DevOps From Beginning: Ansible

-

Ansible is an open-source IT configuration management, deployment, and orchestration tool. In simple language, if we want to install Ubuntu on the 10 servers we need to go to each server and manually install Ubuntu but Ansible removes this problem, we can install, delete and everything on 10 servers in single time through the Ansible tool.

  • It aims to provide a large productivity gain to a wide variety of automation challenges.
  • Developed by Michael Dehaan
  • Redhat acquired the Ansible tool in 2015.
  • Ansible is available for RHEL, Debian, Centos, oracle, Linux
  • We can use this tool whether your servers are in on-premises or in cloud.
  • It turns your code into infrastructure.
  • Ansible is Agentless and will communicate with the node directly through the SSH.

Advantages:

  • Ansible is free to use by everyone.
  • Ansible is very consistent and light weight(means occupy the less space).
  • It is very secure due to its agentless capabilities and open ssh security feature.
  • Ansible does not need any special system administrator skills to install and use it.
  • Based on Push mechanish means when we need to update the something in the server we will push the instruction to the server.

Disadvantages:

  • Insufficient user interface though ansible tower is GUI but it is still in development stage.
  • Can’t achieve the full automation by ansible.
  • New to market there limited support and documents is available.

Basic terms used in Ansible:

Ansible Server: The machine where ansible is installed and from which all tasks and playbooks will be run.

Module: Basically a module is a command or set of similar commands meant to be executed on the client–side.

Task: A task is a section that consists of a single procedure to be completed.

Role: A way of organising tasks and related to files to be later called in a playbook.

Fact: Information fetched from the client system from the global variables with the gather-facts operation.

Inventory: The file containing data about the ansible client servers.

Play: execution of playbook.

Handler: Task which is called only if a notifier is present.

Notifier: Section attributed to a task which calls a handler if the output is changed.

Playbooks: It’s consist of code in YAML format, which describes tasks to be executed.

Host: Nodes, which are automated by ansible.


How to install the Ansible and how to perform the automation:

1. Create 3 VM (one acts as a Ansible and 2 acts as node)

2. login to one VM

3. Download the packages of Ansible

wget http://dl fedoraproject.org/pub/epel/epel-release-latest-7.norach.rpm

4. Now do ls

5. Install the packages

yum install epel-release-latest-7.norach.rpm –y #epel- extra package for enterprise linux

6. Update the OS

yum update –y

7. Now we have to install all the packages one by one

yum install git python python-level python.pip openssl ansible –y

8. Now go to the hosts file inside the ansible server and create a group for that paste the private ip of the node1 and node2.

vi /etc/ansible/hosts

[group_name]

a.b.c.d # we need to put the ip of the node which we have to mange through the ansible.

e.f.g.h

Note: Group means if you want to manage/update the devices of developer then you can create a group like developer and you can add the ips of developer’s devices.

[developer]

a.b.c.d #Ip’s of nodes.

e.f.g.h

9. Now this hosts file is only working after updating ansible.cfg file.So go to the cfg file

vi /etc/ansible/ansible.cfg

Uncommented the inventory and sudo

inventory = /etc/ansible/hosts

Sudo-user = root

10. Now create one user, in all the VM

adduser ansible

11. Now set password for this user

passwd ansible

12. Now switch as ansible user

su – ansible

13. This ansible user don’t have sudo priviledge right now if you want to give the sudo priviledge to ansible user then you need to back as root user and edit the visudo file.

vi visudo

Inside this file add the user with permission

root ALL=(ALL) ALL

ansible ALL=(ALL) NOPASSWD: ALL

14. Now do this thing in the other nodes also

15. Now go to the ansible server and try to install httpd packages as ansible user

sudo yum install httpd –y #we use sudo because we are not root user.

16. Now establish connection between server and node.

17. Go to the Ansible server

ssh ip_nod1

Output: Permission denied

18. Now we have to do some changes in sshd-config file, go to ansible server

vi /etc/ssh/sshd-config

19. Do some changes and saved the file

Uncommented: PermitRootLogin yes

Uncommented: PasswordAuthentication yes

Commented: PasswordAuthentication No

20. Now restart the sshd

service sshd restart

21. Do this work in Node1 and Node2 also

22. Now verify in ansible server, we will take the access of node1.

su – ansible

ssh ip_node1(private ip) # It will ask the password of node1.

22. Now it ask for password, enter the password, after that you will be inside the Node1 and can do anything.

23. To verify it, you can create a file in node1 through the ansible server and check in node1 wheather it is created or not.

24. if you will be taking the access of nodes, you need to enter the password of that particular node, that’s a headach. If you want to login to any node directly without password, first you need to create a key(Public and private key) in ansible server then need to copy the public key in nodes(which we need to manage), this process is known as trust relationship(root can create a trust relationship with root only and user can create a trust relationship with user only).

25. For that go to ansible server, login as asible user and create keys

ssh-keygen

ls –a

output: you can see the file ended with .ssh

26. Go to the .ssh dir

cd .ssh/

ls

output: id-rsa id-rsa-pub

27. Now I need to copy the public key in all node

ssh-copy-id ansible@ip_node1

It will ask the password, need to enter, some thing need to do for node2

28. Now you can verify it, go to the ansible server and do the below command.

ssh ip_node1

will not ask the password you will login to node1 directly.

Note: If we have one group, which have 10 devices and we want to install something in particular 4 devices out of 10 then we will follow the below approch.


Host Pattern

Note: “all” pattern refers to all the machines in an inventory.

1. Go to the ansible server

ansible all - -list-host #will see the list of all nodes

ansible <group_name> - - list-host

ansible <group_name> [o] - - list-host

#group[0] ----> will pick the first machine of group

#group[1] ----> will pick the second machine of group

#group[-1] will pick the last machine of group

#group[0:1] will pick first two machine in group

#group[2:5] will pick 3rd, 4th, 5th , 6th machine of group


Ad-hoc Commands, Module & Playbook

There are 3 ways to push the code from ansible server to nodes.

1. Ad-hoc commands (simple linux commands) (here Ad-hoc meaning temporary)

· There is no idempotency it means it will execute the same command continuously.

2. Modules

· Write in YAML language. Module means we will write a single command only to execute a single work.

3. Playbook

· It consist of one or more modules. If you want to execute the multiple commands to do the multiple work then you will use the playbook.


Ad-hoc commands

  • Ad-hoc commands are commands which can be run individually to perform quick functions.
  • These ad-hoc commands are not used for configuration management and deployment, because these commands are of one time usage.
  • The ansible ad-hoc commands uses the /usr/bin/ansible command line tool to automate the single task.
  • Go to the ansible server and switch to ansible user from root user

ansible group_name –a “ls” # -a means arugment meaning is that everyting is in inverted commas will run in all nodes that are present in group.

ansible group_name[0] –a “touch file” # touch command will run in the node1 of this group.

ansible all –a “touch file4” #touch command will run in all nodes even they belongs to any group.

ansible group_name –a “ls -al”

ansible group_name –a “sudo yum install httpd -y”

or

ansible group_name –ba “yum install httpd -y” # Here –b will act as sudo

ansible group_name –ba “yum removed httpd -y”

Note: To check wheather the package is downloaded or not, you need to run the below command: which package_name


Ansible Module

· Ansible ships with a number of modules (called “module library”) that can be executed directly on remote hosts or trough “playbooks”.

· Your library of modules can reside on any machine, and there are no server, daemon or databases required.

· Where ansible modules are stored?

· The default location for the inventory file is /etc/ansible/hosts

Syntax: ansible group_name –b –m module_name –a “module language-YAML”

# -m--->module

# -a---> arugment

# -b---> sudo previlege

# module name----> yum, service, user

Note: In YAML, Install=> state=present

Remove=> state=absent

Update=> state=latest

Create user=> name=user

src=> source

dest=> destination

Few Commands: First need to login to ansible server and need to login as ansible user

ansible group_name –b –m yum –a “pkg = httpd state = present” # to install the package

ansible group_name –b –m yum –a “pkg = httpd state = latest” # to update the package

ansible group_name –b –m yum –a “pkg = httpd state = absent” # to uninstall the package

ansible group_name –b –m service –a “name = service_name(httpd) state=started” # to start the service

ansible group_name –b –m user –a “name = user_name” # to create a user and you can verfy, for that you need to go in any node of group and can check in cat /etc/passwd/

ansible group_name [-1] –b –m copy –a “sre=file_name dest=/tmp” # to copy the file from ansible server to last node of the group: group_name

Note: Set up in Ansible: it will go to the node and check which needed then getback to ansible server with info. In the some cases of Module and playbook it will work in backend to maintain the idempotency. e. if something is already installed in the node and you will try to install again from ansible server, setup will go to the node and check for it then get back to ansible server and will tell this is already installed, this things will happen in backend.

ansible group_name –m setup # will provide the confi info of all nodes present in this gp.

ansible group_name –m setup –a “filter = *ipv4*” # will provide the ip of nodes.


Ansible Playbook

  • Playbook in ansible are written in YAML format.
  • It is human readable data serialization language and it is commanly used for configuration files.
  • Playbook is like a file where you write codes consist of variables, tasks, handlers, files, templates and roles.
  • Each playbook is composed of one or more “module” in a list. Module is a collection of configuration files.

Playbooks are divided into many sections like target section, variable section, task section

Target section: Define the host where playbooks tasks have to be executed.

Variable section: Define variables

Task Section: List of all modules that we need to run in an order.

Basics: YAML (Yet another markup language)

  • For ansible, nearly every YAML files starts with a list
  • Each item in the list is a list of key-value pairs commanly called a dictionary.
  • All YAML files have to begin with “---” and end with “...”
  • Name of YAML file should be ended by .yml (playbook.yml)
  • All members of a list lines must begin with same indentation level(same level) starting with “-”

For e.g.

--- # A list of fruit

fruits:

-Mango

-Strawberry

-Banana

-Grapes


A dictionary is represented in a simple key: value form

For example.

--- # Detail of customer

customer: # this is list

name: Rajput # below 3 are the part of dictionary

job: Trainer

skills: Ansible

Extension of playbook file is .yml

Note: there should be space between “:” and value.


#Lab work1: Playbook creation1 in ansible: target.yml

1.Go to ansible server and do login as a ansible user

2.Now create one playbook file

vi target.yml

--- # Target playbook

- host: group_name

user: user_name

become: yes #it means we are providing the sudo previlige. means to become sudo

connection: ssh

gather-facts: yes #will show the info of setup action(like ips of both nodes)

3. Come out to file

4. Now execute this playbook

ansible-playbook target.yml


#Lab work2: Playbook creation2: task.yml

1. Go to ansible server and do log in as ansible user

2. Now create a playbook file

vi task.yml

--- # target and task playbook

- host: group_name

user: ansible

become: yes

connection: ssh

tasks :

- name: install httpd on Linux

action: yum name=httpd state=installed # yum is module, actual work is in command

3. come out the file

4. Now execute this playbook

ansible-playbook task.yml


Variables in Ansible

  • Ansible uses variables which are defined previously to ensure more flexibility in playbooks and roles.
  • They can be used to loop through a set of given values, access various information like the host name of system and replace the certain strings in template with specific values.
  • Always put variable sectionabove tasks so that we define it first and use it later.


#Lab: function of variable

1. Go to the ansible server and create one playbook

2. Now create one playbook file: vi vars.yml

--- # my variable playbook

-host : group_name

user : user_name

become : yes

connection : ssh

vars :

pkgname: httpd

tasks:

-name: install httpd server

action: yum name=’{{pkgname}}’ state= installed

3. come out to the file.

4. execute the file

ansible-playbook vars.yml


Handlers section in Ansible

  • A handler is exactly the same as a task, but it will only run when it is called by another task.
  • Or handler are just like regular tasks in an ansible playbook, but only run if the main task is executed. e.g if we want to install the httpd service and also want to restart the same, here handler section will wait for installation. once the installation is complete only then handler section will execute the restart command.
  • A handler only run if the task contains a notify directive and also indicates that it changed something.

#Lab:

1. Go to the ansible server and do login as ansible user and create a file handlers.yml

--- # handlers playbook

-host: group_name

user: user_name

become: yes

connection: ssh

tasks:

-name : install httpd server

action: yum name=httpd state=installed

notify: restart httpd

handlers:

-name: restart httpd

action: service name=httpd state=restarted

2. Come out to the file and now execute the playbook

ansible-playbook handlers.yml


##DRYRUN

To check whether the playbook is formatted correctly or not. It will not execute in nodes.

ansible-playbook handlers.yml --check


Loops in ansible

Sometimes you want to repeat a task multiple times. In computer programming, this is called loops.

· Common ansible loop include changing ownership on several files and/or directories with the file module, creating multiple users with the user module and repeating a polling step untill certain result is reached.

#Lab:Loop in ansible

1. Go to the ansible server and do login as a ansible user

2. Create a file loops.yml

vi loops.yml

--- # My loops playbook

-host: group_name

user: user_name

become: yes

connection: ssh

tasks:

-name: add a list of users

user: name= ‘{{item}}’ state=present #you can write like action: user:

with_items:

-nitin

-Ayush

-Aviral

3. Come out to the file and execute the file.

ansible-playbook loops.yml

4. To verify go inside the node1 and run

cat /etc/passwd

Conditions in Ansible

Whenever we have different different scenerios, we put conditions according to the scenerio.

When Statement

Sometimes you want to skip a Particular command on a particular node.

--- #condition playbook

- hosts: group_name # space should be there between “-” and host.

user: user_name #ansible

become: yes #sudo previlige

connection: ssh

tasks:

-name: install apache on debian #just kind of a message you can put anything

command: apt-get –y install apache2 # “command” is a module to run the linux command.

when: ansible_os_family == “Debian”

-name: install apache for redhat

command: yum –y install httpd # for redhat we install the httpd it is like a apache

when: ansible_os_family == “RedHat”


Vault in ansible

Ansible allows keeping sensitive data such as passwords or keys in encrypted files, rather than a plain text in your playbook.

Creating a new encrypted playbook:

ansible-vault create vault.yml

new vault password:

confirm new vault password:

Edit the encrypted playbook

ansible-vault edit vault.yml

Password:

To change the password:

ansible-vault rekey vault.yml

vault password:

new password:

confirm new password:

To encrypt the existing playbook

ansible-vault encrypt target.yaml

To decrypt an encypted playbbok

ansible-vault decrypt target.yml



My role----> anyname you can take like webserver. Under my role we need to create main.yml file in each module.

In above diagram playbook, roles, my role and task are representing the directories.

  • We can use two technologies for running a set of tasks- “includes” and “roles”.
  • Roles are good for organising the tasks and encapsulating the data needed to accomplish these tasks.
  • We can organise playbook into a directory structure called roles.
  • Roles let you automatically load related vars, files, tasks, handlers, and other Ansible artifacts based on a known file structure. After you group your content into roles, you can easily reuse them and share them with other users.
  • Adding more and more functionality to the playbooks will make it difficult to maintain in a single file.

Default: It stores the data about role/application default variables. e.g. if you want to run to port 80 or 8080 then variable needs to define in this path.

Files: It contains files need to be transferred to remove the VM (static files).

Handlers: They are triggers or task. we can segregate all the handlers required in playbook.

Meta: This directory contains files that establish roles dependencies. e.g. author name, supported platform, dependencies if any.

Tasks: It contains all the tasks that is normally in the playbbok. e.g. installing packages and copies files etc.

Vars: Variables for the role can be specified in this directory and used in your configuration files both vars and default stores variables.


#Lab: Roles in ansible

Step1: Create a directory

mkdir –p playbook/roles/webserver/tasks #-p(Parent) for creating directories within directory.

Step2: Check the the structure of above created directories.

tree

Step3: Go to the playbook directory

cd playbook/

tree

Step4: Create a file(main.yml) in task directory.

touch roles/webserver/task/main.yml

Step5: Create a file master.yml in playbook directory.

touch master.yml

tree

Step6: Now you can write in main.yml file

vi roles/webserver/tasks/main.yml

-name: install apache

yum: pkg=httpd state=latest

Step7: Now you need to go in master.yml file

-host: all

user: ansible

become: yes

connection: ssh

roles:

-webserver

Step8. Now call the master.yml

ansible-playbook master.yml

 


Comments

Post a Comment

Popular posts from this blog

How to enable the syslog monitoring-Zabbix

-
Steps need to be performed:  On the Syslog server side:  1. Install the rsyslog sudo yum install rsyslog 2.  Enable rsyslog service: Start and enable the rsyslog service if it’s not already running: sudo systemctl start rsyslog sudo systemctl enable rsyslog 3.  Configure rsyslog to accept remote logs: Open the rsyslog configuration file: vi /etc/rsyslog.conf Uncomment or add the following lines to enable UDP or TCP log reception: # Provides UDP syslog reception module(load="imudp") input(type="imudp" port="514") # Provides TCP syslog reception module(load="imtcp") input(type="imtcp" port="514") 4.  Restart the rsyslog service: After saving the configuration file, restart rsyslog to apply the changes: sudo systemctl restart rsyslog 5. Ensure the firewall is configured to allow the TCP/UDP port 514 or disable the firewall service. 6. Ensure that SELinux is disable if not disable it Check the status of SELinux sestatus Disa...
Read more

Zabbix installation: Distribution setup

-
  On Zabbix core server: Step1:   Install Zabbix repository rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-release-latest-6.0.el8.noarch.rpm dnf clean all Step2: Install Zabbix server, frontend, agent dnf install zabbix-server-mysql zabbix-web-mysql zabbix-apache-conf zabbix-selinux-policy zabbix-agent Step3:   Configure the database for Zabbix server Edit file /etc/zabbix/zabbix_server.conf DBHost= DBserver_ip DBName= DBUser= DBPassword= DBPort=3306 Step4:  Start Zabbix server and agent processes systemctl restart zabbix-server zabbix-agent httpd php-fpm systemctl enable zabbix-server zabbix-agent httpd php-fpm On Zabbix Database Server: Step1:   Install Zabbix repository rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-release-latest-6.0.el8.noarch.rpm dnf clean all Step2: Install the sql script, zabbix agent  dnf install zabbix-sql-scripts zabbix-selinux-policy zabbix-agent Step3: Install the mysql server yum install my...
Read more

API & API in Zabbix

-
API (Application programming interface):   An API is a set of rules and protocols that allows one software application to interact with another. It defines the methods and data formats that applications can use to request and exchange information. APIs are typically used for both retrieving data from a service (like fetching information from a database or another web service) and sending data to a service (like submitting a form or updating information). Zabbix API: The Zabbix API is a powerful tool that allows you to interact programmatically with the Zabbix monitoring system. It provides endpoints for various operations such as managing hosts, items, triggers, and more. The Zabbix API is a JSON-RPC-based interface provided by Zabbix for programmatically interacting with and managing the Zabbix monitoring system. ### Key Features - **Automate Tasks**: Create, update, or delete objects like hosts, items, and triggers. - **Query Data**: Retrieve monitoring data, configuration detail...
Read more