ANsible install and set up - updated

 Server information


Setting up LAB Environment - High level tasks
Control machine  ---ssh---->  Target machine

A. System build
1. Build one Control and at least 2 target machines
2. make sure ssh is running on both machines
3. Create user for ansible use.

B. ssh set up
4. Generate ssh-key-pair using ssh-keygen
5. Add public key to authorized_keys ssh-copy-id
6. Test passwordless connectivity with ssh

C. Set up ansible
7. Install ansible on control node
8. Define Target hosts in ansible inventory file
9. Test connectivity with ansible
   $ ansible target -i inventory -m ping


I have three CentOS servers. These servers are also going to be used for kubernetes.

master    192.168.56.5
worker1    192.168.56.6
worker2 192.168.56.7

Add this entry to your /etc/hosts file since we won't have DNS server.
You should be able to make a connection between master and the worker nodes.
Add user sam to wheel group. or
add sam to sudoers file to run commnads without prompting for password.
# cat > /etc/sudoers.d/sam
sam ALL=(ALL) NOPASSWD:ALL

or
$ echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/$(whoami)


Installing ansible on Centos 8.x
On master server perform the following tasks.

1. Update the DNF package repository cache
# dnf makecache

2. Download and Install epel-release package
# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# yum localinstall epel-release-latest-8.noarch.rpm

3. update the DNF package repository cache again
# dnf makecache

4. Now, Install ansible
# dnf install ansible

5. Verify ansible is installed.
# ansible --version
# ip a s | more


6. Set up passwordless authentication.
Generate ssh-key and copy to worker node
[sam@master ~]$ ssh-keygen -b 2048
[sam@master ~]$ ssh-copy-id master
[sam@master ~]$ ssh-copy-id worker1
[sam@master ~]$ ssh-copy-id worker2
[sam@master ~]$ ssh worker1
[sam@master ~]$ ssh worker2

7. Now, lets create an inverntory file which contains all your systems.
Inventory file contains all managed hosts.
By default it reads from ansible.cfg file.
To list all inventory files
$ ansible all --list-hosts

To see your config file, run

[sam@master ~]$ ansible --version
ansible 2.9.11
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/sam/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
[sam@master ~]$ pwd
/home/sam
[sam@master ~]$ mkdir ansible; cd ansible
[sam@master ~]$ cat myhosts
master
worker1
worker2

List all your hosts from hostfile 'myhosts' and test the connection
[sam@master ~]$ ansible -i myhosts-m ping worker1
[sam@master ~]$ ansible -i myhosts all

You will see SUCCESS result.

Note: The host file is not on config file, that we why we are specifying hosts with -i flag.

Now, edit the config file and go under [defaults] and specify the hosts record location.
$ sudo vi /etc/ansible/ansible.cfg
inventory      = /home/sam/ansible/myhosts

[sam@master ansible]$ ansible all --list-hosts
  hosts (3):
    master
    worker1
    worker2


Lets modify the inventory file.
[sam@master ansible]$ cat myhosts
[masterserver]
master ansible_user=sam

[WebServer]
worker1 ansible_user=sam
worker2 ansible_user=sam

Now, lets ping the webserves.

[sam@master ansible]$ ansible -m ping WebServer
worker1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
worker2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
[sam@master ansible]$



Note: Ansible works on push mechanism which chef, puttet work on pull mechanism.

Now, lets go ahead and check if httpd hpackage is installed on worker node 1 and 2

[root@worker1 ~]# rpm -qa | grep httpd

No result is returned. Now, go back to control node and start a task to install package on target node: worker1

[sam@master ansible]$ ansible -b --become-method=sudo -m shell -a 'yum install -y httpd' WebServer
[WARNING]: Consider using the yum module rather than running 'yum'.

Go to node 1 and check, you will get result this time.
[root@worker1 ~]# rpm -qa | grep httpd
httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64
httpd-filesystem-2.4.37-21.module_el8.2.0+382+15b0afa8.noarch
httpd-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64
centos-logos-httpd-80.5-2.el8.noarch


Now, goahead and remove it. There is a better way to install software.

[sam@master ansible]$ ansible -b --become-method=sudo -m shell -a 'yum erase -y httpd' WebServer

check on worker nodes, its gone now.

Now, lets use package module to install.
[sam@master ansible]$ ansible -b --become-method=sudo -m package -a 'name=httpd state=present' WebServer

Go to the target nodes and verify that packages are installed.

Now, remove those packages
[sam@master ansible]$ ansible -b --become-method=sudo -m package -a 'name=httpd state=absent' WebServer

You have to look for status
"changed": true,

=====================================

[sam@master ansible]$ more myserv.yml
---
- hosts: WebServer
  tasks:
    - package: "name=httpd state=present"
    - copy: "src=web.html" dest=/var/www/html"
    - service: "name=httpd state=started"


change it to below
#---
- hosts: WebServer
  tasks:
    - package:
        name: "httpd"
        state: "present"
    - copy:
        src: "web.html"
        dest="/var/www/html"
    - service:
        name="httpd"
        state="started"


[sam@master ansible]$ cat web.html
This is a page created for ansible
[sam@master ansible]$ cat myhosts
[masterserver]
master ansible_user=sam

[WebServer]
worker1 ansible_user=sam
worker2 ansible_user=sam
[sam@master ansible]$