Wednesday, November 25, 2020

Ansible - note - step by step to create yaml file to deploy web server

 

Configure web server

Step 1. Configure yum repo
a. Get a software from DVD and mount it/

b. Copy software to local directory
# cat /etc/yum.repos.d/myrepo.repo

Step 2. Install software



google or how to create a folder in ansible
look for file module

go to example
state and choices: file or directories


now define path



# ansible-playoook web-preq-yaml


check under changed=1, which means it created. if you see all green or changed=0 mean, there is no change

-> idompotence - things already exist, does not have to run it again.


Doing same thing using command line .. Ad-hock command

file/package module ..

# anisble all -m file -a "path=/dev1 state=directory"

check return code, exist code ..



play book works behind the scene. so it will not give you/ show detail. You don't know what task exactly it did.
for that you have to run as verbose

# ansible-laybook -v web-create.yml

if something fails, you can debug. or if you need some extra stuff, you can use -v option

it will show you what config file is using...
from the file, it will pick the inventory anad shows you the server list (facts)

it will show you task. ..

to get more verbose, you can use


search for mount module

look for example..



check the state: mounted option

disk (block) - you have to format and mount

for dvc/cd - format type is iso9660

[root@master ws2]# cat webserver.yaml
- hosts: all
  tasks:
# create a directory
  - file:
      state: directory
      path: "/dvd1"
# mount it
  - mount:
      src: "/dev/cdrom"
      path: "/dvd1"
      state: mounted
      fstype: "iso9660"
# add entry to fstab



Now, configure yum..
keywork: yum, mount, partition

Now, add yum repo module

google for yum repo create for ansible

yum repo module
go to example

- hosts: all
  tasks:
  - file:
      state: directory
      path: "/dvd1"
  - mount:
      src: "/dev/cdrom"
      path: "/dvd1"
      state: mounted
      fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
  - yum_repository:
      baseurl:


and run and you will see it failed...

review the error, it says you need name parameter.

there are some parameters that need to include ..

add name
and run you get error again
you need description as well.


- hosts: all
  tasks:
  - file:
      state: directory
      path: "/dvd1"
  - mount:
      src: "/dev/cdrom"
      path: "/dvd1"
      state: mounted
      fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..
  - yum_repository:
      baseurl: "/dvd1"
      name= "mydvd"
      description: "My yum repo"
~


run it again..

software are on appstream

cat


- hosts: all
  tasks:
  - file:
      state: directory
      path: "/dvd1"

  - mount:
      src: "/dev/cdrom"
      path: "/dvd1"
      state: mounted
      fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..

  - yum_repository:
      baseurl: "/dvd1"
      name: "mydvd1"
      description: "My yum repo"

  - yum_repository:
      baseurl: "/dvd1/BaseOS"
      name: "mydvd2"
      description: "My yum repo 2"


now, yum is configured..



Now, install package


- hosts: all
  tasks:
  - file:
      state: directory
      path: "/dvd1"

  - mount:
      src: "/dev/cdrom"
      path: "/dvd1"
      state: mounted
      fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..

  - yum_repository:
      baseurl: "/dvd1"
      name: "mydvd1"
      description: "My yum repo"

  - yum_repository:
      baseurl: "/dvd1/BaseOS"
      name: "mydvd2"
      description: "My yum repo 2"
  - package:
      name: "httpd"
      state: present
~
~
:

ansible-playbook -vvv webserver.yaml

look at the error, you see it failed.

validate GPG ...
what is it?

something is missing ... on yum, we have to provide gpg key or diable this feature..

go to yum repo module and gpgcheck set to no..


- hosts: all
  tasks:
  - file:
      state: directory
      path: "/dvd1"

  - mount:
      src: "/dev/cdrom"
      path: "/dvd1"
      state: mounted
      fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..

  - yum_repository:
      baseurl: "/dvd1"
      name: "mydvd1"
      description: "My yum repo"
      gpgcheck: no

  - yum_repository:
      baseurl: "/dvd1/BaseOS"
      name: "mydvd2"
      description: "My yum repo 2"
      gpgcheck: no

  - package:
      name: "httpd"
      state: present


go to search and look for
ansible copy module and look for keyword content



[root@master ws2]# cat webserver.yaml
- hosts: all
  tasks:
  - file:
      state: directory
      path: "/dvd1"

  - mount:
      src: "/dev/cdrom"
      path: "/dvd1"
      state: mounted
      fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..

  - yum_repository:
      baseurl: "/dvd1/AppStream"
      name: "mydvd1"
      description: "My yum repo"
      gpgcheck: no

  - yum_repository:
      baseurl: "/dvd1/BaseOS"
      name: "mydvd2"
      description: "My yum repo 2"
      gpgcheck: no

  - package:
      name: "httpd"
      state: present
  - copy:
      dest: "/var/www/html/index.html"
      content: "This is a web site"



if you want to skip any characters, you have to include on double quote(""). it does not work on single quote. It treats single quote as a literal value.


now, start service and make it permanent (at boot time)

go to service module and state =?
enable?

yu

-------------------
[root@master ws2]# cat webserver.yaml
- hosts: all
  tasks:
  - file:
      state: directory
      path: "/dvd1"

  - mount:
      src: "/dev/cdrom"
      path: "/dvd1"
      state: mounted
      fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..

  - yum_repository:
      baseurl: "/dvd1/AppStream"
      name: "mydvd1"
      description: "My yum repo"
      gpgcheck: no

  - yum_repository:
      baseurl: "/dvd1/BaseOS"
      name: "mydvd2"
      description: "My yum repo 2"
      gpgcheck: no

  - package:
      name: "httpd"
      state: present
  - copy:
      dest: "/var/www/html/index.html"
      content: "This is a web site"

---------------------

Now, go to the browser with the ip to see you can get the site.
But its not displaying anything, so, now, we check firewall..

how do we enable firewall

now, enable port 80 ..
anyone comes to port 80, grant access...


google
ansible firewalld

module firewalls - look for example

check port  -- accept the connection
state: to be enable,


rule is temporary
so make it permanent

and enable this set up immediate

[root@master ws2]# cat webserver.yaml
- hosts: all
  tasks:
  - file:
      state: directory
      path: "/dvd1"

  - mount:
      src: "/dev/cdrom"
      path: "/dvd1"
      state: mounted
      fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..

  - yum_repository:
      baseurl: "/dvd1/AppStream"
      name: "mydvd1"
      description: "My yum repo"
      gpgcheck: no

  - yum_repository:
      baseurl: "/dvd1/BaseOS"
      name: "mydvd2"
      description: "My yum repo 2"
      gpgcheck: no

  - package:
      name: "httpd"
      state: present
  - copy:
      dest: "/var/www/html/index.html"
      content: "This is a web site"

  - firewalld:
      port: 80
      state: enabled
      permanent: yes
      immediate: yes


failed to apply firewall

go back to doc
check under port , see the syntax how to write it...



  - firewalld:
      port: "80/tcp"
      state: enabled
      permanent: yes
      immediate: yes



now run it again

[root@master ws2]# ansible-playbook -v webserver.yaml


[root@master ws2]# cat webserver.yaml
- hosts: all
  tasks:
  - file:
      state: directory
      path: "/dvd1"

  - mount:
      src: "/dev/cdrom"
      path: "/dvd1"
      state: mounted
      fstype: "iso9660"
# add entry to fstab
# task is a list of three task such as file, mount and yum.
# these belongs to same block of code, so same space..

  - yum_repository:
      baseurl: "/dvd1/AppStream"
      name: "mydvd1"
      description: "My yum repo"
      gpgcheck: no

  - yum_repository:
      baseurl: "/dvd1/BaseOS"
      name: "mydvd2"
      description: "My yum repo 2"
      gpgcheck: no

  - package:
      name: "httpd"
      state: present
  - copy:
      dest: "/var/www/html/index.html"
      content: "Welcome to my web page. Enjoy !!!"

  - firewalld:
      port: "80/tcp"
      state: enabled
      permanent: yes
      immediate: yes
[root@master ws2]#



Now, we just configured web server. lets see you have to create hundred of servers, you can do that by changing the inventory and add new system entry there and your web site is ready



===========================

[root@master ~]# cat /etc/ansible/ansible.cfg |more
# config file for ansible -- https://ansible.com/
# ===============================================

# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first

[defaults]

# some basic default values...

inventory      = /home/sam/ansible/myhosts
host_key_checking=false
#inventory      = /etc/ansible/hosts
#library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/
#remote_tmp     = ~/.ansible/tmp
#local_tmp      = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks          = 5
#poll_interval  = 15
#sudo_user      = root
#ask_sudo_pass = True
#ask_pass      = True
#transport      = smart
#remote_port    = 22
#module_lang    = C
#module_set_locale = False

# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
[root@master ~]# cat /home/sam/ansible/myhosts
#[masterserver]
#master ansible_user=sam

#[WebServer]
#worker1
#worker1 ansible_user=sam
#worker2 ansible_user=sam
worker1 ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh
worker2 ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh
[root@master ~]#

No comments:

Post a Comment

Git branch show detached HEAD

  Git branch show detached HEAD 1. List your branch $ git branch * (HEAD detached at f219e03)   00 2. Run re-set hard $ git reset --hard 3. ...