10 - Ansible Lab - by Gaurav Sharma

-
Ansible Lab - by Gaurav Sharma
docs.ansible.com



- Introduction to Ansible and Lab setup
$ yum install ansible -y


Ansible Inventory files
- default inventory files  /etc/ansible/hosts
vi /etc/ansible/hosts
192.168.25.16  ansible_ssh_pass=password

 $ yum install sshpass -y
$ ansible 192.168.25.16 -m ping

 ** make sure host key
$ vi /etc/ansible/ansible.cfg
host_key_checking = False

 $ vi inventory.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root

 $ ansible webserver -m ping -i inventory.txt
$ ansible all -m ping -i inventory.txt

 ** Create group of server
$ vi inventory_group.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root

 [webservers]
webserver1
webserver2
 
[sqlservers]
sqlserver1
sqlserver2
 
[sql_web_servers:children]
sqlservers
webservers
 
 $ ansible sqlservers -m ping -i inventory_group.txt
$ ansible sql_web_servers -m ping -i inventory_group.txt
  
Ansible Playbook
  • Written in YAML
  • Set of Tasks
  • Apply group of servers
/ansible/playbook
vi playbook1.yml
-
  name: this is our first playbook
  hosts: webserver1
  tasks:
    -
  name: "create a dummy file on webserver1"
  command: touch /tmp/ansible_dummy.txt
  command: mkdir -p /tmp/ansible_dir

 @ ansible-playbook playbook1.yml -i inventory.txt

 **** Multiple task ***
vi playbook2.yml
-
  name: this is our first playbook
  hosts: webserver1
  tasks:
    -
  name: "create a dummy file on webserver1"
  command: touch /tmp/ansible_dummy.txt
-
  name: "copy host in the tmp folder"
  command: cp /etc/hosts /tmp/myhosts
  
-
  name: this is 2nd playbook
  hosts: sqlserver1
  tasks:
    -
  name: "creating directory in the tmp directory"
  command: mkdir /tmp/myplaydir

  name: "create a dummy file in database and server"
  command: touch /tmp/myplaydir/secondplay.txt
  
$ ansible-playbook playbook2.yml -i inventory.txt


Ansible Modules
vi copy.yml
-
  name: this is our first playbook
  hosts: webserver1
  tasks:
    -
  name "create a dumy file on webserver1"
  copy: src=test.yml dest=/tmp/ owner=devopsadm group=wheel mode=0644
  
  ** or also used this syntax
  copy:
    src: test.yml
dest: /tmp
owner: devopsadm
group: wheel
mode: 0644
  
$ ansible_playbook copy.yml -i inventory.txt

 vi command.yml
-
  name: this our command playbook
  hosts: webserver1
  tasks:
    -
  name: "create a dummy file on webserver1"
  command: echo "8.8.8.8" | tee -a /tmp/resolve.conf
 
  lineinfile: path=/tmp/test.txt line="Devops line"

 ---------------------------------------------
** for script module
vi testscript.sh
#!/bin/bash
pwd >> /tmp/fileCreateByScript.txt
echo "first arg: $1" >> /tmp/fileCreateByScript.txt
echo "==========================" >> /tmp/fileCreateByScript.txt
ifconfig >> /tmp/fileCreateByScript.txt

 vi script.yml
-
  name: this our script playbook
  hosts:  webserver1
  tasks:
    -
      name: "crate a dummy file on webserver1"
      script: testScript.sh Devopsadm 
      # script: testScript.sh Devopsadm creates=/tmp/test.txt ** if file available then script not execute
       # script: testScript.sh Devopsadm removes=/tmp/test.txt chdir=/home  ** if file availabel then scrpt executing
  
$ ansible-playbook script.yml

 ---------------------------------------------------
** for service module
vi service1.yml
-
  name: this is service playbook
  hosts: webserver1
  tasks:
    -
  name "working with apache on webserver1"
  service:
    name: apache2
state: started #stopped

 $ ansible-playbook service.yml

 -----------------------------------------------------

 ** User Modules
vi user1.yml
-
  name: this is service playbook
  hosts: webserver1
  tasks:
    -
  name "working with user module on webserver1 for delete user "
  user: name="mytestuser" state=absent
  ## user: name="mytestuser" state=present password = "*7jNTe3R/mJ0jfsf83ikfljajfKKjfsd83lfs"


 ** create password
mkpasswd --method=ssha-512
Password: Abcd1234
*7jNTe3R/mJ0jfsf83ikfljajfKKjfsd83lfs

 ** where user created and home directory
cat /etc/passwd

 ** where password saved
cat /etc/shadow


Ansible Variables
vi variable1.yml
-
  name: this is variable playbook
  hosts: webserver1
  vars:
    servicename: apache2
  tasks:
    -
  name: "creating file using variable"
  service: name={{ servicename }} state=started
ansible-playbook variable.yml

Ansible Conditions
vi condition11.yml
-
  name: this is condition playbook
  hosts: webserver1
  vars:
    age: 18
  tasks:
    -
  name: "creating file using variable and conditon"
  command: touch /tmp/18.txt
  when age == 18   
    -
  name: "creating file using variable and conditon"
  command: touch /tmp/grather_than_18.txt
  when age > 18
  ## when age > 10 and age < 18
    

Ansible Loops
vi loop1.yml
-
  name: this is loop playbook
  hosts: webserver1
  tasks:
    -
  name: 'Installing'
  apt: name="{{ item }}" state=present ## state=absent
  with_items:
- vsftpd
- tree

vi loop2.yml
-
  name: this is loop playbook
  hosts: webserver1
  vars:
    pkg:
- vsftpd
- tree
  tasks:
    -
  name: 'Installing'
  apt: name="{{ item }}" state=present
  with_items: "{{ pkg }}"
  

Ansbile Include | file separation
vi var_playbook.yml
-
  name: this is include file playbook
  hosts: webserver1
  vars_files:
    - variable.yml
  tasks:
    - include: task.yml
  

vi variable.yml
var1: first
var2: second
vi task.yml
-
  name: 'task 1'
  command: touch /tmpvar/{{ var1 }}.txt
-
  name: 'task 2'
  command: touch /tmpvar/{{ var2 }}.txt
  
Ansible Roles
mkdir roles
cd roles
ansible-galaxy init webserver
tree webserver
default, handlers, meta, tasks , templates, tests, vars
cd ..
vi role1.yml
-
  name: this is role playbook
  hosts: webserver1
  roles:
    - webserver
    - sqlserver
Ansible Asynchronous Action
vi var_playbook.yml
-
  name: this is playbook
  hosts: webserver1
  tasks:
    -
  name : 'sleep for 60 sec'
  command: sleep 60
  async: 70
  pool: 35
-
  name: 'second task'
  command: touch /tmp/second.txt


Ansible Stragegies
vi service1.yml
-
  name: this is service playbook
  hosts: webserver1 , sqlserver1
  strategy: free    ## linear
  tasks:
    -
  name 'installing Apache'
  apt: name='apache2' state='present'
-
  name 'second task'
  command: touch /tmp/stragey.txt

** facts by default 
vi /etc/ansible/ansible.cfg
#module_unit = /usr/share/my_module_utils/
#remote.tmp  = ~/.ansible/tmp
#1ocal_tmp   = ~/.ansible/tmp
         #plugln.filters_cfg = /etc/ansible/plugin_fiIters.yml
#forks = 5
.....
.....
.....
 
vi service1.yml
-
  name: this is service playbook
  hosts: webserver1 , sqlserver1 , dbserver01
  serial: 1

  
Ansbile Error handling

  ** ignore error during performing task
  tasks:
    -
  name: 'rst task'
  command touch /tmp/task.txt
  ignore_errors: True
  


Ansible Jinja2 template
  ** Dynamic contents

  vi jinja_palybook.yml
-
  name: this is jinja playbook
  hosts: webserver1 , sqlserver1
          vars:
    yourname: Ali
dumy_list1:
  - 10
  - 20
  - 30
  - 40

dumy_list2:
  - 30
  - 40
  - 50
  - 60
  
  tasks: 
    - 
  debug:
  msg: "Hello {{ yourname }}"
  msg: "Hello {{ yourname | upper }}"
  msg: "Hello {{ yourname | replace('Ali' , "Tariq") }}"
  msg: "{{ dumy_list1 | min }}"      ## min, max, unique  
  msg: "{{ dumy_list1 | union(dumy_list2) }}"   ## union, intersect    
  msg: "{{ 100 | random }}"    ## generate random number
  msg: "{{ '/etc/ansible/ansible.cfg' | basename }}



Ansible Vault

$ vi inventory.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
    sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root

$ansbile-vault encrypt inventory.txt --output enc.inventory.txt
New Vault password : xxxxxxxxxxxxxxxxxxxxxx
$ansbile-vault view enc_inventory.txt
Password: xxxxxxxxx
$ansible-playbook -i enc_inventory.txt playbook.yml --ask--vault-pass

Ansible Lookups
$vi inventory.txt
webserver1 ansible_host=192.168.25.15
    sqlserver1 ansible_host=192.168.25.16 

$vi inventory.ini
[webserver1]
password=xxxxxx

$vi credentials.csv
Hostname,Password
webserver1,xxxxxx
sqlserver1,xxxxxx
$vi lookups.yml
-
  name: Test Connectivity
  hosts: webserver1
  vars:
ansible_ssh_pass: "{{ lookup('csvfile', 'webserver1 file=credentails.csv delimiter=,') }}
## ansible_ssh_pass: "{{ lookup('ini', 'password section=webserver1 file=credentials.ini') }}
  tasks:
    - name: create a dumy file on webserver
  command: touch /tmp/csv.txt
$ansible-playbook lookups.yml -i inventory.txt

Preparing Windows Server
  -> How to setup windows machine as a target host
$ vi inventory.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=xxxxxxxx ansible_connection=ssh   ansible_port=22   ansible_user=root
    sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=xxxxxxxx ansible_connection=ssh   ansible_port=22   ansible_user=root
windows1   ansible_host=192.168.25.12 ansible_password=xxxxxxxx ansible_connection=winrm ansible_port=5986 ansible_user=mali ansible_winrm_server_cert_validation=ignore


$ pip install pywinrm
------------------------------------------------
** in Windows Machine
** Opn PowerShell and make sure Version 3.0 above and .Net 4.0 above
run as admin : powershell
Get-Host
Download "ConfigureRemotingForAnsible.ps1" from githup 
PS c:\> powershell.exe -ExecutionPolicy ByPass -File .\ConfigureRemotingForAnsible.ps1
-------------------------------------------------
$ ansible windows1 -m win_ping
Ansible become
  -> How to Escalate user privilege 
  https://docs.ansible.com/ansible/2.4/become.html
 
$vi lineInFile.yml
-
  name: become
  hosts: webserver1
  become: true
  become_user: root
  ## become_user: devopsadm
  ## become_method: su  
  tasks:
    -
  name: "create task for become"
  lineinfile: dest=/etc/resolv.conf line="nameserver 8.8.8.8"
  
  
ls -l /etc/resolv.conf
lwxrwxrwx 1 root root xxxxxxxxx /etc/resolv.conf
$ansible-playbook lineInFile.yml --ask-become-pass
SUDO password : xxxxxxxx



Comments

Post a Comment

Popular posts from this blog

05 - Docker - Containers

-
Image
 Docker - Containers - Container is operating system-level virtualization  ( Linux Kernal ) Allow for multiple isolated user-space instances called containers They share a single kernel Can be added or removed any times - Containers consist of a self-contained Linux file system Can be from any Linux distribution which is compatible with the host kernel Usually contain a single application such as a server - Operating  Is often used in Cloud Computing Docker Architecture Docker is available in two editions: Community Edition (CE) - open-source Enterprise Edition (EE) Docker uses a client-server architecture Client REST API  (   the primary user interface which communicates ) Over HTTP Over local Unix Socket Docker CLI docker build docker pull docker run Servers (Docker_Host) Is the Docker daemon Responsible for building, running, and distributing containers Docker daemon Container Images Registry (docker.io , DockerHub) Responsible for the storage, management, and delivery of Docker im
Read more

08 - PUPPET - Configuration Management

-
Image
 PUPPET - Configuration Management A Configuration Management Tool A framework for Systems Automation A Declarative Domain Specific Language (DSL) An Open Source software is written in Ruby Works on Linux, Unix (Solaris, AIX, *BSD), macOS, Windows |Supported Platforms) Developed by Puppet Labs Puppet Agent Required SSL certificate Default fatches after 60 minutes noop - dry run Puppet Open Source or Enterprise Puppet Langauge Declarative - Domain Specific Langauge (DSL) define STATES (No procedures) Puppet code is written in manifest ( .pp extension ) In the code, we declare resources that affect elements of the system (files, packages, services ... ) Resources are grouped into classes Classes and configuration files are organized in modules Puppet Resource Abstraction Layers Puppet Catalog Certificate Management Server Resources Facter Puppet Manifest Puppet Resources Resource Types Reference Puppet Nodes Roles Define Policy Puppet Virtual Resources Puppet Lab   Pu
Read more

06 - Docker Swarm - Container Orchestration

-
Image
 Docker Swarm - Container Orchestration Create Cluster Build & Deployment automated Rolling Deployment Update Version Docker Swarm is clustering for Docker It turns several Docker hosts into a single virtual Docker host The Swarm is controlled by Swarm Manager Each Docker code communicates with the manager It can be installed manually or by using Docker Machine Scheduler Service Discover Consul -> provide DNS Zookeeper - configuration management tools Cheat Sheet => https://lzone.de/cheat-sheet/Docker%20Swarm LAB mkdir DockerSwarm cd DockerSwarm mkdir manager vm1 vm2  *** Manager Node **** cd manager vagrant ssh sudo su - hostnamectrl set-hostname managernode.unix.in bash vi /etc/hosts 192.168.33.14 managernode.unix.in 192.168.33.15 workernode1.unix.in 192.168.33.16 workernode1.unix.in ## Install Docker C curl -fsSL get.docker.com | sh ## Add user Vagrant in Docker group sudo usermod -aG docker vagrant id vagrant ## Start Docker Service
Read more