What is Ansible
Ansible is simple open source IT engine which automates application deployment, intra Service orchestration, cloud provisioning and many other IT tools.
Ansible uses a playbook to describe automation jobs, and the playbook uses very simple language YAML.
It works on the Push mechanism.
Ansible is completely agentless which means Ansible works by connecting your nodes through ssh(by default).
How Ansible Works?
Ansible works by connecting to your nodes and pushing out small programs, called “Ansible modules" to them. Ansible then executes these modules (over SSH by default ‘and removes them when finished. Your library of modules can reside on any machine, and there are no servers, daemons, or databases required.
The management node in the above picture is the controlling node (managing node) which controls the entire execution of the playbook. It's the node from which you are running the installation. The inventory file provides the list of hosts where the Ansible modules need to be run and the management node does a SSH connection and executes the small modules on the hosts machine and installs the product/software.
Components of Ansible
Ansible Server:
The machine where Ansible is installed and from which all task and playbook will be run.
Host:
Nodes, which are automated by Ansible
Module:
Basically, it is a command or set of similar commands meant to be executed on the client-side.
Role:
A way of organizing tasks and related files, to be later called a playbook.
Fact:
Information is fetched from the client system from the global variables with the gather-facts operation.
Inventory:
A file containing data about the Ansible client servers. Notifier: Section attributed to a task that calls a handler if the output is changed.
Handler:
The task is called only if a notifier is present.
Playbook:
It consists of code in YAML format, which describes the task to be executed.
Actual Working of Ansible
Practical of Ansible using 1 Master and 2 Nodes
Setup Ansible Server
Get Ansible package
wget
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Install the downloaded package
yum install <packageName>
Ansible need some extra packages for interpretation such as Git, python, openssl, etc
yum install git python python-level python-pip openssl ansible –y
Here Anible server is created, But there is need to inform about Nodes available,
Informing the server about the node machine
Ansible server contains " host " file which will contains the details of the nodes such as the Private IP address, Edit these host file by creating a group by name and paste the Pvt. IP address of Node 1 & Node 2Add the IP address in bellow file of nodes
vi /etc/ansible/hosts
editing file by creating a group,
[groupname]
<ipNode>
<ipNode>
But these host file works only if the " ansible.cfg " file get updated, edit this config file by uncommenting inventory (Active the Inventory and sudo_user by removing #, means Uncommented them)
(# means the comments are not active)
vi /etc/ansible/ansible.cfg
Optional, Create a user in master & nodes and assign a password for security purpose
adduser <username>
passwd <username>
And further, switch to the created user
su - <username>
As the created user has restrictions, to assign some privileges( sudo user), edit the default file " visudo"
visudo
By commenting,
##Allow root to run any commands anywhere
root ALL=(ALL) ALL
ansible ALL=(ALL) NOPASSWD: ALL
Login to all machine with Created user
su - <username>
Establish the connection Between the Ansible Server and Node
Establish the connection Between the Ansible Server and Node
There is a " sshd_config " file, once we update these file connection will setup between server and node.
vi /etc/ssh/sshd_config
Changes to be done,
Uncommented PermitRootLogin yes
Uncommented PasswordAuthentication yes
Commented PasswordAuthentication no
Restart machines for better Implementation
service sshd restart
Check server can access the node1 and node2 / verifying the connection
ssh <IpaddressNode>
If it is successful, then the Master will have access of the Node. Create a file in the server it will reflect in the node too.
But as we are working on created user, Each time we have to provide user password, To avoid repetitive password requirements, generate the Trust Relationship ( root - root, user- user )
Building Trust relationship Between Master and Nodes
Trust Relationship is established by sharing public key of master with nodes
Prerequirement - Master and Node must have same user in all the machine (user - user)
In Masters-server with userlogin
Generate keys( Private & Public ) on master machine,
ssh-keygen
These keys will present in " .ssh " hidden file
ls -a
Output -( id_rsa id_rsa.pub known_hosts ) 3files
Copy server's public key (id_rsa.pub) in all the nodes to remind the nodes, not to ask for password all the time just give the permissions.
ssh-copy-id <usernameNode>@<privateIPNode>
Last time it will ask for password:
Verify and take access of node through master
ssh <PvtIpaddressNode>
If successful, it will not ask for a password. Directly master will get access to the node.
Host pattern
When there are a numbers of nodes connected to server, but a specific task needed to be implemented on a particular node, in that case host pattern is helpful
"All” pattern refer to all the machines in an inventory.
" –-list-hosts " will provide the list of all node present in hosts
Nodes are represented by numeric numbers starting from 0 and last is -1
Commands
To see all the list of nodes
ansible all --list-hosts
To see nodes of specific group
ansible <groupName> --list-hosts
nodes of group within specific range
ansible <groupName>[start:end] --list-hosts
To see multiple groups
ansible <groupName1>[start:end] <groupName2>[start:end] --list-hosts
Ad-hoc commands, Module and Playbooks
To push the code we have three method,
Ad-hoc commands ( Simple Linux commands)
The drawback is No idempotency
Modules
Playbooks
Modules and playbooks are returned in YAML format, more than one module is called Playbook
Ad-hoc command
It is individual running commands, which can be run individually to perform quick functions.
It’s not use for configuration management and deployment because the commands are of one time usage. ( One line command)
Ad-hoc commands uses the /user/bin/ansible command line tool to automate the signal task.
These simple Linux commands are mention in " " as argument (-a). Argument means execute whatever in present in " "
Steps to do,
Access the master server with user login
To run Ad-hoc command
Will list the file avaible on node
ansible <groupName> -a "ls"
Will create the file on node
ansible <groupName>[range/node] -a "touch file1"
Create on all node
ansible all -a "touch file3"
Install Httpd package
ansible <groupName> -a "sudo yum install httpd -y"
In above command we have mentioned sudo , to avoid it use "b" means become
ansible <groupName> -ba " yum install httpd -y"
Ansible Module command
Ansible ships with a number of modules (called module library) that can be executed directory on remote host or through playbook. Your library of modules can reside on any machine and there are no servers, daemon or database required. (Idempotency is present).
Where ansible modules are stored?
The default location for the inventory file is /etc/ansible/hosts Important
In a command if there is " -m .. ", means it is a module and .. is the module name.
While installing packages add states, for install - present, uninstall - absent, update - latest and start - started
Step to do
Take access of master server with user login
Command to configure the node
To install Package
ansible <groupName>[range] -b -m yum -a "pkg = httpd state=present"
To start the service
ansible <groupName>[range] -b -m -a "pkg = httpd state=present"
Maintaining idempotency,
Ansible module has a Setup module which will work as the agent of node and will provide the configuration status of node, these help in maintaining idempotency
ansible <groupName> -m setup
Get IP address of node using setup
ansible <groupName> -m setup -a "filter = *ipv4*"
In this way, we are going set-up the Ansible, Stay tuned for next Blog on Ansible Part-2.
Stay tuned!!
For any query, you can contact to Atharva Deshpande