OPS435 Ansible

From CDOT Wiki
Revision as of 00:59, 22 November 2019 by Rchan (talk | contribs) (Introduction to Ansible)
Jump to: navigation, search

Overview

Introduction to Ansible

"Ansible is an IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.
Ansible was designed for multi-tier deployments since day one, and models your IT infrastructure by describing how all of your systems inter-relate, rather than just managing one system at a time.
Ansible uses no agents and no additional custom security infrastructure, and it uses a very simple language called 'YAML', to compose an Ansible Playbook which allow you to describe your automation jobs in a very simple way."

For more detail information about ansible, check out the ansible web site at www.ansible.com

In this introduction, we explore the main components of the Ansible configuration management system and its operating environment. we also study a simple playbook for managing the configuration of a CentOS 7.x VM. For more detail information about ansible, check out the ansible web site at https://www.ansible.com

Key Concepts when using Ansible

  • YAML - a human-readable data serialization language & is commonly used for configuration files. To know more, your can check out the wikipedia page here
  • Control machine - (Management node)
  • Remote machine - (managed node)
  • playbook - contains one or multiple plays, each of which define the work to be done for a configuration on a managed server. Playbooks are written in YAML. Every play in the playbook is created with environment-specific parameters for the target machines; there are no standard plays.
  • Inventory file - defines the hosts and groups of hosts upon which commands, modules, and tasks in a playbook operate.
  • Hosts file - contains information about machines to be managed - click here for sample hosts file
  • Ad hoc commands
    • shell commands
      • ansible 192.168.99.153 -a 'date'
      • ansible 192.168.99.153 -a 'df'
      • ansible 192.168.99.153 -a 'iptables -L -n -v' -u root
    • copy module
      • ansible 192.169.99.153 -m copy -a "src=/ops435/ansible.txt dest=/tmp/ansible.txt"
    • Package management
      • ansible 192.168.99.153 -m yum -a "name=epel-release state=latest"

Sample runs for some of the Ad hoc commands

[rchan@centos7 ansible]$ ansible 192.168.99.153 -m copy -a "src=/home/rchan/ops435/ansible/ansible.txt dest=/tmp/ansible.txt"
192.168.99.153 | SUCCESS => {
    "changed": true, 
    "checksum": "837affc90674fb92cdb0ebac6e49ad31a586b37e", 
    "dest": "/tmp/ansible.txt", 
    "gid": 1001, 
    "group": "rchan", 
    "md5sum": "78ae49d77d28d06173cf2194a3909732", 
    "mode": "0664", 
    "owner": "rchan", 
    "secontext": "unconfined_u:object_r:user_home_t:s0", 
    "size": 106, 
    "src": "/home/rchan/.ansible/tmp/ansible-tmp-1542902119.15-117618539513309/source", 
    "state": "file", 
    "uid": 1001
}
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=present"
192.168.99.153 | SUCCESS => {
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "epel-release-7-11.noarch providing epel-release is already installed"
    ]
}
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=present" -u root
192.168.99.153 | SUCCESS => {
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "epel-release-7-11.noarch providing epel-release is already installed"
    ]
}
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=latest" -u root
192.168.99.153 | SUCCESS => {
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "All packages providing epel-release are up to date", 
        ""
    ]
}

Gather all the information available on remote machine

[rchan@centos7 ansible]$ ansible 192.168.99.153 -m setup
192.168.99.153 | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
            "192.168.122.99", 
            "192.168.99.153"
        ], 
        "ansible_all_ipv6_addresses": [
            "fe80::5054:ff:fe11:6767", 
            "fe80::5054:ff:fe8c:b67c"
        ], 
        "ansible_architecture": "x86_64", 
        "ansible_bios_date": "04/01/2014", 
        "ansible_bios_version": "1.9.1-5.el7_3.2", 
        "ansible_cmdline": {
            "BOOT_IMAGE": "/vmlinuz-3.10.0-862.14.4.el7.x86_64", 
            "LANG": "en_CA.UTF-8", 
            "console": "ttyS0", 
...
        "ansible_userspace_bits": "64", 
        "ansible_virtualization_role": "guest", 
        "ansible_virtualization_type": "kvm", 
        "module_setup": true
    }, 
    "changed": false
}

Click here for complete contents of the above

Ansible Playbook

Updating /etc/motd file

Name: motd-play.yml 

---
- hosts: 192.168.99.153
  user: root
  vars:
    apache_version: 2.6
    motd_warning: 'WARNING: use by ICT faculty/students only.'
    testserver: yes
  tasks:
    - name: setup a MOTD
      copy: 
        dest: /etc/motd
        content: "{{ motd_warning }}"

Sample Run: 

[rchan@centos7 playbooks]$ ansible-playbook motd-play.yml

PLAY [192.168.99.153] **********************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.99.153]

TASK [setup a MOTD] ************************************************************
changed: [192.168.99.153]

PLAY RECAP *********************************************************************
192.168.99.153             : ok=2    changed=1    unreachable=0    failed=0

Install and start Apache Server

Name: httpd-play.yml 

---
- hosts: 192.168.99.153
  user: root
  vars:
    apache_version: 2.6
    motd_warning: 'WARNING: use by ICT faculty/students only.'
    testserver: yes
  tasks:
    - name: install apache
      action: yum name=httpd state=installed
    
    - name: restart apache
      service: 
        name: httpd
        state: restarted

Sample Run: 

[rchan@centos7 playbooks]$ ansible-playbook httpd-play.yml

PLAY [192.168.99.153] **********************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.99.153]

TASK [install apache] **********************************************************
changed: [192.168.99.153]

TASK [restart apache] **********************************************************
changed: [192.168.99.153]

PLAY RECAP *********************************************************************
192.168.99.153             : ok=3    changed=2    unreachable=0    failed=0

Questions

System requirements

  • You must have at lease two networked machines
    • control node - run ansible to configure remote node - need Ansible 2.x (latest version 2.7)
    • remote nodes - to be managed by the control node
  • You should be to ssh from your control node as a regular user to any of your remote nodes as root user without supplying a login password.
  • Python 2.7+ on all nodes

Reference

Pages in Print Edition: 122

Retrieved from "https://wiki.cdot.senecapolytechnic.ca/w/index.php?title=OPS435_Ansible&oldid=142156"