Commands
ssh-keygen ssh-copy-id cloud_user@35.173.128.238 # If the above command didn't work use the below method. > on controlnode do: ssh-keygen cat ~/.ssh/id_rsa.pub (copy the value) # Paste copied public key (control plane) into the authorized_keys in each managed nodes. cd .ssh (on each workers) nano authorized_keys > Paste keys from controlnode (hence managed nodes know the controlnode IP and public key) sudo nano /etc/ansible/hosts ############################ [labclients] 10.253.1.18 10.253.1.20 # or just the ip 10.253.1.18 #Check ############################ ansible-inventory --list ansible all -m ping ############################ Run an Ansible ad-hoc command to check the uptime of all remote nodes: ansible -a "uptime" all
Ad-Hoc Commands
Ad-hoc commands run on an as-needed basis and are usually for those tasks that do not repeat.
- Syntax for Ad-Hoc ansible command:
ansible [target] –m [module] –a “[module options]” # -a "[module options]": Specifies the options or parameters to be passed to the module.
Example Ansible Ad-hoc commands:
- Ping localhost
ansible localhost –m ping
- Creating a file on all remote clients
ansible all –m file –a “path=/home/iafzal/adhoc1 state=touch mode=700”
- Deleting a file on all remote clients
ansible all –m file –a “path=/home/iafzal/adhoc1 state=absent”
- Copying a file to remote clients
ansible all –m copy –a “src=/tmp/adhoc2 dest=/home/iafzal/adhoc2”
- Installing packages (telnet and httpd-manual):
ansible all -m yum -a "name=telnet state=present" ansible all -m yum -a "name=httpd-manual state=present"
- Starting httpd package service:
ansible all -m service -a "name=httpd state=started"
- Start httpd and enable at boot time:
ansible all -m service -a "name=httpd state=started enabled=yes"
- Checking httpd service status on remote client:
ansible all -m shell -a "systemctl status httpd"
- Remove httpd package:
ansible all -m yum -a "name=httpd state=absent" OR ansible all -m shell -a "yum remove httpd"
- Creating a user on remote clients:
ansible all -m user -a "name=jsmith home=/home/jsmith shell=/bin/bash state=present"
- To add a user to a different group:
ansible all -m user -a "name=jsmith group=iafzal"
- Deleting a user on remote clients:
ansible all -m user -a "name=jsmith home=/home/jsmith shell=/bin/bash state=absent" OR ansible all -m shell -a "userdel jsmith"
- Getting system information from remote clients:
ansible all -m setup
- You can run commands on the remote host without a shell module e.g. reboot client1:
ansible client1 -a "/sbin/reboot"
Ansible configuration files
/etc/ansible/ansible.cfg
/etc/ansible/hosts
/etc/ansible/rolesTerminologies
- Control node or Ansible Server • Server which runs Ansible application
- Modules • Module is a command meant to be executed on the client-side • Most of the IT tasks modules are already created and can be found on Ansible website • www.docs.ansible.com → search for module index • Example of modules:
- Install http
- Enable http service
- Start http service
- Task • A task is a section that consists of a single procedure to be completed. A task can have multiple modules
- Playbook • Automation file with step-by-step execution of multiple tasks
- YAML • A Playbook written in YAML language (Yet another markup language)
- Inventory • File that has information about remote clients where tasks are executed
- Tag • A reference or alias to a specific task
- Variable • Variables are like containers that holds the defined value which can be used repetitively
- Role • Splitting of Playbook into smaller groups. Roles let you automatically load related vars, files, tasks, handlers, and other Ansible artifacts based on a known file structure. After you group your content in roles, you can easily reuse them and share them with other users.
How Ansibel Works?
Ansible Vs Puppet and Chef
• Uses simple YAML
• Agentless (Only requires SSH access)
• Easy installation
• Well documented product
• Uses Ruby language which is more difficult to learn, and their support is declining day by day.
• These tools require agents to be installed on clients
• The installation process is very complex
• Lack of documentation
Playbook
- Creating First Playbook
# su - root # mkdir /etc/ansible/playbooks # cd /etc/ansible/playbooks # vim first.yml --- - name: “My first playbook” hosts: localhost tasks: - name: “test connectivity” ping:
Hosts File Syntax
State
State - What to do with the package? - present or installed: Install - absent or removed: Un-install - latest: Upgrade State - What to do with the service? - started: Start - stopped: Stop - reloaded: Reload - restarted: Restart
Task 1 - Check Remote Clients Connectivity
# su - root # cd /etc/ansible/playbooks # vim clientstatus.yml --- - name: "Check remote clients connectivity status" hosts: all tasks: - name: Test connectivity ping: # Run the playbook anisble-playbook clientstatus.yml
Task 2 - Copy Files to Remote Clients
--- - name: Copy file from local to remote clients # Description of the playbook hosts: all tasks: - name: Copying file become: true # Transfer as a current user. copy: src: /home/iafzal/some.cfg dest: /tmp owner: iafzal group: iafzal mode: 0644
Task 3 - Change File Permissions
--- - name: Change file permissions hosts: all tasks: - name: Files Permissions file: path: /home/iafzal/linux2 mode: a+w
Task 4 - Setup Apache and Open Firewall Port
--- - name: Setup httpd and open firewall port hosts: all tasks: - name: Install apache packages yum: name: httpd state: present - name: Start httpd service: name: httpd state: started - name: Open port 80 for http access firewalld: service: http permanent: true state: enabled - name: Restart firewalld service to load firewall changes service: name: firewalld state: reloaded
Task 5 - Run Shell Scripts on Remote Clients
# vim shellscript.yml --- - name: Playbook for shell script hosts: all or 10.253.1.115 tasks: - name: Run shell script shell: "/home/iafzal/cfile.sh" #Note: Shell script /home/iafzal/cfile.sh exists on the remote client.
Task 6 - Schedule a job (crontab)
The playbook cronjob.yml will: - Schedule a job as root. - Run every Thursday at 10 AM. --- - name: Create a cron job hosts: all tasks: - name: Schedule cron cron: name: "This job is scheduled by Ansible" minute: "0" hour: "10" day: "*" month: "*" weekday: "4" user: root job: "/home/iafzal/cfile.sh"
Task 7 - User Account Management
The playbook will: - Create a user named George on remote clients. - Set the home directory for user George to /home/George. - Set the shell environment for user George to /bin/bash. --- - name: Playbook for creating users hosts: all tasks: - name: Create users user: name: george home: /home/george shell: /bin/bash
Task 8 - Download Package from a URL
The playbook tomcat.yml will: - Create a directory for Tomcat with required permissions. - Download Tomcat from a URL and place it in that directory with modified permissions. --- - name: Download Tomcat from tomcat.apache.org hosts: localhost tasks: - name: Create a Directory /opt/tomcat file: path: /opt/tomcat state: directory mode: 0755 owner: root group: root - name: Download Tomcat using get_url get_url: url: https://dlcdn.apache.org/tomcat/tomcat-8/v8.5.78/bin/apache-tomcat-8.5.78.tar.gz dest: /opt/tomcat mode: 0755 group: iafzal owner: iafzal
Task 9 - Kill a Running Process
The playbook killprocess.yml will: - Find a running process by process name. - Ignore any errors. - Hold the result in a registry variable. - Use the shell module to run the kill command to terminate the process identified by the registered variable. # vim killprocess.yml --- - name: Find a process and kill it hosts: 10.253.1.115 tasks: - name: Get running processes from remote host ignore_errors: yes shell: "ps -few | grep top | awk '{print $2}'" register: running_process - name: Kill running processes ignore_errors: yes shell: "kill {{ item }}" with_items: "{{ running_process.stdout_lines }}"
Task 10 - Pick and Choose Steps
Start a playbook at a specific task: - ansible-playbook yamlfile.yml --start-at-task 'Task name' - ansible-playbook http.yml --start-at-task 'Install telnet' --- - name: httpd and telnet hosts: all tasks: - name: Install httpd yum: name: httpd state: present - name: Start httpd service: name: httpd state: started - name: Install telnet yum: name: telnet state: present