1,576
edits
Changes
m
<font color='red'><b>Draft - Do not use until this line has been removed.</b></font>
== Hardware and software required== Part 1: Installing Ansible on CentOS 7 8 ==
:* Login as a regular user, change to the directory ~/ops435/lab9
=====================================================================================================================Install 1 Package (+14 Dependent packages)11 Packages
PLAY RECAP *********************************************************************
192.168.99.153 : ok=2 changed=1 unreachable=0 failed=0
Protected "Ops535 ansible lab": OER transfer ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))
[[Category:rchan]]
= Objective =
:# Install and configure Ansible on a controller Linux machine
The instruction in this lab has been tested for CentOS 8.3.2011, and
* You must have at lease two networked machines
** control machine - run ansible to configure remote node - need Ansible 2.9.16(The IP address of control machine used in the example in this lab is 192.168.49.1)** managed machine(s) - to be managed by the control node(The IP address of the managed machine used in the examples in this lab is 192.168.49.3)
* You should be able to ssh from your control machine as a regular user to any of your remote machines as regular user without supplying a login password.
* You account on the remote machine should be a sudoer and can run sudo without password.
* You should also be able to ssh from your control machine as a regular user to any of your remote machines as root without supplying a login password
* Python 3.6+ on all nodes
* Ad hoc commands - a simple one-off task:
** <u><b>shell commands</b></u>
*** ansible 192.168.9949.153 3 -a 'date'*** ansible 192.168.9949.153 3 -a 'df' *** ansible 192.168.9949.153 3 -a 'iptables -L -n -v' -u root
* Built-in modules - code that performs a particular task such as copy a file, installing a package, etc:
** <u><b>copy module</b></u>
*** ansible 192.168.9949.153 3 -m copy -a "src=/ops435home/rchan/ops535/ansible.txt dest=/tmp/ansible.txt"
** <u><b>Package management</b></u>
*** ansible 192.168.9949.153 3 -m yum dnf -a "name=epel-release bind state=latest"
* Playbooks - contains one or multiple plays, each play defines a set of repeatable tasks on one or more managed machines. Playbooks are written in YAML. Every play in the playbook is created with environment-specific parameters for the target machines:
** ansible-playbook -i 192.168.9949.1533, setup_webserver.yaml
** ansible-playbook firstrun.yaml
: You only need to install the "ansible" package on your control VM.
:* Issue the following command to install the "ansible" package: <source lang="bash">
sudo yum install ansible -y
:* You may have to install the following dependent packages:<source lang="bash">
Dependencies Resolvedresolved. ===================================================================================================================== Package Arch Architecture Version Repository Size=====================================================================================================================
Installing:
ansible noarch 2.9.117-1.el7 el8 epel 17 MInstalling for dependencies: python-babel noarch 0.9.6-8.el7 base libsodium 1.4 M python-cffi x86_64 1.60.018-52.el7 base 218 el8 epel 162 k pythonpython3-enum34 babel noarch 2.5.1-5.0.el8 appstream 4-1.el7 base 52 k8 M pythonpython3-httplib2 noarch 0bcrypt x86_64 3.91.6-2-.el8.1.el7 extras 115 epel 44 k pythonpython3-idna jinja2 noarch 2.410.1-12.el7 base 94 el8_0 appstream 538 k pythonpython3-jinja2 jmespath noarch 2 0.79.20-411.el7 base 519 el8 appstream 45 k pythonpython3-markupsafe x86_64 0.1123-1019.el7 base 25 el8 appstream 39 k pythonpython3-paramiko pyasn1 noarch 2 0.13.17-96.el7 base 269 el8 appstream 126 k pythonpython3-ply noarch pynacl x86_64 1.3.40-115.el7 base 123 el8 epel 100 k python-pycparser sshpass noarch 2.14-1.el7 base 104 k python2-cryptography x86_64 1.7.206-29.el7 base 502 el8 epel 27 kInstalling weak dependencies: python2python3-jmespath paramiko noarch 0 2.94.0-3.el7 extras 39 k python2-pyasn1 noarch 0.1.9-7.el7 base 100 k sshpass x86_64 1.06-2.el7 extras 21 el8 epel 289 k
Transaction Summary
Total download size: 21 23 MInstalled size: 120 123 MIs this ok [y/d/N]:
</source>
: To confirm that you have Ansible installed, try the following command:<source lang="python">
[rchan@c7-rchan c8 ~]$ ansible --help
usage: ansible [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD]
[--become-user BECOME_USER] [-K] [-i INVENTORY] [--list-hosts]
</source>
: Take a look of all the available command line options for the "ansible" command. There are a lots of options when running Ansible. Let's move on to try a few simple ones.
: To get more detail information about the version of ansible installed on your system, try to following command:<source lang="python">
[rchan@host ~]$ ansible --version
ansible 2.9.17
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/rchan/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
</source>
== Part 2: Sample runs for some of the Ad hoc commands ==
<pre>
[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m copy -a "src=/home/rchan/ops435ops535/ansible/ansible.txt dest=/tmp/ansible.txt"192.168.9949.153 3 | SUCCESS CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "checksum": "837affc90674fb92cdb0ebac6e49ad31a586b37e82548876259158d4ba80a56ff311664353e49271", "dest": "/tmp/ansible.txt", "gid": 10011000, "group": "rchan", "md5sum": "78ae49d77d28d06173cf2194a39097320bcc4d27cff6cd55138dd615a09669ab", "mode": "0664", "owner": "rchan", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 106132, "src": "/home/rchan/.ansible/tmp/ansible-tmp-15429021191611895800.159722285-30336-117618539513309117758560038295/source", "state": "file", "uid": 10011000
}
</pre>
: 192.168.9949.153 3 is the remote machine's IP address.: "-m copy" tells ansible to use the copy module(type ansible-doc copy for module documentation)
: after '-a' is the arguments to the copy module, which specify the source file and the destination for the copy action.
: If you got the same "SUCCESSCHANGED" status message, login to the remote machine (in this example, it is 192.168.9949.1533) and check the directory "/tmp" for the file ansible.txt.
== Part 3: Sample runs for using some Ansible's built-in modules ==
ansible-doc module_name
e.g. ansible_doc yumcopy e.g. ansible_doc dnf
</source>
: The following command demonstrates how to install the "epel-releasebind" package with the "yum" moduleand the response message under different conditions:
<pre>
[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m yum dnf -a "name=epel-release bind state=present"-b192.168.9949.153 3 | SUCCESS CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": falsetrue, "msg": "", "rc": 0,
"results": [
"epel-release-7Installed: bind-32:9.11.noarch providing epel20-release is already installed5.el8.x86_64"
]
}
</pre>: Try the same ansible ad-hoc command again:<pre>[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m yum dnf -a "name=epel-release bind state=present" -u rootb192.168.9949.153 3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "msg": "Nothing to do", "rc": 0, "results": [ "epel-release-7-11.noarch providing epel-release is already installed" ]
}
</pre>: Try to install the latest version of the bind package:<pre>[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m yum dnf -a "name=epel-release bind state=latest" -u rootb192.168.9949.153 3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "msg": "Nothing to do", "rc": 0, "results": [ "All packages providing epel-release are up to date", "" ]
}
</pre>
: One of the main ansible module is called "setup", it is automatically called by ansible playbook to gather useful "facts" about remote hosts that can be used in ansible playbooks. It can also be executed directly by the ansible command (/usr/bin/ansible) to check what "facts" are available to a host.
<pre>
[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m setup192.168.9949.153 3 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.122149.993", "192.168.49.3", "192.168.99.153162" ], "ansible_all_ipv6_addresses": [], "ansible_apparmor"fe80::5054:ff:fe11:6767", { "fe80status"::5054:ff:fe8c:b67c"disabled" ]}, "ansible_architecture": "x86_64", "ansible_bios_date": "04/01/2014", "ansible_bios_version": "1.913.10-52.module_el8.el7_33.20+555+a55c8938",
"ansible_cmdline": {
"BOOT_IMAGE": "(hd0,msdos1)/vmlinuz-34.1018.0-862240.141.41.el7el8_3.x86_64", "LANGcrashkernel": "auto", "quiet": true, "en_CArd.UTFlvm.lv": "cl/swap", "resume": "/dev/mapper/cl-swap", "rhgb": true, "ro": true, "root": "/dev/mapper/cl-8root" }, "ansible_date_time": { "consoledate": "ttyS02021-01-29", "day": "29", "epoch": "1611896933", "hour": "00", "iso8601": "2021-01-29T05:08:53Z", "iso8601_basic": "20210129T000853810313",
...
"ansible_swapfree_mb": 2047, "ansible_swaptotal_mb": 2047, "ansible_system": "Linux", "ansible_system_capabilities": [ "" ], "ansible_system_capabilities_enforced": "True", "ansible_system_vendor": "Red Hat", "ansible_uptime_seconds": 21711, "ansible_user_dir": "/home/rchan", "ansible_user_gecos": "Raymond Chan", "ansible_user_gid": 1000, "ansible_user_id": "rchan", "ansible_user_shell": "/bin/bash", "ansible_user_uid": 1000, "ansible_userspace_architecture": "x86_64", "ansible_userspace_bits": "64", "ansible_virtualization_role": "guest", "ansible_virtualization_type": "kvm", "discovered_interpreter_python": "/usr/libexec/platform-python", "gather_subset": [ "all" ],
"module_setup": true
},
"changed": false
}
</pre>
[[OPS435_Ansible_setupOPS535_Ansible_setup|Click here for complete contents of the above]]
= Investigation II: Ansible Playbook =
<pre>
---
- hosts: 192.168.9949.1533 user: rootrchan become: yes
vars:
apache_version: 2.6
motd_warning: 'WARNING: use by ICT ITAS faculty/students only.'
testserver: yes
tasks:
Sample Run:
<pre>
[rchan@centos7 playbookshost ansible]$ ansible-playbook motd-play.yml
PLAY [192.168.9949.1533] **********************************************************************
TASK [Gathering Facts] *******************************************************************ok: [192.168.9949.1533]
TASK [setup a MOTD] **********************************************************************changed: [192.168.9949.1533] PLAY RECAP *******************************************************************************192.168.49.3 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
</pre>
<pre>
---
- hosts: 192.168.9949.1533 user: rootrchan become: yes
vars:
apache_version: 2.6
motd_warning: 'WARNING: use by ICT ITAS faculty/students only.'
testserver: yes
tasks:
Sample Run:
<pre>
[rchan@centos7 playbookshost ansible]$ ansible-playbook httpd-play.yml
PLAY [192.168.9949.1533] **********************************************************************
TASK [Gathering Facts] *******************************************************************ok: [192.168.9949.1533]
TASK [install apache] ********************************************************************changed: [192.168.9949.1533]
TASK [restart apache] ********************************************************************changed: [192.168.9949.1533]
PLAY RECAP *******************************************************************************192.168.9949.153 3 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
</pre>
: Login to 192.168.49.3 and verify that apache web server has been installed and is up and running. = Investigation III: Using Playbook to config a OPS435 Linux machine CentOS 8.x VM for OPS535 =: You have just installed the latest version of CentOS 78.x on a VM with GNOME Desktopminimal packages. You need to configure it so that you can use it for doing the Labs for OPS435OPS535 labs. The following configuration need to be done on that VM::* update all the packages installed on the VMto their latest version using the dnf module.:* install extra packages repository for enterprise Linux:* install python3 if it is not already installed:* set using the host name to your Seneca user namednf module:* install the git packageusing the dnf module:* create a new user with your Seneca_id (i.e. your Seneca user name) with sudo access:* configure the new user account created in the previous step so that you can ssh to it without password
:* setup a directory structs for completing and organizing labs as shown below:<source lang="bash">
/home/[seneca_id]/ops435ops535/lab0lab1 /home/[seneca_id]/ops435ops535/lab1lab2 /home/[seneca_id]/ops435ops535/lab2lab3 /home/[seneca_id]/ops435ops535/lab3lab4 /home/[seneca_id]/ops435ops535/lab4lab5 /home/[seneca_id]/ops435ops535/lab5lab6 /home/[seneca_id]/ops435ops535/lab6lab7 /home/[seneca_id]/ops435ops535/lab7lab8 /home/[seneca_id]/ops435ops535/lab8a1 /home/[seneca_id]/ops435ope535/lab9a2
</source>
:* create a playbook named "config_ops435ops535_vm_config.yml" to perform all the tasks mentioned above.:* test your playbook with the ansible-playbook command and capture its output when it complete without errorto a text file named "ops535_ansible_lab.txt"
= Ansible Lab 9 Sign-off (Show Instructor) =
== Have the following items ready to show your instructor: ==
: * The Ansible playbook called "config_ops435ops535_vm_config.yml" for configuring the VM mentioned in Lab 1.: * The result of running the playbook "config_ops435ops535_vm_config.yml". Save the result in a file called "lab9_[seneca_id]ops535_ansible_lab.txt"
== Upload the following files to blackboard ==
: * config_ops435ops535_vm_config.yml: * lab9_[seneca_id]ops535_ansible_lab.txt