Automation with Ansible

Hello every one, in this article we will cover Ansible. It is a very important tool. , in fact it is one of leading DevOps tools and appears in the XebiaLabs Periodic Table of DevOps tools. Our objective is to get started with Ansible, understand its architecture and explain the most important features. In this article we will introduce these main keys.

1- what is Ansible ?

2- Features

3- Characteristics 

4- Architecture

5- How does Ansible work?

6- How to configure remote nodes with Ansible?

1- What is Ansible?

Ansible is an open source tool written in python, power shell and ruby. Both developers and system administrator can use it to fulfill many tasks. 

Ansible is included as part of the Fedora distribution of Linux, owned by Red Hat Inc., and is also available for Red Hat Entreprise linux, CentoOS, Scientific Linux and Oracle Linux via Extra Packages for Enterprise Linux (EPEL) as well as for other operating systems.

There are many other competing tools like puppet, chef, saltstack but the major asset of Ansible that it is agentless. 

2- Features

With Ansible we can accomplish several tasks, the most important are

– Automation

– Software deployment

– System configuration

– Services orchestration

3- Characteristics:

– Agent-less: connection from manager to nodes via ssh.

– Idempotent: operations done on nodes give the same results if executed one or many times.

– Easy to read: playbooks written in the declarative language yaml which is a human friendly data serialization standard.

– Parallelism: the manager performs a set of  tasks on many nodes in the same time.

– Buil-in modules. 

4- Architecture:

Ansible uses no agent, it connects to nodes via ssh and push modules. A module is a program run in the node to get a desired state.

Ansible uses also plugin to extend it’s core functionality. You can write your own plugin.

Nodes controlled by Ansible are known as hosts and they consists the inventory on which Ansible will perform tasks. The default inventory is the file hosts 

Ansible uses playbooks to perform tasks on hosts. A playbook is a recipe in which you put tasks. This concept will be more explained in the next section.

5- How does Ansible work?

Install Ansible

a- Install Ansible with the following command:

sudo yum install ansible

b- Verify Ansible version:

ansible –version

the content of the /etc/ansible directory is:

ansible.cfg: This file contains the default configuration of Ansible.

hosts: this file  is the default inventory which contains nodes managed by Ansible but it can be changed.

roles: In case of a complex playbook which contains many tasks we can devide it into files and folders and each of them will play a specified role. So we use this folder by default to put the roles.

Create user ansible

In order to use Ansible properly  we must create on all nodes a user named ansible by executing following commands

a- Create the user ansible

sudo useradd ansible

b- Attribute a password to the user created.

sudo passwd ansible

c- Edit the file sudoers.

sudo  visudo

d- Add the following line to escalate privilesges of ansible user.

ansible ALL=(ALL) NOPASSWD:ALL

Installed on a node manager, Ansible can perform tasks of deployment or configuration in remote nodes via ssh by using modules. Tasks can be done with two ways: with ad-hoc commands or playbooks

Ad-Hoc commands

To execute one simple task on one or many hosts, we can use ad-hoc commands. The command has two parameters:the first one is the host group the second is the module which will be performed. 

In the following example Ansible will execute the module ping on all hosts.

ansible all -m ping

Playbook

A Playbook is one of most the important features in Ansible. It is a yaml file which contains a list of tasks. These tasks will be executed on hosts.

name: Install nginx
  hosts: webserver
  become: true

  tasks:
  – name: Add epel-release repo
    yum:
      name: epel-release
      state: present

  – name: Install nginx
     yum:
      name: nginx
      state: present

  – name: Insert Index Page
    template:
      src: index.html
      dest: /usr/share/nginx/html/index.html

  – name: Start nginx
    service:
      name: nginx
      state: started
Inventory

The advantages of using Ansible is the ability to acts against many nodes at the same time, appropriate nodes are selected in the default inventory etc/ansible/hosts. We can use another inventory :    

In case of ad-hoc command we use the option -i like mentioned in the following example:                                                                 

ansible all -i my_hosts -m ping

To avoid to indicate each time the inventory file in commands, we can put the path in the /etc/ansibe/ansible.cfg file.

Controlled nodes in the inventory can be declared individually or by groups like the following example:

 172.24.7.12

#[dbservers]

db[01:04].example.com

#[webservers]

servone.example.com

servtwo.example.com

6- How to configure remote nodes with Ansible?

In this article we will use two nodes which are:

  – The first one is the Ansible manager.

  – The second is the controlled node.

In order to illustrate how ansible configure remote nodes we will use vagrant in creating two virtual machines. We resort to vagrant because it allows easily creation and management of virtual machines. So follow the following steps:

Before installing vagrant you must have those prerequisites:

Create a sudo user

   a- create the user:

useradd asma  // you can specify another user name

   b- set a new password to that user:  

passwd asma

   c- add the new user to wheel group to grant the sudo access :

usermod -aG wheel asma

Install Oracle VM VirtualBox

The second step is to install virtualBox so you:

a -download the build tools necessary for compiling the vboxdrv kernel     module: 

sudo yum install kernel-devel kernel-headers make patch gcc

b -download the Oracle Linux repo file to /etc/yum/repos.d directory with  the following  wget command.

sudo wget https://download.virtualbox.org/virtsudo wget https://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo -P 

c -install the latest version of virtualBox.

sudo yum install VirtualBox-5.2^C

d- verify the status of service vboxdrv :

systemctl status vboxdrv.service

Install Vagrant

e- Install Vagrant.(In this this case the installation is performed on CentOS7)

# yum -y install https://releases.hashicorp.com/vagrant/1.9.6/vagrant_1.9.6_x86_64.rpm

f- Create two folders: manager and node1.

mkdir manager node1

g- Enter folder manager and  create a Vagrantfile.

The Vagrantfile is a Ruby file used to configure Vagrant on a per-project basis. Its main function is to described the virtual machines.

cd manager

sudo vagrant init centos/7

The following message indicates the creation of a Vagrantfile in this folder 

f- Repeat  the previous task with folder node1.

 you will have  in each folder a Vagrantfile that will be used to create the CentOS7 virtual machine.

Start the two virtual machines

a- Start the manager and node1 in two different terminals  with the following command.

sudo vagrant up

We can open another terminal in order to start the node1.

Install Ansible

a- Connect to the node manager with this command:

sudo vagrant ssh

b- Do steps enumerated in section 4 ( How to install ansible).

Implement ssh connection

Ansible uses ssh protocol to managed nodes, so in the manager node: 

a- generate an ssh pair keys using this command:

sudo ssh-keygen

This command will generate a pair of keys : a private key and a public key. 

b- Copy the public key into node1 having ip address 172.1.10.12.

sudo ssh-copy-id ansible@172.1.10.12

Write you first playbook

a- Create a new folder playbooks in /home/ansible/my_project/ in this folder create a yaml file named playbook_1.yml

b- Edit the new created file (be carefull about spaces !! You can use The Visual studio code to edit your playbooks).

c- Run this new playbook using the following command 

ansible-playbook playbook-1.yml

The output of the an ansible playbook execution informs about the state of the tasks. 

If a task is already done on the controlled node, the state is ok with green color. In our case  the extra packages for entreprise linux repository epel-release is already installed, the desired state is ok, so there is no changes.

If a task had never be done on the controlled node the state will be changed. For example the task of nginx installation is performed so the state is changed  and the color is orange.

If a task is not done than the state is failed and it takes red color. You must fix it !!!

3+
Categories: devops

Asma BEN GHARBI

Asma is  an Information Technology Manager with over than 12 years of experience in software engineering and system administration at Ministry of Defense. I can apply DevOps tools to reduce delivery time and improve quality in the development of new software products and enhance collaboration in workflows throughout system administration and software development. Now I am seeking a Challenging Position with a Leading IT Services Company.

2 Comments

DevopsGeek87 · 25 February 2019 at 13 h 54 min

Thanks Asma for this so interesting post , it helped me to start with Ansible
Waiting for other posts from you 🙂

Fatma Rekik · 28 February 2019 at 14 h 32 min

Thanks Asma, great job 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *