None

Ansible automation tool - Introduction


Ansible control-system installation, configuration and basic tasks

By Kostas Koutsogiannopoulos

Ansible is a tool for IT automation. We can use it for configure, deploy, provision and orchestrate tasks. In an integrated IT environent with a grade of complexity, all these continuous operations have to be done in a automatic way to minimise errors and downtimes.

Ansible is a tool focused on simlicity and easy of use without compromising security and reliability. It is also agentless using SSH as its transport protocol for controling remote systems. All these Ansible designers's choises made the tool appealing for us to use in complex, versatile and mission critical environments.

This post is a simple tutorial - introduction to the tool. We are installing ansible inside a dedicated python virtual environment avoiding messing up with system-wide python libraries and we are running some very basic tasks. Other articles about more complex tasks (for example controling AWS instances, security services etc.) will follow on epilis.gr in the "administration" category.

Create python virtual environment

At first we are creating a new virtual python environment:

~$ virtualenv ansible_env
New python executable in ansible_env/bin/python
Installing setuptools, pip...done.

Ansible installation

Activate the virtual enviroment just created:

~$ . ansible_env/bin/activate

Then install ansible with pip:

~$ pip install ansible

This will install ansible with all the dependencies like paramiko, PyYAML, pycrypto, jinja2.

If you got something like: "fatal error: Python.h: No such file or directory", you need to install python-dev e.g: sudo apt-get install python-dev

Basic tasks

Now that ansible is installed in our virtual environment it is time to get started with some basics:

Lets say that we have 2 linux servers (linux10 and linux11) in our local network and one on aws cloud (example.com) that we want to control with ansible.

Firstly we want to setup SSH keys for authentication to every server without password (optional but recomended):

~$ ssh-keygen

~$ ssh-copy-id linux10

~$ ssh-copy-id linux11

Check the password-less login with:

~$ ssh linux10

~$ ssh linux11

We assume that you already have an ssh key for login to your AWS cloud server.

Lets create a "workspace" directory named ansible and a "hosts" file inside:

 hosts

[local_servers]
linux10
linux11

[aws_servers]
example.com ansible_user=username ansible_ssh_private_key_file=/home/pi/private_key.pem

 

This "hosts" file is basically our inventory that contains the servers we want to control in groups.

We can check the connections on all our servers with the command:

~$ ansible -i hosts all -m ping

linux10 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
linux11 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
example.com | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

Now we can check only a group of servers for example aws_servers:

~$ ansible -i hosts aws_servers -m ping

example.com | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

Lets try to run a command on the remote systems (all of them):

~$ ansible -i hosts all -a "/bin/echo hello"

linux10 | SUCCESS | rc=0 >>
hello

linux11 | SUCCESS | rc=0 >>
hello

example.com | SUCCESS | rc=0 >>
hello

Lets run the same command to our "local_servers" group of servers, this time with sudo priveledges:

~$ ansible -i hosts local_servers --sudo -a "/bin/echo hello"

linux10 | SUCCESS | rc=0 >>
hello

linux11 | SUCCESS | rc=0 >>
hello

Now that everything is working fine lets upgrade our local servers with ansible (all at once).

We are using the "apt" ansible module for running "apt-get update" and "apt-get upgrade" commands to the remote systems.

For our convenience we can set the hosts file as an environment variable:

~$ export ANSIBLE_HOSTS=./hosts

We are creating a file named "upgrade_local_servers.yml" as our "playbook"

 upgrade_local_servers.yml

- hosts: local_servers
  become: true
  tasks:
   - name: updates a server
     apt: update_cache=yes
   - name: upgrades a server
     apt: upgrade=full

Now we are running the tasks:

~$ ansible-playbook upgrade_local_servers.yml

PLAY ***************************************************************************

TASK [setup] *******************************************************************
ok: [linux10]
ok: [linux11]

TASK [updates a server] ********************************************************
ok: [linux10]
ok: [linux11]

TASK [upgrade a server] ********************************************************
ok: [linux10]
ok: [linux11]

PLAY RECAP *********************************************************************
linux10                    : ok=3    changed=0    unreachable=0    failed=0   
linux11                    : ok=3    changed=0    unreachable=0    failed=0   


Authors

Categories

Tags

linux (30)
Ansible (12)
automation (12)
IBM (11)
python (11)
networking (7)
bash (6)
cluster (6)
Django (6)
proxy (5)
database (5)
cloud (5)
lxc (4)
Websphere (4)
DB2 (4)
analytics (4)
monitoring (4)
SQL (4)
hosting (4)
virtualenv (4)
Redis (4)
Apache (4)
raspberry pi (3)
Microfocus (3)
availability (3)
e-mail (3)
portal (3)
container (3)
log files (3)
ipset (3)
php (3)
Nginx (3)
PostgreSQL (3)
Squid (2)
Corosync (2)
Pacemaker (2)
sles (2)
Logstash (2)
epilis (2)
certificates (2)
fail2ban (2)
firewalld (2)
Celery (2)
systemd (2)
HTTP (2)
openvpn / caching / xmitip / z/os / ubuntu / JCL / COBOL / DNS / nrpe / Nagios / load utility / static site / wiki / PXE / https / Dovecot / postfix / AWS / Watson / Channels / Elasticsearch / Kibana / windows / Prometheus /

View epilis's profile on LinkedIn Visit us on facebook X epilis rss feed: Latest articles