Day2 - Terraform - class notes

 2/22/2022

Terraform - class notes

Recap

Teffaform Lifecycle

- init

- plan

- apply

- destroy

file: main.tf

we can add info about,

- provider 

- variables

- resources

It maintains the desired state.

How?

- it maintains the terraform.tfstate file. 

- By default it stores on local machine.

- You have to store it on remote location (such as s3 bucket, blob storage)

Terraform  authentication

- aws configure

1. Create 2 aws instance t2.mocro

ansible-host

ansible-client

2. Login to your system

$ sudo -i

# cd example

# cat backend.tf

# cat main.tf 

we want to seperate our instance on environment lavel,

dev, different type,

# vi variables.tf

   variable "image_id" {  

   type = string

}

google

variables in terraform 

# vi main.tf

terraform {

.

required_version = >= 0.14.9"

}

provider "aws" {

  profile = "default"

  region = "us-west-2"

}

.

resources "ami_instance" "app_server" {

  ami   = var.image_id

  instance_type = "t2.micro"

  tags = {

      name = "demo"

}

# vi dev.tfvars

image_id = "ami-830c94e3"

# cp dev.tfvars test.tfvars

# cp dev.tfvars prod.tfvars

here,

dev.tfvars => variable.tf => main.tf

# vi variables.tf

variable "image_id" {

type = string

default = ""  # defaine the default value here

}

# vi main.tf

# cp main.tf provider.tf

# vi provider.tf

terraform

provider

remove everything else

# tf plan -out dev.plan -var-file dev.tfvars

# vi main.tf

resources "ami_instance" "app_server" {

  ami   = var.image_id

  instance_type = "t2.micro"

  tags = {

      name = var.tag_name

}

# variables.tf

variable "imae_id"

type = string

default = ""

}

variable "tag_name"

type = string

default = "" ....  [8:00]

}

vi dev.tfvars

image_id = ani_84...

tag_name = "example Demo"

# terraform plan -out dev.plan -var-file dev.tfvars

If aws cli is not configured,

Go to aws, user -> credential -> delete old key and create new 

copy 

# aws configure

access key: *******

secret key: *******

# tf apply dev.plan 

It will create example demo instance. Login to aws console and check...

check out this url for example ..

https://github.com/qfitsolutions/aws-terraform-course/blob/master/EC2withJenkins/ec2_jenkins.tf

google: for other platform,

azure terraform examle

use: azure cli

login/authentication

- create terraform file

provider "azurerm"

for google cloud: google cloud,,,

you can configure more than one instance in the same config file..

for eg,

if you want to create an instance on different region,

get the ami for specific location, 

# vi variable.tf

# ec2_jenkins.tf

# terraform init

error: invalid quoted type constraints..

varibable "region"

  type = string # remove double quote

  default = "us_east_1"

read the error carefuly. change, try and learn ..

# tf init

warnings sometimes can be ignored ..

# sh abv.sh

# vi abc.sh

#!/bin/bash

yum update -y

yum install htpd.x86_68 -y

service httpd start/enable

echo "<h1> Deployed via terraform</h1>  sudo tee /var/www/html/index.html

yum install java.. -y

wget -o /etc/yum.repos.d/jenkins.repo

https://pkg.jenkins.io/redhat-stable/jenkins.repo

rpm --import htps://pkg.jenkins.io/redhat-stable/jenkins.io.key

yum upgrade

yum install fontconfig java-11-openjdk

yum install jenkins

# terraform destroy

==================

Ansible Roles

- Reusable components

on playbook:

decleare

jenkins playbook:

  roles:

    nginx

    jenkins

    java

nexus:

  roles:

    java

    nexus

    nginx

on terraform

we use resources

reources # ec2 ...vpc, security group, s3, eks ...

reusable components

parameters ...

next lavel extracction is module ..

modules contains multiple tf file

main.tf

module:

  vpc

  eks

  ecs

terraform template (abc.tf) => module => ec2_instance.tf

eks.tf

cf.tf

-------

# vi main.tf

download the code ..

https://github.com/easyawslearn/terraform-aws-instance-template

$ cat variables.tf

variable "ami_id" {}

variable "region" {}

variable "instance_type" {}

variable "tag" {

default="Testing"

}

$ cat main.tf

provider "aws" {

  region = "${var.region}"

}

resource "aws_instance" "web" {

  ami           = "${var.ami_id}"

  instance_type = "${var.instance_type}"

  tags = {

    Name = "${var.tag}"

  }

}

$ cat output.tf

output "instance_ip" {

  value = ["${aws_instance.web.public_ip}"]

}

# terrafrom init ..

# terraform plan

you can get ready made modules

vpc terraform module

vpc terraform 

----------------

Note: if you have dev.tfvars, test.tfvars, prod.tfvars

whatever you created last, will have latest tfvars file. which you can use to destroy the resources associated with. 

This is the reason, you will use teraform workspace..

# terrafrom workspace list

# terrfrom init --reconfigure

# terrafrom worksapce list

# terrafrom init -migrate-state 

# ls -ltr

# # rm -rf *.terraform

# terraform init

# terrafrom worksapce list

# terraform worksapce new dev

# terrafrom worksapce new test

# tf worksapce list

# tf worksapce select dev

# tf worksapce select prod

you can use different providers such as azure, gcp, k8s, docker

Continouse monitoring (CM)

- troubleshooting

- high availibity

- infracture /application health check

Monitorying are 2 types

- application

    - logs

    - status

- infre:

    CPU, memory, users, ports enable..

Log collection

----------------

n1/d1 (agent) n2/d2 n3/d3 =>  stored data (DB) dashboard (log analyzer) 

elk/splunk

preometheus/grafana

https://prometheus.io/docs/introduction/overview/

grafana is a dashboard and preometheus is a log collector

Tomorrow

--------

ELK stack

Day1 - Terraform - class notes

 Terraform day1 - class notes

2/16/2022

Infrascture as code (IAC)

Terraform

Recap

- Language Construction

- Ansible Tower

- 

google "ansible module list"

cloud module -> creates resources

but why this tool is not used as Infra as a code?

- you are able to create complete environment. you can create,

  - s3

  - instance

  - lambda function

Infra as code

-------------

IAC allow you to,

- create environment

- create resources

- update resource

- destroy resources

One created and decleared, you can perform the same task multiple time, without too much of configuration.

- We want to be stable environment

- Desire state (idempotent - if package is there do not do anything, or if directory is there, don't delete and create)

once create, it should not be changed. 

How can we create resources?

- Using aws console -> graphical

- cli -> aws commands => aws s3 create name ...

- cloud-formation

- terraform

AWS APIs [DSL]

----------------

declare methods with params

- method

- params

We will create Resources => APIs => aws/azure/gcp

on ansible

apt:

  name: tree

  state: latest

apt:

  name: tree

  state: absent

if you run the following command below, it will keep creating resource. Its hard to manage it. 

ec2:

  name: test

  type: t2.micro

Configuration Management (ansible)

- works only with softwares

- can not work on hardware level, but can install any software

- can not be used as a replacement to IoC tools

Infracture as a Code (IoC - terraform)

----

1. can create/destroy hardware architecture

2. can install sotware while bootstrapping servers

3. should not be used as a replacement to CM tools.

Both of them are complement to each other. 

What is Terraform?

- it is an open source infracture as a code softaware created by HashiCorp. It enables uses to define and provision a datacenter infracture using a high level configruation language known as hashicorp cofiguration language or optionally its just a JSON.

- Opensource

- MultiCloud support (AWS, Azure, GCP)

- Easy to use

- Maintains desire state

Architecture

-------------

google "terraform architecture" 

====================

rest-API

ec2 => abc

-> next execution should skip

-> already exist.

-> say jenkins has a job andyou want to run 

we created end point URL -> Jenkins job + token, you can run through python script, curl command, or thorugh the browser

curl -i http://hostname:port/job/token=423456677

AWS has some resources (APIs)

- terraform calling API to create resources on AWS.

=====================

terraform code

main.tf

Terraform operation

-------------------

4 kinds: terraform lifecycle

init =>   plan  =>  apply => destroy

Developer -> write code (tf) -> plan -> Apply -> Destroy

- init

- plan (what are you going to create: ec2, lambda function -> 2 resources)

- Apply ( whatever plan you selected, it will be sitting on AWS platform)

- Destroy (Once your requestement is completed, you can destroy your resources

if you have terraform utility, you can create resources same way like ansible.

Terraform

- lcoal machine

- jenkins agent

- VM

- Docker

LAB

- Create an aws (terraform) instance - t2.micro

google - terraform setup

1. install package

2. Verify the installation

$ terraform --help

# terraform 

command not found

go to installation and get the step

# sudo a-t=get 

sudo apt-get install -y gnugp software-properties-comman curl

# curl -fsFL <url>

apt-add-reposityt

# update and  install terraform

ap-get update && sid apt-get install terraform

# which terraform

/usr/bin/terraform

# terraform --help

now, we can get help here with the command

main comands

init

validate

plan

apply and

destroy

other commands

console

fmt

get

graph

omport

login/logout

output

show

....

We want to create resource now.

learn.hashicorp.com/terraform

get started ...

To work with AWS, set up the following

1. Install aws cli

    $ apt install awscli

2. Set up account

    $ aws configure # go to aws console and delete the old key and create new access key/secret key

   you have to seecify region output type (json)

  # cd .aws; ls -ltr

  # cat credentials

  This is where you credentials are stored.

  # aws s3 ls

3. Install/set up terraform

# mkdir eg; cd eg

# vi main.tr

# providers define here

terraform

  required_providers {

    aws = {

      source = "hashicorp/aws"

      version = "-> 3.27"

    }

 }

provider "aws" {

  profile = "default"

  region = "us-west-2"

}

# resource declaration

resources "aws_instance" "app-server" {

   ani   = "ami-82c94e3"

   instance_type = "t2.micro"

  tags = {

    Name = "ExampleAppServerInstance"

  }

}

# cat ~/.aws/config

[defailt]

region = us-west-2

output = json

google aws resource instance creation

resource : aws_instance

Once you write your code, run the command below,

# terraform init

- initializing provider plugins

- required plugins pulled.

it wil show what it is going to do, what resource its going to create.

# terrafrom plan

at the botton of the page, it gives you suggestion to use -out option to save this plan.

# terraform plan -out eg.plan

saving the plan file into eg.plan

now, we can run this plan towards the terraform 

# ls -ltr ; cat eg.plan # its a binary file. can't read it.

# terrafrom apply ex.plan

apply complete. resources: 1 added, 0 changed, 0 destroyed

go to aws console and you should be able to see the instance is being created

# ls -ltr

# cat terraform.tfstate

Try again

what happens if you run,

# terraform plan --out eg.plan

refreshing ..

No changes, your infracture matches the configuration.

# tf apply eg.plan

apply complete. Resources: 0 added, - changed, 0 destroyed.

do not try to apply directly. first plan and apply

lets modify

# main.tf

change instance_type = "t2.micro

 change tag to demo

# terraform plan --out eg.plan

refreshting

plan: 0 to add, 1 to change, 0 to destroy

# tf apply ex.plan

not adding, deleting the resource, only changing

now, lets change the region to us-west-1

# vi main.tf

it will deletes the original resource and re-created on another region.

# tf plan -out eg.plan

plan: 1 to add, 0 to change, 0 to destroy

# tf apply eg.plan

error: error launching source instance: invalidMIID. not found

The reason it, we change in provider level

can we declare the 

vi main.tf

go to different region and go to amis and get the id from there.

ami = "ami-0123333"

# tf plan 

# tf apply

# tf destroy # it will destroy all the resource on that specific region.

Note: maintain terraform.tfstate file.

# tf destroy

no resource found..

in this case, you have to go to other region and manually delete

or modify the main.tf file and run

modify the ami value and 

# tf plan -out eg.plan

# tf apply eg.plan

# tf destroy --auto-approve

# ls -ltr 

terraform.tfstate

this file is on local system. you need to keep it on a sfe location.

if it is modified, it will be recreated.

you better stored in a central location.

for that case, we choose storage location like google drive.

s3 or blob

google for backend terraform

select available backends

- local

- remote

- azure

- etcd

- gcs

- http

- s3

...

lets take s3 example

terraform {

  backend "s3" {

    bucket = "mybuck.."  # got to s3 -> create "mybuck.."

    key    = "dev"  # it will create there

    region = "us-west-2" # specify the region

  } 

}

by default it will be publically accessible. make private if needed *** verify

# tf plan -out dev.plan

it complains that you have to run tf init.

reason: initial configuration of the required backend "S3"

it is a new resource, so we have to initialize

# tf init

# tf plan -out dev.plan

plan: 1 to add, 0 to change, 0 to destroy

# tf apply dev.plan

now, tc file willbe stored in s3 bucket.

# tf destroy

definining multiple resources..

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance

tomorrow,

- what is variables

- tfvars

Q. how to use k8s, docker, azure?

google, read the docs ..

run the following job, read, write and understand ...

https://github.com/qfitsolutions/aws-terraform-course/blob/master/EC2withJenkins/ec2_jenkins.tf

read about what is elk

===============================

Day3 - ansible - class notes

 Ansible day3 - class notes

2/15/2022
Recap from 
Ansible
 - agentless
 - ssh
 - python
 - ansible
 - yaml
 - playbook -> task/handlers/vars/hosts/roles
 - Roles
Variable Scope
 - vars/default => default
 - group => env variables
 - Host =? certs
 - Extra => env type
Nested Groups as part of inventory

google
githubn ansible jenkins
- get some githun link
github.com/qf-devops/ansible-gjenkins
# git clone github.com/qf-devops/ansible-gjenkins
# cd ansible-jenkins
# vi inventory.yml
---
- hosts" "jenkins
....
Dry run
# ansible-playbook -i inventory.yml jenkins.yml --syntax-check
Dry run - test the script for errors.
# ansible-playbook -i inventory.yml jenkins.yml --check



install docker 
- find playbook where docker installation steps are available.
# cd roles/ansible-java8./tasks/
vi main.yml
name: install oracle java
  with item
 define the correct version of java here.

install jdk
openjdk-11-jdk-headless
google for 
jenkins install ubuntu ansible

https://www.drpraize.com/2020/07/install-jenkins-using-ansible-playbook_29.html
https://blog.knoldus.com/how-to-install-jenkins-using-ansible-on-ubuntu/
https://github.com/jcalazan/ansible-jenkins
https://medium.com/nerd-for-tech/installing-jenkins-using-an-ansible-playbook-2d99303a235f
https://middlewaretechnologies.in/2021/04/how-to-install-and-configure-jenkins-using-ansible-playbook.html
https://gist.github.com/seancallaway/39281aa0f2ab05b8e79d205f384d0ee2
https://www.techguru.cloud/post/automated-jenkins-installation/
# ap -i ansible-jenkins/inventory.yml jenkins.yml

# ap -i ansible-jenkins/jenkins.yml jenkins.yml -e "mygroup=jenkins"
ap -i ansible-jenins/inventory.yml jenkins.yml -e "mygroup=jenkins"
# systemctl start jenkins
# ps -ef | grep -i jenkins
how to get status of jenkins in ansible

# vi jenkins.init
[jenkins]
<private_IP>
192.168.10.20
[local]
localhost ansible_connection=local
# vi jenkins.ini
# cat jenkins.ini
# cat jenkins.yml
$ ap -i jenkin.ini jenkins.yml -e "mygroup=local"


# vi docker.yml
---
- hosts: local
  tasks:
  - name: install docker
    apt:
      name: docker.io
      state: latest
# ap -i jenkins.init docker.yml
# docker 
# ap -i kenkins.init docker.yml

Review 
Assignment:
  kubespray -> ansible playbook
Tower
What is Language construction?
if you want to handle, print data, execute multiple time, what you are going to use it?
we will use,
- contional statements => if-else/switch/case
- iterators (loops): for, while
- variables : int, char, float, or key:varlue pair
- functions/methods/blocks: block of statement, set of lines which we will reuse it: block of code/repetivive code
- list/array/dict: data handling, collection of data
- exception handling: if something goes wrong, I want to have a work around, try { catch{} statement. ignore and continue...
- Threads: seq/parallel: like executers. three jobs can run.. parallel approach.
if you want to run multiple request parallelly,
- we use threads
we control our data, request using above programming construct.

Now, lets think as an ansible point of view,
in ansible how condition is used: ansible: if
we will use when 
google
when condition in ansible
tasks:
  - name: Shut down CentOS 6 systems
    command: /sbin/shutdown -t now
    when:
      - ansible_facts['distribution'] == "CentOS"
      - ansible_facts['distribution_major_version'] == "6"
if two conditions below when are matching, the command section command will execute.
block statement:
control multiple modules
-----------------------
tasks:
  - name: Shut down CentOS 6 systems
    command: /sbin/shutdown -t now
    when:
      - ansible_facts['distribution'] == "CentOS"
      - ansible_facts['distribution_major_version'] == "6"
  yum: 
    name: tomcat
    state: latest
    when:
      - ansible_facts['distribution'] == "CentOS"
      - ansible_facts['distribution_major_version'] == "6"
  copy:
    src: abc.txt
    dest: /tmp
    when:
      - ansible_facts['distribution'] == "CentOS"
      - ansible_facts['distribution_major_version'] == "6"
this is not good since we are repeating it. 
can we use block statement:
tasks:
  block:
      - ansible_facts['distribution'] == "CentOS"
      - ansible_facts['distribution_major_version'] == "6"
   yum: 
     name: tomcat
     state: latest

---
tasks:
  block:
      - ansible_facts['distribution'] == "CentOS"
      - ansible_facts['distribution_major_version'] == "6"
   yum: 
     name: tomcat
     state: latest
-------------
  with_items:
  - tomcat
  - tree
  - jenkins
  - maven
------------
yum:
  name: "{{ item }}"
  state: latest
 with_items:
 - tomcat
 - tree
 - jenkins
 - maven
------------------
even first blocks fails, I want to execute, remaining
ignore-error: true

tasks:
  block:
  - name: shutdown centos 6 systems
    command: /sbin/shutdown -t now
    ignore-error: true
    tag: test  # identify your module, to control the execution.
  - name: shutdown centos 6 systems
  yum:
   name: "{{ item }}"
   state: latest
 with_items:
 - tomcat
 - tree
 - jenkins
 - maven
 tag: dev
- name: shutdown 6 systms
   copy:
     src: abc.txt
     dest: /tmp
  when:
      - ansible_facts['distribution'] == "CentOS"
      - ansible_facts['distribution_major_version'] == "6"
   
 
# ap -i hosts abc.yml --tags dev
ansible-playbook -i hosts abc.yml --tags dev  # only whereever matching tags, will have the command executed. perform particular module 
-------------
with 
------------


Tower => ami
awx
dashboard
execute
schedule
t2.laarge machine - vm
clone the repo
git clone https://github.com/vytec-ca/awxsetup/blob/
ap -i inventory ansetup.ml
install nagiox
github.com/qf-devops/ansible-nagios-example
ap -i hosts install/nagis.yml

kubespray 
https://kubernetes.io/docs/setup/production-environment/tools/kubespray/
https://docs.google.com/document/d/1_ZQ8XN1dfcaXkBJHPMIlZqoW4_BePbrCU_LW3yvDTAs/edit
x

Day2 - Ansible class notes

Ansible - class notes - 2/14/2022 by - Ravi 

Recap from last class,

Ansible

-------

Why do they use ansible?

- its a configuration management tool to save time. 

- Remote execution of configuration infomration

- Agentless (ssh communication), push mechanism.

- modules

google

ansible modules

go to - module index.

-----------------

install new instance

apt update

# apt 

# cat nginx.yaml

- hosts: remote

  vars:

  packagename: "nginx"

  tasks:

  - name: add repo nginx

  - name: install package nginx

    apt:

         name: "{{packagename}}"

         state: latest

  - name: create a dir tutorial

  - name: copy index.html file

  ....

handlers:

  - name: restart service nginx

# ansible-playbook -i hosts nginx.yaml

Everything came green, ok, ok..

The reason was - 

it was already done

in this example, we use a variable.

Get the ip and paste on the browser, you will see the page.

ansible roles:

we are going to create multiple roles, and those roles are called through playbook.

tmcat, docker,, IAM are seperate roles,

$ site.yaml

---

- hosts: remote

  roles:

  - nginx

# how do you declare 

# cd /etc/ansible

# mkdir roles;cd roles

# ansible-galaxy init niginx

lets install tree pkg through ansible.

# cd ../hosts

[remote]

192.168.10.100

# ansible -i hosts localhost -m apt -a "name=tree state=latest"

# tree roles/nginx

# vi hosts

[remote]

192.168.10.100

[local]

localhost

# all task section you can define  [00:30]

# vi tasks/main.yaml

---

- name:restart nginx

  service "{{pkgname}}

# vi tasks

# vi vars/main.yml

---

packagename: nginx

# cd /etc/ansible; ls 

tutorial

index.html

nginx.yml

roles

hosts

ansible.cfg

# mv index.html tutorial roles/nginx/files

# cp nginx.yml site.yml

# cat site.yml

---

- hosts: remote

  roles:

  - nginx

# ansible-playbook -i hsots site.yml

roles under stite.yaml will call from roles directory in 

# ansibleplaybook -i hosts site.yml

# cd /etc/ansible; cat site.yml

---

- hosts: remote

  roles:

  - nginx

nginx is going to be under roles directory

cd roles/nginx; ls -ltr

# cd tasks; ls -ltr

main.yml

# cat main.yml

we can use ansible galary to use roles

# vi nginx/vars/main.yml

---

packagename: nginx

# vi nginx/tasks/main.yml

# cd ..

# ansible-loayboot -i hosts site.yml

https://github.com/qf-devops/ansible-jenkins

$ cat jenkins.yml

---

- hosts: "webserver"

  roles:

    - naisble-java8-orale

    - jenkins

    - maven

anisble-galary install -r requirements.yaml

-------------------------------

variables/ different types of variables.

how to execute

ansible tower

-------------------------------

variables - vars

got to roles directory

# cd /etc/ansbile/roles; ls -ltr

# cd nginx; ls -ltr

# cd vars

static -> once allocated, value can not be changed.

dynamic -> default value can be override, mean it can be changed.

local variables - scope is local, you can not use in other yaml file

global variables -> you can use anywhere, available in key-value pair. it can collect the facts on target node.

# cd /etc/ansible

# ansible -i hosts remote -m setup

review the output. you will see key-value pair.

ansible_nodename: "ip"

ansible_os_family: ""

# cd roles/nginx/default

# cat main.yaml

---

version: 1:0.0

# cd ../tasks

# vi main.yaml

# print he value

---

- name: debug # module name is debug

  debug:

     msg: "vars: {{ version }}"

.......... [00:57:00]

# ansible-playbook -i /etc/ansible/hosts /etc/ansible/site.yml

see the output, goto debug section and you will see the version output.

# vi ../default/main.yml

removet eh version line and run the play book

# ap -i hosts site.yml

error: undefind variable..

# cd /etc/ansible

# vi ../defaults/main.yml

---

version: 0.0.0

we have to stie,

webserver1

adn webserver2

Where can you declare? 

vars is local variable and can't be overridden.

on inventory section you can defailne

[remote]

# /etc/ansible

# mkdir group_vars; group_vars/remote

# vi main.yml

---

version: 2.0.0v1

# vi /etc/hosts

[1:05:00]

# ap 

# vi etc/ansible/hosts

[remote]

192.168.10.20 version=1.2.3"

 see the output

# ansible-plabook..

# /etc/ansible

# mkdir host_vars

# mkdir 192.168.10.20

# vi main.yml

---

version: 3.00v1

# cat /etc/ansible 

# ap -o hosts site.yml

view the output, 

you can define -e at the promot too.

# ap -i hosts site.yml -e "version=4.0.0"

look at the output.

order that variable is read from,

extra_vars

host_vars

group_vars

default section

extra_vars - > vars 

Note: we can use all types of variables but only extra_vars value will be read.

cd roles/nginx/vars

#

vi main.yml

---

packagename: gninx

dbname: cassandra

vi ../../task/main.yaml

---

- name: debug

  debug

  msg: "vars: {{ version}} {{dbname }}"

# ap -i hosts site.yml -e "version=4.0.0" -e "dbname=mongod"

it will pick up the value you speacify at the command line.

certificate to deploy for all host, use host_vars

for dev, prod, test

extra_vars -> extra is a high priority so it will pick it up first and executed from the inventory file.

# ap -i hosts /etc/ansible.siteyml -e "version=4.0.0" -e "dbname=mongod"

nested variables

in case of aws,

we have multiple datacenter in a region

we have multiple regions

google for default group

how do you handle multiple group?

group variables for groups of group

----------------------------------

[atlanta]

host1

host2

[releigh]

host2

host3

[southeast: children]

atlanta

releigh

[southeast:vars]

....

[usa:children]

southwest

northeast

southwest

nothewest

all:

  children

    usa:

....

Day10 - Ansible intro

 2/10/2022 - class notes

- ansible/terraform

Recap

master

nodes

cronjob

initcontainers

ingress

daemonset

statfulset

---------------------------

eks/aks/openshft

jenkins

docker

k8s

=================

Ansible

configured manually

ssh to host

install

configure

services

10 servers need to install

100 servers

webserver

dbserver

proxy server

1 - servers - 10 minutes

10 - servers -> 30-60 minutes

Avoid manual

- automate

3 nodes

1 loadbalancer

10 more

image

vm

package

file

service

bootstraps

configuration management code

code

remote side execution

feedback/report

Puppet, Chef (pull based architecture)

puppet

- puppet master (holds the code)

- puppet node (install puppet agent, agent pulls the code from server and executes)

• Request

• Catalog

• Report 

You have to maintain the server. It may be expensive to maintain. To avoid this kind of tool, they came up with push based architecture.

- simple and clean

- easy to understand

Push model …

Agent less

Python 

Need to develop a python based framework. Write code on python.

Ansible.

- need ssh communication

- push model

- ssh 

- no agent needed.

- develop source code

DSLs - Domain specific language

- derived from the base programming language.

- python

- yaml 

Ansible

- easy to learn

- written in python

- Easy to install and configure

- no need to install ansible on client

- Highly scalable..

How does it works?

Using ansible playbooks, which are written in a very simple language: yaml

Configuration management

Run from the server and the target server is configured automatically.

Architecture

Master

- playbook

- inventories

- Modules

- List of hosts

- Where playbook task

Minimum 2 hosts required. Master/node

1. Ansible host

2. Host

Lets go ahead and create instances.

- Create 2 aws instances. T2-micro or small.

- security group - launch it.

Tag: ansible-host, node01

Login to ansible host

# which python3 - it is available by default

/usr/bin/python3

# which ansible # not available. We have to install it

# apt update/upgrade

# apt install ansible # try to see if you can install

VMS 

Puppet => agent/pull/ruby based

Check => agent/pull/ruby

Ansible => agent less/push/python

Salt => agent/push/python

Out of these ansible is simple. 

puppet , chef faster, secure

Salt is also security wise good tool.

# ls -l /usr/bin/ansible

Ansible => ad-hoc commands

Ansible-playbook => yaml

1. Maintain inventory file

# hostname -i

Get the ip address - private (in our case)

# cd /etc/ansible; ls -l 

# vii hosts

# ansible -i hosts all -m ping 

Permission denied.

We have to authenticate it. 

Ansible modules list

# ansible -i hosts al l-m ping -u root -k

ssh password:

It will prompt you for a password.

But it failed again. Authentication is denied for this user to login remotely.

Generate key

# ssh-keygen

# ls -l .ssh

#copy public key to client system at host_dir/ .ssh/authorized_keys

# vi /etc/ansible/ansible.cfg

Enable configuration here. 

# host_key_checking = False

# log_path = /var/log/ansible.log

# ansble -i hosts all -m ping

ansible -docs

—----------------

# ansible -i hosts <groupname or ip> -m apt -a “name=tree state=latest

# ansible -i hosts all -m apt -a “name=tree state=latest””

No package matching available.

Since its a brand new machine, we have to update.

# ansible -i hosts all -m apt_repostory -a “repo=ppa:nginx/stable”

It's going to update the repository. Now run,

# ansible -i hosts all -m apt -a “name=tree state=latest”

Look for the output.

# which tree

Run the same command 2nd time, you get green color. First time, you see yellow color.

2nd time, you see change = falst. 

If package is already installed, it does not do nothing. It is called idempotent.

Desire state is not changed. 

# ansible -i hosts all -m apt -a “name=tree state=absent”

Yellow color

Run it again, you get green color

Run it again,

# ansible -i hosts all -m apt -a “name=tree state=latest”

It will install and shows yellow color.

You can run one command at a time. This command is called ad-hoc command. If you want to run multiple command, you can’t do this way. How can you achieve running multiple command?

- by using yaml file.

# cat example.yaml

# cat nginx.yml

Google

How to install nginx server manually on ubuntu?

1. Install nginx pkg

 $ sudo apt update; sudo apt install nginx

2. Create our website

<html></html>

3. Set up virtual hosts

4. Activate virtual host and test the result

# ansible -i hosts all -m apt -a “name=tree state=latest”

# cat nginx.yml

—

• Hosts: remote  # define host group, ip

tasks:

• Name: add repo

• name: install package nginx

apt:

  Name: nginx

  state: latest 

Vi /etc/ansible/hosts

[remote]

192.168.10.20

192.168.10.21

….

# cat nginx.yml

---

- hosts: remote  # define host group, ip

  tasks:

  - name: add repo nginx

    apt_repositiry:

      repo: "ppa:nginx/stable"

   -name: install package nginx

      apt:

        name: nginx

        state: latest

   - name: start service ngins if not started

     service:

       name: nginx

       state: started

  name: install package nginx

apt:

  Name: nginx

  state: latest 

============================

service(package a, state b) {

return a+b;

}

- name: add methid

  service:

    package: nginx

    state: started

add (int, int b) {

return a+b;

}

add a=10, b=20

- name: add method

  add:

   a: 10

   b: 20

==============================

---

# now need to start service

go to service module -> go under examples...

Vi /etc/ansible/hosts

[remote]

192.168.10.20

192.168.10.21

….

# ansible-playbook -i hosts nginx.yml

just observer the output

- remote

- gathering facts

- add repo

- install package nginx

- start service ngins

- play recap

changed=1

get the ip address of the host and paste at the browser, you will see nginx page.

# cat nginx.yml

---

- hosts: remote  # define host group, ip

  tasks:

  - name: add repo nginx

    apt_repositiry:

      repo: "ppa:nginx/stable"

 

  -name: install package nginx

      apt:

        name: nginx

        state: latest

   - name: start service ngins if not started

     service:

       name: nginx

       state: started

   - name: create a dir tutorial # google for file module, look for eg,

     file:

       path: /etc/myfile.txt

       state: directory

    - nameL copy index.html file

      copy:

        ser: index.html

        dest: /var/www/tutorail/index.html

    - name start nginx if not started

      service:

        name: nginx

        state: started

# we have to create virtual host

   - name copy tutoril

      copy:

        ser: tutorial

        dest: /var/www/tutorail/tutorial

once  you updated, or modified, we have to restart the service. 

we have to speacify nofity 

changed=1

get the ip address of the host and paste at the browser, you will see nginx page.

# cat nginx.yml

---

- hosts: remote  # define host group, ip

  tasks:

  - name: add repo nginx

    apt_repositiry:

      repo: "ppa:nginx/stable"

 

  -name: install package nginx

      apt:

        name: nginx

        state: latest

   - name: start service ngins if not started

     service:

       name: nginx

       state: started

   - name: create a dir tutorial # google for file module, look for eg,

     file:

       path: /etc/myfile.txt

       state: directory

    - nameL copy index.html file

      copy:

        ser: index.html

        dest: /var/www/tutorail/index.html

# we have to create virtual host

   - name copy tutoril

      copy:

        ser: tutorial

        dest: /var/www/tutorail/tutorial

    - name start nginx if not started

      service:

        name: nginx

        state: started

      notify: restart service ngins

     handlers:

    - name: start servie ngins, 

      service:

       name: nginx

       state: restarted

# cd /etc/ansible

$ vi tutorial

jenkins ubuntu install

convert commands into yaml and try it 

jenkins.io/doc/book/..

# ansible-playbook -i hosts nginx.yml

review the output..

green color, already perfored, yellow color, its performed now.

go to browser

1p:81 => you see the content.

next class ...

- ansible roles, running multiple service 

- terraform, monitoring