How to install and configure Ansible

Ansible is a powerful configuration tool developed by Red Hat and is used for the bulk configuration of servers automatically. It allows you to create vast infrastructure by running playbooks. It is currently only available on Linux and can run on any Linux server with Python installed.

Note – this is an evolving blog post as I learn Ansible from scratch

RULE #1 – INSTALL PYTHON ON ALL SERVERS

Ansible will only work if ALL of your servers are running python. Version 2.7 is recommended as a minimum.

RULE #2 – SEE RULE 1

Lab Setup

  • 4x Linux Ubuntu servers (version 16.04) have been built called:
    • Ansibile-web
    • Ansiblie-app
    • Ansibile-db
    • Ansible-controlserver
  • SSH RSA Key Configured

Installing Ansible

Add Ansible Repo and Installing Ansible

$ sudo apt-get update

$ sudo apt-get install software-properties-common

$ sudo apt-add-repository ppa:ansible/ansible

$ sudo apt-get update

$ sudo apt-get install ansible

Ansible Host file

The host file does what it says, it lists all the hosts in the Ansible setup. You can group your hosts, for example, you could have all your DB Servers group, all your web servers grouped etc.

Then you can manage the entire group instead of each machine individually.

ansible all --list-hosts

hosts (4):

ansible-dbserver.turbonet

ansible-webserver

ansible-appserver.turbonet

localhost

ansible –list-host all

ansible all -m ping

192.168.1.181 | SUCCESS => {

"changed": false,

"ping": "pong"

}

192.168.1.178 | SUCCESS => {

"changed": false,

"ping": "pong"

}

192.168.1.179 | SUCCESS => {

"changed": false,

"ping": "pong"

}

You can override the host file using the dash i

Ansible apacheweb -i rbhost -m ping

Ansible can ping all hosts

ansible -m shell -a 'hostname' all

192.168.1.178 | SUCCESS | rc=0 >>

ansible-webserver

192.168.1.181 | SUCCESS | rc=0 >>

ansible-dbserver

192.168.1.179 | SUCCESS | rc=0 >>

ansible-appserver

ansible.cfg

The Ansible.cfg is a System wide configuration file. This can be over-ridden if needed.

Mkdir test

Vim hosts

Create an Ansible User ID

An ansible system account can be set up to use no password

[email protected]:~/myplatform/test$ sudo useradd ansible

[email protected]:~/myplatform/test$ sudo passwd ansible

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

sudo visudo

[email protected]:~/myplatform/test$ su ansible

Password:

[email protected]:/home/richard/myplatform/test$

Now you wont be prompted for password every time you run sudo blablabla

Then check ansible config

Next add key to local host

Ssh-copy-id-localhost.localdomain

REPEAT ON ALL ANSIBLE CONTROL SERVERS

Ansible: Learning Basic Commands

How to Ping all hosts

ansible all -m ping

How to List packages installed

ansible all -s -m shell -a 'apt list --installed | grep python' –ask-become-pass

How to Install telnet on all servers

ansible all -s -m shell -a 'apt-get install telnet' --ask-become-pass

Install Lynx web browser

ansible all -s -m shell -a 'apt-get install lynx -y' --ask-become-pass

Check disk space on all servers

ansible -m shell -a 'df -h' all

192.168.1.178 | SUCCESS | rc=0 >>

Filesystem Size Used Avail Use% Mounted on

udev 926M 0 926M 0% /dev

tmpfs 191M 5.9M 185M 4% /run

/dev/mapper/ansible--webserver--vg-root 18G 2.1G 15G 13% /

tmpfs 953M 0 953M 0% /dev/shm

tmpfs 5.0M 0 5.0M 0% /run/lock

tmpfs 953M 0 953M 0% /sys/fs/cgroup

tmpfs 191M 0 191M 0% /run/user/1000

192.168.1.179 | SUCCESS | rc=0 >>

Filesystem Size Used Avail Use% Mounted on

udev 926M 0 926M 0% /dev

tmpfs 191M 5.9M 185M 4% /run

/dev/mapper/ansible--appserver--vg-root 18G 2.1G 15G 13% /

tmpfs 953M 0 953M 0% /dev/shm

tmpfs 5.0M 0 5.0M 0% /run/lock

tmpfs 953M 0 953M 0% /sys/fs/cgroup

tmpfs 191M 0 191M 0% /run/user/1000

192.168.1.181 | SUCCESS | rc=0 >>

Filesystem Size Used Avail Use% Mounted on

udev 1.9G 0 1.9G 0% /dev

tmpfs 393M 11M 382M 3% /run

/dev/mapper/ansible--dbserver--vg-root 16G 2.1G 13G 14% /

tmpfs 2.0G 0 2.0G 0% /dev/shm

tmpfs 5.0M 0 5.0M 0% /run/lock

tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup

tmpfs 393M 0 393M 0% /run/user/1000

When running commands ansible uses my credentials Richard

ansible -m shell -a 'whoami' all

192.168.1.178 | SUCCESS | rc=0 >>

richard

192.168.1.179 | SUCCESS | rc=0 >>

richard

192.168.1.181 | SUCCESS | rc=0 >>

Richard

Create users on all servers

ansible -b -K -m user -a 'name=testuser' all

SUDO password:

192.168.1.178 | SUCCESS => {

"changed": true,

"comment": "",

"createhome": true,

"group": 1001,

"home": "/home/testuser",

"name": "testuser",

"shell": "",

"state": "present",

"system": false,

"uid": 1001

}

192.168.1.179 | SUCCESS => {

"changed": true,

"comment": "",

"createhome": true,

"group": 1001,

"home": "/home/testuser",

"name": "testuser",

"shell": "",

"state": "present",

"system": false,

"uid": 1001

}

192.168.1.181 | SUCCESS => {

"changed": true,

"comment": "",

"createhome": true,

"group": 1001,

"home": "/home/testuser",

"name": "testuser",

"shell": "",

"state": "present",

"system": false,

"uid": 1001

}

Use Ansible to check if users have been created

ansible -m shell -a ‘getent passwd | grep testuser’ all

192.168.1.179 | SUCCESS | rc=0 >>

testuser:x:1001:1001::/home/testuser:

192.168.1.178 | SUCCESS | rc=0 >>

testuser:x:1001:1001::/home/testuser:

192.168.1.181 | SUCCESS | rc=0 >>

testuser:x:1001:1001::/home/testuser:

Use Ansible to remove test user

ansible -b -K -m user -a ‘name=testuser state=absent’ all

SUDO password:

192.168.1.178 | SUCCESS => {

“changed”: true,

“force”: false,

“name”: “testuser”,

“remove”: false,

“state”: “absent”

}

192.168.1.179 | SUCCESS => {

“changed”: true,

“force”: false,

“name”: “testuser”,

“remove”: false,

“state”: “absent”

}

192.168.1.181 | SUCCESS => {

“changed”: true,

“force”: false,

“name”: “testuser”,

“remove”: false,

“state”: “absent”

}

Test its been removed

ansible -m shell -a ‘getent passwd | grep testuser’ all

192.168.1.179 | FAILED | rc=1 >>

non-zero return code

192.168.1.178 | FAILED | rc=1 >>

non-zero return code

192.168.1.181 | FAILED | rc=1 >>

non-zero return code

System Facts

This is a file used by ansible that queries the computer information

ansible local -m setup

You can write it to tmp

ansible local -m setup –tree /tmp/facts

you can cat it for information

ansible local -m setup -a ‘filter=*ipv4*’ NB – if you grep it will grep blank info

System Facts – common values for playbooks

ansible apacheweb -m setup -a “filter=ansible_architecture”

ansible all -m setup -a “filter=ansible_fqdn”

ansible all -m setup -a “filter=ansible_kernel”

ansible all -m setup -a “filter=ansible_memtotal_mb”

ansible all -m setup -a “filter=ansible_proc*”

ansible all -m setup -a “filter=ansible_vir*”

Ansible Roles

Role is a list of commands that Ansible will execute on target machine in given order. Every role is in the directory ROLES > TASKS > Main.yml

Ansible Playbooks

Playbook is used to define which roles are applied against a target machine

If Ansible modules are the tools in your workshop, playbooks are your instruction manuals, and your inventory of hosts are your raw material.

Running playbooks when SUDO

Must use –ask-become-pass

MySQL Playbook

https://galaxy.ansible.com/geerlingguy/mysql/

role = vars/main.yml

playbook = playbook.yml

note I spelt the username incorrectly.

ROLE

mysql_root_password: XXXXXXXXXXXXXXXXXXXXXXXXX

mysql_databases:

– name: ansible_db

encoding: latin1

collation: latin1_general_ci

mysql_users:

– name: ansible-dba

host: “%”

password: xxxxxxxxxxxxxxxxxxxxx

priv: “ansible_db.*:ALL”

Playbook

– hosts: database

sudo: yes

vars_files:

– vars/main.yml

roles:

– { role: geerlingguy.mysql }

Further Training

Configuration management = Ansible

Orchestration tool

Ansible always uses PUSH method

Uses YAML – easy to read for humans

Documentation / man / help

Ansible documentation man ansible doc

Ansible-doc ec2

Ansible-doc htaccess

Eg

EXAMPLES:

# Note: These examples do not set authentication details, see the AWS Guide for details.

# Basic provisioning example

– ec2:

key_name: mykey

instance_type: t2.micro

image: ami-123456

wait: yes

group: webserver

count: 3

vpc_subnet_id: subnet-29e63245

assign_public_ip: yes

first tasks

  • create ansible master user
  • disable selinux
  • create playbooks mkdir
  • When done in production you will need to create SSH Key between ALL your servers (Multidirectional)

Background

Ansible Tower – Enterprise paid for version

Installing Jenkins

Jenkins Debian packages

This is the Debian package repository of Jenkins to automate installation and upgrade. To use this repository, first add the key to your system:

wget -q -O – https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add –

Then add the following entry in your /etc/apt/sources.list:

deb https://pkg.jenkins.io/debian-stable binary/

Update your local package index, then finally install Jenkins:

sudo apt-get update

sudo apt-get install jenkins

See Wiki for more information, including notes regarding upgrade from Hudson.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow by Email
YouTube
YouTube
Instagram