09 - ANSIBLE - Configuration Management
ANSIBLE - Configuration Management
- Written in Python
- Work with push base mechanism (Synchronous)
- Not required any Agent
- SSH port 22
- RHEL provides support
- Created own modules
- Task (like manifest or receipt in puppet/chef) required for configuration -> written in YAML file
- State (Current to Desired State)
- Open Source and Enterprise
- Ansible Playbook -> Role (like cookbook in chef) for provisioning
- Playbook -> Role -> Tasks ( define in .yaml file )
- Ansible Tower -> Like Puppet GUI
- Automation Engine
- Modules - Prewirtten resources like services, packages, execute system command, files (450 buit-in)
- Inventory - Consist list of servers (like site.pp in puppet)
- API - Interacting with hosts/Servers
- Plugins - manage functionality like networking - way of customization
- CMDB - Optional tools for Configuration Management database
- Ansible Galaxy
pre-written playbooks
https://galaxy.ansible.com
- Ansible Tags
Tasks -
Install ngnix tags:install
Start service
Enable service
copy nginx.conf tags:config
Restart service tags:config
playbook -t config
- Py YAML: is a YAML parser and emitter for Python
ANSIBLE INSTALLATION
1- Ansible Workstation
2 GB RAM
vagrant up
vagrant ssh
sudo su -
hostnamectl set-hostname ansiblewks.unix.in
bash
vi /etc/hosts
192.168.33.40 ansiblewks.unix.in
192.168.33.41 webserver.unix.in
192.168.33.42 application.unix.in
useradd devopsadm -G wheel
passwd devopsadm
visudo ***** remove # from wheel line
su - devopsadm
** to verify sudo access
sudo -l
** Now Install epel , python and pip
sudo yum install -y epel-release
sudo yum install -y python-pip
pip --version
pip 8.1.2 from /usr/lib/python2.7/site-packages (python 2.7)
** Install the latest version of pip ( pip like yum )
pip install --upgrade pip
** Install Ansible
pip install ansible ## if required old version $pip install ansible==2.3.3
ansible --version
** Now create Server Inventory file
mkdir /etc/ansible
cd /etc/ansible
vi hosts
[ansbilewks]
192.168.33.40
[webserver]
192.168.33.41
[application]
192.168.33.42
** Run the List of Inventory
ansible all --list-hosts
ansible all -m ping
** Setup ssh key and password less access
### passwd root
ssh-keygen -t rsa
ls -ltra ~/.ssh
** 1 ** Reset password in Webserver and Application VM for push SSH key
ssh-copy-id 192.168.33.41
ssh-copy-id 192.168.33.42
** Run command in webserver from ansible workstation
ansible webserver -a "hostname"
ansible webserver -a "uptime"
** copy host file from workstation to webserver
ansible webserver -m copy -a "src=/etc/hosts dest=/tmp/hosts"
** 2 *** Verify copy file in webserver
** search file module in google
** host file will be delete in webserver
ansible webserver -m file -a "dest=/tmp/hosts state=absent"
** Create Reposity and Common Role
mkdir ansible-automation
cd ansible-automation
mkdir -p roles/common
cd roles/
cd common
mkdir files handlers meta tasks templates vars
cd tasks
vi main.yml
---
- include: common_pkg.yml tags=commonpkg
vi common_pkg.yml
---
- name: install common dependencies
action: >
{{ ansible_pkg_mgr}} name={{ item }} state=present update_cache=yes
with_items:
- vim
- git
- sysstat
- unzip
** create playbook in ansible-automation directory
cd ..
cd ..
cd ..
vi webservers.yml
---
- name: Setup webserver for our micro service
hosts: webserver
user: devopsadm
roles:
- common
become: true
** run playbook
ansible-playbook webservers.yml
** 3 ** go to webserver and verify playbook installation
** Gather of list of all fact
ansible webserver -m setup
ansible webserver -m setup | grep ansible_virtualization_role
** Create a message of the day (MOTD) in webserver
cd roles
mkdir motd
cd motd
mkdir defaults tasks templates
cd tasks
vi main.yml
---
- name: Copy the MOTD file over the webserver
template:
src: motd.j2
dest: /etc/motd
tags:
- motd_config
** create a banner - motd
cd ../defaults
vi main.yml
---
# Default ASCII art shown at the beginning of the motd
motd_ascii_art: " _ _ _ _\n / \\ _ __ ___(_) |__ | | ___\n / _ \\ | '_ \\/ __| | '_ \\| |/ _ \\\n / ___ \\| | | \\__ \\ | |_) | | __/\n /_/ \\_\\_| |_|___/_|_.__/|_|\\___|\n"
#
# # Default information to show under the ASCII art
motd_info:
- " FQDN: ": "{{ ansible_fqdn }}"
- " Distro: ": "{{ ansible_distribution }} {{ ansible_distribution_version }} {{ ansible_distribution_release }}"
- " Virtual: ": "{{ 'YES' if ansible_virtualization_role == 'guest' else 'NO' }}\n"
- " CPUs: ": "{{ ansible_processor_vcpus }}"
- " RAM: ": "{{ (ansible_memtotal_mb / 1000) | round(1) }}GB"
cd ../templates
vi motd.j2
{{ motd_ascii_art }}
{% for item in motd_info %}
{% for key,value in item.iteritems() %}
{{ key }}{{ value }}
{% endfor %}
{% endfor %}
cd ..
cd ..
** modify webservers.yml file and mtod
vi webservers.yml
---
- name: Setup webserver for our micro service
hosts: webserver
user: devopsadm
roles:
- common
- motd
become: true
** dry run mode
ansible-playbook webservers.yml --check --diff
** run playbook
ansible-playbook webservers.yml
** 4 ** go to webserver and verify playbook installation
** Now install ngnix
** go to galaxy.ansible.com
** find nginx and download role or copy link
ansible-galaxy collection install nginixinc.nginx._core
cd ~/.ansible/
grep -ir nginx .
cd collections/ansibles/ansible_collections/nginixinc/nginx/_core
[devopsadm@ansiblewks roles]$ pwd
/home/devopsadm/.ansible/collections/ansible_collections/nginxinc/nginx_core/roles
[devopsadm@ansiblewks roles]$ ls -ltr
total 12
drwxr-xr-x. 11 devopsadm devopsadm 4096 Dec 28 18:36 nginx_config
drwxr-xr-x. 11 devopsadm devopsadm 4096 Dec 28 18:36 nginx
drwxr-xr-x. 12 devopsadm devopsadm 4096 Dec 28 18:36 nginx_app_protect
cp -r nginx ~/ansible-automation/roles/
cd ~/ansible-automatio
** modify webserver.yml file and mtod role
vi webservers.yml
---
- name: Setup webserver for our micro service
hosts: webserver
user: devopsadm
roles:
- common
- motd
- nginx
become: true
** run playbook
ansible-playbook webservers.yml
** 5 ** go to webserver and verify nginx installation
2 - Webserver - VM01
vagrant up
vagrant ssh
sudo su -
hostnamectl set-hostname webserver.unix.in
bash
vi /etc/hosts
192.168.33.40 ansiblewks.unix.in
192.168.33.41 webserver.unix.in
192.168.33.42 application.unix.in
useradd devopsadm -G wheel
passwd devopsadm
visudo ***** remove # from wheel line
su - devopsadm
** 1 *** reset vagrant pwd for ssh key copy from ansiblewks
## passwd root
## passwd vagrant
** 2 ***
cd /tmp
ls -ltr
-rw-rw-r--- hosts
*** 3 *** check installation of vim, git , sysstat, unzip
unzip
vim
*** 4 *** check motd banner role
logout
vagrant ssh
*** 5 *** check ngnix running
ps -ef | grep nginix
3 - Application - VM02
vagrant up
vagrant ssh
sudo su -
hostnamectl set-hostname application.unix.in
bash
vi /etc/hosts
192.168.33.40 ansiblewks.unix.in
192.168.33.41 webserver.unix.in
192.168.33.42 application.unix.in
A playbook is simply a list of plays. The highest level of a playbook YAML is a list, and on that list, only two things are accepted: a play definition or the keyword import_playbook, which imports a list of plays from another playbook file, as if they were defined in that place of the calling file.
The playbook is also the only thing that can be called directly from ansible-playbook.
A task is, paraphrasing the manual, 'nothing more than a call to an ansible module'. That call definition, however, knows nothing of on which hosts it is supposed to run on.
The play is the element that ties tasks to the servers where they'll run. The key element here is the mandatory keyword hosts. This is the part of Ansible that tells which hosts are being affected and how.
So, the structure and behavior is as follows:
- Playbook: the highest level, just a list of plays
- Play: ties tasks to host lists
- Tasks: definition of a call to a module
- Besides tasks, a play may have pre-tasks, post-tasks and handlers, which are all task-like
A role is a different thing, as it is not defined within a playbook. Instead, they each have their own subdirectory under the directory roles. The objective of roles is to organize things. So, under the role's subdir, you can find tasks, handlers, files and templates, variables and defaults. All of these related to that specific role.
So, roles are an easy way to encapsulate and share Ansible information. You could have a subdir in templates per task, for example. But if you wanted to share that task, you'd have to pick the template as well. With roles, you can just zip the role dir and (almost) everything should be there.
Like a play, the role defines tasks and handlers. However, roles do not define on which hosts the role will be run. So roles must be referenced to from a play.
Roles can also declare dependencies (that is, references to other roles that need to be run before the declaring one).
A module is a reusable, standalone script that Ansible runs on your behalf, either locally or remotely. Modules interact with your local machine, an API, or a remote system to perform specific tasks like changing a database password or spinning up a cloud instance.
for download nginx from Ansible Galaxy run this command
ReplyDeleteansible-galaxy collection install nginxinc.nginx_core