************************192.168.49.3 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0  </pre>: Login to 192.168.49.3 and verify that apache web server has been installed and is up and running.

= Questions Investigation III: Using Playbook to config a CentOS 8.x VM for OPS535 =: You have just installed the latest version of CentOS 8.x on a VM with minimal packages. You need to configure it for doing OPS535 labs. The following configuration need to be done on that VM::* update all the packages installed on the VM to their latest version using the dnf module.:* install extra packages repository for enterprise Linux using the dnf module:* install the git package using the dnf module:* create a new user with your Seneca_id (i.e. your Seneca user name) with sudo access:* configure the new user account created in the previous step so that you can ssh to it without password:* setup a directory structs for completing and organizing labs as shown below:<source lang="bash"> /home/[seneca_id]/ops535/lab1 /home/[seneca_id]/ops535/lab2 /home/[seneca_id]/ops535/lab3 /home/[seneca_id]/ops535/lab4 /home/[seneca_id]/ops535/lab5 /home/[seneca_id]/ops535/lab6 /home/[seneca_id]/ops535/lab7 /home/[seneca_id]/ops535/lab8 /home/[seneca_id]/ops535/a1 /home/[seneca_id]/ope535/a2 </source>:* create a playbook named "ops535_vm_config.yml" to perform all the tasks mentioned above.:* test your playbook with the ansible-playbook command and capture its output to a text file named "ops535_ansible_lab.txt"

= Completing Ansible Lab Sign-off (Show Instructor) === Have the following items ready to show your instructor: ==: * The Ansible playbook called "ops535_vm_config.yml" for configuring the VM.: * The result of running the playbook "ops535_vm_config.yml". Save the Lab result in a file called "ops535_ansible_lab.txt"== Upload the following files to blackboard ==: * ops535_vm_config.yml: * ops535_ansible_lab.txt