09 - ANSIBLE - Configuration Management

-

 ANSIBLE - Configuration Management

  • Written in Python
  • Work with push base mechanism (Synchronous)
  • Not required any Agent
  • SSH port 22 
  • RHEL provides support
  • Created own modules
  • Task (like manifest or receipt in puppet/chef) required for configuration  -> written in YAML file
  • State (Current to Desired State)
  • Open Source and Enterprise
  • Ansible Playbook  -> Role   (like cookbook in chef) for provisioning
    • Playbook -> Role -> Tasks  ( define in .yaml file )
  • Ansible Tower -> Like Puppet GUI
  • Automation Engine
    • Modules - Prewirtten resources like services, packages, execute system command, files (450 buit-in)
    • Inventory  - Consist list of servers  (like site.pp in puppet)
    • API - Interacting with hosts/Servers
    • Plugins - manage functionality like networking - way of customization 
    • CMDB - Optional tools for Configuration Management database
  • Ansible Galaxy 
pre-written playbooks
https://galaxy.ansible.com
  • Ansible Tags
Tasks -
Install ngnix tags:install
Start service 
Enable service
copy nginx.conf tags:config
Restart service tags:config
playbook -t config
  • Py YAML: is a YAML parser and emitter for Python


ANSIBLE INSTALLATION 

1- Ansible Workstation
2 GB RAM
vagrant up
vagrant ssh
sudo su -
hostnamectl set-hostname ansiblewks.unix.in
bash
vi /etc/hosts
192.168.33.40 ansiblewks.unix.in
192.168.33.41 webserver.unix.in
192.168.33.42 application.unix.in
useradd devopsadm -G wheel
passwd devopsadm   
        visudo    ***** remove #  from wheel line
        su - devopsadm
        
       ** to verify sudo access
      sudo -l

** Now Install epel , python and pip 
sudo yum install -y epel-release
sudo yum install -y python-pip
pip --version
pip 8.1.2 from /usr/lib/python2.7/site-packages (python 2.7)
** Install the latest version of pip ( pip like yum )
pip install --upgrade pip
** Install Ansible
pip install ansible ## if required old version $pip install ansible==2.3.3
ansible --version

** Now create Server Inventory file
mkdir /etc/ansible
cd /etc/ansible

vi hosts
[ansbilewks]
192.168.33.40
[webserver]
192.168.33.41
[application]
192.168.33.42
** Run the List of Inventory
ansible all --list-hosts
ansible all -m ping

** Setup ssh key and password less access
### passwd root
ssh-keygen -t rsa
ls -ltra ~/.ssh
** 1 ** Reset password in Webserver and Application VM for push SSH key

ssh-copy-id 192.168.33.41 
ssh-copy-id 192.168.33.42

** Run command in webserver from ansible workstation
ansible webserver -a "hostname"
ansible webserver -a "uptime"

** copy host file from workstation to webserver
ansible webserver -m copy -a "src=/etc/hosts dest=/tmp/hosts"
        
          ** 2 *** Verify copy file in webserver

** search file module in google
** host file will be delete in webserver
ansible webserver -m file -a "dest=/tmp/hosts state=absent"
** Create Reposity and Common Role
mkdir  ansible-automation 
cd  ansible-automation
mkdir -p roles/common
cd roles/
        cd common
mkdir files handlers meta tasks templates vars
cd tasks
vi main.yml
---
- include: common_pkg.yml tags=commonpkg
vi common_pkg.yml
---
- name: install common dependencies
  action: >
    {{ ansible_pkg_mgr}} name={{ item }} state=present update_cache=yes
  with_items:
     - vim
     - git
     - sysstat
     - unzip
** create playbook in ansible-automation directory
cd ..
cd ..
cd ..
vi webservers.yml
---
- name: Setup webserver for our micro service
  hosts: webserver
  user: devopsadm
  roles: 
    - common
  become: true 
  
** run playbook
ansible-playbook webservers.yml
** 3 ** go to webserver and verify playbook installation
** Gather of list of all fact
ansible webserver -m setup
ansible webserver -m setup | grep ansible_virtualization_role
** Create a message of the day (MOTD) in webserver
cd roles
mkdir motd
cd motd
mkdir defaults tasks templates
cd tasks
vi main.yml
---
- name: Copy the MOTD file over the webserver
  template: 
    src: motd.j2
dest: /etc/motd
  tags:
    - motd_config
** create a banner - motd
cd ../defaults

vi main.yml
---

# Default ASCII art shown at the beginning of the motd
  motd_ascii_art: "     _              _ _     _\n    / \\   _ __  ___(_) |__ | | ___\n   / _ \\ | '_ \\/ __| | '_ \\| |/ _ \\\n  / ___ \\| | | \\__ \\ | |_) | |  __/\n /_/   \\_\\_| |_|___/_|_.__/|_|\\___|\n"
#
# # Default information to show under the ASCII art
  motd_info:
- " FQDN:    ": "{{ ansible_fqdn }}"
- " Distro:  ": "{{ ansible_distribution }} {{ ansible_distribution_version }} {{ ansible_distribution_release }}"
- " Virtual: ": "{{ 'YES' if ansible_virtualization_role == 'guest' else 'NO' }}\n"
- " CPUs:    ": "{{ ansible_processor_vcpus }}"
- " RAM:     ": "{{ (ansible_memtotal_mb / 1000) | round(1) }}GB"
cd ../templates

vi motd.j2
{{ motd_ascii_art }}
{% for item in motd_info %}
{% for key,value in item.iteritems() %}
{{ key }}{{ value }}
{% endfor %}
{% endfor %}
cd ..
cd ..
** modify webservers.yml file and mtod
vi webservers.yml
---
- name: Setup webserver for our micro service
  hosts: webserver
  user: devopsadm
  roles: 
    - common
    - motd
  become: true 

** dry run mode
ansible-playbook webservers.yml --check --diff

** run playbook
ansible-playbook webservers.yml
** 4 ** go to webserver and verify playbook installation

** Now install ngnix
** go to galaxy.ansible.com
** find nginx and download role or copy link
ansible-galaxy collection install nginixinc.nginx._core
cd ~/.ansible/
grep -ir nginx .

        cd collections/ansibles/ansible_collections/nginixinc/nginx/_core
[devopsadm@ansiblewks roles]$ pwd
/home/devopsadm/.ansible/collections/ansible_collections/nginxinc/nginx_core/roles [devopsadm@ansiblewks roles]$ ls -ltr total 12 drwxr-xr-x. 11 devopsadm devopsadm 4096 Dec 28 18:36 nginx_config drwxr-xr-x. 11 devopsadm devopsadm 4096 Dec 28 18:36 nginx drwxr-xr-x. 12 devopsadm devopsadm 4096 Dec 28 18:36 nginx_app_protect
cp -r nginx ~/ansible-automation/roles/
cd ~/ansible-automatio
** modify webserver.yml file and mtod role
vi webservers.yml
---
- name: Setup webserver for our micro service
  hosts: webserver
  user: devopsadm
  roles: 
    - common
    - motd
    - nginx
  become: true 

** run playbook
ansible-playbook webservers.yml
** 5 ** go to webserver and verify nginx installation


2 - Webserver - VM01

vagrant up
vagrant ssh
sudo su -

hostnamectl set-hostname webserver.unix.in
bash

vi /etc/hosts
192.168.33.40 ansiblewks.unix.in
192.168.33.41 webserver.unix.in
192.168.33.42 application.unix.in
useradd devopsadm -G wheel
passwd devopsadm   
        visudo    ***** remove #  from wheel line
        su - devopsadm

** 1 *** reset vagrant pwd for ssh key copy from ansiblewks
## passwd root
## passwd vagrant
** 2 *** 
cd /tmp
ls -ltr
  -rw-rw-r--- hosts
  
*** 3 *** check installation of vim, git , sysstat, unzip 
unzip
       vim
*** 4 *** check motd banner role
logout
vagrant ssh
*** 5 *** check ngnix running
ps -ef | grep nginix
3 - Application - VM02

vagrant up
vagrant ssh
sudo su -

hostnamectl set-hostname application.unix.in
bash

vi /etc/hosts
192.168.33.40 ansiblewks.unix.in
192.168.33.41 webserver.unix.in
192.168.33.42 application.unix.in


A playbook is simply a list of plays. The highest level of a playbook YAML is a list, and on that list, only two things are accepted: a play definition or the keyword import_playbook, which imports a list of plays from another playbook file, as if they were defined in that place of the calling file.

The playbook is also the only thing that can be called directly from ansible-playbook.

A task is, paraphrasing the manual, 'nothing more than a call to an ansible module'. That call definition, however, knows nothing of on which hosts it is supposed to run on.

The play is the element that ties tasks to the servers where they'll run. The key element here is the mandatory keyword hosts. This is the part of Ansible that tells which hosts are being affected and how.

So, the structure and behavior is as follows:
  • Playbook: the highest level, just a list of plays
    • Play: ties tasks to host lists
      • Tasks: definition of a call to a module
      • Besides tasks, a play may have pre-tasks, post-tasks and handlers, which are all task-like

A role is a different thing, as it is not defined within a playbook. Instead, they each have their own subdirectory under the directory roles. The objective of roles is to organize things. So, under the role's subdir, you can find tasks, handlers, files and templates, variables and defaults. All of these related to that specific role.

So, roles are an easy way to encapsulate and share Ansible information. You could have a subdir in templates per task, for example. But if you wanted to share that task, you'd have to pick the template as well. With roles, you can just zip the role dir and (almost) everything should be there.

Like a play, the role defines tasks and handlers. However, roles do not define on which hosts the role will be run. So roles must be referenced to from a play.

Roles can also declare dependencies (that is, references to other roles that need to be run before the declaring one).


A module is a reusable, standalone script that Ansible runs on your behalf, either locally or remotely. Modules interact with your local machine, an API, or a remote system to perform specific tasks like changing a database password or spinning up a cloud instance.

Comments

  1. amir khan28 December 2020 at 22:23

    for download nginx from Ansible Galaxy run this command

    ansible-galaxy collection install nginxinc.nginx_core

    ReplyDelete

Post a Comment

Popular posts from this blog

05 - Docker - Containers

-
Image
 Docker - Containers - Container is operating system-level virtualization  ( Linux Kernal ) Allow for multiple isolated user-space instances called containers They share a single kernel Can be added or removed any times - Containers consist of a self-contained Linux file system Can be from any Linux distribution which is compatible with the host kernel Usually contain a single application such as a server - Operating  Is often used in Cloud Computing Docker Architecture Docker is available in two editions: Community Edition (CE) - open-source Enterprise Edition (EE) Docker uses a client-server architecture Client REST API  (   the primary user interface which communicates ) Over HTTP Over local Unix Socket Docker CLI docker build docker pull docker run Servers (Docker_Host) Is the Docker daemon Responsible for building, running, and distributing containers Docker daemon Container Images Registry (docker.io , DockerHub) Responsible for the storage, management, and delivery of Docker im
Read more

08 - PUPPET - Configuration Management

-
Image
 PUPPET - Configuration Management A Configuration Management Tool A framework for Systems Automation A Declarative Domain Specific Language (DSL) An Open Source software is written in Ruby Works on Linux, Unix (Solaris, AIX, *BSD), macOS, Windows |Supported Platforms) Developed by Puppet Labs Puppet Agent Required SSL certificate Default fatches after 60 minutes noop - dry run Puppet Open Source or Enterprise Puppet Langauge Declarative - Domain Specific Langauge (DSL) define STATES (No procedures) Puppet code is written in manifest ( .pp extension ) In the code, we declare resources that affect elements of the system (files, packages, services ... ) Resources are grouped into classes Classes and configuration files are organized in modules Puppet Resource Abstraction Layers Puppet Catalog Certificate Management Server Resources Facter Puppet Manifest Puppet Resources Resource Types Reference Puppet Nodes Roles Define Policy Puppet Virtual Resources Puppet Lab   Pu
Read more

06 - Docker Swarm - Container Orchestration

-
Image
 Docker Swarm - Container Orchestration Create Cluster Build & Deployment automated Rolling Deployment Update Version Docker Swarm is clustering for Docker It turns several Docker hosts into a single virtual Docker host The Swarm is controlled by Swarm Manager Each Docker code communicates with the manager It can be installed manually or by using Docker Machine Scheduler Service Discover Consul -> provide DNS Zookeeper - configuration management tools Cheat Sheet => https://lzone.de/cheat-sheet/Docker%20Swarm LAB mkdir DockerSwarm cd DockerSwarm mkdir manager vm1 vm2  *** Manager Node **** cd manager vagrant ssh sudo su - hostnamectrl set-hostname managernode.unix.in bash vi /etc/hosts 192.168.33.14 managernode.unix.in 192.168.33.15 workernode1.unix.in 192.168.33.16 workernode1.unix.in ## Install Docker C curl -fsSL get.docker.com | sh ## Add user Vagrant in Docker group sudo usermod -aG docker vagrant id vagrant ## Start Docker Service
Read more