Ansible
*It is configuration management tool.
*Ansible use Push method(server ask ansible client to do update) while
chef use pull method (chef client everytime ask server for any update).
* Ansible is easy because it use YAML language.
* GUI for ansible is build by Redhat named Ansible Tower.
*Ansible is open source IT configuration, Deployment and orchestration
tool It seeks to bring significant productivity increases to a wide range of
automation challange.
*Ansible History
-Micheal Dehaan develop ansible project in feb 2012.
-Redhat acquired the ansible tool in 2015
-Ansible is available for RHEL Centos Oracle linux.
- Ansible can be used wheather on your server or on-premises or in a
cloud.
-It turns your code into infrastructure i.e, your computing environment
has some of the same attribute as your application.
*ansible server is directly connected with nodes and it pushed the
configuration directly to nodes via yaml file
* Ansible is agentless no agent is required to be installed on nodes
*Ansible connect with Nodes via SSH it is best part of using ansible.
*Ansible uses playbook for Configuration management file
**Advantages of Ansible
-Ansible is free to use for everyone.
-Ansible is incredibly consistent and lightweight, and there are no constraints regarding
the OS and underline hardware.
-It is very secure due to agentless capablities and open SSH security features.
-Ansible does not need any specific system administrator skills to install
and use it.
-Ansible uses push mechanism for configuration management.
**Disdvantages of Ansible
-Insufficient user Interface, though ansible tower is gui but it is still in
development stage.
-Cannot achieve full automation by using ansible.
-New to market so there is limited support and documentation is not properly
available.
::::::::::::Important terminologies related Ansible::::::::::::::
**Ansible server:The machine where ansible is installed and from which all
tasks and playbooks will be run.
** Modules:Basically a module is a command or set of similar commands meant
to be executed on the Client-side.
**Task: A task is a section that consist of a single procedure to be completed.
**Role:A way of organising tasks and related files to be later called playbook
**Fact:Information fetched from the client system from the global Variable
with the gather-facts operation.
**Inventory: A file with information on the Ansible client servers.
**Play Execution of playbook is called play
**Handler:Task which is called only if a notifier is changed
**Notifier:Section attributed to a task which calls a handler of the output is changed
**Playbook:It consist code in YAML format, Which describe tasks to be executed
**Host:Nodes which are automated by ansible
::::::Installation of Ansible on Ubuntu::::::
$ sudo apt update
$ sudo apt install software-properties-common
$ sudo add-apt-repository --yes --update ppa:ansible/ansible
$ sudo apt install ansible
*Host file is located in ansible server and contain private ip of all nodes
*To access that file we go to
vi /etc/ansible/hosts
add private ip of all nodes which are slave to that ansible server.
we have to change configuration file also for proper use of hosts file we have
to edit config file
vi /etc/ansible/ansible.cfg
**we have to create users for all machine and add them to sudo previliged user
*****Host Pattern*****
"all" pattern refers to all the machine in ansible server
--ansible all --list-hosts
list all hosts from all group
--ansible <groupname>[*] --list-hosts
list all hosts from group groupname
____________________________________________________
<groupname>[0] pick first machine from group
<groupname>[1] pick second machine from group
<groupname>[2] pick third machine from group
<groupname>[0:1] pick first two machine from group
<groupname>[2:5] pick 3,4,5,6 machine from group
<groupname>[-1] pick last machine from group
____________________________________________________
Ways to push code to nodes:
1.Ad-hoc command[simple linux command][temporary in use]
we doesnot use adhoc due to No Idempotency (it override the previous task
like if we create a file using touch command if it run again then it override
the previous task)
2.Module : It is written in YAML use for single command to be run
3.Playbook:More than one module or commands is run for node. It is also
written in YAML.
:::::::::::AD-HOC command:::::::
*Adhoc command are command which run individual to perform quicker function.
*These commands are not used for configuration management and deployment,
Because these instructions are for one-time use
*The adhoc commands uses the /var/lib/ansible command line tool to automate
a single task
Example of ansible
#ansible demo -a "ls"
#ansible demo[0] -a "touch file1"
#ansible all -a "touch file2"
#ansible demo -a "sudo apt install httpd -y"
#ansible demo -ba " apt-remove httpd -y" -b represent sudo
#ansible demo -a "ls -al" command to check all files including hidden files
#ansible demo -a "touch newfile" create new file named newfile in every machine
:::::::::::::ansible module:::::::::::::
*Ansible ships with a number of module (called module library) that can be
Executed directly on remote hosts or via playbooks.
*Your library of modules can reside on any machine , and there are no server
deamons, or databases Required
*location of ansible module - the default location of inventry file is
/etc/ansible/hosts commands of module
*-m represent module followed by module name
#ansible demo -b -m yum -a "pkg=httpd state=present"
#ansible demo -b -m yum -a "pkg=httpd state=latest"
#ansible demo -b -m yum -a "pkg=httpd state=absent"
#ansible demo -b -m service -a "name=httpd state=started"
#ansible demo -b -m user "name=raj"
#ansible demo -b -m copy "src=file4 dest=/tmp"
#ansible demo -m setup
setup module help to manage all nodes it store all information of nodes
for install any package - present
for remove any package - absent
for update any package - latest
::::::::::::Ansible Playbook::::::::::::
*Playbook in ansible are written in YAML
*It is human readable serialisation language,IT is commnly used for configuration files.
*Playbook is like a file where you write code consist of vars,tasks,handlers,files,templates and roles.
*Each playbook is composed of one or more module in a list module is collection of configuration file.
*playbook is divided in many section-
-Target Section:- Define the host against which playbook task has to be executed
-Variable section:- Contains variables used for configuration.
-Task Section:-List of all the module which we need to run in an Order.
###YAML###
*For Ansible, practically every YAML file begins with a list.
*Each item in the list is a list of key-value pairs commonly called a dictionary.
*All YAML files begin with "---" and end with "...".
*All members of a list must begin with some indentation level starting with "-"
For eg.
---# a list of fruit
Fruits:
-Mango
-strawberry
-banana
-grapes
..
*A dictionary is expressed with a simple key: The value form
For eg.
---#Details of customer
Customer:
name: harish
job: engineer
skills: ansible
exp: 2 years
...
ex2.
---
- hosts: demo
user: ansible
become: yes
connection: ssh
tasks:
- name: Install HTTPD on centos 7
action: yum name=httpd state=installed
to run ansible playbook
#ansible-playbook
########Variables#######
-Ansible uses variables which are defined previously to enable more flexiblity in playbooks and roles.They can be used to loop through a set of given values, access variables information like the host name of system and replace.Certain strings in template with specific value
-put variable section above tasks so that we define it first and use it later.
-Now go to ansible server and create one playbook.
---#varible example
- hosts: demo
user: ansible
become: yes
connection: ssh
vars:
pkgname: httpd
tasks:
- name: install httpd server
action: yum name='{{pkgname}}' state=installed
#######Handlers#########
-A handlers is exactly the same as a task, but it will run when called by another task.
or
-Handlers are just like regular tasks in an ansible playbook, but are only run if the task contains a notify directive and also indicates that it changes something
###########DRYRUN############
check whether the playbookk is formatted correctly
#ansible-playbook handlers.yml --check
--#handler example
- hosts: demo
user: ansible
become: yes
connection: ssh
vars:
pkgname: httpd
tasks:
- name: install httpd server
action: yum name='{{pkgname}}' state=installed
notify: restart HTTPD
handlers:
- name: restart HTTPD
action: service name=httpd state=restarted
#######Loops########
Sometimes you want to repeat a task several times. In computer programming , this is called loops. common ansible loops including changing ownership on several files and /or directory with the file module, creating multiple user with the help of user module and repeating a polling step untill ceryain result is reached
---# loop exampls
- hosts: demo
user: ansible
become: yes
connection: ssh
tasks:
- name: add a list of users
user: name='{{item}}' state=present
with_items:
- Bhupinder
- zeeshan
- kishor
- kamal
#######Conditions#########
whenever we have different different scenerio we put condition according to the scenerio
*when statement:-
sometime you want to skip a perticular command on a perticular node
---#condition ex when
- hosts: demo
user: ansible
become: yes
connection: ssh
tasks
- name: install apache on debian
command: apt-get -y install apache2
when: ansible_os_family== "Debian"
- name: install apache on RedHAt
command: yum -y install httpd
when: apache_os_family== "RedHat"
###########Vault############
Ansible allows you to save sensitive data, such as passwords or keys, in encrypted files rather than plaintext in your playbooks.
*Creating a new encrypted playbook
#ansible-vault create xyz.yml
set password for playbook
*Edit the encrypted playbook
#ansible-vault edit xyz.yml
* to cange password
#ansible-vault rekey xyz.yml
* to encrypt/decrypt the exixting playbook
#ansible-vault encrypt/decrypt xyz.yml
#####Roles######
*We can use two techniques for running a set of tasks includs and roles
*Roles are good for organising tasks and encapsulating data needed to accomplish those tasks
*ansible roles
-Default: it store the data about roles/application default variable eg. if you want to run port 80 and 8080 then variable needs define in the path.
-files:It contain files need to be transferred to remote VM(statis files)
-handlers:They are triggeres and task we can segregate all handlers required in task
-meta:The directry contain file that establish roles dependencies eg. author name, support platform, dependencies if any.
-templets:It is a type in which playbook is created
-tasks:It contains all the tasks that is normally used in playbook eg. Installing package and copies files etc
-vars:Variable for the role can be specified in this directory and used in your configuration files both vars and default store variable.
*we can organise playbook into a directory structure called roles.
*Adding more and more functionality to the playbooks will make it difficult to maintain in the single file
Create roles
#mkdir -p playbook/roles/xyz/tasks
#tree
-playbook
----roles
----xyz
----tasks
#touch playbook/roles/xyz/tasks/main.yml
#touch playbook/master.yml
#vi playbook/roles/xyz/tasks/main.yml
- name: install apache
yum: pkg=httpd state=latest
#vi playbook/master.yml
- host: all
user: ansible
become: yes
connection: ssh
roles:
- webserver