Ansible for devops is an open source tool for IT configuration management, deployment and orchestration similar to Chef, Puppet, is extremely simple and easy to use because it uses SSH to connect to servers and run the configured Tasks instead of using agent.
Lab Envirement:
In this lab we will use 3 CentOS 7 servers machines
– Ansible Server Controler : * Hostname : ansible.yallalabs.com
* IP Address : 192.168.1.10
– WebServer01 : * Hostname : web01.yallabs.com
* IP Address : 192.168.1.11
– WebServer02 : * Hostname : web02.yallalabs.com
* IP Address : 192.168.1.12
1. Step: Install Ansible
Before installing ansible we need to Add the EPEL Repository using the following command
[root@ansible ~]# sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm [root@ansible ~]#sudo yum -y update
After installing the EPEL Repository and update the system let’s move to install ansible using the following command
[root@ansible ~]# sudo yum install ansible -y
2. Step: Create Ansible Control Account
To connect to the servers via SSH we need to create an ansible control account in the Ansible server controller and in the servers that we need to manage.
In this lab we are going to create an account called “ansadm” with sudo privileges on all our three servers
[root@ansible ~]# adduser -d /home/ansadm -m ansadm
[root@ansible ~]# passwd ansadm Changing password for user ansadm. New password: Retype new password: passwd: all authentication tokens updated successfully.
[root@ansible ~]# chage -E -1 ansadm
[root@ansible ~]# echo "ansadm ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
3. Step Adjusting the /etc/hosts file
If you don’t use DNS Server, you can map the IP adresses and hostname of the remote servers in /etc/hosts file
[root@ansible ~]# cat >> /etc/hosts << END
#MY VM WEB SERVERS 192.168.1.10 ansible mgmt.yallalab.com ansible.yallalab.com 192.168.1.11 web01 web01.yallalab.com 192.168.1.12 web02 web02.yallalab.com 192.168.1.13 web03 web03.yallalab.com 192.168.1.14 web04 web04.yallalab.com 192.168.1.15 web05 web05.yallalab.com END
4. Step Create an Inventory File
Ansible has a default inventory file used to define which servers it will be managing called /etc/ansible/hosts. But in this lab we going to create a new file called inventory.ini under the home directory of your ansible control user ansadm where we going to add a group of all our webservers.
[root@ansible ~]# su - ansadm [ansadm@ansible ~]# vi inventory.ini
Add the following Lines:
[webservers1] web01 web02 [webservers2] web04 web05
Now we need to inform ansible where it can found our new inventory file for that we are going to create a new ansible file configuration under the home directory of the user ansadm.
[ansadm@ansible ~]# vi ansible.cfg
Add the following Lines:
[defaults] inventory = /home/ansadm/inventory.ini
5. Step Gonfiguring SSH Key-Based Authentication for the Ansible Control Account
As you know, Ansible use SSH to connect to the servers that will be managed, to configure SSH key authentication we need to generate an SSH key pair on the ansible management server.
To do this, we going to use a special utility called ssh-keygen
[ansadm@ansible ~]# ssh-keygen -t rsa
You should see two new files in /homeansadm/.ssh/ directory, next step is to copy the public key to the home directory of the account ansadm in the remote servers, to do that we gonna use the ssh-copy-id
[ansadm@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub web01
[ansadm@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub web02
Once we have finished all the steps, we can start running some commands to check if everything works properly.
Ansible ships with a number of modules (called the ‘module library’) that can be executed directly on remote hosts or through Playbooks.
For more information about modules visit this link: Modules
[ansadm@mgnt ~]$ ansible --version ansible 2.2.0.0 config file = /home/ansadm/ansible.cfg configured module search path = Default w/o overrides
In this example we are going to use the ping module:
[ansadm@mgnt ~]$ ansible webservers1 -m ping web02 | SUCCESS => { "changed": false, "ping": "pong" } web01 | SUCCESS => { "changed": false, "ping": "pong" }