Installation & Configuration

Introduction

Ansible is a free configuration management tool, it supports managing the configurations of Unix-like and Microsoft windows systems.
Ansible manages nodes over SSH or PowerShell and python to be installed on them
Ansible helps you to perform configuration, management and deployment of softwares on 100s of nodes using SSH, the entire operation can be executed by one single command ‘ansible’.
But, in some cases, where you may require to execute multiple commands for a deployment.

Architecture:

other configuration management tools like puppet, chef and CFEngine, server software is installed on one machine and client machines are managed through the agent.
Wherein Ansible, the nodes are managed by controlling machine (Ansible server) over SSH, so there won’t be any agent running on node machines.

Ansible deploys modules to nodes over SSH, these modules are temporarily stored in the nodes and communicate with the Ansible server through a JSON protocol. Modules are nothing but a script written in Python, Perl, Ruby, bash, etc

System Requirements:

Controlling Machine:
You can run Ansible on any machine which is having Python 2.6 or 2.7 installed (Windows isn’t supported for the control machine).
Supports Red Hat, Debian, CentOS, OS X, any of the BSDs.

Client Nodes:

Client machines should atleast have Python 2.4 or later, but if you are running less than Python 2.5 on the nodes, you will also need:
python-simplejson
Note: If you have SELinux enabled on remote nodes, you will have to install below package on nodes before using any copy/file/template related functions in Ansible.
libselinux-python

Environment:

Document demo environment

Controlling Machine:

IP Address: 192.168.12.6
HostName: server.test.local
User: hans-karri
OS: Ubuntu 14.04.3 64 bit.

Client Nodes:

Node1 : 192.168.12.7
Node2 : 192.168.12.8

Install Ansible on controlling Machine:

To install Ansible, we will have to Enable EPEL repository on CentOS 7 / RHEL 7.
# CentOS 7 / RHEL 7

# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

In Fedora, you can directly install Ansible.

# CentOS 7 / RHEL 7 / Fedora 22

# yum install ansible

Configure PPA on Ubuntu 14.04 and install ansible by using below commands:

# Ubuntu 14.04 / 15.04

$ sudo apt-get install software-properties-common 
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update 
$ sudo apt-get install ansible
Once Ansible is installed, verify the version of Ansible by executing below command.
$ ansible --version
ansible 1.9.2
configured module search path = None

SSH Authentication:

As said earlier, Ansible uses native OpenSSH for remote communication. when it comes to ssh authentication, by default it uses ssh keys (passwordless authentication) to authenticate with the remote machine. In every remote host, there will be a user account “hans-karri”
Generate the SSH public key on controlling machine,

$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/raj/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/raj/.ssh/id_rsa.
Your public key has been saved in /home/raj/.ssh/id_rsa.pub.
The key fingerprint is:
1f:25:62:4c:b8:ee:ba:64:ab:fb:9b:24:27:34:ac:c9raj@server
The key's randomart image is:
+--[ RSA 2048]----+
| .. |
| .o |
| .+ . . |
| . .. . o |
| + . S . |
|.+ . . . . |
|oEo =. . |
| B o. |
| o+B+ |
+-----------------+

Use following command to place a SSH keys on remote hosts.
Note: Below command will overwrite the existing keys that are already installed.

ssh-copy-id hans-karri@192.168.12.7

ssh-copy-id hans-karri@192.168.12.8
Sample output of above command.
$ ssh-copy-id hans-karri@192.168.12.8
The authenticity of host '192.168.12.8 (192.168.12.8)' can't be established.
ECDSA key fingerprint is a1:cb:88:60:46:16:fd:d3:93:31:4b:5f:94:5e:78:f8.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
raj@192.168.12.8's password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘raj@192.168.12.8′”
and check to make sure that only the key(s) you wanted were added.
Once you copied the keys to remote hosts, check the passwordless communication.
ssh hans-karri@192.168.12.7
ssh hans-karri@192.168.12.8
You should now be able to login to the remote machine without entering the password.

Password Authentication:

Password authentication can also be used where needed by supplying the option “–ask-pass“, this command requires “sshpass” to be installed on controlling machine.

# Ubuntu 14.04 / 15.04

$ sudo apt-get install sshpass

# CentOS 7 / RHEL 7 / Fedora 22

# yum install sshpass

Note: You can use any one of the authentication method that is suitable to your infrastructure.

Creating Inventory:

Edit (or create) /etc/ansible/hosts, This file holds the inventory of remote hosts to which Ansible needs to connect through SSH for managing the systems.
$ sudo vi /etc/ansible/hosts
Put one or more remote systems in it. For example, add ip address of our nodes. (remove the unwanted IP addresses).
[web-servers]
192.168.12.7
192.168.12.8
In the above, both nodes belong to [app-server] group, groups are used to classifying systems for particular use. If you do not specify any group, they will act as a ungrouped hosts.

First Command:

Now it is the time to check all our nodes by just doing a ping from controlling machine, to do that we will use the command “ansible” with options “-m” (load module) and “all” (group of servers).

$ ansible all -m ping

OR

$ ansible web-servers -m ping

OR

# If you use password authendication

$ ansible -m ping all -u raj --ask-pass
Sample output:
192.168.12.8 | success >> {
"changed": false,
"ping": "pong"
}

192.168.12.7 | success >> {
"changed": false,
"ping": "pong"
}

In the above example, we have used ping module with “ansible” command to ping all the remote hosts. The same way, we can use various modules with “ansible” command, you can find available modules here.

Remote Command Execution:

This time, we will use “command” module with “ansible” command to get remote machine information. For example, we will execute “hostname” command along with “command” module to get hostname name of remote hosts at one go.

$ ansible -m command -a "hostname" web-servers

192.168.12.8 | success | rc=0 >>
node2.hans-karri.com

192.168.12.7 | success | rc=0 >>
node1.hans-karri.com

We will get a partition details with below command,
$ ansible -m command -a "df -hT" web-servers

192.168.12.8 | success | rc=0 >>
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 18G 923M 17G 6% /
devtmpfs devtmpfs 488M 0 488M 0% /dev
tmpfs tmpfs 494M 0 494M 0% /dev/shm
tmpfs tmpfs 494M 6.8M 487M 2% /run
tmpfs tmpfs 494M 0 494M 0% /sys/fs/cgroup
/dev/sda1 xfs 497M 96M 401M 20% /boot
/dev/sr0 iso9660 3.9G 3.9G 0 100% /cdrom

192.168.12.7 | success | rc=0 >>
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 478M 0 478M 0% /dev
tmpfs tmpfs 489M 0 489M 0% /dev/shm
tmpfs tmpfs 489M 648K 488M 1% /run
tmpfs tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/mapper/fedora-root xfs 18G 1.4G 17G 8% /
tmpfs tmpfs 489M 4.0K 489M 1% /tmp
/dev/sda1 ext4 477M 93M 355M 21% /boot
tmpfs tmpfs 98M 0 98M 0% /run/user/0
tmpfs tmpfs 98M 0 98M 0% /run/user/1000

To check the uptime and load details on both nodes.

$ ansible -m command -a "uptime" web-servers

192.168.12.8 | success | rc=0 >>
15:15:12 up 3:47, 3 users, load average: 0.00, 0.01, 0.05

192.168.12.7 | success | rc=0 >>
00:45:17 up 3:47, 3 users, load average: 0.00, 0.01, 0.05

You can also check the content of particular file.

$ ansible -m command -a "cat /etc/resolv.conf" web-servers

192.168.12.8 | success | rc=0 >>
; generated by /usr/sbin/dhclient-script
searchlocaldomainitzgeek.local
nameserver 192.168.12.2

192.168.12.7 | success | rc=0 >>
# Generated by NetworkManager
searchlocaldomainitzgeek.local
nameserver 192.168.12.2
nameserver 192.168.12.1