Ansible for devops is an open source tool for IT configuration management, deployment and orchestration similar to Chef, Puppet, is extremely simple and easy to use because it uses SSH to connect to servers and run the configured Tasks instead of using agent.
Lab Envirement:
In this lab we will use 3 CentOS 7 servers machines
– Ansible Server Controler : * Hostname : ansible.yallalabs.com
* IP Address : 192.168.1.10
– WebServer01 : * Hostname : web01.yallabs.com
* IP Address : 192.168.1.11
– WebServer02 : * Hostname : web02.yallalabs.com
* IP Address : 192.168.1.12
1. Step: Install Ansible
Before installing ansible we need to Add the EPEL Repository using the following command
[[email protected] ~]# sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm [[email protected] ~]#sudo yum -y update
After installing the EPEL Repository and update the system let’s move to install ansible using the following command
[[email protected] ~]# sudo yum install ansible -y
2. Step: Create Ansible Control Account
To connect to the servers via SSH we need to create an ansible control account in the Ansible server controller and in the servers that we need to manage.
In this lab we are going to create an account called “ansadm” with sudo privileges on all our three servers
[[email protected] ~]# adduser -d /home/ansadm -m ansadm
[[email protected] ~]# passwd ansadm Changing password for user ansadm. New password: Retype new password: passwd: all authentication tokens updated successfully.
[[email protected] ~]# chage -E -1 ansadm
[[email protected] ~]# echo "ansadm ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
3. Step Adjusting the /etc/hosts file
If you don’t use DNS Server, you can map the IP adresses and hostname of the remote servers in /etc/hosts file
[[email protected] ~]# cat >> /etc/hosts << END
#MY VM WEB SERVERS 192.168.1.10 ansible mgmt.yallalab.com ansible.yallalab.com 192.168.1.11 web01 web01.yallalab.com 192.168.1.12 web02 web02.yallalab.com 192.168.1.13 web03 web03.yallalab.com 192.168.1.14 web04 web04.yallalab.com 192.168.1.15 web05 web05.yallalab.com END
4. Step Create an Inventory File
Ansible has a default inventory file used to define which servers it will be managing called /etc/ansible/hosts. But in this lab we going to create a new file called inventory.ini under the home directory of your ansible control user ansadm where we going to add a group of all our webservers.
[[email protected] ~]# su - ansadm [[email protected] ~]# vi inventory.ini
Add the following Lines:
[webservers1] web01 web02 [webservers2] web04 web05
Now we need to inform ansible where it can found our new inventory file for that we are going to create a new ansible file configuration under the home directory of the user ansadm.
[[email protected] ~]# vi ansible.cfg
Add the following Lines:
[defaults] inventory = /home/ansadm/inventory.ini
5. Step Gonfiguring SSH Key-Based Authentication for the Ansible Control Account
As you know, Ansible use SSH to connect to the servers that will be managed, to configure SSH key authentication we need to generate an SSH key pair on the ansible management server.
To do this, we going to use a special utility called ssh-keygen
[[email protected] ~]# ssh-keygen -t rsa
You should see two new files in /homeansadm/.ssh/ directory, next step is to copy the public key to the home directory of the account ansadm in the remote servers, to do that we gonna use the ssh-copy-id
[[email protected] ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub web01
[[email protected] ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub web02
Once we have finished all the steps, we can start running some commands to check if everything works properly.
Ansible ships with a number of modules (called the ‘module library’) that can be executed directly on remote hosts or through Playbooks.
For more information about modules visit this link: Modules
[[email protected] ~]$ ansible --version ansible 2.2.0.0 config file = /home/ansadm/ansible.cfg configured module search path = Default w/o overrides
In this example we are going to use the ping module:
[[email protected] ~]$ ansible webservers1 -m ping web02 | SUCCESS => { "changed": false, "ping": "pong" } web01 | SUCCESS => { "changed": false, "ping": "pong" }