10 - Ansible Lab - by Gaurav Sharma
Ansible Lab - by Gaurav Sharma
docs.ansible.com
- Introduction to Ansible and Lab setup
$ yum install ansible -y
Ansible Inventory files
- default inventory files /etc/ansible/hosts
vi /etc/ansible/hosts
192.168.25.16 ansible_ssh_pass=password
$ yum install sshpass -y
$ ansible 192.168.25.16 -m ping
** make sure host key
$ vi /etc/ansible/ansible.cfg
host_key_checking = False
$ vi inventory.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
$ ansible webserver -m ping -i inventory.txt
$ ansible all -m ping -i inventory.txt
** Create group of server
$ vi inventory_group.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
[webservers]
webserver1
webserver2
[sqlservers]
sqlserver1
sqlserver2
[sql_web_servers:children]
sqlservers
webservers
$ ansible sqlservers -m ping -i inventory_group.txt
$ ansible sql_web_servers -m ping -i inventory_group.txt
Ansible Playbook
- Written in YAML
- Set of Tasks
- Apply group of servers
vi playbook1.yml
-
name: this is our first playbook
hosts: webserver1
tasks:
-
name: "create a dummy file on webserver1"
command: touch /tmp/ansible_dummy.txt
command: mkdir -p /tmp/ansible_dir
@ ansible-playbook playbook1.yml -i inventory.txt
**** Multiple task ***
vi playbook2.yml
-
name: this is our first playbook
hosts: webserver1
tasks:
-
name: "create a dummy file on webserver1"
command: touch /tmp/ansible_dummy.txt
-
name: "copy host in the tmp folder"
command: cp /etc/hosts /tmp/myhosts
-
name: this is 2nd playbook
hosts: sqlserver1
tasks:
-
name: "creating directory in the tmp directory"
command: mkdir /tmp/myplaydir
-
name: "create a dummy file in database and server"
command: touch /tmp/myplaydir/secondplay.txt
$ ansible-playbook playbook2.yml -i inventory.txt
Ansible Modules
vi copy.yml
-
name: this is our first playbook
hosts: webserver1
tasks:
-
name "create a dumy file on webserver1"
copy: src=test.yml dest=/tmp/ owner=devopsadm group=wheel mode=0644
** or also used this syntax
copy:
src: test.yml
dest: /tmp
owner: devopsadm
group: wheel
mode: 0644
$ ansible_playbook copy.yml -i inventory.txt
vi command.yml
-
name: this our command playbook
hosts: webserver1
tasks:
-
name: "create a dummy file on webserver1"
command: echo "8.8.8.8" | tee -a /tmp/resolve.conf
lineinfile: path=/tmp/test.txt line="Devops line"
---------------------------------------------
** for script module
vi testscript.sh
#!/bin/bash
pwd >> /tmp/fileCreateByScript.txt
echo "first arg: $1" >> /tmp/fileCreateByScript.txt
echo "==========================" >> /tmp/fileCreateByScript.txt
ifconfig >> /tmp/fileCreateByScript.txt
vi script.yml
-
name: this our script playbook
hosts: webserver1
tasks:
-
name: "crate a dummy file on webserver1"
script: testScript.sh Devopsadm
# script: testScript.sh Devopsadm creates=/tmp/test.txt ** if file available then script not execute
# script: testScript.sh Devopsadm removes=/tmp/test.txt chdir=/home ** if file availabel then scrpt executing
$ ansible-playbook script.yml
---------------------------------------------------
** for service module
vi service1.yml
-
name: this is service playbook
hosts: webserver1
tasks:
-
name "working with apache on webserver1"
service:
name: apache2
state: started #stopped
$ ansible-playbook service.yml
-----------------------------------------------------
** User Modules
vi user1.yml
-
name: this is service playbook
hosts: webserver1
tasks:
-
name "working with user module on webserver1 for delete user "
user: name="mytestuser" state=absent
## user: name="mytestuser" state=present password = "*7jNTe3R/mJ0jfsf83ikfljajfKKjfsd83lfs"
** create password
mkpasswd --method=ssha-512
Password: Abcd1234
*7jNTe3R/mJ0jfsf83ikfljajfKKjfsd83lfs
** where user created and home directory
cat /etc/passwd
** where password saved
cat /etc/shadow
Ansible Variables
vi variable1.yml
-
name: this is variable playbook
hosts: webserver1
vars:
servicename: apache2
tasks:
-
name: "creating file using variable"
service: name={{ servicename }} state=started
ansible-playbook variable.yml
Ansible Conditions
vi condition11.yml
-
name: this is condition playbook
hosts: webserver1
vars:
age: 18
tasks:
-
name: "creating file using variable and conditon"
command: touch /tmp/18.txt
when age == 18
-
name: "creating file using variable and conditon"
command: touch /tmp/grather_than_18.txt
when age > 18
## when age > 10 and age < 18
Ansible Loops
vi loop1.yml
-
name: this is loop playbook
hosts: webserver1
tasks:
-
name: 'Installing'
apt: name="{{ item }}" state=present ## state=absent
with_items:
- vsftpd
- tree
vi loop2.yml
-
name: this is loop playbook
hosts: webserver1
vars:
pkg:
- vsftpd
- tree
tasks:
-
name: 'Installing'
apt: name="{{ item }}" state=present
with_items: "{{ pkg }}"
Ansbile Include | file separation
vi var_playbook.yml
-
name: this is include file playbook
hosts: webserver1
vars_files:
- variable.yml
tasks:
- include: task.yml
vi variable.yml
var1: first
var2: second
vi task.yml
-
name: 'task 1'
command: touch /tmpvar/{{ var1 }}.txt
-
name: 'task 2'
command: touch /tmpvar/{{ var2 }}.txt
Ansible Roles
mkdir roles
cd roles
ansible-galaxy init webserver
tree webserver
default, handlers, meta, tasks , templates, tests, vars
cd ..
vi role1.yml
-
name: this is role playbook
hosts: webserver1
roles:
- webserver
- sqlserver
Ansible Asynchronous Action
vi var_playbook.yml
-
name: this is playbook
hosts: webserver1
tasks:
-
name : 'sleep for 60 sec'
command: sleep 60
async: 70
pool: 35
-
name: 'second task'
command: touch /tmp/second.txt
Ansible Stragegies
vi service1.yml
-
name: this is service playbook
hosts: webserver1 , sqlserver1
strategy: free ## linear
tasks:
-
name 'installing Apache'
apt: name='apache2' state='present'
-
name 'second task'
command: touch /tmp/stragey.txt
** facts by default
vi /etc/ansible/ansible.cfg
#module_unit = /usr/share/my_module_utils/
#remote.tmp = ~/.ansible/tmp
#1ocal_tmp = ~/.ansible/tmp
#plugln.filters_cfg = /etc/ansible/plugin_fiIters.yml
#forks = 5
.....
.....
.....
vi service1.yml
-
name: this is service playbook
hosts: webserver1 , sqlserver1 , dbserver01
serial: 1
Ansbile Error handling
** ignore error during performing task
tasks:
-
name: 'rst task'
command touch /tmp/task.txt
ignore_errors: True
Ansible Jinja2 template
** Dynamic contents
vi jinja_palybook.yml
-
name: this is jinja playbook
hosts: webserver1 , sqlserver1
vars:
yourname: Ali
dumy_list1:
- 10
- 20
- 30
- 40
dumy_list2:
- 30
- 40
- 50
- 60
tasks:
-
debug:
msg: "Hello {{ yourname }}"
msg: "Hello {{ yourname | upper }}"
msg: "Hello {{ yourname | replace('Ali' , "Tariq") }}"
msg: "{{ dumy_list1 | min }}" ## min, max, unique
msg: "{{ dumy_list1 | union(dumy_list2) }}" ## union, intersect
msg: "{{ 100 | random }}" ## generate random number
msg: "{{ '/etc/ansible/ansible.cfg' | basename }}
Ansible Vault
$ vi inventory.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=password ansible_connection=ssh ansible_port=22 ansible_user=root
$ansbile-vault encrypt inventory.txt --output enc.inventory.txt
New Vault password : xxxxxxxxxxxxxxxxxxxxxx
$ansbile-vault view enc_inventory.txt
Password: xxxxxxxxx
$ansible-playbook -i enc_inventory.txt playbook.yml --ask--vault-pass
Ansible Lookups
$vi inventory.txt
webserver1 ansible_host=192.168.25.15
sqlserver1 ansible_host=192.168.25.16
$vi inventory.ini
[webserver1]
password=xxxxxx
$vi credentials.csv
Hostname,Password
webserver1,xxxxxx
sqlserver1,xxxxxx
$vi lookups.yml
-
name: Test Connectivity
hosts: webserver1
vars:
ansible_ssh_pass: "{{ lookup('csvfile', 'webserver1 file=credentails.csv delimiter=,') }}
## ansible_ssh_pass: "{{ lookup('ini', 'password section=webserver1 file=credentials.ini') }}
tasks:
- name: create a dumy file on webserver
command: touch /tmp/csv.txt
$ansible-playbook lookups.yml -i inventory.txt
Preparing Windows Server
-> How to setup windows machine as a target host
$ vi inventory.txt
webserver1 ansible_host=192.168.25.15 ansible_ssh_pass=xxxxxxxx ansible_connection=ssh ansible_port=22 ansible_user=root
sqlserver1 ansible_host=192.168.25.16 ansible_ssh_pass=xxxxxxxx ansible_connection=ssh ansible_port=22 ansible_user=root
windows1 ansible_host=192.168.25.12 ansible_password=xxxxxxxx ansible_connection=winrm ansible_port=5986 ansible_user=mali ansible_winrm_server_cert_validation=ignore
$ pip install pywinrm
------------------------------------------------
** in Windows Machine
** Opn PowerShell and make sure Version 3.0 above and .Net 4.0 above
run as admin : powershell
Get-Host
Download "ConfigureRemotingForAnsible.ps1" from githup
PS c:\> powershell.exe -ExecutionPolicy ByPass -File .\ConfigureRemotingForAnsible.ps1
-------------------------------------------------
$ ansible windows1 -m win_ping
Ansible become
-> How to Escalate user privilege
https://docs.ansible.com/ansible/2.4/become.html
$vi lineInFile.yml
-
name: become
hosts: webserver1
become: true
become_user: root
## become_user: devopsadm
## become_method: su
tasks:
-
name: "create task for become"
lineinfile: dest=/etc/resolv.conf line="nameserver 8.8.8.8"
ls -l /etc/resolv.conf
lwxrwxrwx 1 root root xxxxxxxxx /etc/resolv.conf
$ansible-playbook lineInFile.yml --ask-become-pass
SUDO password : xxxxxxxx
Comments
Post a Comment