Ansible

Ansible

(Part-1) - Configuration Management using Ansible

What is Ansible

Ansible is simple open source IT engine which automates application deployment, intra Service orchestration, cloud provisioning and many other IT tools.

Ansible uses a playbook to describe automation jobs, and the playbook uses very simple language YAML.

It works on the Push mechanism.

Ansible is completely agentless which means Ansible works by connecting your nodes through ssh(by default).

How Ansible Works?

Ansible works by connecting to your nodes and pushing out small programs, called “Ansible modules" to them. Ansible then executes these modules (over SSH by default ‘and removes them when finished. Your library of modules can reside on any machine, and there are no servers, daemons, or databases required.

The management node in the above picture is the controlling node (managing node) which controls the entire execution of the playbook. It's the node from which you are running the installation. The inventory file provides the list of hosts where the Ansible modules need to be run and the management node does a SSH connection and executes the small modules on the hosts machine and installs the product/software.

Components of Ansible

Ansible Server:

The machine where Ansible is installed and from which all task and playbook will be run.

Host:

Nodes, which are automated by Ansible

Module:

Basically, it is a command or set of similar commands meant to be executed on the client-side.

Role:

A way of organizing tasks and related files, to be later called a playbook.

Fact:

Information is fetched from the client system from the global variables with the gather-facts operation.

Inventory:

A file containing data about the Ansible client servers. Notifier: Section attributed to a task that calls a handler if the output is changed.

Handler:

The task is called only if a notifier is present.

Playbook:

It consists of code in YAML format, which describes the task to be executed.

Actual Working of Ansible

Practical of Ansible using 1 Master and 2 Nodes

Setup Ansible Server

  1. Get Ansible package

    wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

  2. Install the downloaded package

    yum install <packageName>

  3. Ansible need some extra packages for interpretation such as Git, python, openssl, etc

    yum install git python python-level python-pip openssl ansible –y

Here Anible server is created, But there is need to inform about Nodes available,

Informing the server about the node machine

  1. Ansible server contains " host " file which will contains the details of the nodes such as the Private IP address, Edit these host file by creating a group by name and paste the Pvt. IP address of Node 1 & Node 2Add the IP address in bellow file of nodes

    vi /etc/ansible/hosts

    editing file by creating a group,

    [groupname]

    <ipNode>

    <ipNode>

  2. But these host file works only if the " ansible.cfg " file get updated, edit this config file by uncommenting inventory (Active the Inventory and sudo_user by removing #, means Uncommented them)

    (# means the comments are not active)

    vi /etc/ansible/ansible.cfg

  3. Optional, Create a user in master & nodes and assign a password for security purpose

    adduser <username>

    passwd <username>

    And further, switch to the created user

    su - <username>

    As the created user has restrictions, to assign some privileges( sudo user), edit the default file " visudo"

    visudo

    By commenting,

    ##Allow root to run any commands anywhere

    root ALL=(ALL) ALL

    ansible ALL=(ALL) NOPASSWD: ALL

  4. Login to all machine with Created user

    su - <username>

Establish the connection Between the Ansible Server and Node
  1. Establish the connection Between the Ansible Server and Node

    There is a " sshd_config " file, once we update these file connection will setup between server and node.

    vi /etc/ssh/sshd_config

    Changes to be done,

    Uncommented PermitRootLogin yes

    Uncommented PasswordAuthentication yes

    Commented PasswordAuthentication no

  2. Restart machines for better Implementation

    service sshd restart

  3. Check server can access the node1 and node2 / verifying the connection

    ssh <IpaddressNode>

    If it is successful, then the Master will have access of the Node. Create a file in the server it will reflect in the node too.

    But as we are working on created user, Each time we have to provide user password, To avoid repetitive password requirements, generate the Trust Relationship ( root - root, user- user )

Building Trust relationship Between Master and Nodes

Trust Relationship is established by sharing public key of master with nodes

Prerequirement - Master and Node must have same user in all the machine (user - user)

In Masters-server with userlogin

  1. Generate keys( Private & Public ) on master machine,

    ssh-keygen

    These keys will present in " .ssh " hidden file

    ls -a

    Output -( id_rsa id_rsa.pub known_hosts ) 3files

  2. Copy server's public key (id_rsa.pub) in all the nodes to remind the nodes, not to ask for password all the time just give the permissions.

    ssh-copy-id <usernameNode>@<privateIPNode>

    Last time it will ask for password:

  3. Verify and take access of node through master

    ssh <PvtIpaddressNode>

    If successful, it will not ask for a password. Directly master will get access to the node.

Host pattern

When there are a numbers of nodes connected to server, but a specific task needed to be implemented on a particular node, in that case host pattern is helpful

  • "All” pattern refer to all the machines in an inventory.

  • " –-list-hosts " will provide the list of all node present in hosts

  • Nodes are represented by numeric numbers starting from 0 and last is -1

Commands

  • To see all the list of nodes

    ansible all --list-hosts

  • To see nodes of specific group

    ansible <groupName> --list-hosts

    nodes of group within specific range

    ansible <groupName>[start:end] --list-hosts

  • To see multiple groups

    ansible <groupName1>[start:end] <groupName2>[start:end] --list-hosts

Ad-hoc commands, Module and Playbooks

To push the code we have three method,

  • Ad-hoc commands ( Simple Linux commands)

    The drawback is No idempotency

  • Modules

  • Playbooks

    Modules and playbooks are returned in YAML format, more than one module is called Playbook

Ad-hoc command

It is individual running commands, which can be run individually to perform quick functions.

It’s not use for configuration management and deployment because the commands are of one time usage. ( One line command)

Ad-hoc commands uses the /user/bin/ansible command line tool to automate the signal task.

These simple Linux commands are mention in " " as argument (-a). Argument means execute whatever in present in " "

Steps to do,

  1. Access the master server with user login

  2. To run Ad-hoc command

    Will list the file avaible on node

    ansible <groupName> -a "ls"

    Will create the file on node

    ansible <groupName>[range/node] -a "touch file1"

    Create on all node

    ansible all -a "touch file3"

    Install Httpd package

    ansible <groupName> -a "sudo yum install httpd -y"

    In above command we have mentioned sudo , to avoid it use "b" means become

    ansible <groupName> -ba " yum install httpd -y"

Ansible Module command

Ansible ships with a number of modules (called module library) that can be executed directory on remote host or through playbook. Your library of modules can reside on any machine and there are no servers, daemon or database required. (Idempotency is present).

Where ansible modules are stored?

The default location for the inventory file is /etc/ansible/hosts Important

In a command if there is " -m .. ", means it is a module and .. is the module name.

While installing packages add states, for install - present, uninstall - absent, update - latest and start - started

Step to do

  1. Take access of master server with user login

  2. Command to configure the node

    • To install Package

      ansible <groupName>[range] -b -m yum -a "pkg = httpd state=present"

    • To start the service

      ansible <groupName>[range] -b -m -a "pkg = httpd state=present"

Maintaining idempotency,

Ansible module has a Setup module which will work as the agent of node and will provide the configuration status of node, these help in maintaining idempotency

ansible <groupName> -m setup

Get IP address of node using setup

ansible <groupName> -m setup -a "filter = *ipv4*"

In this way, we are going set-up the Ansible, Stay tuned for next Blog on Ansible Part-2.

Stay tuned!!

For any query, you can contact to Atharva Deshpande