Saturday, 2 July 2016

Automation with Ansible

Ansible is an open source software which is used as configuration management tool as well as orchestration. Using Ansible, we can deploy multiple application in multiple nodes simultaneously without any human interactions. When it comes to features, it covers following things.

  • Agentless
  • Easy to use 
  • Intelligent automation system
  • Unlike other configuration management tools like puppet and chef, in Ansible there is no need to install additional packages on remote nodes.

Terms:
Following terms are considered while using Ansible.

Control node - Control node is a machine where we need to install ansible. This control node controls remote nodes.

Managed hosts - Remote nodes are called as managed hosts.

Inventory file - This is a simple text file. It contains the location of managed hosts in the control node.

You can find more terms here, that are used in Ansible.

Requirements:
  • Passwordless SSH authentication between control node and managed hosts.
  • Python could be installed on managed hosts. 
     (Nowadays, Mostly all Linux distributions comes with pre-installed Python package and SSH. So there is no need to install anything on the managed hosts to use Ansible. Only requires passwordless SSH authentication)

Passwordless authentication between Control node & Managed hosts:

Generate SSH key on Control node

#ssh-keygen


Copy SSH key to Managed hosts
    
 #ssh-copy-id <Managed Host IP/Hostname>



(Note: Here my control node IP is 192.168.56.1. I have two managed hosts that are 192.168.56.101 and 192.168.56.102)  

Now try to login via SSH to Managed hosts

#ssh <managed host IP/hostname>



Now it will login to managed hosts without providing a password.

Installing Ansible on Control node

#dnf install -y ansible                    (For Fedora based machines) 
#yum install -y ansible                  (For Red Hat, CentOS, Scientific Linux based machines) 
#apt-get install ansible                 (For Ubuntu based machines)
Inventory File
  
     Inventory file is a simple text file. It is located in /etc/ansible/hosts by default in the control node. But we can also able to change the inventory file location in /etc/ansible/ansible.cfg file. inventory file stores the location of managed hosts. Managed hosts may be separated into different groups in the inventory file.

Adding managed hosts in inventory file
vim /etc/ansible/hosts
[web-servers]
192.168.56.101
192.168.56.102 




Here 192.168.56.101 and 192.168.56.102 are my managed hosts. web_servers is group name of those managed hosts. Groups are useful in inventory file. It is used to divide managed hosts depends on it's functional usage.

Testing connectivity

By using ping module we can check the connectivity of control node and managed nodes. There are lot of modules are available in Ansible. You can find all those Ansible modules here.

#ansible -m ping web-servers


Ad-hoc commands
  
   Ad-hoc commands are nothing but a single line command. The following command is one example for ad-hoc command.


#ansible -m command -a 'uptime' web_servers

here, -m = modules and -a = attribute.It will show how long the system has been running.



Playbooks

  Playbooks are nothing but a YAML format text file. Ansible playbooks are written in YAML format human readable language format. It makes Ansible easy to understand.
  When we want to deploy multiple applications on managed hosts or need to configure something on managed hosts, that time of situations ansilbe playbooks comes here. It is like shell script, but easier than writing shell script. Playbook contains multiple tasks and it executes on multiple machines.

Example Playbook

   The following playbook will install apache server on managed hosts and finally test the apache server.
#vim Web-server.yml
---
- name: setup website
  hosts: web_servers
  tasks:
  - block:
    - name: Install httpd package                  
      yum: name=httpd state=latest          
  - block:
    - name: firewalld permits http service
       firewalld: service=http permanent=true state=enabled
  - block:
    - name: httpd enabled and running
      service: name=httpd enabled=true state=running
    - name: firewalld enabled and running
      service: name=firewalld enabled=true state=restarted
  - block:
    - name: test html page
      shell: echo "Welcome to Ansible test page" > /var/www/html/index.html
- name: Test website
   hosts: web_servers
   tasks:
   - name: latest python-httplib2 version installed
      yum: name=python-httplib2 state=latest
   - name: Verify the web server
      uri: url=http://localhost status_code=200  
You can also get this above code in my github acccount. Here is the link to get the code.
Save the above code as example_playbook.yml file. Here I am using multiple modules. you can get modules usage and functions on this page.

Note: Ansible strictly follows indentation so be careful while giving whitespaces on YML scripts.
You can also check your indentation of scripts by using following command,
#ansible-playbook --syntax-check  <playbook file>
In the above code, tasks can be separated by blocks. In above code,

  • The first block of code will install apache package. Here I am using yum module.
  • The second block of code will allow http in the firewall.   
  • The third block of code enables apache and firewalld on startup. Here i am using service module.
  • The fourth block of code will create index file. Here i am using shell module.
  • Finally, the last task will test web server.
Running Playbook
    #ansible-playbook example_playbook.yml



If you are facing any issue while doing this, feel free to put your thoughts in command box. I will help you. Thanks for reading.

Getting help
   Similar to man pages in Linux, there is a command available for Ansible where you can get help.
#ansible-doc <module-name>
For an example service module
#ansible-doc service

 If you are facing any issue while doing this, feel free to put your thoughts in command box. I will help you. Thanks for reading.

10 comments: