09 - ANSIBLE - Configuration Management

 ANSIBLE - Configuration Management

  • Written in Python
  • Work with push base mechanism (Synchronous)
  • Not required any Agent
  • SSH port 22 
  • RHEL provides support
  • Created own modules
  • Task (like manifest or receipt in puppet/chef) required for configuration  -> written in YAML file
  • State (Current to Desired State)
  • Open Source and Enterprise
  • Ansible Playbook  -> Role   (like cookbook in chef) for provisioning
    • Playbook -> Role -> Tasks  ( define in .yaml file )
  • Ansible Tower -> Like Puppet GUI
  • Automation Engine
    • Modules - Prewirtten resources like services, packages, execute system command, files (450 buit-in)
    • Inventory  - Consist list of servers  (like site.pp in puppet)
    • API - Interacting with hosts/Servers
    • Plugins - manage functionality like networking - way of customization 
    • CMDB - Optional tools for Configuration Management database
  • Ansible Galaxy 
pre-written playbooks
https://galaxy.ansible.com
  • Ansible Tags
Tasks -
Install ngnix tags:install
Start service 
Enable service
copy nginx.conf tags:config
Restart service tags:config
playbook -t config
  • Py YAML: is a YAML parser and emitter for Python


ANSIBLE INSTALLATION 

1- Ansible Workstation
2 GB RAM
vagrant up
vagrant ssh
sudo su -
hostnamectl set-hostname ansiblewks.unix.in
bash
vi /etc/hosts
192.168.33.40 ansiblewks.unix.in
192.168.33.41 webserver.unix.in
192.168.33.42 application.unix.in
useradd devopsadm -G wheel
passwd devopsadm   
        visudo    ***** remove #  from wheel line
        su - devopsadm
        
       ** to verify sudo access
      sudo -l

** Now Install epel , python and pip 
sudo yum install -y epel-release
sudo yum install -y python-pip
pip --version
pip 8.1.2 from /usr/lib/python2.7/site-packages (python 2.7)
** Install the latest version of pip ( pip like yum )
pip install --upgrade pip
** Install Ansible
pip install ansible ## if required old version $pip install ansible==2.3.3
ansible --version

** Now create Server Inventory file
mkdir /etc/ansible
cd /etc/ansible

vi hosts
[ansbilewks]
192.168.33.40
[webserver]
192.168.33.41
[application]
192.168.33.42
** Run the List of Inventory
ansible all --list-hosts
ansible all -m ping

** Setup ssh key and password less access
### passwd root
ssh-keygen -t rsa
ls -ltra ~/.ssh
** 1 ** Reset password in Webserver and Application VM for push SSH key

ssh-copy-id 192.168.33.41 
ssh-copy-id 192.168.33.42

** Run command in webserver from ansible workstation
ansible webserver -a "hostname"
ansible webserver -a "uptime"

** copy host file from workstation to webserver
ansible webserver -m copy -a "src=/etc/hosts dest=/tmp/hosts"
        
          ** 2 *** Verify copy file in webserver

** search file module in google
** host file will be delete in webserver
ansible webserver -m file -a "dest=/tmp/hosts state=absent"
** Create Reposity and Common Role
mkdir  ansible-automation 
cd  ansible-automation
mkdir -p roles/common
cd roles/
        cd common
mkdir files handlers meta tasks templates vars
cd tasks
vi main.yml
---
- include: common_pkg.yml tags=commonpkg
vi common_pkg.yml
---
- name: install common dependencies
  action: >
    {{ ansible_pkg_mgr}} name={{ item }} state=present update_cache=yes
  with_items:
     - vim
     - git
     - sysstat
     - unzip
** create playbook in ansible-automation directory
cd ..
cd ..
cd ..
vi webservers.yml
---
- name: Setup webserver for our micro service
  hosts: webserver
  user: devopsadm
  roles: 
    - common
  become: true 
  
** run playbook
ansible-playbook webservers.yml
** 3 ** go to webserver and verify playbook installation
** Gather of list of all fact
ansible webserver -m setup
ansible webserver -m setup | grep ansible_virtualization_role
** Create a message of the day (MOTD) in webserver
cd roles
mkdir motd
cd motd
mkdir defaults tasks templates
cd tasks
vi main.yml
---
- name: Copy the MOTD file over the webserver
  template: 
    src: motd.j2
dest: /etc/motd
  tags:
    - motd_config
** create a banner - motd
cd ../defaults

vi main.yml
---

# Default ASCII art shown at the beginning of the motd
  motd_ascii_art: "     _              _ _     _\n    / \\   _ __  ___(_) |__ | | ___\n   / _ \\ | '_ \\/ __| | '_ \\| |/ _ \\\n  / ___ \\| | | \\__ \\ | |_) | |  __/\n /_/   \\_\\_| |_|___/_|_.__/|_|\\___|\n"
#
# # Default information to show under the ASCII art
  motd_info:
- " FQDN:    ": "{{ ansible_fqdn }}"
- " Distro:  ": "{{ ansible_distribution }} {{ ansible_distribution_version }} {{ ansible_distribution_release }}"
- " Virtual: ": "{{ 'YES' if ansible_virtualization_role == 'guest' else 'NO' }}\n"
- " CPUs:    ": "{{ ansible_processor_vcpus }}"
- " RAM:     ": "{{ (ansible_memtotal_mb / 1000) | round(1) }}GB"
cd ../templates

vi motd.j2
{{ motd_ascii_art }}
{% for item in motd_info %}
{% for key,value in item.iteritems() %}
{{ key }}{{ value }}
{% endfor %}
{% endfor %}
cd ..
cd ..
** modify webservers.yml file and mtod
vi webservers.yml
---
- name: Setup webserver for our micro service
  hosts: webserver
  user: devopsadm
  roles: 
    - common
    - motd
  become: true 

** dry run mode
ansible-playbook webservers.yml --check --diff

** run playbook
ansible-playbook webservers.yml
** 4 ** go to webserver and verify playbook installation

** Now install ngnix
** go to galaxy.ansible.com
** find nginx and download role or copy link
ansible-galaxy collection install nginixinc.nginx._core
cd ~/.ansible/
grep -ir nginx .

        cd collections/ansibles/ansible_collections/nginixinc/nginx/_core
[devopsadm@ansiblewks roles]$ pwd
/home/devopsadm/.ansible/collections/ansible_collections/nginxinc/nginx_core/roles [devopsadm@ansiblewks roles]$ ls -ltr total 12 drwxr-xr-x. 11 devopsadm devopsadm 4096 Dec 28 18:36 nginx_config drwxr-xr-x. 11 devopsadm devopsadm 4096 Dec 28 18:36 nginx drwxr-xr-x. 12 devopsadm devopsadm 4096 Dec 28 18:36 nginx_app_protect
cp -r nginx ~/ansible-automation/roles/
cd ~/ansible-automatio
** modify webserver.yml file and mtod role
vi webservers.yml
---
- name: Setup webserver for our micro service
  hosts: webserver
  user: devopsadm
  roles: 
    - common
    - motd
    - nginx
  become: true 

** run playbook
ansible-playbook webservers.yml
** 5 ** go to webserver and verify nginx installation


2 - Webserver - VM01

vagrant up
vagrant ssh
sudo su -

hostnamectl set-hostname webserver.unix.in
bash

vi /etc/hosts
192.168.33.40 ansiblewks.unix.in
192.168.33.41 webserver.unix.in
192.168.33.42 application.unix.in
useradd devopsadm -G wheel
passwd devopsadm   
        visudo    ***** remove #  from wheel line
        su - devopsadm

** 1 *** reset vagrant pwd for ssh key copy from ansiblewks
## passwd root
## passwd vagrant
** 2 *** 
cd /tmp
ls -ltr
  -rw-rw-r--- hosts
  
*** 3 *** check installation of vim, git , sysstat, unzip 
unzip
       vim
*** 4 *** check motd banner role
logout
vagrant ssh
*** 5 *** check ngnix running
ps -ef | grep nginix
3 - Application - VM02

vagrant up
vagrant ssh
sudo su -

hostnamectl set-hostname application.unix.in
bash

vi /etc/hosts
192.168.33.40 ansiblewks.unix.in
192.168.33.41 webserver.unix.in
192.168.33.42 application.unix.in


A playbook is simply a list of plays. The highest level of a playbook YAML is a list, and on that list, only two things are accepted: a play definition or the keyword import_playbook, which imports a list of plays from another playbook file, as if they were defined in that place of the calling file.

The playbook is also the only thing that can be called directly from ansible-playbook.

A task is, paraphrasing the manual, 'nothing more than a call to an ansible module'. That call definition, however, knows nothing of on which hosts it is supposed to run on.

The play is the element that ties tasks to the servers where they'll run. The key element here is the mandatory keyword hosts. This is the part of Ansible that tells which hosts are being affected and how.

So, the structure and behavior is as follows:
  • Playbook: the highest level, just a list of plays
    • Play: ties tasks to host lists
      • Tasks: definition of a call to a module
      • Besides tasks, a play may have pre-tasks, post-tasks and handlers, which are all task-like

A role is a different thing, as it is not defined within a playbook. Instead, they each have their own subdirectory under the directory roles. The objective of roles is to organize things. So, under the role's subdir, you can find tasks, handlers, files and templates, variables and defaults. All of these related to that specific role.

So, roles are an easy way to encapsulate and share Ansible information. You could have a subdir in templates per task, for example. But if you wanted to share that task, you'd have to pick the template as well. With roles, you can just zip the role dir and (almost) everything should be there.

Like a play, the role defines tasks and handlers. However, roles do not define on which hosts the role will be run. So roles must be referenced to from a play.

Roles can also declare dependencies (that is, references to other roles that need to be run before the declaring one).


A module is a reusable, standalone script that Ansible runs on your behalf, either locally or remotely. Modules interact with your local machine, an API, or a remote system to perform specific tasks like changing a database password or spinning up a cloud instance.

Comments

  1. for download nginx from Ansible Galaxy run this command

    ansible-galaxy collection install nginxinc.nginx_core

    ReplyDelete

Post a Comment

Popular posts from this blog

05 - Docker - Containers

08 - PUPPET - Configuration Management

06 - Docker Swarm - Container Orchestration