Haz click aquí para leer en Español
Disclaimer: You still need to work in order to automate. Why doing something manually in 5 minutes if you can automate it in 5 hours
Let’s do Ansible! To tell you the truth I have been doing Ansible since not long ago, but I can tell you I will be doing much more ansible automation, working with ansible-playbook and YAML for a long time. We will be using the command line, working with ansible-inventory, and writing playbooks. Do you know what Ansible is? Let’s find out!
I am using CentOS8, How to check this with Ansible?
ansible <machine/group> -a “cat /etc/os-release” -i <inventory/hosts>
The best source of information is their own ansible site.
Click here for more information on the RedHat Ansible Automation Platform on Twitter.
I will recommend you some great tools were you can validate your YAML and a great IDE to work with when working with Ansible
Best tools
- YAML Lint → Yaml validator http://www.yamllint.com/
- Also, If you use an IDE such as ATOM you can install apm install linter-js-yaml for yaml validation
- Ansible galaxy to find Ansible roles for million of tasks (automation, configuring servers, etc)
- Ansible-playable from mmumshad to have an UI to help you create playbooks, modules, etc.
First of all, we need to know the Basic terminology
- Task: Instruction for an action against a machine(s)
- Play: A combination of tasks
- Playbook: A combination of multiple plays in sequential order
- host/inventory: file with a list of machines where the playbook is being deployed
- vars/facts: Variables, either stored in a file, or using ansible-vault or retrieved from a host
- list: in JSON and YAML array
- Dictionary: in JSON and YAML
Ansible allows you to start the ansible-playbook from a specific task
If a task fails in your playbook fail (once you fix it), you can retry the play from an specific task
ansible-playbook playbook.yml –start-at-task=”task_name”
Below we can see an example of an Ansible file (hands-on)
name: 'Execute a script on all web server nodes'
hosts: web_nodes
tasks:
- name: Add a line to a file
lineinfile:
path: /etc/resolv.conf
line: nameserver 10.1.250.10
create: yes # if file do not exist create it
- name: 'create a new web user'
user:
name: web_user
uid: 1040
group: developersIf for any reason the second tasks fails we can re run it from that point onwards
Ansible uses modules which makes our life much easier, we can have modules to manage Systems, Commands, Files, Databases, Cloud, Windows, etc
One of the best part of Ansible is the use of variables and conditionals
name: 'Execute a script on all web server nodes'
hosts: all_servers
tasks:
- service: 'name=mysql state=started'
when: ansible_host == "server.example.com"In which, we are telling the playbook to run in all servers(using ansible host). However, it will run just on ansible_host == "server.example.com"
Can I use my own scripts?
Yes, you can! However, if there is an Ansible module to do the same you go ahead and use the module.
Is the installation of Ansible a nightmare?
Not at all! Follow this commands and you’ll be a step closer to automate your targets machines
- sudo dnf -y install epel-release
- dnf search ansible
- sudo dnf install -y ansible.noarch
- Create ansible users on each machine and since our ansible user would need privilege escalation we will create a new rule for ansible user using a new file under:
- /etc/sudoers.d
- echo “ansible ALL=(ALL) NOPASSWD: ALL” >> /etc/sudoers.d/ansible
- Or use usermod -aG wheel username
Check for your default inventory file in /etc/ansible/ansible.cfg
Finally try running ansible <machine/group> -m ping -i inventory.txt
In which target1 is a VM currently on and target2 is a VM which is off
All the above just for a ping?
Wow! so practical (not really!). Now let us do something more interesting. The below is the code inside a playbook called playbook-DBcreation.yaml
---
- hosts: target
gather_facts: yes
vars:
mysql:
ansible_dest_path: /opt/ansible_sw/bit8_scripts
mysql_db_schema: "table" #create db schema
mysql_db_schema_rep: "other_table" #create db schema
db_user: "user"
db_pass: "pass"
db_user_rep: "user_other"
db_pass_rep: "pass"
mysql_root_user: "root"
mysql_root_pass: "alejandro"
tasks:
- name: TASK0 - Mysql installation
yum:
name: python3-PyMySQL.noarch
state: present
- name: TASK1 - Create Schema using "{{ mysql.mysql_db_schema }}"
mysql_db:
login_user: root
login_password: "{{ mysql.mysql_root_pass }}"
name: "{{ mysql.mysql_db_schema }}"
encoding: utf8
collation: utf8_general_ci
- name: TASK 2 - Create second Schema using "{{ mysql.mysql_db_schema_rep }}"
mysql_db:
login_user: root
login_password: "{{ mysql.mysql_root_pass }}"
name: "{{ mysql.mysql_db_schema_rep }}"
encoding: utf8
collation: utf8_general_ci
- name: TASK 3 - Create database admin user
mysql_user:
login_user: root
login_password: "{{ mysql.mysql_root_pass }}"
name: admin
host: "127.0.0.1"
priv: '*.*:ALL'
state: present
- name: TASK 4 - Create a user
mysql_user:
login_user: root
login_password: "{{ mysql.mysql_root_pass }}"
name: "{{ mysql.db_user }}"
password: "{{ mysql.db_pass }}"
host: "%"
priv: "'{{ mysql.mysql_db_schema }}'.*:ALL"
state: present
- name: TASK 5 - Create another user
mysql_user:
login_user: root
login_password: "{{ mysql.mysql_root_pass }}"
name: "{{ mysql.db_user_rep }}"
password: "{{ mysql.db_pass_rep }}"
host: "%"
priv: 'mysql_db_schema_rep.*:ALL'
state: present
To run it just type: sudo ansible-playbook playbook-DBcreation.yaml -i inventory.txt
I am using inventory.txt and ansible-vault which I will explain in a future post
When playbook run against target1 it ran successfully since our machine is using the correct credentials.
As you can see, not that difficult 🙂
For my following entries, I will write about ansible-vault, ansible-playbook, ansible-inventory and more. Stay tuned and follow the blog!
If you have time, check my other posts and let me know if you have done something similar.
If you want to know about Apache click here
If you want to know more about finances and investment here
If you want to know more about sports
10 thoughts on “In love with Ansible”