In love with Ansible

Ansible-logo

Haz click aquí para leer en Español


Disclaimer: You still need to work in order to automate. Why doing something manually in 5 minutes if you can automate it in 5 hours

Let’s do Ansible! To tell you the truth I have been doing Ansible since not long ago, but I can tell you I will be doing much more ansible automation, working with ansible-playbook and YAML for a long time. We will be using the command line, working with ansible-inventory, and writing playbooks. Do you know what Ansible is? Let’s find out!

I am using CentOS8, How to check this with Ansible?

ansible <machine/group> -a “cat /etc/os-release” -i <inventory/hosts>

OS-release

The best source of information is their own ansible site.

Click here for more information on the RedHat Ansible Automation Platform on Twitter.

I will recommend you some great tools were you can validate your YAML and a great IDE to work with when working with Ansible

Best tools
  • YAML Lint → Yaml validator  http://www.yamllint.com/
  • Also, If you use an IDE such as ATOM you can install apm install linter-js-yaml for yaml validation
  • Ansible galaxy to find Ansible roles for million of tasks (automation, configuring servers, etc)
  • Ansible-playable from mmumshad to have an UI to help you create playbooks, modules, etc.

First of all, we need to know the Basic terminology

  • Task: Instruction for an action against a machine(s)
  • Play: A combination of tasks
  • Playbook: A combination of multiple plays in sequential order
  • host/inventory: file with a list of machines where the playbook is being deployed
  • vars/facts: Variables, either stored in a file, or using ansible-vault or retrieved from a host
  • list: in JSON and YAML array
  • Dictionary: in JSON and YAML

Ansible allows you to start the ansible-playbook from a specific task

If a task fails in your playbook fail (once you fix it), you can retry the play from an specific task

ansible-playbook playbook.yml –start-at-task=”task_name”

Below we can see an example of an Ansible file (hands-on)

    name: 'Execute a script on all web server nodes'
    hosts: web_nodes
    tasks:
        - name: Add a line to a file
          lineinfile:
            path: /etc/resolv.conf
            line: nameserver 10.1.250.10
    create: yes # if file do not exist create it
        - name: 'create a new web user'
          user:
            name: web_user
            uid: 1040
            group: developers
If for any reason the second tasks fails we can re run it from that point onwards

Ansible uses modules which makes our life much easier, we can have modules to manage Systems, Commands, Files, Databases, Cloud, Windows, etc

One of the best part of Ansible is the use of variables and conditionals

    name: 'Execute a script on all web server nodes'
    hosts: all_servers
    tasks:
        -   service: 'name=mysql state=started'
            when: ansible_host == "server.example.com"
In which, we are telling the playbook to run in all servers(using ansible host). However, it will run just on ansible_host == "server.example.com"
Can I use my own scripts?

Yes, you can! However, if there is an Ansible module to do the same you go ahead and use the module.

Is the installation of Ansible a nightmare?

Not at all! Follow this commands and you’ll be a step closer to automate your targets machines

  • sudo dnf -y install epel-release
  • dnf search ansible
  • sudo dnf install -y ansible.noarch
  • Create ansible users on each machine and since our ansible user would need privilege escalation we will create a new rule for ansible user using a new file under:
    • /etc/sudoers.d
    • echo “ansible ALL=(ALL) NOPASSWD: ALL” >> /etc/sudoers.d/ansible
    • Or use usermod -aG wheel username

Check for your default inventory file in /etc/ansible/ansible.cfg

Finally try running ansible <machine/group> -m ping -i inventory.txt

Ansible ping module

In which target1 is a VM currently on and target2 is a VM which is off

All the above just for a ping?

Wow! so practical (not really!). Now let us do something more interesting. The below is the code inside a playbook called playbook-DBcreation.yaml

---

- hosts: target 
  gather_facts: yes
  vars:
    mysql:
      ansible_dest_path: /opt/ansible_sw/bit8_scripts
      mysql_db_schema: "table" #create db schema
      mysql_db_schema_rep: "other_table" #create db schema
      db_user: "user"
      db_pass: "pass"
      db_user_rep: "user_other"
      db_pass_rep: "pass"
      mysql_root_user: "root"
      mysql_root_pass: "alejandro"

  tasks:
  - name: TASK0 - Mysql installation
    yum:
      name: python3-PyMySQL.noarch 
      state: present

  - name: TASK1 - Create Schema using "{{ mysql.mysql_db_schema }}"
    mysql_db:
      login_user: root
      login_password: "{{ mysql.mysql_root_pass }}"
      name: "{{ mysql.mysql_db_schema }}"
      encoding: utf8
      collation: utf8_general_ci


  - name: TASK 2 - Create second Schema using "{{ mysql.mysql_db_schema_rep }}"
    mysql_db:
      login_user: root
      login_password: "{{ mysql.mysql_root_pass }}"
      name: "{{ mysql.mysql_db_schema_rep }}"
      encoding: utf8
      collation: utf8_general_ci


  - name: TASK 3 - Create database admin user 
    mysql_user:
      login_user: root
      login_password: "{{ mysql.mysql_root_pass }}"
      name: admin
      host: "127.0.0.1"
      priv: '*.*:ALL'
      state: present

  - name: TASK 4 - Create a user 
    mysql_user:
      login_user: root
      login_password: "{{ mysql.mysql_root_pass }}"
      name: "{{ mysql.db_user }}"
      password: "{{ mysql.db_pass }}"
      host: "%"
      priv: "'{{ mysql.mysql_db_schema }}'.*:ALL"
      state: present

  - name: TASK 5 - Create another user 
    mysql_user:
      login_user: root
      login_password: "{{ mysql.mysql_root_pass }}"
      name: "{{ mysql.db_user_rep }}"
      password: "{{ mysql.db_pass_rep }}"
      host: "%"
      priv: 'mysql_db_schema_rep.*:ALL'
      state: present

To run it just type: sudo ansible-playbook playbook-DBcreation.yaml -i inventory.txt

I am using inventory.txt and ansible-vault which I will explain in a future post

Playbook

When playbook run against target1 it ran successfully since our machine is using the correct credentials.

Target1 machine

As you can see, not that difficult 🙂


For my following entries, I will write about ansible-vault, ansible-playbook, ansible-inventory and more. Stay tuned and follow the blog!

If you have time, check my other posts and let me know if you have done something similar.

techyinvestor.com


If you want to know about Apache click here

If you want to know more about finances and investment here

If you want to know more about sports

10 thoughts on “In love with Ansible

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: