Changes

Jump to: navigation, search

Ops535 ansible lab

10,835 bytes added, 21:06, 26 November 2020
no edit summary
[[Category:OPS535OPS435]][[Category:rchan]][[Category:OPS535 OPS435 Lab]]= Objective =:# Install and configure Ansible on a controller Linux machine:# Explore Ansible's ad hoc commands:# Explore Ansible's built-in modules:# Explore and create Ansible playbooks 
= Overview =
::Ansible is an agentless IT automation engine that automates for automating cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needssystem administration tasks.::Ansible was designed for multi-tier deployments since day oneuses no additional custom security infrastructure, and models your IT infrastructure by describing it uses a very simple human readable language called 'YAML', to compose an Ansible Playbook which allow you to describes the tasks you want to automate. = Reference =:* For more detail information about ansible, check out the ansible web site at [http://www.ansible.com. www.ansible.com]:* [https://www.ansible.com/overview/how all of your -ansible-works Overview]:* [https://docs.ansible.com/ansible/latest/user_guide/index.html Ansible Latest User Guide]:* [https://proquest-safaribooksonline-com.libaccess.senecacollege.ca/book/operating-systems inter-relateand-server-administration/linux/9781785282300 Ansible Configuration Management] - Second Edition::* By: Daniel Hall, rather than just managing one system at a timePublisher: Packt Publishing Pub.::* Date: April 27, 2015,ISBN-13: 978-1-78528-230-0::* Pages in Print Edition: 122
= System requirements =* You must have at lease two networked machines** control machine - run ansible to configure remote node - need Ansible uses no agents 2.x (latest version 2.7)** managed machine(s) - to be managed by the control node* You should be able to ssh from your control machine as a regular user to any of your remote machines as regular user without supplying a login password.* You account on the remote machine should be a sudoer and no additional custom security infrastructure, and it uses can run sudo without password.* You should also be to ssh from your control machine as a very simple language called "YAML", to compose an Ansible Playbook which allow you regular user to describe any of your automation jobs in remote machines as root without supplying a very simple waylogin password* Python 2.7+ on all nodes
For more detail information about ansible, check out the ansible web site at [http://www.ansible.com. www.ansible.com]
= Objectives Investigation I: Introduction to Ansible =: In this labintroduction, we explore the main components of the Ansible configuration management system and its operating environment. we also develop study a simple playbook to manage for managing the configuration of a CentOS 7.x VM. For : You need at least two VMs for this lab: one VM to be used as the control machine and one or more detail information about ansible, check out VMs to be used as the ansible web site at [https://wwwmanaged machines.ansible.com. https://www.ansibleYou only need to install Ansible on the control machine.com]
= Reference =[https://docs.ansible.com/ansible/latest/user_guide/index.html Ansible Latest User Guide]== Key Concepts when using Ansible==* YAML - a human-readable data serialization language & is commonly used for configuration filesuse by Ansible's playbooks. To know more, your can check out the [https://en.wikipedia.org/wiki/YAML wikipedia page here]* Control machine - (Management node)the host on which you use Ansible to execute tasks on the managed machines* Remote Managed machine - (Controlled node)a host that is configured by the control machine* Playbook [[OPS435 Sample Ansible Hosts file|Hosts file]] -* Inventory file contains information about machines to be managed -* click [[OPS435 Sample Ansible Hosts file -| here]] for sample hosts file* Ad hoc commands- a simple one-off task:
** <u><b>shell commands</b></u>
*** ansible 192.168.99.153 -a 'date'*** ansible 192.168.99.153 -a 'df' *** ansible 192.168.99.153 -a 'iptables -L -n -v' -u root* Built-in modules - code that performs a particular task such as copy a file, installing a package, etc:
** <u><b>copy module</b></u>
*** ansible 192.169168.99.153 -m copy -a "src=/ops435/ansible.txt dest=/tmp/ansible.txt"
** <u><b>Package management</b></u>
*** ansible 192.168.99.153 -m yum -a "name=epel-release statusstate=latest"* Playbooks - contains one or multiple plays, each play defines a set of repeatable tasks on one or more managed machines. Playbooks are written in YAML. Every play in the playbook is created with environment-specific parameters for the target machines: ** ansible-playbook -i 192.168.99.153, setup_webserver.yaml** ansible-playbook firstrun.yaml== Hardware and software required== Part 1: Installing Ansible on CentOS 7 ==: You only need to install the "ansible" package on your control VM. :* Login as a regular user, change to the directory ~/ops435/lab9:* Issue the following command to install the "ansible" package: <source lang="bash"> sudo yum install ansible -y</source> :* You may have to install the following dependent packages:<source lang="bash">Dependencies Resolved ===================================================================================================================== Package Arch Version Repository Size=====================================================================================================================Installing: ansible noarch 2.9.1-1.el7 epel 17 MInstalling for dependencies: python-babel noarch 0.9.6-8.el7 base 1.4 M python-cffi x86_64 1.6.0-5.el7 base 218 k python-enum34 noarch 1.0.4-1.el7 base 52 k python-httplib2 noarch 0.9.2-1.el7 extras 115 k python-idna noarch 2.4-1.el7 base 94 k python-jinja2 noarch 2.7.2-4.el7 base 519 k python-markupsafe x86_64 0.11-10.el7 base 25 k python-paramiko noarch 2.1.1-9.el7 base 269 k python-ply noarch 3.4-11.el7 base 123 k python-pycparser noarch 2.14-1.el7 base 104 k python2-cryptography x86_64 1.7.2-2.el7 base 502 k python2-jmespath noarch 0.9.0-3.el7 extras 39 k python2-pyasn1 noarch 0.1.9-7.el7 base 100 k sshpass x86_64 1.06-2.el7 extras 21 k Transaction Summary=====================================================================================================================Install 1 Package (+14 Dependent packages) Total download size: 21 MInstalled size: 120 MIs this ok [y/d/N]: </source> : To confirm that you have Ansible installed, try the following command:<source lang="python">[rchan@c7-rchan ~]$ ansible --helpusage: ansible [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD] [--become-user BECOME_USER] [-K] [-i INVENTORY] [--list-hosts] [-l SUBSET] [-P POLL_INTERVAL] [-B SECONDS] [-o] [-t TREE] [-k] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER] [-c CONNECTION] [-T TIMEOUT] [--ssh-common-args SSH_COMMON_ARGS] [--sftp-extra-args SFTP_EXTRA_ARGS] [--scp-extra-args SCP_EXTRA_ARGS] [--ssh-extra-args SSH_EXTRA_ARGS] [-C] [--syntax-check] [-D] [-e EXTRA_VARS] [--vault-id VAULT_IDS] [--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES] [-f FORKS] [-M MODULE_PATH] [--playbook-dir BASEDIR] [-a MODULE_ARGS] [-m MODULE_NAME] pattern...</source>: Take a look of all the available command line options for the "ansible" command. There are a lots of options when running Ansible. Let's move on to try a few simple ones.
== Part 2: Sample runs for some of the Ad hoc commands ==
<pre>
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m copy -a "src=/home/rchan/ops435/ansible/ansible.txt dest=/tmp/ansible.txt"
"uid": 1001
}
</pre>
: 192.168.99.153 is the remote machine's IP address.
: "-m copy" tells ansible to use the copy module
: after '-a' is the arguments to the copy module, which specify the source file and the destination for the copy action.
: If you got the same "SUCCESS" message, login to the remote machine (in this example, it is 192.168.99.153) and check the directory "/tmp" for the file ansible.txt.
 
== Part 3: Sample runs for using some Ansible's built-in modules ==
: "yum" is a built-in ansible module. You can get a complete list of all the ansible modules installed on you system with the following command:<source lang="bash">
ansisble-doc --list_files
</source>
: You can also get the detail information about any ansible module with the following command:<source lang="bash">
ansible-doc module_name
 
e.g. ansible_doc yum
</source>
: The following command demonstrates how to install the "epel-release" package with the "yum" module:
<pre>
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=present"
192.168.99.153 | SUCCESS => {
]
}
 
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=present" -u root
192.168.99.153 | SUCCESS => {
]
}
 
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m yum -a "name=epel-release state=latest" -u root
192.168.99.153 | SUCCESS => {
</pre>
= Pre-Lab arrangement = Part 4: Gather software and hardware information available on remote machine ==* You must have at lease two networked machines** control node - run : One of the main ansible module is called "setup", it is automatically called by ansible playbook to configure gather useful "facts" about remote node** remote nodes - to hosts that can be used in ansible playbooks. It can also be managed executed directly by the control node* You should be ansible command (/usr/bin/ansible) to ssh from your control node as a regular user check what "facts" are available to any of your remote nodes as root user without supplying a login password.* Python 2host.7+ on all nodes = Lab Procedure === Gather all the information available on remote machine ==
<pre>
[rchan@centos7 ansible]$ ansible 192.168.99.153 -m setup
[[OPS435_Ansible_setup|Click here for complete contents of the above]]
= Questions Investigation II: Ansible Playbook === What is a playbook? ==: * Playbook is one of the core features of Ansible.: * Playbook tells Ansible what to execute by which user on the remote machine.: * Playbook is like a to-do list for Ansible: * Playbook is written "YAML".: * Playbook links a task to an ansible module and provide needed arguments to the module which requires them. ==Part 1: A playbook to update the /etc/motd file ==Name: motd-play.yml<pre>---- hosts: 192.168.99.153 user: root vars: apache_version: 2.6 motd_warning: 'WARNING: use by ICT faculty/students only.' testserver: yes tasks: - name: setup a MOTD copy: dest: /etc/motd content: "{{ motd_warning }}"</pre> Sample Run:<pre>[rchan@centos7 playbooks]$ ansible-playbook motd-play.yml PLAY [192.168.99.153] ********************************************************** TASK [Gathering Facts] *********************************************************ok: [192.168.99.153] TASK [setup a MOTD] ************************************************************changed: [192.168.99.153] PLAY RECAP *********************************************************************192.168.99.153 : ok=2 changed=1 unreachable=0 failed=0  </pre> == Part 2: A playbook to install and start Apache Server ==Name: httpd-play.yml<pre>---- hosts: 192.168.99.153 user: root vars: apache_version: 2.6 motd_warning: 'WARNING: use by ICT faculty/students only.' testserver: yes tasks: - name: install apache action: yum name=httpd state=installed - name: restart apache service: name: httpd state: restarted</pre>Sample Run:<pre>[rchan@centos7 playbooks]$ ansible-playbook httpd-play.yml PLAY [192.168.99.153] ********************************************************** TASK [Gathering Facts] *********************************************************ok: [192.168.99.153] TASK [install apache] **********************************************************changed: [192.168.99.153] TASK [restart apache] **********************************************************changed: [192.168.99.153] PLAY RECAP *********************************************************************192.168.99.153 : ok=3 changed=2 unreachable=0 failed=0  </pre>= Investigation III: Using Playbook to config a OPS435 Linux machine =: You have just installed the latest version of CentOS 7.x on a VM with GNOME Desktop. You need to configure it so that you can use it for doing the Labs for OPS435. The following configuration need to be done on that VM::* update all the packages installed on the VM:* install extra packages repository for enterprise Linux:* install python3 if it is not already installed:* set the host name to your Seneca user name:* install the git package:* create a new user with your Seneca_id with sudo access:* configure the new user account so that you can ssh to it without password:* setup a directory structs for completing and organizing labs as shown below:<source lang="bash"> /home/[seneca_id]/ops435/lab0 /home/[seneca_id]/ops435/lab1 /home/[seneca_id]/ops435/lab2 /home/[seneca_id]/ops435/lab3 /home/[seneca_id]/ops435/lab4 /home/[seneca_id]/ops435/lab5 /home/[seneca_id]/ops435/lab6 /home/[seneca_id]/ops435/lab7 /home/[seneca_id]/ops435/lab8 /home/[seneca_id]/ops435/lab9</source>:* create a playbook named "config_ops435.yml" to perform the tasks mentioned above.:* test your playbook and capture its output when it complete without error.
= Completing Lab 9 Sign-off (Show Instructor) === Have the following items ready to show your instructor: ==: * The Ansible playbook called "config_ops435.yml" for configuring the VM mentioned in Lab 1.: * The result of running the playbook "config_ops435.yml". Save the result in a file called "lab9_[seneca_id].txt"== Upload the following files to blackboard ==: * config_ops435.yml: * lab9_[seneca_id].txt
1,760
edits

Navigation menu