Changes

[[Category:OPS535rchan]][[Category= Objective =:# Install and configure Ansible on a controller Linux machine:# Explore Ansible's ad hoc commands:rchan]][[Category# Explore Ansible's built-in modules:OPS535 Lab]]# Explore and create Ansible playbooks 

::Ansible is an agentless IT automation engine that automates for automating cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needssystem administration tasks.::Ansible was designed for multi-tier deployments since day oneuses no additional custom security infrastructure, and models your IT infrastructure by describing how all of your systems inter-relateit uses a very simple human readable language called 'YAML', rather than just managing one system at a timeto compose an Ansible Playbook which allow you to describes the tasks you want to automate.

= Reference =:* For more detail information about ansible, check out the ansible web site at [https://www.ansible.com. www.ansible.com]:* [https://www.ansible.com/overview/how-ansible-works Overview]:* [https://docs.ansible.com/ansible/latest/user_guide/index.html Ansible uses no agents Latest User Guide]:* [https://proquest-safaribooksonline-com.libaccess.senecacollege.ca/book/operating-systems-and no additional custom security infrastructure-server-administration/linux/9781785282300 Ansible Configuration Management] - Second Edition::* By: Daniel Hall, Publisher: Packt Publishing Pub. ::* Date: April 27, and it uses a very simple language called "YAML"2015, to compose an Ansible Playbook which allow you to describe your automation jobs ISBN-13: 978-1-78528-230-0::* Pages in a very simple way.Print Edition: 122

For more detail information about = System requirements =The instruction in this lab has been tested for CentOS 8.3.2011, and * You must have at lease two networked machines** control machine - run ansible, check out to configure remote node - need Ansible 2.9.16 (The IP address of control machine used in the example in this lab is 192.168.49.1)** managed machine(s) - to be managed by the control node (The IP address of the managed machine used in the ansible web site at [http://wwwexamples in this lab is 192.168.ansible49.com3)* You should be able to ssh from your control machine as a regular user to any of your remote machines as regular user without supplying a login password. www* You account on the remote machine should be a sudoer and can run sudo without password.ansible* You should also be able to ssh from your control machine as a regular user to any of your remote machines as root without supplying a login password* Python 3.com]6+ on all nodes

= Objectives Investigation I: Introduction to Ansible =: In this labintroduction, we explore the main components of the Ansible configuration management system and its operating environment. we also develop study a simple playbook to manage for managing the configuration of a CentOS 78.x VM. For : You need at least two VMs for this lab: one VM to be used as the control machine and one or more detail information about ansible, check out VMs to be used as the ansible web site at [https://wwwmanaged machines.ansible.com. https://www.ansibleYou only need to install Ansible on the control machine.com]

= Reference === Key Concepts when using Ansible==* YAML - a human-readable data serialization language & is commonly used for configuration filesuse by Ansible's playbooks. To know more, your can check out the [https://en.wikipedia.org/wiki/YAML wikipedia page here]* Control machine - (Management node)the host on which you use Ansible to execute tasks on the managed machines* Remote Managed machine - (Controlled node)a host that is configured by the control machine* Playbook [[OPS435 Sample Ansible Hosts file|Hosts file]] -* Inventory file contains information about machines to be managed -* click [[OPS435 Sample Ansible Hosts file -| here]] for sample hosts file* Ad hoc commands- a simple one-off task:

*** ansible 192.168.9949.153 3 -a 'date'*** ansible 192.168.9949.153 3 -a 'df' *** ansible 192.168.9949.153 3 -a 'iptables -L -n -v' -u root* Built-in modules - code that performs a particular task such as copy a file, installing a package, etc:

*** ansible 192.169168.9949.153 3 -m copy -a "src=/ops435home/rchan/ops535/ansible.txt dest=/tmp/ansible.txt"

*** ansible 192.168.9949.153 3 -m yum dnf -a "name=bind state=latest"* Playbooks - contains one or multiple plays, each play defines a set of repeatable tasks on one or more managed machines. Playbooks are written in YAML. Every play in the playbook is created with environment-specific parameters for the target machines: ** ansible-playbook -i 192.168.49.3, setup_webserver.yaml** ansible-playbook firstrun.yaml == Part 1: Installing Ansible on CentOS 8 ==: You only need to install the "ansible" package on your control VM. :* Issue the following command to install the "ansible" package: <source lang="bash"> sudo yum install ansible -y</source> :* You may have to install the following dependent packages:<source lang="bash">Dependencies resolved.========================================================================================== Package Architecture Version Repository Size==========================================================================================Installing: ansible noarch 2.9.17-1.el8 epel 17 MInstalling dependencies: libsodium x86_64 1.0.18-2.el8 epel 162 k python3-babel noarch 2.5.1-5.el8 appstream 4.8 M python3-bcrypt x86_64 3.1.6-2.el8.1 epel 44 k python3-jinja2 noarch 2.10.1-2.el8_0 appstream 538 k python3-jmespath noarch 0.9.0-11.el8 appstream 45 k python3-markupsafe x86_64 0.23-19.el8 appstream 39 k python3-pyasn1 noarch 0.3.7-6.el8 appstream 126 k python3-pynacl x86_64 1.3.0-5.el8 epel 100 k sshpass x86_64 1.06-9.el8 epel 27 kInstalling weak dependencies: python3-paramiko noarch 2.4.3-release status1.el8 epel 289 k Transaction Summary=============latest=============================================================================Install 11 Packages Total download size: 23 MInstalled size: 123 MIs this ok [y/N]: </source> : To confirm that you have Ansible installed, try the following command:<source lang="python">[rchan@c8 ~]$ ansible --helpusage: ansible [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD] [--become-user BECOME_USER] [-K] [-i INVENTORY] [--list-hosts] [-l SUBSET] [-P POLL_INTERVAL] [-B SECONDS] [-o] [-t TREE] [-k] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER] [-c CONNECTION] [-T TIMEOUT] [--ssh-common-args SSH_COMMON_ARGS] [--sftp-extra-args SFTP_EXTRA_ARGS] [--scp-extra-args SCP_EXTRA_ARGS] [--ssh-extra-args SSH_EXTRA_ARGS] [-C] [--syntax-check] [-D] [-e EXTRA_VARS] [--vault-id VAULT_IDS] [--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES] [-f FORKS] [-M MODULE_PATH] [--playbook-dir BASEDIR] [-a MODULE_ARGS] [-m MODULE_NAME] pattern...</source>: Take a look of all the available command line options for the "ansible" command. There are a lots of options when running Ansible. Let's move on to try a few simple ones. : To get more detail information about the version of ansible installed on your system, try to following command:<source lang="python">[rchan@host ~]$ ansible --versionansible 2.9.17 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/rchan/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]</source>

== Part 2: Sample runs for some of the Ad hoc commands ==

[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m copy -a "src=/home/rchan/ops435ops535/ansible/ansible.txt dest=/tmp/ansible.txt"192.168.9949.153 3 | SUCCESS CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "checksum": "837affc90674fb92cdb0ebac6e49ad31a586b37e82548876259158d4ba80a56ff311664353e49271", "dest": "/tmp/ansible.txt", "gid": 10011000, "group": "rchan", "md5sum": "78ae49d77d28d06173cf2194a39097320bcc4d27cff6cd55138dd615a09669ab", "mode": "0664", "owner": "rchan", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 106132, "src": "/home/rchan/.ansible/tmp/ansible-tmp-15429021191611895800.159722285-30336-117618539513309117758560038295/source", "state": "file", "uid": 10011000

</pre>: 192.168.49.3 is the remote machine's IP address.: "-m copy" tells ansible to use the copy module (type ansible-doc copy for module documentation): after '-a' is the arguments to the copy module, which specify the source file and the destination for the copy action.: If you got the same "CHANGED" status message, login to the remote machine (in this example, 192.168.49.3) and check the directory "/tmp" for the file ansible.txt. == Part 3: Sample runs for using some Ansible's built-in modules ==: "yum" is a built-in ansible module. You can get a complete list of all the ansible modules installed on you system with the following command:<source lang="bash"> ansisble-doc --list_files</source>: You can also get the detail information about any ansible module with the following command:<source lang="bash"> ansible-doc module_name  e.g. ansible_doc copy e.g. ansible_doc dnf</source>: The following command demonstrates how to install the "bind" package with the "yum" module and the response message under different conditions:<pre>[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m yum dnf -a "name=epel-release bind state=present"-b192.168.9949.153 3 | SUCCESS CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": falsetrue, "msg": "", "rc": 0,

"epel-release-7Installed: bind-32:9.11.noarch providing epel20-release is already installed5.el8.x86_64"

</pre>: Try the same ansible ad-hoc command again:<pre>[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m yum dnf -a "name=epel-release bind state=present" -u rootb192.168.9949.153 3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "msg": "Nothing to do", "rc": 0, "results": [ "epel-release-7-11.noarch providing epel-release is already installed" ]

</pre>: Try to install the latest version of the bind package:<pre>[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m yum dnf -a "name=epel-release bind state=latest" -u rootb192.168.9949.153 3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "msg": "Nothing to do", "rc": 0, "results": [ "All packages providing epel-release are up to date", "" ]

= Pre-Lab arrangement = = Lab Procedure === Part 4: Gather all the software and hardware information available on remote machine ==: One of the main ansible module is called "setup", it is automatically called by ansible playbook to gather useful "facts" about remote hosts that can be used in ansible playbooks. It can also be executed directly by the ansible command (/usr/bin/ansible) to check what "facts" are available to a host.

[rchan@centos7 ansiblehost ~]$ ansible 192.168.9949.153 3 -m setup192.168.9949.153 3 | SUCCESS => {

"192.168.122149.993", "192.168.49.3", "192.168.99.153162" ], "ansible_all_ipv6_addresses": [], "ansible_apparmor"fe80::5054:ff:fe11:6767", { "fe80status"::5054:ff:fe8c:b67c"disabled" ]}, "ansible_architecture": "x86_64", "ansible_bios_date": "04/01/2014", "ansible_bios_version": "1.913.10-52.module_el8.el7_33.20+555+a55c8938",

"BOOT_IMAGE": "(hd0,msdos1)/vmlinuz-34.1018.0-862240.141.41.el7el8_3.x86_64", "LANGcrashkernel": "auto", "quiet": true, "en_CArd.UTFlvm.lv": "cl/swap", "resume": "/dev/mapper/cl-swap", "rhgb": true, "ro": true, "root": "/dev/mapper/cl-8root" }, "ansible_date_time": { "consoledate": "ttyS02021-01-29", "day": "29", "epoch": "1611896933", "hour": "00", "iso8601": "2021-01-29T05:08:53Z", "iso8601_basic": "20210129T000853810313", 

  "ansible_swapfree_mb": 2047, "ansible_swaptotal_mb": 2047, "ansible_system": "Linux", "ansible_system_capabilities": [ "" ], "ansible_system_capabilities_enforced": "True", "ansible_system_vendor": "Red Hat", "ansible_uptime_seconds": 21711, "ansible_user_dir": "/home/rchan", "ansible_user_gecos": "Raymond Chan", "ansible_user_gid": 1000, "ansible_user_id": "rchan", "ansible_user_shell": "/bin/bash", "ansible_user_uid": 1000, "ansible_userspace_architecture": "x86_64", "ansible_userspace_bits": "64", "ansible_virtualization_role": "guest", "ansible_virtualization_type": "kvm", "discovered_interpreter_python": "/usr/libexec/platform-python", "gather_subset": [ "all" ],

},

[[OPS435_Ansible_setupOPS535_Ansible_setup|Click here for complete contents of the above]] = Investigation II: Ansible Playbook === What is a playbook? ==: * Playbook is one of the core features of Ansible.: * Playbook tells Ansible what to execute by which user on the remote machine.: * Playbook is like a to-do list for Ansible: * Playbook is written "YAML".: * Playbook links a task to an ansible module and provide needed arguments to the module which requires them. ==Part 1: A playbook to update the /etc/motd file ==Name: motd-play.yml<pre>---- hosts: 192.168.49.3 user: rchan become: yes vars: apache_version: 2.6 motd_warning: 'WARNING: use by ITAS faculty/students only.' testserver: yes tasks: - name: setup a MOTD copy: dest: /etc/motd content: "{{ motd_warning }}"</pre> Sample Run:<pre>[rchan@host ansible]$ ansible-playbook motd-play.yml PLAY [192.168.49.3] ********************************************************************** TASK [Gathering Facts] *******************************************************************ok: [192.168.49.3] TASK [setup a MOTD] **********************************************************************changed: [192.168.49.3] PLAY RECAP *******************************************************************************192.168.49.3 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0   </pre> == Part 2: A playbook to install and start Apache Server ==Name: httpd-play.yml<pre>---- hosts: 192.168.49.3 user: rchan become: yes vars: apache_version: 2.6 motd_warning: 'WARNING: use by ITAS faculty/students only.' testserver: yes tasks: - name: install apache action: yum name=httpd state=installed - name: restart apache service: name: httpd state: restarted</pre>Sample Run:<pre>[rchan@host ansible]$ ansible-playbook httpd-play.yml PLAY [192.168.49.3] ********************************************************************** TASK [Gathering Facts] *******************************************************************ok: [192.168.49.3] TASK [install apache] ********************************************************************changed: [192.168.49.3] TASK [restart apache] ********************************************************************changed: [192.168.49.3] PLAY RECAP *******************************************************************************192.168.49.3 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0  </pre>: Login to 192.168.49.3 and verify that apache web server has been installed and is up and running.

= Questions Investigation III: Using Playbook to config a CentOS 8.x VM for OPS535 =: You have just installed the latest version of CentOS 8.x on a VM with minimal packages. You need to configure it for doing OPS535 labs. The following configuration need to be done on that VM::* update all the packages installed on the VM to their latest version using the dnf module.:* install extra packages repository for enterprise Linux using the dnf module:* install the git package using the dnf module:* create a new user with your Seneca_id (i.e. your Seneca user name) with sudo access:* configure the new user account created in the previous step so that you can ssh to it without password:* setup a directory structs for completing and organizing labs as shown below:<source lang="bash"> /home/[seneca_id]/ops535/lab1 /home/[seneca_id]/ops535/lab2 /home/[seneca_id]/ops535/lab3 /home/[seneca_id]/ops535/lab4 /home/[seneca_id]/ops535/lab5 /home/[seneca_id]/ops535/lab6 /home/[seneca_id]/ops535/lab7 /home/[seneca_id]/ops535/lab8 /home/[seneca_id]/ops535/a1 /home/[seneca_id]/ope535/a2 </source>:* create a playbook named "ops535_vm_config.yml" to perform all the tasks mentioned above.:* test your playbook with the ansible-playbook command and capture its output to a text file named "ops535_ansible_lab.txt"

= Completing Ansible Lab Sign-off (Show Instructor) === Have the following items ready to show your instructor: ==: * The Ansible playbook called "ops535_vm_config.yml" for configuring the VM.: * The result of running the playbook "ops535_vm_config.yml". Save the Lab result in a file called "ops535_ansible_lab.txt"== Upload the following files to blackboard ==: * ops535_vm_config.yml: * ops535_ansible_lab.txt