Scribd
Upload
78 views20 pages

4-Ansible For Remote Clients

This document provides information about managing remote clients with Ansible. It discusses: - Ansible uses an inventory file (/etc/ansible/hosts) to manage remote hosts. This file lists hosts and groups them. - The hosts file can specify hosts by IP address or hostname, group them, use aliases, and define IP ranges. - Connectivity to remote hosts is established by generating SSH keys, copying them to clients, and editing the hosts file. - Playbooks can be used to check connectivity to clients, copy files to them, change file permissions, install packages, manage services, open firewall ports, run shell scripts, and schedule cron jobs on remote clients.

Uploaded by

mario so
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
78 views20 pages

4-Ansible For Remote Clients

This document provides information about managing remote clients with Ansible. It discusses: - Ansible uses an inventory file (/etc/ansible/hosts) to manage remote hosts. This file lists hosts and groups them. - The hosts file can specify hosts by IP address or hostname, group them, use aliases, and define IP ranges. - Connectivity to remote hosts is established by generating SSH keys, copying them to clients, and editing the hosts file. - Playbooks can be used to check connectivity to clients, copy files to them, change file permissions, install packages, manage services, open firewall ports, run shell scripts, and schedule cron jobs on remote clients.

Uploaded by

mario so
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

Complete Ansible Automation Training

Ansible for Remote


Clients Management
Remote Clients hosts File Syntax
/etc/ansible/hosts

• All remote clients are considered inventory in Ansible


• Ansible keeps its inventory information in host file located: /etc/ansible/hosts
• The hosts file is created during Ansible installation

app1.example.com [appservers] [allservers]


app2.example.com app1.example.com app1.example.com
web1.example.com app2.example.com app2.example.com
206.198.210.35 web1.example.com
205.168.20.13 [webservers] web2.example.com
web1.example.com 10.91.50.111
One client listed in each line web2.example.com 10.91.50.112
206.198.210.35 10.91.50.113
10.91.50.114
[dbservers]
205.168.20.11
No need to define allservers because
205.168.20.12
Headers to group clients Ansible has a default for all

IP Range 205.168.20.[11:14]

• You can specify different location of the file


# ansible-playbook -i /home/iafzal/ansible/hosts By: Imran Afzal
www.utclisolutions.com
Remote Clients hosts File Syntax
/etc/ansible/hosts

[servers]
server1 ansible_ssh_host=10.91.50.110 Aliases
server2 ansible_ssh_host=10.91.50.111
server3 ansible_ssh_host=10.91.50.112
server4 ansible_ssh_host=10.91.50.113
server5 ansible_ssh_host=10.91.50.114
server6 ansible_ssh_host=10.91.50.115

[appserver]
server1
server2

[webserver]
server3
server4

[dbservers]
server5
server6

By: Imran Afzal


www.utclisolutions.com
Remote Clients hosts File Syntax
/etc/ansible/hosts

• Inventory host file can either be static or dynamic (using additional plug-ins)

• Listing host file


# ansible-inventory --list
OR
# ansible all --list-hosts

By: Imran Afzal


www.utclisolutions.com
Establish Connection to Remote Clients
• Take a snapshot of our Linux client1 and then power it up
• Note down its IP address

• Populate the hosts file with IP or FQDN for our clients:


[labclients] = For grouping
10.253.1.18
10.253.1.20

• Generate SSH Keys on the control node and copy over to clients for password less
SSH connections
# ssh-keygen
# Leave everything default and enter
# ssh-copy-id 10.253.1.18
# ssh-copy-id 10.253.1.20

• Now SSH into the clients to test


# ssh 10.253.1.18

• Run Ansible add-hoc to ping remote nodes (make sure hosts file has remote clients IPs)
# ansible all -m ping
# ansible –a “uptime” all (To run a command on the remote clients) By: Imran Afzal
www.utclisolutions.com
Check Remote Clients Connectivity

# su - root
# cd /etc/ansible/playbooks
# vim clientstatus.yml

---
- name: “Check remote clients connectivity status”
hosts: all

tasks:
- name: Test connectivity
ping:

Run the playbook

# anisble-playbook clientstatus.yml

By: Imran Afzal


www.utclisolutions.com
Copy Files to Remote Clients
# echo somestuff > /home/iafzal/some.cfg
# vim copy.yml

---
- name: Copy file from local to remote clients Description of the playbook
hosts: all Run it on all hosts
tasks: Run the following task(s)
- name: Copying file Description of the task
become: true Transfer as a current user
copy: Run copy module
src: /home/iafzal/some.cfg
dest: /tmp
Source of the file
owner: iafzal
group: iafzal
Destination of the file
mode: 0644
Change ownership and file permissions

By: Imran Afzal


www.utclisolutions.com
Change File Permissions
# Login to LinuxClient1
# touch /home/iafzal/linux2

# Login to ControlNode
# vim filepermission.yml

---
- name: Change file permissions
hosts: all

tasks:
- name: Files Permissions
file:
path: /home/iafzal/linux2 File location
mode: a+w Permissions

Run the playbook


# anisble-playbook filepermission.yml

• Ansible modules and options


https://docs.ansible.com/ansible/2.5/modules/ By: Imran Afzal
www.utclisolutions.com
Setup Apache and Open Firewall Port
• The playbook will
1. Install httpd package
2. Start httpd service
3. Open http service port in firewall
4. Restart firewalld service

# Login to LinuxCleint1
# rpm –qa | grep http
# systemctl status firewalld

# Login to ControlNode

• Install additional Ansible collection for firewalld


# ansible-galaxy collection install ansible.posix

# cd /home/ansible/playbooks
# vim httpsetup.yml

• Ansible modules and options


https://docs.ansible.com/ansible/2.5/modules/
By: Imran Afzal
www.utclisolutions.com
Setup Apache and Open Firewall Port
---
- name: Setup httpd and open firewall port
hosts: all
tasks:
- name: Install apache packages
yum:
name: httpd
state: present State = What to do with the package?
• present or installed = Install
- name: Start httpd
service: • absent or removed = Un-install
name: httpd • latest = Upgrade
state: started
State = What to do with the service?
- name: Open port 80 for http access • started|stopped|reloaded|restarted
firewalld:
service: http
permanent: true
state: enabled

- name: Restart firewalld service to load firewall changes


service:
name: firewalld
state: reloaded

save httpsetup.yml By: Imran Afzal


www.utclisolutions.com
Setup Apache and Open Firewall Port
• Login back to LinuxCleint1

• Check httpd package status


# rpm –qa | grep http

• Check httpd package service status


# systemctl status httpd

• Check firewalld service status


# systemctl status firewalld

• Check if http service is enabled in firewalld


# firewall-cmd --list-all

• Open FireFox and go to 10.253.1.115

By: Imran Afzal


www.utclisolutions.com
Run Shell Scripts on Remote Clients
• The playbook will run shell script on the remote client (LinuxClient1)
• Create /home/iafzal/cfile.sh script on LinuxClient1
• The cfile.sh script should create a new file example1

# vim shellscript.yml

---
- name: Playbook for shell script Description of the playbook
hosts: all or 10.253.1.115 Run on client1

tasks: Run the following task


- name: Run shell script Name/description of the task
shell: “/home/iafzal/cfile.sh” Run shell module which will execute shell script on
LinuxClient1

Run the playbook


# anisble-playbook shellscript.yml

By: Imran Afzal


www.utclisolutions.com
Schedule a job (crontab)
• The playbook cronjob.yml will
• Schedule a job as a root
• Every thursday at 10am
• Define job (/home/iafzal/cfile.sh) to be executed by root
# vim cronjob.yml

---
- name: Create a cron job
hosts: all

tasks:
- name: Schedule cron:
cron:
name: This job is scheduled by Ansible
minute: “0”
hour: “10”
day: “*” Day of the month
month: “*”
weekday: “4“ Day of the week
user: root
job: “/home/iafzal/cfile.sh”

Run the playbook


# anisble-playbook cronjob.yml
By: Imran Afzal
www.utclisolutions.com
User Account Management
• The playbook will
• Create a user george on remote clients
• The user george will have a home directory as /home/George
• The shell environment for user george will be /bin/bash
# vim adduser.yml

---
- name: Playbook for creating users Description of the playbook
hosts: all Run on all clients

tasks: Run the following task


- name: Create users Name of the task
user: Run user module for account management
name: george Username
home: /home/george User home directory
shell: /bin/bash User shell

Run the playbook


# anisble-playbook adduser.yml
By: Imran Afzal
www.utclisolutions.com
Add or Update User Password
• The playbook will
• Add/update a password for user george

Please note: Ansible does not allow us to pass a cleartext password through the user module

# vim changepass.yml
---
- name: Add or update user password
hosts: all

tasks:
- name: Change “george” password
user:
name: george
update_password: always
password: "{{ newpassword|password_hash('sha512’) }}”

• To run this playbook, run the command as below. This will input the newpassword variable
that will be used by our playbook

Run the playbook


# ansible-playbook changepass.yml --extra-vars newpassword=abc123
By: Imran Afzal
www.utclisolutions.com
Download Package from a URL
• The playbook tomcat.yml will
• Create a directory for tomcat with required permissions
• Download tomcat from a url and place it in that directory with modified permissions
vim tomcat.yml
---
- name: Download Tomcat from tomcat.apache.org
hosts: localhost
tasks:
- name: Create a Directory /opt/tomcat
file:
path: /opt/tomcat
state: directory
mode: 0755
owner: root
group: root
- name: Download Tomcat using get_url
get_url:
url: https://dlcdn.apache.org/tomcat/tomcat-8/v8.5.78/bin/apache-tomcat-8.5.78.tar.gz
dest: /opt/tomcat
mode: 0755
group: iafzal
owner: iafzal

Run the playbook


# anisble-playbook tomcat.yml By: Imran Afzal
www.utclisolutions.com
Kill a Running Process
• The playbook killprocess.yml will
• Find a running process by process name
• Ignore any errors
• Hold the result in registry variable
• Use shell module and run kill command to kill the registered variable

# vim killprocess.yml

---
- name: Find a process and kill it
hosts: 10.253.1.115

tasks:
- name: Get running processes from remote host
ignore_errors: yes
shell: "ps -few | grep top | awk '{print $2}'"
register: running_process

- name: Kill running processes


ignore_errors: yes
shell: "kill {{ item }}"
with_items: "{{ running_process.stdout_lines }}"

Run the playbook


# anisble-playbook killprocess.yml

By: Imran Afzal


www.utclisolutions.com
Pick and Choose Steps
• Start a playbook at a specific task
# anisble-playbook yamlfile.yml --start-at-task ‘Task name’
# anisble-playbook http.yml --start-at-task ‘Intall telnet’

---
- name: httpd and telnet
hosts: all

tasks:
- name: Install httpd
yum:
name: httpd
state: present

- name: Start httpd


service:
name: httpd
state: started

- name: Install telnet


yum:
name: telnet
state: present
By: Imran Afzal
www.utclisolutions.com
Create and Mount New Storage
• To create a new storage, we will power-off the VM add new disk (2GiB) from our
virtualization software

• Also “parted” and “mount” module will be used in Ansible playbook

• Some Ansible distribution does not come with parted and mount module

• Install parted and mount module


• ansible-galaxy collection install community.general

• ansible-galaxy collection install ansible.posix

ERROR! couldn't resolve module/action 'mount'. This often indicates


a misspelling, missing collection, or incorrect module path.

By: Imran Afzal


www.utclisolutions.com
Create and Mount New Storage
# vim newstorage.yml
---
- name: Create and mount new storage Run the playbook
hosts: all # anisble-playbook newstorage.yml

tasks:
- name: create new partition
parted:
name: files
label: gpt
device: /dev/sdb
number: 1
state: present
part_start: 1MiB
part_end: 1GiB
- name: Create xfs filesystem
filesystem:
dev: /dev/sdb1
fstype: xfs
- name: Create mount directory
file:
path: /data
state: directory
- name: mount the filesystem
mount:
src: /dev/sdb1
fstype: xfs By: Imran Afzal
state: mounted
www.utclisolutions.com

You might also like