10 - Ansible Lab - by Gaurav Sharma

Ansible Lab - by Gaurav Sharma
docs.ansible.com



- Introduction to Ansible and Lab setup
$ yum install ansible -y


Ansible Inventory files
- default inventory files  /etc/ansible/hosts
vi /etc/ansible/hosts
192.168.25.16  ansible_ssh_pass=password

$ yum install sshpass -y
$ ansible 192.168.25.16 -m ping

** make sure host key
$ vi /etc/ansible/ansible.cfg
host_key_checking = False

$ vi inventory.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root


$ ansible webserver -m ping -i inventory.txt
$ ansible all -m ping -i inventory.txt

** Create group of server
$ vi inventory_group.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root

[webservers]
webserver1
webserver2
 
[sqlservers]
sqlserver1
sqlserver2
 
[sql_web_servers:children]
sqlservers
webservers

 
 $ ansible sqlservers -m ping -i inventory_group.txt
$ ansible sql_web_servers -m ping -i inventory_group.txt
  
Ansible Playbook
  • Written in YAML
  • Set of Tasks
  • Apply group of servers
/ansible/playbook
vi playbook1.yml
-
  name: this is our first playbook
  hosts: webserver1
  tasks:
    -
  name: "create a dummy file on webserver1"
  command: touch /tmp/ansible_dummy.txt
  command: mkdir -p /tmp/ansible_dir


@ ansible-playbook playbook1.yml -i inventory.txt

**** Multiple task ***
vi playbook2.yml
-
  name: this is our first playbook
  hosts: webserver1
  tasks:
    -
  name: "create a dummy file on webserver1"
  command: touch /tmp/ansible_dummy.txt
-
  name: "copy host in the tmp folder"
  command: cp /etc/hosts /tmp/myhosts
  
-
  name: this is 2nd playbook
  hosts: sqlserver1
  tasks:
    -
  name: "creating directory in the tmp directory"
  command: mkdir /tmp/myplaydir

  name: "create a dummy file in database and server"
  command: touch /tmp/myplaydir/secondplay.txt

  
$ ansible-playbook playbook2.yml -i inventory.txt


Ansible Modules
vi copy.yml
-
  name: this is our first playbook
  hosts: webserver1
  tasks:
    -
  name "create a dumy file on webserver1"
  copy: src=test.yml dest=/tmp/ owner=devopsadm group=wheel mode=0644
  
  ** or also used this syntax
  copy:
    src: test.yml
dest: /tmp
owner: devopsadm
group: wheel
mode: 0644

  
$ ansible_playbook copy.yml -i inventory.txt

vi command.yml
-
  name: this our command playbook
  hosts: webserver1
  tasks:
    -
  name: "create a dummy file on webserver1"
  command: echo "8.8.8.8" | tee -a /tmp/resolve.conf
 
  lineinfile: path=/tmp/test.txt line="Devops line"


---------------------------------------------
** for script module
vi testscript.sh
#!/bin/bash
pwd >> /tmp/fileCreateByScript.txt
echo "first arg: $1" >> /tmp/fileCreateByScript.txt
echo "==========================" >> /tmp/fileCreateByScript.txt
ifconfig >> /tmp/fileCreateByScript.txt


vi script.yml
-
  name: this our script playbook
  hosts:  webserver1
  tasks:
    -
      name: "crate a dummy file on webserver1"
      script: testScript.sh Devopsadm 
      # script: testScript.sh Devopsadm creates=/tmp/test.txt ** if file available then script not execute
       # script: testScript.sh Devopsadm removes=/tmp/test.txt chdir=/home  ** if file availabel then scrpt executing

  
$ ansible-playbook script.yml

---------------------------------------------------
** for service module
vi service1.yml
-
  name: this is service playbook
  hosts: webserver1
  tasks:
    -
  name "working with apache on webserver1"
  service:
    name: apache2
state: started #stopped


$ ansible-playbook service.yml

-----------------------------------------------------

** User Modules
vi user1.yml
-
  name: this is service playbook
  hosts: webserver1
  tasks:
    -
  name "working with user module on webserver1 for delete user "
  user: name="mytestuser" state=absent
  ## user: name="mytestuser" state=present password = "*7jNTe3R/mJ0jfsf83ikfljajfKKjfsd83lfs"



** create password
mkpasswd --method=ssha-512
Password: Abcd1234
*7jNTe3R/mJ0jfsf83ikfljajfKKjfsd83lfs

** where user created and home directory
cat /etc/passwd

** where password saved
cat /etc/shadow


Ansible Variables
vi variable1.yml
-
  name: this is variable playbook
  hosts: webserver1
  vars:
    servicename: apache2
  tasks:
    -
  name: "creating file using variable"
  service: name={{ servicename }} state=started
ansible-playbook variable.yml

Ansible Conditions
vi condition11.yml
-
  name: this is condition playbook
  hosts: webserver1
  vars:
    age: 18
  tasks:
    -
  name: "creating file using variable and conditon"
  command: touch /tmp/18.txt
  when age == 18   
    -
  name: "creating file using variable and conditon"
  command: touch /tmp/grather_than_18.txt
  when age > 18
  ## when age > 10 and age < 18
    

Ansible Loops
vi loop1.yml
-
  name: this is loop playbook
  hosts: webserver1
  tasks:
    -
  name: 'Installing'
  apt: name="{{ item }}" state=present ## state=absent
  with_items:
- vsftpd
- tree

vi loop2.yml
-
  name: this is loop playbook
  hosts: webserver1
  vars:
    pkg:
- vsftpd
- tree
  tasks:
    -
  name: 'Installing'
  apt: name="{{ item }}" state=present
  with_items: "{{ pkg }}"
  

Ansbile Include | file separation
vi var_playbook.yml
-
  name: this is include file playbook
  hosts: webserver1
  vars_files:
    - variable.yml
  tasks:
    - include: task.yml
  

vi variable.yml
var1: first
var2: second
vi task.yml
-
  name: 'task 1'
  command: touch /tmpvar/{{ var1 }}.txt
-
  name: 'task 2'
  command: touch /tmpvar/{{ var2 }}.txt
  
Ansible Roles
mkdir roles
cd roles
ansible-galaxy init webserver
tree webserver
default, handlers, meta, tasks , templates, tests, vars
cd ..
vi role1.yml
-
  name: this is role playbook
  hosts: webserver1
  roles:
    - webserver
    - sqlserver
Ansible Asynchronous Action
vi var_playbook.yml
-
  name: this is playbook
  hosts: webserver1
  tasks:
    -
  name : 'sleep for 60 sec'
  command: sleep 60
  async: 70
  pool: 35
-
  name: 'second task'
  command: touch /tmp/second.txt


Ansible Stragegies
vi service1.yml
-
  name: this is service playbook
  hosts: webserver1 , sqlserver1
  strategy: free    ## linear
  tasks:
    -
  name 'installing Apache'
  apt: name='apache2' state='present'
-
  name 'second task'
  command: touch /tmp/stragey.txt

** facts by default 
vi /etc/ansible/ansible.cfg
#module_unit = /usr/share/my_module_utils/
#remote.tmp  = ~/.ansible/tmp
#1ocal_tmp   = ~/.ansible/tmp
         #plugln.filters_cfg = /etc/ansible/plugin_fiIters.yml
#forks = 5
.....
.....
.....
 
vi service1.yml
-
  name: this is service playbook
  hosts: webserver1 , sqlserver1 , dbserver01
  serial: 1

  
Ansbile Error handling

  ** ignore error during performing task
  tasks:
    -
  name: 'rst task'
  command touch /tmp/task.txt
  ignore_errors: True
  


Ansible Jinja2 template
  ** Dynamic contents

  vi jinja_palybook.yml
-
  name: this is jinja playbook
  hosts: webserver1 , sqlserver1
          vars:
    yourname: Ali
dumy_list1:
  - 10
  - 20
  - 30
  - 40

dumy_list2:
  - 30
  - 40
  - 50
  - 60
  
  tasks: 
    - 
  debug:
  msg: "Hello {{ yourname }}"
  msg: "Hello {{ yourname | upper }}"
  msg: "Hello {{ yourname | replace('Ali' , "Tariq") }}"
  msg: "{{ dumy_list1 | min }}"      ## min, max, unique  
  msg: "{{ dumy_list1 | union(dumy_list2) }}"   ## union, intersect    
  msg: "{{ 100 | random }}"    ## generate random number
  msg: "{{ '/etc/ansible/ansible.cfg' | basename }}



Ansible Vault

$ vi inventory.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
    sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root

$ansbile-vault encrypt inventory.txt --output enc.inventory.txt
New Vault password : xxxxxxxxxxxxxxxxxxxxxx
$ansbile-vault view enc_inventory.txt
Password: xxxxxxxxx
$ansible-playbook -i enc_inventory.txt playbook.yml --ask--vault-pass

Ansible Lookups
$vi inventory.txt
webserver1 ansible_host=192.168.25.15
    sqlserver1 ansible_host=192.168.25.16 

$vi inventory.ini
[webserver1]
password=xxxxxx

$vi credentials.csv
Hostname,Password
webserver1,xxxxxx
sqlserver1,xxxxxx
$vi lookups.yml
-
  name: Test Connectivity
  hosts: webserver1
  vars:
ansible_ssh_pass: "{{ lookup('csvfile', 'webserver1 file=credentails.csv delimiter=,') }}
## ansible_ssh_pass: "{{ lookup('ini', 'password section=webserver1 file=credentials.ini') }}
  tasks:
    - name: create a dumy file on webserver
  command: touch /tmp/csv.txt
$ansible-playbook lookups.yml -i inventory.txt

Preparing Windows Server
  -> How to setup windows machine as a target host
$ vi inventory.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=xxxxxxxx ansible_connection=ssh   ansible_port=22   ansible_user=root
    sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=xxxxxxxx ansible_connection=ssh   ansible_port=22   ansible_user=root
windows1   ansible_host=192.168.25.12 ansible_password=xxxxxxxx ansible_connection=winrm ansible_port=5986 ansible_user=mali ansible_winrm_server_cert_validation=ignore


$ pip install pywinrm
------------------------------------------------
** in Windows Machine
** Opn PowerShell and make sure Version 3.0 above and .Net 4.0 above
run as admin : powershell
Get-Host
Download "ConfigureRemotingForAnsible.ps1" from githup 
PS c:\> powershell.exe -ExecutionPolicy ByPass -File .\ConfigureRemotingForAnsible.ps1
-------------------------------------------------
$ ansible windows1 -m win_ping
Ansible become
  -> How to Escalate user privilege 
  https://docs.ansible.com/ansible/2.4/become.html
 
$vi lineInFile.yml
-
  name: become
  hosts: webserver1
  become: true
  become_user: root
  ## become_user: devopsadm
  ## become_method: su  
  tasks:
    -
  name: "create task for become"
  lineinfile: dest=/etc/resolv.conf line="nameserver 8.8.8.8"
  
  
ls -l /etc/resolv.conf
lwxrwxrwx 1 root root xxxxxxxxx /etc/resolv.conf
$ansible-playbook lineInFile.yml --ask-become-pass
SUDO password : xxxxxxxx



Comments

Popular posts from this blog

05 - Docker - Containers

08 - PUPPET - Configuration Management

06 - Docker Swarm - Container Orchestration