ANSIBLE

ANSIBLE



    Configuration management systems are designed to streamline the process of controlling large numbers of servers, for administrators and operations teams. They allow you to control many different systems in an automated way from one central location.

    While there are many popular configuration management tools available for Linux systems, such as Chef and Puppet, these are often more complex than many people want or need. Ansible is a great alternative to these options because it offers an architecture that doesn’t require special software to be installed on nodes, using SSH to execute the automation tasks and YAML files to define provisioning details.


Step 1 — Installing Ansible


First, refresh your system’s package index with:

  1. sudo apt update

Following this update, you can install the Ansible software with:

  1. sudo apt install ansible

Press Y when prompted to confirm installation.

Your Ansible control node now has all of the software required to administer your hosts. Next, we’ll go over how to set up an inventory file, so that Ansible can communicate with your managed nodes

Step 2 — Setting Up the Inventory File

The inventory file contains information about the hosts you’ll manage with Ansible

Unlike Chef or Puppet Ansible is a push type of management system.What it means  that entire control is lies with master or server.This is where you write your configuration files and also responsible for pushing on to your client as and when required.

Open ansible host file It lies in /etc/ansible/

open gedit /etc/ansible/hosts


In that file it shows so many groups  names mentioned between square brackets.

for example 
[webservers]

under that it shows the client IP addresses

create a group called ansible_client and mention ssh username and password
all the communication between user and client will through ssh only.ssh will create a secure channel between server and client.




Now save the files after updating client detials

Next step is to write a playbook

Playbook is the technical term used for all the configuration file what we write in ansible. Playbooks are written in yaml format.Now open a file called test.yaml

It start with three dashes

example : --- 
It indicates the beginning of file

Now we need to give name of our playbook

Next host system which  is same as the group name what we have given in the hosts file.

Now let me show the screen shot of a sample playbook for creating folders and files in our client machine.




---
  - hosts: ansible_client
    remote_user: labadmin
    become: true
    tasks:
    - name: "create a directory named test"
      file:
       path: /home/linuxhelp/test
       state: directory
    - name: "create a file on test directory"
      file:
       path: /home/linuxhelp/test/file.txt
       state: touch

after creating this file now run the following commands



root@G2:/home/labadmin# ansible-playbook test.yml --syntax-check

playbook: test.yml
root@G2:/home/labadmin# 






If everything is ok in playbook it will return playbook name


Now we need to push the playbook to our client machine.


command for pusing playbook is
    #ansible-playbook test.yml 

if some error like following occurs type 
#ansible-playbook test.yml -kK



$ ansible-playbook mail.yml -kK 
SSH password: 
BECOME password[defaults to SSH password]:
  • -k, --ask-pass: ask for connection password
  • -K, --ask-become-pass: ask for privilege escalation password




Ansible Playbook to run Shell commands


#ansible your_host -m command -a 'command what you need'


example:

    ansible ansible_client -m command -a 'hostname'





Manage Users and Groups on Linux using Ansible

Create/Add user and group using Ansible

Playbook, user.yml:

---

 - hosts: ansible_client #change to your hosts

   become: yes


   vars:

    # NOTICE!!!:

    # DO NOT PUT PLAIN TEXT PASSWORDS HERE!

    # use encrypted passwords or put them in Ansible vault

    # but this is just a demo

    vaulted_password: student

    

   tasks:

    - name: Add a group called developer

      group:

        name: developer

        state: present   

    - name: Add user exam with a password

      user:

        name: student

        password: "{{ vaulted_password | password_hash('sha512') }}"

        update_password: on_create

        shell: /bin/bash

        groups: developer

        append: yes

       


for running  the playbook
$ ansible-playbook user.yml -K
       

Delete/Remove users using Ansible


Playbook, user_delete.yml:


---
 - hosts: ansible_client
   become: yes
   tasks:
    - name: Remove exam
      user:
        name: exam
        state: absent
        remove: yes




courtesy: https://computingforgeeks.com/manage-users-and-groups-on-linux-using-ansible/


Executing Shell Programing


Playbook,execute_shell.yml

---
 - hosts: ansible_client
   remote_user: student
   tasks:
     - name: Transfer the script
       copy: src=test.sh dest=/home/student mode=0777

     - name: Execute the script
       command: sh /home/student/test.sh


APT Example Ansible



---
 - name: Playbook to install Apache
   hosts: webservers
   become: true
   tasks: 
    - name: Ansible apt install Apache
      apt:
        name: apache2
        state: present

How to remove a Package with Ansible apt

-
 - name: Playbook to install Apache
   hosts: webservers
   become: true
   tasks: 
    - name: Ansible apt install Apache
      apt:
        name: apache2
        state: absent

---
 - name: Ansible apt module examples
   hosts: ansible_client
   become: true
   tasks: 
    - name: Ansible Update Cache and install php
      apt:
        name: php
        state: absent
     - name: Remove useless packages from the cache
       apt:
        autoclean: yes
    - name: Remove dependencies that are no longer required
      apt:
       autoremove: yes
        

How to copy files with Ansible – Local to Remote


All you need is an SSH connection to the remote server. ( with password or SSH key)

- name: Ansible Copy Example Local to Remote
hosts: remoteserver
tasks:
- name: copying file with playbook
become: true
copy:
src: ~/Downloads/index.html
dest: /var/www/html
owner: apache
group: apache All you need is an SSH connection to the remote server. ( with password or SSH key) - name: Ansible Copy Example Local to Remote hosts: remoteserver tasks: - name: copying file with playbook become: true copy: src: ~/Downloads/index.html dest: /var/www/html owner: apache group: apache mode: 0644
mode: 0644


Let me explain this in detail

  • hosts:  A target host group should be already defined in the ansible inventory aka hosts file
  • tasks: all the tasks (plays) would be defined under this
  • become:  this is to tell ansible to execute the corresponding task as a sudo user root unless specified any other user with become_user
  • copy: module name we are going to use in this task
    • src: source file path on the local machine where the playbook or ad-hoc command is invoked ( can set ansible to look for the file in remote server using remote_src as well )
    • dest:  destination path on the remote server/host where the file should be copied to
    • owner: Owner of the file at the destination server once copied
    • group: Group of the file at the destination server once copied
    • mode: setting the permission of the file after copying. 0644 would be set as permission on the filerw- r-- r--

this can be executed in a single line as an ad hoc command as well.

ansible remoteserver1 -m copy -a "src=~/Downloads/index.html dest=/var/www/html owner=apache group=apache mode=0644"

Sending Notification to All clients

Example:

ansible ansible_client -m command -a 'notify-send "My name is bash and I rock da house"'



Errors facing:

fatal: [192.168.15.81]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."}

Answer: If you run firsttime a playbook to client you may not push the conf to client for that first time you need to login manual by using ssh command and then run.

 
2. Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host.Create a file ansible/ansible.cfg in your project directory (i.e. ansible.cfg in the provisioning_path on the target) with the following contents:
[defaults]
host_key_checking = false
https://stackoverflow.com/questions/42462435/ansible-provisioning-error-using-a-ssh-password-instead-of-a-key-is-not-possibl

ANSIBLE NEW VERSION UPDATE


sudo -H pip install --upgrade ansible
courtesty : https://stackoverflow.com/questions/34903026/update-ansible-1-9-4-to-ansible-2-0


courtesy:https://www.youtube.com/watch?v=EcnqJbxBcM0



ANSIBLE PLAYBOOKS


INSTALLING SOFTWARE EXAMPLE

---
- name: Install Dia Diagramming Application
  hosts: rs
  become: yes
  tasks:


    - name: Install Dia
      apt:
        name: dia
        state: present

    - name: Verify Dia installation
      command: which dia
      register: dia_installed
      changed_when: false
      failed_when: dia_installed.rc != 0

    - name: Ensure Dia is installed
      debug:
        msg: "Dia installed at {{ dia_installed.stdout }}"
      when: dia_installed.rc == 0



SHUTDOWN


---
- name: Shutdown PC
  hosts: pjl
  become: yes
  tasks:

    - name: Shutdown the machine
      command: /sbin/shutdown now
      async: 1
      poll: 0

    - name: Wait for machine to shut down
      pause:
        minutes: 1



Comments

Post a Comment

Popular posts from this blog