OPS435 Ansible
Contents
Overview
- "Ansible is an IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.
- Ansible was designed for multi-tier deployments since day one, and models your IT infrastructure by describing how all of your systems inter-relate, rather than just managing one system at a time.
- Ansible uses no agents and no additional custom security infrastructure, and it uses a very simple language called 'YAML', to compose an Ansible Playbook which allow you to describe your automation jobs in a very simple way."
For more detail information about ansible, check out the ansible web site at www.ansible.com
Objective
- Install and configure Ansible on a controller Linux machine
- Explore Ansible's ad hoc commands
- Explore Ansible's built-in modules
- Explore and create Ansible playbooks
Investigation I: Introduction to Ansible
In this introduction, we explore the main components of the Ansible configuration management system and its operating environment. we also study a simple playbook for managing the configuration of a CentOS 7.x VM. For more detail information about ansible, check out the ansible web site at https://www.ansible.com
Key Concepts when using Ansible
- YAML - a human-readable data serialization language & is commonly used for configuration files. To know more, your can check out the wikipedia page here
- Control machine - (Management node)
- Remote machine - (managed node)
- playbook - contains one or multiple plays, each of which define the work to be done for a configuration on a managed server. Playbooks are written in YAML. Every play in the playbook is created with environment-specific parameters for the target machines; there are no standard plays.
- Inventory file - defines the hosts and groups of hosts upon which commands, modules, and tasks in a playbook operate.
- Hosts file - contains information about machines to be managed - click here for sample hosts file
- Ad hoc commands
- shell commands
- ansible 192.168.99.153 -a 'date'
- ansible 192.168.99.153 -a 'df'
- ansible 192.168.99.153 -a 'iptables -L -n -v' -u root
- shell commands
- Built-in modules
- copy module
- ansible 192.168.99.153 -m copy -a "src=/ops435/ansible.txt dest=/tmp/ansible.txt"
- Package management
- ansible 192.168.99.153 -m yum -a "name=epel-release state=latest"
- copy module
- Running Ansible Playbooks
- ansible-playbook -i 192.168.99.153, setup_webserver.yaml
- ansible-playbook firstrun.yaml
Installing Ansible on CentOS 7
Sample runs for some of the Ad hoc commands
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m copy -a "src=/home/rchan/ops435/ansible/ansible.txt dest=/tmp/ansible.txt" 192.168.99.153 | SUCCESS => { "changed": true, "checksum": "837affc90674fb92cdb0ebac6e49ad31a586b37e", "dest": "/tmp/ansible.txt", "gid": 1001, "group": "rchan", "md5sum": "78ae49d77d28d06173cf2194a3909732", "mode": "0664", "owner": "rchan", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 106, "src": "/home/rchan/.ansible/tmp/ansible-tmp-1542902119.15-117618539513309/source", "state": "file", "uid": 1001 }
Sample runs for using some Ansible's built-in modules
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=present" 192.168.99.153 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "epel-release-7-11.noarch providing epel-release is already installed" ] } [rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=present" -u root 192.168.99.153 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "epel-release-7-11.noarch providing epel-release is already installed" ] } [rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=latest" -u root 192.168.99.153 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "All packages providing epel-release are up to date", "" ] }
Gather all the information available on remote machine
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m setup 192.168.99.153 | SUCCESS => { "ansible_facts": { "ansible_all_ipv4_addresses": [ "192.168.122.99", "192.168.99.153" ], "ansible_all_ipv6_addresses": [ "fe80::5054:ff:fe11:6767", "fe80::5054:ff:fe8c:b67c" ], "ansible_architecture": "x86_64", "ansible_bios_date": "04/01/2014", "ansible_bios_version": "1.9.1-5.el7_3.2", "ansible_cmdline": { "BOOT_IMAGE": "/vmlinuz-3.10.0-862.14.4.el7.x86_64", "LANG": "en_CA.UTF-8", "console": "ttyS0", ... "ansible_userspace_bits": "64", "ansible_virtualization_role": "guest", "ansible_virtualization_type": "kvm", "module_setup": true }, "changed": false }
Click here for complete contents of the above
Ansible Playbook
Updating /etc/motd file
Name: motd-play.yml
--- - hosts: 192.168.99.153 user: root vars: apache_version: 2.6 motd_warning: 'WARNING: use by ICT faculty/students only.' testserver: yes tasks: - name: setup a MOTD copy: dest: /etc/motd content: "{{ motd_warning }}"
Sample Run:
[rchan@centos7 playbooks]$ ansible-playbook motd-play.yml PLAY [192.168.99.153] ********************************************************** TASK [Gathering Facts] ********************************************************* ok: [192.168.99.153] TASK [setup a MOTD] ************************************************************ changed: [192.168.99.153] PLAY RECAP ********************************************************************* 192.168.99.153 : ok=2 changed=1 unreachable=0 failed=0
Install and start Apache Server
Name: httpd-play.yml
--- - hosts: 192.168.99.153 user: root vars: apache_version: 2.6 motd_warning: 'WARNING: use by ICT faculty/students only.' testserver: yes tasks: - name: install apache action: yum name=httpd state=installed - name: restart apache service: name: httpd state: restarted
Sample Run:
[rchan@centos7 playbooks]$ ansible-playbook httpd-play.yml PLAY [192.168.99.153] ********************************************************** TASK [Gathering Facts] ********************************************************* ok: [192.168.99.153] TASK [install apache] ********************************************************** changed: [192.168.99.153] TASK [restart apache] ********************************************************** changed: [192.168.99.153] PLAY RECAP ********************************************************************* 192.168.99.153 : ok=3 changed=2 unreachable=0 failed=0
Questions
System requirements
- You must have at lease two networked machines
- control node - run ansible to configure remote node - need Ansible 2.x (latest version 2.7)
- remote nodes - to be managed by the control node
- You should be to ssh from your control node as a regular user to any of your remote nodes as root user without supplying a login password.
- Python 2.7+ on all nodes
Reference
- Ansible Configuration Management - Second Edition By: Daniel Hall, Publisher: Packt Publishing Pub. Date: April 27, 2015,ISBN-13: 978-1-78528-230-0
Pages in Print Edition: 122