What is Ansible

A Linux Engineer’s Guide to Ansible

Deploying a new production environment in RedHat or Centos can be challenging, with numerous potential pitfalls. This guide aims to streamline your learning process, helping you set up your production environment swiftly and efficiently.

We’ll walk you through everything you need to know to use a playbook, the Tower tool, and the Galaxy utility effectively. Even if you’re new to these tools, we’ve got you covered, from server configuration to infrastructure management, avoiding common project setbacks.

Assuming a basic understanding of RedHat or Centos system administration, this guide will delve deep into the deployment process, preparing you to enhance your IT skills significantly. By the end, you’ll be equipped to deploy a robust, scalable production environment using a playbook confidently.

What is Ansible?

It’s an open-source automation tool that facilitates the management and configuration of systems at scale. This tool provides a simple, agentless way to automate complex IT tasks, including server configuration, application deployment, and network automation. The platform utilizes a straightforward, declarative language that enables you to outline the desired state of your systems.

It takes into account the underlying details to ensure your systems always maintain the desired state, fostering consistency across your infrastructure, whether managing a few servers or thousands. A significant advantage of this tool is its agentless nature, eliminating the need to install any software on the machines you are overseeing.

This feature not only simplifies the initiation process but also enhances security by preventing the operation of extra daemons or agents on your systems. Widely adopted in enterprise IT settings, as well as in cloud computing and DevOps workflows, it stands as a vital resource in the industry.

With attributes such as ease of use, flexibility, and scalability, it is an indispensable tool for any IT professional aiming to streamline infrastructure management and deployment processes.

The Basics 

Before we dive into the more advanced concepts of this automation tool, let’s take a moment to recap the fundamental concepts that every user should be familiar with. First and foremost, it employs a PUSH method, meaning that the control node pushes out the configuration changes to the managed nodes. This approach ensures that your systems are always up-to-date and synchronized, without the necessity for additional agents or daemons running on your managed nodes.

Now, onto YAML. As any user of this tool knows, YAML is a critical component of this powerful automation platform. But don’t be intimidated! YAML, which stands for “YAML Ain’t Markup Language,” is a human-readable data serialization language. Crafting clean, easy-to-read YAML files is key to creating effective and efficient playbooks. Therefore, grasping the basics of writing YAML is essential to fully leverage the capabilities of this automation tool.

Lastly, we delve into Python. While Python 2.7 serves as the minimum requirement, we strongly advocate for the installation of at least version 3 across your estate. Given that Python 2.7 has officially reached its end of life and no longer receives updates or support, upgrading to Python 3 will guarantee a stable and current environment, equipped with the latest features and security updates.

By adhering to these fundamental concepts, you’ll be well on your path to mastering this powerful automation tool in no time. So, let’s embark on this journey and explore its more advanced concepts together!

What is needed to start with Ansible 

To get started with Ansible, there are a few key requirements that you’ll need to fulfill:

  • Build or nominate a primary controller node, ideally a standalone server running RedHat 8
  • Create an Ansible user account to ensure proper security
  • Set SELinux to permissive mode for Ansible to operate without security issues
  • Create necessary directories for your Ansible playbooks using the mkdir command
  • In production environments, create SSH keys between all servers for effective and efficient management
  • Understand YAML and how to write clean, easy-to-read YAML files
  • Ensure that Python 3 is installed across your estate for stability and the latest features and security updates

Installing Ansible

Step 1 – Adding Ansible Repository

Unless you are using RedHat, the Ansible repository is not available by default. To configure your Linux distribution, follow these steps:

  • For RedHat 8: Enable the Ansible RHEL8 Repo by running the command:
$ sudo subscription-manager repos --enable ansible-2.9-for-rhel-8-x86_64-rpms
  • For RedHat 7: Enable the Ansible RHEL7 Repo by running the command:
$ sudo subscription-manager repos --enable rhel-7-server-ansible-2.9-rpms

Step 2 – Installing Ansible

Installing Ansible on RedHat / CentOS

Once the repository is enabled, you can install Ansible by running the command:

$ sudo yum install ansible

Installing Ansible on Ubuntu

Follow these steps to install Ansible on Ubuntu:

  • Update the system by running the command:
$ sudo apt-get update
  • Install software-properties-common by running the command:
$ sudo apt-get install software-properties-common
  • Add the Ansible PPA repository by running the command:
$ sudo apt-add-repository ppa:ansible/ansible
  • Update the system again by running the command:
$ sudo apt-get update
  • Finally, install Ansible by running the command:
$ sudo apt-get install ansible

Step 3 – Verifying the Installation

Once the installation is complete, you can verify the version of Ansible by running the command:

$ ansible --version

Ansible is a small installation of only about 16MB at the time of writing. By following these steps, you can easily install Ansible on your system and start using it to manage your infrastructure.

Elsewhere On TurboGeek:  What is Linux, and Why Should I Use It?

Install Ansible on Mac

The easiest way is to install it from the terminal using brew.sh

brew install --cask ansible-dk

Host file

The host file, also known as the inventory file in the context of this automation tool, is a pivotal configuration document that delineates the hosts and groups of hosts that can be managed.

This text file follows a specific format, encompassing details about the accessible hosts, including IP addresses, DNS names, and other necessary network information for establishing connections.

Utilizing the host file, you can categorize hosts based on various attributes such as roles or geographical locations. This categorization facilitates the execution of specific playbooks on designated groups of hosts, streamlining infrastructure management.

  • The default location is /etc/ansible/hosts

Ansible uses the entries in a hosts file, and you call the group of servers using [my-servers] 

ansible all --list-hosts

Example output below

The first test is to ping the hosts to make sure there are no network issues:

The “all” refers to the hosts in your host file (see above)

ansible all -m ping

192.168.1.181 | SUCCESS => {

"changed": false,

"ping": "pong"

}

192.168.1.178 | SUCCESS => {

"changed": false,

"ping": "pong"

}

192.168.1.179 | SUCCESS => {

"changed": false,

"ping": "pong"

}

You can override the host file using the dash -i

Ansible can ping all hosts

ansible -m shell -a 'hostname' all

192.168.1.178 | SUCCESS | rc=0 >>
ansible-webserver
192.168.1.181 | SUCCESS | rc=0 >>
ansible-dbserver
192.168.1.179 | SUCCESS | rc=0 >>
ansible-appserver

What is the ansible.cfg file?

The ansible.cfg file is a configuration file that provides settings and options for the Ansible command-line tool. It is used to configure various aspects of Ansible, such as how Ansible communicates with remote hosts, how it authenticates with them, and how it handles errors and output.

The ansible.cfg file can be located in several places, including the current working directory, the user’s home directory, and the system-wide configuration directory. When running an Ansible command, the tool looks for the ansible.cfg file in these locations in the specified order and uses the first one it finds.

The ansible.cfg file can be used to specify various settings, including:

  • The location of the inventory file
  • The default user to use when connecting to remote hosts
  • The location of the private key file for SSH authentication
  • The default timeout value for network operations
  • The default verbosity level for output

By customizing the ansible.cfg file, you can tailor Ansible to your specific needs and preferences. This file is an essential component of Ansible configuration and plays a crucial role in defining how the tool behaves when running playbooks or executing ad-hoc commands.

Create an Ansible User ID

An Ansible system account can be set up to use no password

 sudo useradd ansible

 sudo passwd ansible

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

Add user to the sudoers file

Adding your ansible user account to the sudoers makes administration a lot easier

sudo visudo

Next log in as the ansible user with the password created above

 su ansible

Now you wont be prompted for password every time you run sudo

Then check the ansible config file

Next add key to local host

Ssh-copy-id-localhost.localdomain

REPEAT THIS PROCESS ON ALL ANSIBLE CONTROL SERVERS

Ansible – Basic Commands

Ping all hosts

ansible all -m ping

List packages installed

ansible all -s -m shell -a 'apt list --installed | grep python' –ask-become-pass

Install software on all ansible nodes

ansible all -s -m shell -a 'apt-get install telnet' --ask-become-pass

Install Lynx web browser

ansible all -s -m shell -a 'apt-get install lynx -y' --ask-become-pass

Check disk space on all servers

ansible -m shell -a 'df -h' all

192.168.1.178 | SUCCESS | rc=0 >>

Filesystem Size Used Avail Use% Mounted on

udev 926M 0 926M 0% /dev

tmpfs 191M 5.9M 185M 4% /run

/dev/mapper/ansible–webserver–vg-root 18G 2.1G 15G 13% /

tmpfs 953M 0 953M 0% /dev/shm

tmpfs 5.0M 0 5.0M 0% /run/lock

tmpfs 953M 0 953M 0% /sys/fs/cgroup

tmpfs 191M 0 191M 0% /run/user/1000

192.168.1.179 | SUCCESS | rc=0 >>

Filesystem Size Used Avail Use% Mounted on

udev 926M 0 926M 0% /dev

tmpfs 191M 5.9M 185M 4% /run

/dev/mapper/ansible–appserver–vg-root 18G 2.1G 15G 13% /

tmpfs 953M 0 953M 0% /dev/shm

tmpfs 5.0M 0 5.0M 0% /run/lock

tmpfs 953M 0 953M 0% /sys/fs/cgroup

tmpfs 191M 0 191M 0% /run/user/1000

192.168.1.181 | SUCCESS | rc=0 >>

Filesystem Size Used Avail Use% Mounted on

udev 1.9G 0 1.9G 0% /dev

tmpfs 393M 11M 382M 3% /run

/dev/mapper/ansible–dbserver–vg-root 16G 2.1G 13G 14% /

tmpfs 2.0G 0 2.0G 0% /dev/shm

tmpfs 5.0M 0 5.0M 0% /run/lock

tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup

tmpfs 393M 0 393M 0% /run/user/1000

When running commands ansible uses my credentials Richard

ansible -m shell -a 'whoami' all

192.168.1.178 | SUCCESS | rc=0 >>

richard

192.168.1.179 | SUCCESS | rc=0 >>

richard

192.168.1.181 | SUCCESS | rc=0 >>

Richard

How to create users on all servers

ansible -b -K -m user -a 'name=testuser' all

SUDO password:

192.168.1.178 | SUCCESS => {

“changed”: true,

“comment”: “”,

“createhome”: true,

“group”: 1001,

“home”: “/home/testuser”,

“name”: “testuser”,

“shell”: “”,

“state”: “present”,

“system”: false,

“uid”: 1001

}

192.168.1.179 | SUCCESS => {

“changed”: true,

“comment”: “”,

“createhome”: true,

“group”: 1001,

“home”: “/home/testuser”,

“name”: “testuser”,

“shell”: “”,

“state”: “present”,

“system”: false,

“uid”: 1001

}

192.168.1.181 | SUCCESS => {

“changed”: true,

“comment”: “”,

“createhome”: true,

“group”: 1001,

“home”: “/home/testuser”,

“name”: “testuser”,

“shell”: “”,

“state”: “present”,

“system”: false,

“uid”: 1001

}

Use Ansible to check if users have been created

ansible -m shell -a 'getent passwd | grep testuser' all

192.168.1.179 | SUCCESS | rc=0 >>

testuser:x:1001:1001::/home/testuser:

192.168.1.178 | SUCCESS | rc=0 >>

testuser:x:1001:1001::/home/testuser:

192.168.1.181 | SUCCESS | rc=0 >>

testuser:x:1001:1001::/home/testuser:

Use Ansible to remove test user

ansible -b -K -m user -a 'name=testuser state=absent' all

SUDO password:

192.168.1.178 | SUCCESS => {

“changed”: true,

“force”: false,

“name”: “testuser”,

“remove”: false,

“state”: “absent”

}

192.168.1.179 | SUCCESS => {

“changed”: true,

“force”: false,

“name”: “testuser”,

“remove”: false,

“state”: “absent”

}

192.168.1.181 | SUCCESS => {

“changed”: true,

“force”: false,

“name”: “testuser”,

“remove”: false,

“state”: “absent”

}

Test its been removed

ansible -m shell -a 'getent passwd | grep testuser' all

192.168.1.179 | FAILED | rc=1 >>

non-zero return code

192.168.1.178 | FAILED | rc=1 >>

non-zero return code

192.168.1.181 | FAILED | rc=1 >>

non-zero return code

Use ansible to learn system information

This is a file used by ansible that queries the computer information

ansible local -m setup

You can write it to tmp

ansible local -m setup --tree /tmp/facts

you can cat it for information

ansible local -m setup -a 'filter=*ipv4*'

NB – if you grep it will grep blank info

Elsewhere On TurboGeek:  SSH to GCP Linux instance

System Facts – common values for playbooks

ansible apacheweb -m setup -a "filter=ansible_architecture"
ansible all -m setup -a "filter=ansible_fqdn"
ansible all -m setup -a "filter=ansible_kernel"
ansible all -m setup -a "filter=ansible_memtotal_mb"

ansible all -m setup -a "filter=ansible_proc*"
ansible all -m setup -a "filter=ansible_vir*"

What are Ansible Roles

Role is a list of commands that Ansible will execute on target machine in given order. Every role is in the directory:

ROLES > TASKS > Main.yml

What are Ansible Playbooks

Playbook is used to define which roles are applied against a target machine

If Ansible modules are the tools in your workshop, playbooks are your instruction manuals, and your inventory of hosts are your raw material.

Running playbooks when SUDO

Must use –ask-become-pass

Documentation / man /help

Ansible documentation man ansible doc

Ansible-doc ec2

Ansible-doc htaccess

Eg

EXAMPLES:

# Note: These examples do not set authentication details, see the AWS Guide for details.

# Basic provisioning example

– ec2:

key_name: mykey

instance_type: t2.micro

image: ami-123456

wait: yes

group: webserver

count: 3

vpc_subnet_id: subnet-29e63245

assign_public_ip: yes

Richard.Bailey

Richard Bailey, a seasoned tech enthusiast, combines a passion for innovation with a knack for simplifying complex concepts. With over a decade in the industry, he's pioneered transformative solutions, blending creativity with technical prowess. An avid writer, Richard's articles resonate with readers, offering insightful perspectives that bridge the gap between technology and everyday life. His commitment to excellence and tireless pursuit of knowledge continues to inspire and shape the tech landscape.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *