Day 1 – Ansible Notes – Pep – Aug – 2023
Limited Time Offer!
For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!
Slides - https://devopsschool.com/slides/ansible/index.html
START - 9:30 AM IST - 5:30 PM IST
=================================
Project - 4.45 PM IST
===============================
Lunch Break - 1 - 2 PM IST
==========================
15 mins -
11.30 AM IST
3:30 PM IST
=======================================================
LAB -
=================================================================
What is Ansible?
- Config mgmt tool
[ Servers config mgmt ]
Release
Ansible - cmd - free
Ansile AWX - UI - Free - Latest release before FULL testing - No support
Ansible Tower - Automation platform - UI - PAID
Version
2.x
From Redhat
Written in Python
-- Compiled --> Interpreted Lang -> DSL
Tool
- Save cost
Bringing a env consistent
- Save time
1 dep - 10 mins
1000 demo --- 10 mins
- Imp quality .
mgmt
SERVER(S)
Config
Server contains
---
file
directory
services
package
yum
users
group
shell
apt
yum
cmd
=======================================================================
Why Ansible?
----------------------------------------
IT can deploy | config server(S) parr* and manage consistent config mgmt
--------------------------------
Bash Shell - Windows?
Power shell - Linux?
Across platform
Python
---------------------
Diff to read - write - share - extend - debug - test
Ansible is easy to read - write - share - extend - debug - test
IDEOMPOTENT
DESIRE == ACTUAL == No change
DESIRE =NOT= ACTUAL == change
1 depoy - 10 STEPS - 1 mins - 10 mins
2 Deploy - 1 step - 1 - 1 mins
==========================================================================
OTHERS TOOLS - Ansible + Chef + Puppet + Salt + cfEngine
==========================================================================
How Ansible Works?
Ansible Architecture?
=========================================================================
HUMAN -------> ACS ----> ARS(S)
ACS - Ansible Control Server
ARS - Ansible Remote Server
=============================================
ACS ===> ARS
Linux Only ANY
64 bit
Python WINDOWS = PS3.0 + DOT NET 4.5
LINUX = python
Ansible NONE
Comm Prot
--------------------> SSH 22 LINUX
--------------------> WINRM HTTP - 5986 / 5985
=========================================================================
Ansible installation
- Executables
- Modules - This is a Python Code located at ACS BUT run in ARS. Required Param.
COPY
source - dest - what
https://docs.ansible.com/ansible/2.9/modules/list_of_all_modules.html
https://docs.ansible.com/ansible/2.8/modules/modules_by_category.html
- Plugins - This is a Python Code located at ACS BUT It add feature to Ansible.
- Configfile
/etc/ansible/config.cfg
Executables {deafault - hardcoded} --> Overrides (/etc/ansible/ansible.cfg)
https://github.com/dmahler/ansible-template/blob/master/ansible.cfg
https://docs.ansible.com/archive/ansible/2.4/intro_configuration.html
How to install Ansible?
==================================
RHEL + UB - https://www.devopsschool.com/blog/ansible-installation-and-configuration-guide/
[root@localhost Python-3.11.0a4]# which ansible
/usr/local/bin/ansible
[root@localhost Python-3.11.0a4]# ls /usr/local/bin/ansi*
/usr/local/bin/ansible /usr/local/bin/ansible-connection /usr/local/bin/ansible-galaxy /usr/local/bin/ansible-pull
/usr/local/bin/ansible-community /usr/local/bin/ansible-console /usr/local/bin/ansible-inventory /usr/local/bin/ansible-test
/usr/local/bin/ansible-config /usr/local/bin/ansible-doc /usr/local/bin/ansible-playbook /usr/local/bin/ansible-vault
============================================================================================================
Component of ACS?
===============================
Ansible
Playbook ----->
Collection of Modules to be executed at ARS
Inventory
------>
a list of IP add of ARS
Configfile
----->
=====================================================================
COPY A FILE --- 1 machine
$ cmd
$ script
=================================
Ansible Adhoc Commands
=================================
using ADHOC command
Do one task in ONE MACHINE(localhost)
Do one task in ONE REMOTE MACHINE
Do one task in MULTIPLE REMOTE MACHINES using Inventory
Do one task in MULTIPLE REMOTE MACHINES using group in Inventory
====================================================
Step 1 - Get a Project
Step 2 - Create a Step wise Psucode
Step 3 - Locate Modules
Step 4 - Locate its Param arguments
Step 5 - Create a Adhoc Cmd
Project
===============================
Setup a Web server using Ansible?
==================================
Psucode
=================
Step 1 - Install httpd package yum state=latest name=httpd
Step 2 - Copy index.html /var/www/html copy dest=/var/www/html/index.html src=index.html
Step 3 - Start a httpd servcies service name=httpd state=started
ansible localhost -m yum -a"state=absent name=httpd"
ansible localhost -m yum -a"state=latest name=httpd"
ansible localhost -m copy -a"dest=/var/www/html/index.html src=index.html"
ansible localhost -m service -a"name=httpd state=started"
ansible localhost -m service -a"name=firewalld state=stopped enabled=no"
ansible-playbook
============================================================
ACS ARS
-----------------------------------
LINUX LINUX
SSH - 22
---------------------------------
Authentication
USERNAME - PASS | -u -k
USERNAME - Key | -u --key-file
Authorization
SUDO with password | -b -K
Sudo without password | -b
Sudo with DIFF username and Password | -b | --become-user -K
Sudo with DIFF username and Key | -b | --become-user -key-file
Privilege Escalation Options:
control how and which user you become as on target hosts
--become-method BECOME_METHOD
privilege escalation method to use (default=sudo), use `ansible-doc -t become -l` to list valid choices.
--become-user BECOME_USER
run operations as this user (default=root)
-b, --become run operations with become (does not imply password prompting)
Connection Options:
control as whom and how to connect to hosts
--private-key PRIVATE_KEY_FILE, --key-file PRIVATE_KEY_FILE
use this file to authenticate the connection
--scp-extra-args SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
--sftp-extra-args SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f, -l)
--ssh-common-args SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g. ProxyCommand)
--ssh-extra-args SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
-T TIMEOUT, --timeout TIMEOUT
override the connection timeout in seconds (default=10)
-c CONNECTION, --connection CONNECTION
connection type to use (default=smart)
-u REMOTE_USER, --user REMOTE_USER
connect as this user (default=None)
Some actions do not make sense in Ad-Hoc (include, meta, etc)
===============================================================================
Remote Machine = = Inventory
===========================================
List of IP add|DNS of ARS
12.3.4.5 - NOT LIST
12.3.4.5, - LIST
12.3.4.5,1.3.6.7,2.5.6.7 - - NOT LIST
12.3.4.5,1.3.6.7,2.5.6.7, - - LIST
CMD
FILE (/etc/ansible/hosts) inventory == INI FILE
SCRIPT
ansible localhost -m yum -a"state=absent name=httpd"
ansible localhost -m yum -a"state=latest name=httpd"
ansible localhost -m copy -a"dest=/var/www/html/index.html src=index.html"
ansible localhost -m service -a"name=httpd state=started"
ansible localhost -m service -a"name=firewalld state=stopped enabled=no"
ansible all -i 192.168.5.206,192.168.5.207, -m yum -a"state=absent name=httpd" -u root -k
ansible all -i 192.168.5.206,192.168.5.207, -m yum -a"state=latest name=httpd" -u root -k
ansible all -i 192.168.5.206,192.168.5.207, -m copy -a"dest=/var/www/html/index.html src=index.html" -u root -k
ansible all -i 192.168.5.206,192.168.5.207, -m service -a"name=httpd state=started" -u root -k
ansible all -i 192.168.5.206,192.168.5.207, -m service -a"name=firewalld state=stopped enabled=no" -u root -k
192.168.5.206
192.168.5.207
=======================================
GROUP - all | nogroup
ansible.cfg
[defaults]
host_key_checking = False
===========================
PRB AREA
- Prompt for password
- TOO MANY ARS IPS.. -
===============================
inventory - filename
192.168.5.206
192.168.5.207
======================
ansible all -i inventory -m yum -a"state=absent name=httpd" -u root -k
ansible all -i inventory -m yum -a"state=latest name=httpd" -u root -k
ansible all -i inventory -m copy -a"dest=/var/www/html/index.html src=index.html" -u root -k
ansible all -i inventory -m service -a"name=httpd state=started" -u root -k
ansible all -i inventory -m service -a"name=firewalld state=stopped enabled=no" -u root -k
=======================================
===============================
inventory - filename
[web]
192.168.5.206
192.168.5.207
[db]
192.168.2.1
192.168.23.2
======================
ansible web -i inventory -m yum -a"state=absent name=httpd" -u root -k
ansible web -i inventory -m yum -a"state=latest name=httpd" -u root -k
ansible web -i inventory -m copy -a"dest=/var/www/html/index.html src=index.html" -u root -k
ansible web -i inventory -m service -a"name=httpd state=started" -u root -k
ansible web -i inventory -m service -a"name=firewalld state=stopped enabled=no" -u root -k
ansible all -i inventory -m copy -a"dest=/var/www/html/index.html src=index.html" -u root -k
=======================================
===============================
inventory - filename
[web]
192.168.5.206
192.168.5.207
[db]
192.168.2.1
192.168.23.2
[master:children]
web
db
======================
ansible web,db -i inventory -m copy -a"dest=/var/www/html/index.html src=index.html" -u root -k
ansible master -i inventory -m copy -a"dest=/var/www/html/index.html src=index.html" -u root -k