Ansible

Introduction

To automate the It Tasks.

Ansible
Introduction

To automate the IT tasks.

Ansible is agentless.
configuration management tool.

updating the package

taking backup
start/enable/restart/stop services
reboot your server
creating users
creating groups
assigning permissions

1. Execute tasks from your own machine.(Instead of taking SSH connection into all
machines)
2. Configuration/installation/deployment steps in a single YAML scripts (Instead of
doing it manually or by writing shell scripts)
3. Re-use the same file multiple times for different environments. DEV, QA, PT,
PROD and DR
4. Instead of human errors (more reliable and less likely for errors)

Control Node:
1. ansible is simple to install.
2. ansible software or package needs to be installed only on CN from where
your ansible engine runs.
3. Hosts that are managed by ansible no need to have ansible installed
4. CN should Unix/Linux OS
5. windows system can be managed hosts.
6. python v2 2.7 or later
7. python v3 3.5 or later
8. ansible --version or python -V

Managed Hosts
1. no need to install ansible
2. python should be installed python v2 2.7 or later python v3 3.5 or later
3. Control Node connects to your managed hosts using SSH if it is windows it
will use winrm.

Ansible Setup
Ansible Installation

3.110.156.97 === Ansible Control Node

13.232.194.79 === Ansible Managed Hosts1
15.207.20.73 === Ansible Managed Hosts2

Control Node
3.110.156.97 === Ansible Control Node

https://linuxhint.com/install_configure_ansible_rhel8/
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

1. Install ansible/Python package # yum install ansible -y # yum install

python3 -y
3. check the ansible version by using # ansible --version
4. Login to root user and change to .ssh directory # cd .ssh
# mkdir .ssh
# chmod 700 .ssh
# cd .ssh
5. generate the SSH key #ssh-keygen
6. change the directory to # cd .ssh folder under /root
7. Copy the id_rsa.pub public key
# cat id_rsa.pub and copy the public key

# ssh <U.N>@<IP Address>

Managed Hosts:

13.232.194.79 === Ansible Managed Hosts1

15.207.20.73 === Ansible Managed Hosts2

1. Install the python package # yum install python3 -y

2. Create a user named devops # useradd devops
3. login to that user devops # su - devops
4. create a directory named .ssh folder under devops users home directory
/home/devops
# mkdir .ssh
5. change the permission for .ssh folder to 700 # chmod 700 .ssh
6. change to .ssh dir # cd .ssh
7. create a file named authorized_keys and paste the copied ssh public key from
control node.
# vi authorized_keys
:wq!
8. change the permission for authorized_keys file to 600 # chmod 600
authorized_keys
9. From 1st machine execute the command # ssh devops@<IP of your managed hosts> and
verify whehther passwordless authentication is working fine.
10. add sudo access for devops user
===================================================================================
==============================================================
Steps for installing Ansible

Ansible setup in AWS ec2 instance

1. yum install python3* -y

2. python3 -V
3. dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-
8.noarch.rpm -y
4. yum install ansible* -y
5. ansible --version

Virtual Machine

1. Run the below command to register with redhat subscription. I have created one
redhat acccount if needed you also can create one for free on redhat.com website.
For now use mine.
subscription-manager register
username: [email protected]
password: Amma@123
2. subscription-manager attach --auto
3. yum repolist all | grep ansible
4. yum-config-manager --enable ansible-2.9-for-rhel-8-x86_64-rpms
5. yum repolist enabled
6. yum install ansible* -y
7. ansible --version

Note: If you got any error saying yum-config-manager command not found then install
yum utils package like below and then reexecute the command it will work,
yum install yum-utils -y
===================================================================================
===============================================================================

Ansible host inventories:

1. host inventory defines which host ansible manages.

2. host may belongs to groups which are used to identify the host role.
3. host can be part of multiple groups .

Nested Group:calling a group inside a group is called nested group.

Managed host1:192.168.29.15
Managed host2:192.168.29.96

#mkdir /opt/inventories/inventory

vim inventory
192.168.29.15
192.168.29.96

[web]
192.168.29.15

[app]
192.168.29.96

[nested:common]
web
app

:wq!

#ansible --list-hosts all====to list all the host details from the inventory file

#ansible --list-hosts <group name> ====to list only the host belongs to the
particular group

#anisble-inventory --graph =======to see the tree structure

===================================================================================
===================================================================================
=

Ansible Configuration
1. The behaviour of the ansible installation can be customized by modifying
settings in the ansible configuration file.
2. Ansible chooses it's configuration file from one of the possible location on
your control node.

Default config file: /etc/ansible/ansible.cfg

# cd /opt/project1
# vim ansible.cfg
[defaults]
inventory=/opt/project1/inventory ==== inventory file location where all the
managed host details are maintained
remote_user=devops ======== which user needs to be used by ansible CN to take SSH
connection to MH's
ask_pass=false ===== when taking SSH connection password to be prompted or
not

[privilige_escalation]
become=true ===== whether to automatically switch user on the managed hosts
or not?
become_user=root ===== the use to switch on the managed hosts
become_method=sudo ===== how to switch to the user(using which method)
become_ask_pass=false ===== whether to prompt for a password or not
:wq!

Ansible Configuration file precedences.

vim /etc/ansible/ansible.cfg ======default ansible config file location

vim /opt/project1/ansible.cfg========you can create own directory under that we can
maintain ansible.cfg file.
vim /<any user home directory>/ansible.cfg ====== you can maintain ansible.cfg file
under user's home directory.

#ch /opt/project1
#ansible ---version

===================================================================================
===================================================================================
==

Ansible Ad-hoc Commands

1. An ad-hoc command is a way of executing a single ansible command/task quickly.

2. Ad-hoc commands are useful for quick test and changes.

service is running or not

package is installed or not
specific line exits in a file or not
reboot server
particluar user or group present or not

syntax

# ansible <host-pattern> -m <module> -a <arguments> -i <inventory file location>

#ansible-doc -l =======to list all the modules from ansible

#ansible-doc <module name>=====to know the use case of the specif module
file ========creating a file,copying file,creating links betweens files or
directories, chnaging the persmissions

state:file it will create a directory

state: touch it will create a file
state:link it will create a link between two files or directories.

yum= install, update,remove

state:latest install latest version of the package
state: present install the package
state:absent remove the package

Service=======start, stop, enable, restart

state:start

user======create a user, changing the group ownership

group========creating a group

command ====any linux command we can execute

state=present

#anisble 192.168.29.117 -m yum -a 'name=httpd state=present' -i /opt/project1

#ansible web -m yum -a 'name=tree state=present' =====to install the package

ansible all -m user -a 'name=tommy state=present' =====to create user

ansible all -m command -a 'getent passwd tommy' =====to know user created or not

ansible all -m user -a 'name=tommy state=absent' ====to remove the user

CN===

[web]
MH-1 ===192.168.29.117

[app]
MH-2===192.168.29.96

[nested:common]
192.168.29.117

192.168.29.96
===================================================================================
===================================================================================
===================================================

Playbook

1. Adhoc coomand can run a single, simple task against a set of targeted hosts as a
one time command.
2. A real power of ansible is on how to use the playbooks to run multiple complex
tasks against a set of targetted hosts in a repeatable maaner.
A play a set of ordered task that will execute on our managed hosts.

A playbook is one or more play.

YAML --YAML AINT MARKUP LANGUAGE

.yml or yaml ===>the playbook file can have aany name but should end with .yml
or.yaml.

vim playbook.yml

--- =====> start of the play

... ======> end of the play

if your cursor point need to be adjusted go to root user home directory and use the
below procedure:

# vim .vimrc =====add this file under root users home directoy

autocmd filetype yaml setlocal ai ts=2 sw=2 et

:wq!

#vim /opt/project1/playbook1.yml

---
- name: User and group Management
hosts: all
tasks:
- name: create user
user:
name: u3
state: present
...

:wq!

#ansible-playbook --syntax-check playbook.yml =====to check the syntax of the

playbook before running it.

#ansible-playbook -C playbook1.yml ====to dry run the playbook which will not
create any impact in the managed hosts.

#ansible-playbook playbook1.yml ===to run the play book

===================================================================================
===================================================================================
====================================================
Playbook

How to install and configure Appache webserver by using Ansible playbook

1. Install apache package httpd

yum install httpd -y

2. Start the service httpd

 systemctl start httpd

3. enable the service httpd

systemctl enable httpd

4. add contect inside index.html (var/www/html ===default document root for

apache)

cd /var/www/html
vim index.html

"APACHE WEBSERVER USING ANSIBLE PLAYBOOK

:wq!

or echo "APAPACHE WEBSERVER USING ANSIBLE PLAYBOOK" > /var/www/html/index.html

5. restart the service httpd

systemctl restart httpd

6. install the firewall package firewalld

yum install firewalld -y

7. start the service firewalld

systemctl start firewalld

8. enable the service firewalld

systemctl enable firewalld

9. add the service (http)/port(80) in to the firewall

firewall-cmd --permanent --add-port=80/tcp

firewall-cmd --permanent --add-service-http

10. restart the service firewalld

firewall-cmd --reload

Multiple play

[root@localhost project1]# cat multiplay.yml

---
- name: configure Apache Websever
hosts: all
tasks:
- name: Install the Apache Package
yum:
name: httpd
state: present

- name: Start the Apache Service

service:
name: httpd
state: started

- name: Enable the Apache Service

 service:
name: httpd
enabled: yes

- name: Copy index.html file to Apache document Root

copy:
src: /var/www/html/index.html
dest: /var/www/html/index.html

- name: Restart the Apache Webserver

service:
name: httpd
state: restarted

- name: Install Firewall Package

yum:
name: firewalld
state: present

- name: Start the firewalld service

service:
name: firewalld
state: started
enabled: yes

- name: Adding port number into the firewalld

firewalld:
port: 80/tcp
permanent: yes
state: enabled

- name: Restart the firewalld Service

service:
name: firewalld
state: restarted

- name: checking the status of the apche webserver

hosts: 192.168.29.117
become: false
tasks:
- name: checking the web url
uri:
url: http://192.168.29.117
return_content: yes
status_code: 200

===================================================================================
===================================================================================
===================================================================================
==========