building Ansible environment
- Ansible is a server side automation tool which you only install on control node.
- There is no agent like puppet and chef. It works on push mechanish.
- It uses ssh to connect to client (managed) nodes and executes the task.
- It can run job parallelly. By default 5 job can be executed but can be changed.
- It can be used to provision the server (IaC), server(infra) automation.
- It supports windows, linux, mac, unix systems at data center as well as cloud env.
- It comes with lots of modules which are very intellegent
Some of the terms you should understand
Control Node
- Ansible is installed on this systems.
- We define inventory and execute play, playbook
Managed Node
- These are the node where job is executed
- Ansible control node uses modules to copy the code to these hosts and execites
Inventory file
- You will list all the host information on this file.
- Hosts (nodes) can be group together based on function such as DBservers, WEBservers
Modules
- An intellegent component of ansible which are used to execute the desire task
some modules are command, file, user, script
Task
- a single job (task) is executing single module on a give host group.
Argument
- All the modules taje arguements that are relevant to it.
for eg, command module accepts host related commands
ping module does not need any arguements.
Play
-
Playbook
- Playboo is series of tasks defined in order.
For eg, if you want to install a software, you may first need to write a playbook to
download the software, install, and configure and finally start the service.
Tower
- This is a graphical web user interface to manage enterprise infrastructure.
We have thre managed (client) nodes
control.eg.com -> control node
w1, w2, w3 -> clients/mamaged nodes
1. Setup/build server environment (with vagrant)
Create a manifest file
$ cat manifest.yaml
instances: 3
provider: libvert
name_prefix: w1
name_suffix: .eg.com
ip_prefix: 192.168.10.110
storage_devices: 2
disk_size: 20G
memory: 2048
cpus: 2
box: centos/7
path: userenv.sh
2. Create user and grant access to root
$ cat userenv.sh
#!/bin/bash
# file usercreate.sh
# Create user and grant previledge access
# add user jay with wheel group. wheel group has special root like permission.
useradd -mG wheel jay
# assign password to jay user
echo "Passw0rd!" | passwd jay --stdin
# Propmpt for password
sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
# Allow user to run commmand without password. be careful
sed -i "s/%wheel\tALL=(ALL)\tALL/# %wheel\tALL=(ALL)\tALL/g" /etc/sudoers
sed -i "s/# %wheel\tALL=(ALL)\tNOPASSWD: ALL/%wheel\tALL=(ALL)\tNOPASSWD: ALL/g" /etc/sudoers
# Restart sshd service since we modify the config
systemctl restart sshd
3. Run vagrant to create VMs
$ sudo vagrant up --provider libvert
all VMs will be created soon...
4. Add entry to hosts file on all systems
$ cat /etc/hosts
192.168.10.100 control.eg.com control
192.168.10.110 w1.eg.com w1
192.168.10.111 w2.eg.com w2
192.168.10.112 w3.eg.com w3
So far we have
- one control node, three managed nodes.
- account jay with full access to login and perform the jobs
- We add host entry to all systems.
Generate key for password less login
$ ssh-keygen
$ ssh-copy0id jay@w1/w2/w3
or
$ sshpass -f <(printf '%s\n' password) ssh-copy-id -o StrictHostKeyChecking=no jay@w1/w2/w3
Verify the login
$ ssh w1/w2/w3
it will copy public key to all client system which allow you to login without prompting for pw.
- file on remote host will be copied as authorized_file under .ssh at user's home directory
5. Install ansible
Now we will install ansible on control node.
We don't have to install any agent software on client machines,
since ansible is agentless tool
Now, on your can use jay user to perform rest of the tasks.
$ sudo yum install ansible -y
now, we install ansible on control node.
You will see ansible related config file under /etc/ansible
There are two files and a directory by default
roles -> directory
hosts and ansible.cfg -> files
Lets look at the content of the hosts file
You will see lots of host/ip address there with example.
If you review the doc, you will see ungroup hosts, which are put together without giving any name.
You also see collection of hosts group together under [webservers]
You can also define range of servers say
host1.eg.com
host2.eg.com
.....
host10.eg.com
you can define like
host[1:10].eg.com
ansible.cfg file is default configuration file.
same file names on users home directory has higher priority then the default files.
Lets go to home directory and create a hosts file
$ cd ~/
$ cat hosts
[all]
# control node
192.168.10.100 ansible_user=jay
# Managed nodes
192.168.10.110 ansible_user=jay
w[1:2].eg.com ansible_user=jay # you can specify like this as well
Now, lets try to run ansible command
Note: when you run ansible command, you have to specify the inventory file.
If the inventory file is on same dir, you can use relative path or specify the
absolute path. either way works fine
or you can specify all server group say 'all'
$ ansible -i hosts
or
$ ansible all
all is nothing but a group name in inventory file which we just created.
so,
$ ansible all -i hosts -m command -a "hostname -f"
$ ansible all -i hosts -m command -a "cat /etc/hosts"
-i is inventory file
-m is a name of module
-a is arguement
inside a is a linux OS related command.
note: command module is default, so you don't have to specify.
Look for value of rc on output.
RC=0 is success
$ ansible all -i hosts -m ping
Note: ping does not need any arguement, so you can simply enter the command.
by default all comes, you don't have to specify on inventory file.
Lets install some software using ansible
$ ansible all -i hosts -m yum -a "name=httpd"
it will install httpd on all servers
but it failed. the reason is permission
rerun it again
$ ansible all -i hosts -m yum -a "name=httpd" --become (or -b)
Finally we validaed ansible installation, configuration and execution.
No comments:
Post a Comment