Automation with Ansible
Hello every one, in this article we will cover Ansible. It is a very important tool. , in fact it is one of leading DevOps tools and appears in the XebiaLabs Periodic Table of DevOps tools. Our objective is to get started with Ansible, understand its architecture and explain the most important features. In this article we will introduce these main keys.
1- what is Ansible ?
5- How does Ansible work?
6- How to configure remote nodes with Ansible?
1- What is Ansible?
Ansible is an open source tool written in python, power shell and ruby. Both developers and system administrator can use it to fulfill many tasks.
Ansible is included as part of the Fedora distribution of Linux, owned by Red Hat Inc., and is also available for Red Hat Entreprise linux, CentoOS, Scientific Linux and Oracle Linux via Extra Packages for Enterprise Linux (EPEL) as well as for other operating systems.
There are many other competing tools like puppet, chef, saltstack but the major asset of Ansible that it is agentless.
With Ansible we can accomplish several tasks, the most important are
– Software deployment
– System configuration
– Services orchestration
– Agent-less: connection from manager to nodes via ssh.
– Idempotent: operations done on nodes give the same results if executed one or many times.
– Easy to read: playbooks written in the declarative language yaml which is a human friendly data serialization standard.
– Parallelism: the manager performs a set of tasks on many nodes in the same time.
– Buil-in modules.
Ansible uses no agent, it connects to nodes via ssh and push modules. A module is a program run in the node to get a desired state.
Ansible uses also plugin to extend it’s core functionality. You can write your own plugin.
Nodes controlled by Ansible are known as hosts and they consists the inventory on which Ansible will perform tasks. The default inventory is the file hosts
Ansible uses playbooks to perform tasks on hosts. A playbook is a recipe in which you put tasks. This concept will be more explained in the next section.
5- How does Ansible work?
a- Install Ansible with the following command:
sudo yum install ansible
b- Verify Ansible version:
the content of the /etc/ansible directory is:
– ansible.cfg: This file contains the default configuration of Ansible.
– hosts: this file is the default inventory which contains nodes managed by Ansible but it can be changed.
– roles: In case of a complex playbook which contains many tasks we can devide it into files and folders and each of them will play a specified role. So we use this folder by default to put the roles.
Create user ansible
In order to use Ansible properly we must create on all nodes a user named ansible by executing following commands
a- Create the user ansible
sudo useradd ansible
b- Attribute a password to the user created.
sudo passwd ansible
c- Edit the file sudoers.
d- Add the following line to escalate privilesges of ansible user.
ansible ALL=(ALL) NOPASSWD:ALL
Installed on a node manager, Ansible can perform tasks of deployment or configuration in remote nodes via ssh by using modules. Tasks can be done with two ways: with ad-hoc commands or playbooks
To execute one simple task on one or many hosts, we can use ad-hoc commands. The command has two parameters:the first one is the host group the second is the module which will be performed.
In the following example Ansible will execute the module ping on all hosts.
ansible all -m ping
A Playbook is one of most the important features in Ansible. It is a yaml file which contains a list of tasks. These tasks will be executed on hosts.
The advantages of using Ansible is the ability to acts against many nodes at the same time, appropriate nodes are selected in the default inventory etc/ansible/hosts. We can use another inventory :
In case of ad-hoc command we use the option -i like mentioned in the following example:
ansible all -i my_hosts -m ping
To avoid to indicate each time the inventory file in commands, we can put the path in the /etc/ansibe/ansible.cfg file.
Controlled nodes in the inventory can be declared individually or by groups like the following example:
6- How to configure remote nodes with Ansible?
In this article we will use two nodes which are:
– The first one is the Ansible manager.
– The second is the controlled node.
In order to illustrate how ansible configure remote nodes we will use vagrant in creating two virtual machines. We resort to vagrant because it allows easily creation and management of virtual machines. So follow the following steps:
Before installing vagrant you must have those prerequisites:
Create a sudo user
a- create the user:
useradd asma // you can specify another user name
b- set a new password to that user:
c- add the new user to wheel group to grant the sudo access :
usermod -aG wheel asma
Install Oracle VM VirtualBox
The second step is to install virtualBox so you:
a -download the build tools necessary for compiling the vboxdrv kernel module:
sudo yum install kernel-devel kernel-headers make patch gcc
sudo wget https://download.virtualbox.org/virtsudo wget https://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo -P
c -install the latest version of virtualBox.
sudo yum install VirtualBox-5.2^C
d- verify the status of service vboxdrv :
systemctl status vboxdrv.service
e- Install Vagrant.(In this this case the installation is performed on CentOS7)
# yum -y install https://releases.hashicorp.com/vagrant/1.9.6/vagrant_1.9.6_x86_64.rpm
f- Create two folders: manager and node1.
mkdir manager node1
g- Enter folder manager and create a Vagrantfile.
The Vagrantfile is a Ruby file used to configure Vagrant on a per-project basis. Its main function is to described the virtual machines.
sudo vagrant init centos/7
The following message indicates the creation of a Vagrantfile in this folder
f- Repeat the previous task with folder node1.
you will have in each folder a Vagrantfile that will be used to create the CentOS7 virtual machine.
Start the two virtual machines
a- Start the manager and node1 in two different terminals with the following command.
sudo vagrant up
We can open another terminal in order to start the node1.
a- Connect to the node manager with this command:
sudo vagrant ssh
b- Do steps enumerated in section 4 ( How to install ansible).
Implement ssh connection
Ansible uses ssh protocol to managed nodes, so in the manager node:
a- generate an ssh pair keys using this command:
This command will generate a pair of keys : a private key and a public key.
b- Copy the public key into node1 having ip address 126.96.36.199.
sudo ssh-copy-id email@example.com
Write you first playbook
a- Create a new folder playbooks in /home/ansible/my_project/ in this folder create a yaml file named playbook_1.yml
b- Edit the new created file (be carefull about spaces !! You can use The Visual studio code to edit your playbooks).
c- Run this new playbook using the following command
The output of the an ansible playbook execution informs about the state of the tasks.
If a task is already done on the controlled node, the state is ok with green color. In our case the extra packages for entreprise linux repository epel-release is already installed, the desired state is ok, so there is no changes.
If a task had never be done on the controlled node the state will be changed. For example the task of nginx installation is performed so the state is changed and the color is orange.
If a task is not done than the state is failed and it takes red color. You must fix it !!!
Asma is an Information Technology Manager with over than 12 years of experience in software engineering and system administration at Ministry of Defense. I can apply DevOps tools to reduce delivery time and improve quality in the development of new software products and enhance collaboration in workflows throughout system administration and software development. Now I am seeking a Challenging Position with a Leading IT Services Company.