Difference between revisions of "Ansible"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
Line 120: Line 120:
 
* <code>[[vars_files:]]</code>
 
* <code>[[vars_files:]]</code>
 
* <code>[[ignore_errors:]]</code>
 
* <code>[[ignore_errors:]]</code>
 +
* <code>[[ansible --help]]</code>
  
 
== See also ==
 
== See also ==

Revision as of 06:48, 6 May 2021

wikipedia:Ansible (software) (2012) is software for automate task, you can automates software provisioning, configuration management, application deployment and general orchestration, ansible design is based on modules, execute ansible-doc -l to view your available modules or check list of official modules in the documentation: https://docs.ansible.com/ansible/latest/modules/modules_by_category.html.

Installation and Basic Configuration

Install Ansible binaries using yum or apt-get depending on your linux distribution, or pip on MacOS on your computer, not necessary on your managed nodes, then allows server access to your managed clients configuring automatic ssh key authentication.

Ansible binaries:

/usr/bin/ansible
/usr/bin/ansible-playbook
/usr/bin/ansible-config                           View, edit, and manage ansible configuration.
/usr/bin/ansible-console                          REPL console for executing Ansible tasks
/usr/bin/ansible-galaxy                       Command to manage Ansible roles in shared repositories, the default of which is Ansible Galaxy https://galaxy.ansible.com
/usr/bin/ansible-pull                             Pulls playbooks from a VCS repo and executes them for the local host        
/usr/bin/ansible-doc                              Displays information on modules installed in Ansible libraries
/usr/bin/ansible-inventory                        Used to display or dump the configured inventory as Ansible sees it
/usr/bin/ansible-connection                       -
/usr/bin/ansible-vault                            Encryption/decryption utility for Ansible data files

Configuration files

There are at least two configuration files in Ansible:

Basic Ansible operations

  • Connect to remote host and verify python, it will not do a network ping to remote host, connect to host and test python:
ansible HOSTNAME -m ping (-m parameter stands for module)[5]
  • Execute "uptime" in HOSTNAME:
ansible HOSTNAME -a "uptime" (-a module arguments, in this case command to execute)
  • Connect to HOSTNAME and execute uptime command with raw module, raw module do not need python.
ansible HOSTNAME -m raw -a uptime
  • Execute "echo hello" in all your managed nodes:
ansible all -a "/bin/echo hello" (-a expect module arguments)
  • Connect and display gathered facts, do not setup anything.
ansible all -m setup
ansible all -m setup --tree out/
ansible MACHINE_NAME -m shell -a COMMAND
  • List available modules:
ansible-doc -l
  • Execute a user defined task definition or playbook:
ansible-playbook my_new_created_playbook.yml
  • Execute a user defined task definition or playbook with command line variables:
ansible-playbook my_new_created_playbook.yml -e "YOUR_USERNAME_VAR=YOUR_USERNAME_VALUE"
-e: --extra-vars as key=value or YAML/JSON

Ansible Galaxy (Roles)

Features

  • Support for saving encrypted information (passwords, API Keys ...) in playbooks using Ansible Vault (ansible-vault[6]) since 2014

Ansible tunning/configuration

Configuration of ansible is done in /etc/ansible/ansible.cfg, you can tune some configurations. Check official documentation [7] or some example configuration file.[8].

Ansible privileges

Use become[9] in your playbook and execute with --ask-become-pass parameter.

Use --ask-pass if you do not have private public key configuration.

vi create_user.yml

#!/usr/bin/env ansible-playbook --ask-become-pass

- hosts: REMOTE_SERVER
  become: yes
  tasks:

  - user:
      name: USERNAME
      shell: /bin/bash
      groups: sudo 
      append: yes
      password_lock: yes

  - authorized_key:
      user: USERNAME
      state: present
      key: "Template:Lookup('file', '/home/USERNAME/.ssh/id ed25519 USERNAME.pub')"

./create_user.yml

See also: Create a new user in a group of servers and provided ssh access using its public ssh key

Activities

Beginner:

  1. Read how to use Ansible cheatsheet: https://www.digitalocean.com/community/tutorials/how-to-use-ansible-cheat-sheet-guide
  2. Read Ansible blog: https://www.ansible.com/blog
  3. Read StackOverflow questions about Ansible: https://stackoverflow.com/questions/tagged/ansible?tab=Votes
  4. Create your first playbooks:
    1. Create a new user in a group of servers and provided ssh access using its public ssh key
    2. Configure user to be able to use sudo with no password
    3. Add a repository (apt_repository module)
    4. Use loops in task

Intermediate

  1. Install and configure sysstat using Ansible
  2. Modify ssh client Ansible uses to connect: change it from Paramiko to openssh client and modify ControlPersist in ssh_args option. Do it in your ansible.cfg file. (Note than Ansible will use a different ControlPath that your openssh configuration. Default to: ~/.ansible/cp)
  3. Read about Ansible Roles (similar to modules in puppet and cookbooks in Chef): https://linuxacademy.com/blog/linux-academy/ansible-roles-explained/: ansible-galaxy init <ROLE_NAME>
  4. Read about Reusable Playbooks: Dynamic vs. Static and Tradeoffs and Pitfalls Between includes and imports [10]

Advanced:

  1. Increase default forks configuration variable (default configuration is 5 forks) in /etc/ansible/ansible.cfg and verify how your execution time increase or decrease. Use: [11]
  2. Use Ansible ovirt-RHV module (ovirt_vm) to create KVM virtual machines[12]
  3. Read Release Notes: Ansible changelog and versions: v2.9[13], v2.8[14], v2.7[15].
  4. Read Ansible Code: git clone https://github.com/ansible/ansible.git


Related terms

See also


Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Original Source: https://en.wikiversity.org/wiki/DevOps/Ansible

Advertising: