What is Ansible
A Linux Engineer’s guide to Ansible
This guide is created for system administrators who already know their way around RedHat or Centos. I will cover what you need to deploy to your production environment with the aim of fast-tracking your learning. You should already know about ansible playbook, ansible tower and ansible galaxy.
What is Ansible
Ansible is a configuration management tool and Orchestration tool. I tend to use it for bulk tasks such as bulk-adding users and creating the desired state configuration across the infrastructure that I manage.
The Basics
This ansible tutorial is to recap the fundamental concepts:
- An Ansible command will always use the PUSH method
- You must know what a YAML script is, and the basics of writing YAML
- Python 2.7 is a minimum requirement although it would be advisable to have at least version 3 installed across the estate
What is needed to start with Ansible
First, you need to build or nominate a primary controller node. I would always recommend having a standalone server running RedHat 8
The first tasks to complete are:
- create an ansible user account
- set SELinux to permissive for ansible
- create playbooks using mkdir
- When working in production you will need to create SSH Key between ALL your servers (Multidirectional
Installing Ansible
How to add Ansible Repository and Install Ansible
Unless you use RedHat, the Ansible repository is not available by default. To configure your Linux distro type:
Install Ansible on RedHat / CentOS
For RedHat 8 – Enable the Ansible RHEL8 Repo
$ sudo subscription-manager repos --enable ansible-2.9-for-rhel-8-x86_64-rpms
For RedHat 7 – Enable the Ansible RHEL7 Repo
$ sudo subscription-manager repos --enable rhel-7-server-ansible-2.9-rpms
Install
sudo yum install ansible
Install Ansible on Ubuntu
Follow these steps to install on Ubuntu
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible
Ansible is a small installation of only about 16MB at the time of writing.
Install Ansible on mac
The easiest way is to install from the terminal using brew.sh
brew install --cask ansible-dk
Ansible Host file
The Ansible host file contains many attributes in your Ansible environment. Includes the IP. DNS or hostname details of your Linux servers
Default location is /etc/ansible/hosts
Ansible uses the entries in a hosts file, you call the group of servers using [my-servers]
ansible all --list-hosts
Example output below
The first test is to ping the hosts to make sure there are no network issues:
The “all” refers to the hosts in your host file (see above)
ansible all -m ping
192.168.1.181 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
192.168.1.178 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
192.168.1.179 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
You can override the host file using the dash -i
Ansible can ping all hosts
ansible -m shell -a 'hostname' all
192.168.1.178 | SUCCESS | rc=0 >>
ansible-webserver
192.168.1.181 | SUCCESS | rc=0 >>
ansible-dbserver
192.168.1.179 | SUCCESS | rc=0 >>
ansible-appserver
What is the ansible.cfg file?
Certain settings in Ansible are adjustable via a configuration file (ansible.cfg). The stock configuration should be sufficient for most users, but there may be reasons you would want to change them. Paths where configuration file is searched are listed in reference documentation.
Create an Ansible User ID
An ansible system account can be set up to use no password
sudo useradd ansible sudo passwd ansible
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Add user to sudoers file
Adding your ansible user account to the sudoers makes administration a lot easier
sudo visudo
Next log in as the ansible user with the password created above
su ansible
Now you wont be prompted for password every time you run sudo
Then check the ansible config file
Next add key to local host
Ssh-copy-id-localhost.localdomain
REPEAT THIS PROCESS ON ALL ANSIBLE CONTROL SERVERS
Ansible – Basic Commands
Ping all hosts
ansible all -m ping
List packages installed
ansible all -s -m shell -a 'apt list --installed | grep python' –ask-become-pass
Install software on all ansible nodes
ansible all -s -m shell -a 'apt-get install telnet' --ask-become-pass
Install Lynx web browser
ansible all -s -m shell -a 'apt-get install lynx -y' --ask-become-pass
Check disk space on all servers
ansible -m shell -a 'df -h' all
192.168.1.178 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
udev 926M 0 926M 0% /dev
tmpfs 191M 5.9M 185M 4% /run
/dev/mapper/ansible–webserver–vg-root 18G 2.1G 15G 13% /
tmpfs 953M 0 953M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 953M 0 953M 0% /sys/fs/cgroup
tmpfs 191M 0 191M 0% /run/user/1000
192.168.1.179 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
udev 926M 0 926M 0% /dev
tmpfs 191M 5.9M 185M 4% /run
/dev/mapper/ansible–appserver–vg-root 18G 2.1G 15G 13% /
tmpfs 953M 0 953M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 953M 0 953M 0% /sys/fs/cgroup
tmpfs 191M 0 191M 0% /run/user/1000
192.168.1.181 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
udev 1.9G 0 1.9G 0% /dev
tmpfs 393M 11M 382M 3% /run
/dev/mapper/ansible–dbserver–vg-root 16G 2.1G 13G 14% /
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
tmpfs 393M 0 393M 0% /run/user/1000
When running commands ansible uses my credentials Richard
ansible -m shell -a 'whoami' all
192.168.1.178 | SUCCESS | rc=0 >>
richard
192.168.1.179 | SUCCESS | rc=0 >>
richard
192.168.1.181 | SUCCESS | rc=0 >>
Richard
How to create users on all servers
ansible -b -K -m user -a 'name=testuser' all
SUDO password:
192.168.1.178 | SUCCESS => {
“changed”: true,
“comment”: “”,
“createhome”: true,
“group”: 1001,
“home”: “/home/testuser”,
“name”: “testuser”,
“shell”: “”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
192.168.1.179 | SUCCESS => {
“changed”: true,
“comment”: “”,
“createhome”: true,
“group”: 1001,
“home”: “/home/testuser”,
“name”: “testuser”,
“shell”: “”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
192.168.1.181 | SUCCESS => {
“changed”: true,
“comment”: “”,
“createhome”: true,
“group”: 1001,
“home”: “/home/testuser”,
“name”: “testuser”,
“shell”: “”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
Use Ansible to check if users have been created
ansible -m shell -a 'getent passwd | grep testuser' all
192.168.1.179 | SUCCESS | rc=0 >>
testuser:x:1001:1001::/home/testuser:
192.168.1.178 | SUCCESS | rc=0 >>
testuser:x:1001:1001::/home/testuser:
192.168.1.181 | SUCCESS | rc=0 >>
testuser:x:1001:1001::/home/testuser:
Use Ansible to remove test user
ansible -b -K -m user -a 'name=testuser state=absent' all
SUDO password:
192.168.1.178 | SUCCESS => {
“changed”: true,
“force”: false,
“name”: “testuser”,
“remove”: false,
“state”: “absent”
}
192.168.1.179 | SUCCESS => {
“changed”: true,
“force”: false,
“name”: “testuser”,
“remove”: false,
“state”: “absent”
}
192.168.1.181 | SUCCESS => {
“changed”: true,
“force”: false,
“name”: “testuser”,
“remove”: false,
“state”: “absent”
}
Test its been removed
ansible -m shell -a 'getent passwd | grep testuser' all
192.168.1.179 | FAILED | rc=1 >>
non-zero return code
192.168.1.178 | FAILED | rc=1 >>
non-zero return code
192.168.1.181 | FAILED | rc=1 >>
non-zero return code
Use ansible to learn system information
This is a file used by ansible that queries the computer information
ansible local -m setup
You can write it to tmp
ansible local -m setup --tree /tmp/facts
you can cat it for information
ansible local -m setup -a 'filter=*ipv4*'
NB – if you grep it will grep blank info
System Facts – common values for playbooks
ansible apacheweb -m setup -a "filter=ansible_architecture"
ansible all -m setup -a "filter=ansible_fqdn"
ansible all -m setup -a "filter=ansible_kernel"
ansible all -m setup -a "filter=ansible_memtotal_mb" ansible all -m setup -a "filter=ansible_proc*"
ansible all -m setup -a "filter=ansible_vir*"
What are Ansible Roles
Role is a list of commands that Ansible will execute on target machine in given order. Every role is in the directory:
ROLES > TASKS > Main.yml
What are Ansible Playbooks
Playbook is used to define which roles are applied against a target machine
If Ansible modules are the tools in your workshop, playbooks are your instruction manuals, and your inventory of hosts are your raw material.
Running playbooks when SUDO
Must use –ask-become-pass
Documentation / man /help
Ansible documentation man ansible doc
Ansible-doc ec2
Ansible-doc htaccess
Eg
EXAMPLES:
# Note: These examples do not set authentication details, see the AWS Guide for details.
# Basic provisioning example
– ec2:
key_name: mykey
instance_type: t2.micro
image: ami-123456
wait: yes
group: webserver
count: 3
vpc_subnet_id: subnet-29e63245
assign_public_ip: yes
Recent Comments