Ansible as configuration management tool for devops

Ansible

What is SSH • SSH have more goodies: Access using Keys / Password less Compression Secure File Transfer (scp, sftp) Tunneling SSH is acronym for Secure Shell telnet = clear text SSH = encrypted

SSH Keys authorized_keys server1 host1 id_rsa id_rsa.pub id_rsa.pub host2 id_rsa id_rsa.pub id_rsa.pub host1$ ssh-keygen This will create 2 files: id_rsa : private key id_rsa.pub : public key host1$ ssh-copy-id server1 add id_rsa.pub to server authorized_keys (Password is needed) host1$ ssh server1 No Password!!

Poor Man’s Administration $ ssh www1.example.com www1$ sudo vi /etc/resolv.conf www1$ sudo apt-get install nginx : $ $ ssh www2.example.com www2$ sudo vi /etc/resolv.conf www2$ sudo apt-get install nginx : $ $ ssh www3.example.com www3$ sudo vi /etc/resolv.conf www3$ sudo apt-get install nginx : : : etc … • Connecting to each server one by one • Time consuming • Repetitive & error prone • Not Reproducible • No way to track changes!

Poor Man’s Automation #!/bin/sh HOSTS =" www1.rayed.com www2.rayed.com www3.rayed.com db1.rayed.com db2.rayed.com " for host in $HOSTS do # Copy DNS settings to all servers scp resolv.conf $host :/etc/resolv.conf # Install Nginx ssh $host “sudo apt-get install nginx” done • Loop in a shell script • Hard to write • Hard to maintain • Error prone

Push vs Pull based

What is Ansible A nsible is an open-source configuration management and provisioning tool . Ansible is agentless . It uses SSH to connect to servers and run the configured Tasks. Ansible lets you control and configure nodes from a single machine . Written by Michael DeHaan in 2013 and then acquired by Red Hat in 2015.

Wh y A n s ible ● No Agent- As long as the box can be ssh’d into and it has python, it can be configured with Ansible. Idempotent- Ansible’s whole architecture is structured around the concept of idempotency. The core idea here is that you only do things if they are needed and that things are repeatable without side effects. Declarative Not Procedural- Other configuration tools tend to be procedural do this and then do that and so on. Ansible works by you writing a description of the state of the machine that you want and then it takes steps to fulfill that description. Tiny Learning Curve- Ansible is quite easy to learn. It doesn’t require any extra knowledge. ● ● ●

Ansible Use Cases ● Provisioning Configuration Management App Deployment Continuous Delivery Security & Compliance Orchestration ● ● ● ● ●

Architecture of Ansible

Installation Ubuntu $ sudo apt update $ sudo apt install software-properties-common $ sudo apt-add-repository --yes --update ppa:ansible /ansible $ sudo apt install ansible https://docs.ansible.com/

Inventory The Inventory is a description of the nodes that can be accessed by Ansible. By default, the Inventory is described by a configuration file, whose default location is in /etc/ansible/hosts . The configuration file lists either the IP address or hostname of each node that is accessible by Ansible. Every host is assigned to a group such as web servers, db servers etc. The inventory file can be in one of many formats such as yaml , INI etc .

Inventory

Ad-Hoc Commands

Ad-Hoc Commands • Do something quick, not worth saving! • Not worth writing a Playbook for , just a simple command • e.g.: get hostname, create a file/ dir etc … • Examples: a nsible all -m ping a nsible ansible-nodes -m ping #group name ansible 192.168.56.102 -m ping #node name/IP ansible all -m command —a date ansible all -a date ansible all – a " mkdir ~/test" #create dir at all nodes ansible all –a "touch ~/test/ newfile " #create file

Modules There are over 1000 modules provided by Ansible to automate every part of the environment. Modules are like plugins that do the actual work in Ansible, they are what gets executed in each playbook task. Each module is mostly standalone and can be written in a standard scripting language (such as Python, Perl, Ruby, Bash, etc.). One of the guiding properties of modules is idempotency, which means that even if an operation is repeated multiple times, it will always place the system into the same state.

module: ping • Check connectivity • If you can ssh you can ping: $ ssh user@host • You can specify group or “all” Execute in parallel $ ansible webservers -m ping www1.example.com | success >> { "changed": false, "ping": "pong" } $ ansible www404.example.com -m ping www404.example.com | FAILED => SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue

Example of Modules There are lots of modules such as : Service, file, copy, iptables etc. Any Module can be used as : ansible 127.0.0.1 -m service -a "name=httpd state=started" ansible localhost -m ping

module: setup • Get tons of information about the machine • Name, Disks, IP, OS version, etc … Can be used for conditional operations $ ansible www1.example.com -m setup www1.example.com | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "178.79.182.89" ], "ansible_all_ipv6_addresses": [ "2a01:7e00::f03c:91ff:fe70:5c6a", "fe80::f03c:91ff:fe70:5c6a" ], "ansible_architecture": "x86_64", "ansible_bios_date": "NA", "ansible_bios_version": "NA", :

module: command • Execute command on remote machine • e.g. reboot $ ansible www1.example.com -m command -a “echo hello” www1.example.com | rc=0 >> { hello $ ansible www1.example.com -a “echo hello” www1.example.com | rc=0 >> { hello

module: apt • Package management for Debian & Ubuntu • Install, Uninstall, Update • There is also “yum” module for RedHat, CentOS, and Fedora. • You might need: -s : command need sudo -K : Ask for sudo password $ ansible www1.example.com -m apt -a “name=nginx state=present” $ ansible www1.example.com -m apt -a “update_cache=yes upgrade=safe”

Other Interesting Modules user: Manage user accounts lineinfile: Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression. copy: Copies files to remote locations. template: Templates a file out to a remote server.

Other Interesting Modules • authorized_key: Adds or removes an SSH authorized key • service: Manage services, start/stop/restart/ restart on reboot. • mysql_db, mysql_user, postgresql_db, postgresql_user: Can you guess it! • git: Deploy software (or files) from git checkouts

Playbooks

P la y b ook Playbooks are simple YAML files. These files are descriptions of the desired state of your systems. Ansible then does the hard work of getting your systems to that state no matter what state they are currently in. Playbooks make your installations, upgrades and day-to-day management repeatable and reliable. Playbooks are simple to write and maintain. Playbooks are written in a natural language so they are very easy to evolve and edit. Playbook contains Plays. Plays contain tasks. tasks call modules.

What is a Playbook • Ansible’s configuration, deployment, and orchestration language. • Modules are the tools in your workshop, Playbooks are your design plans. • Y AML! --- # An employee record name: Example Developer job: Developer skill: Elite employed: True foods: Apple Orange Strawberry Mango languages: ruby: Elite python: Elite dotnet: Lame

--- - hosts: webservers #remote_user: root sudo: yes tasks: name: Install Nginx apt: name=nginx state=present name: Copy static site copy: src=files/my_site dest=/var/www name: Configure Nginx template: src=files/nginx_site.conf dest=/etc/nginx/new_site.conf notify: my_nginx_reload handlers: - name: my_nginx_reload service: name=nginx state=restarted Playbook Example my_playbook.yml ansible-playbook my_playbook.yml -K Execute Playbook

Roles Roles are a way to group tasks together into one container. We could have a role for setting up MySQL, another one for configuring iptables etc. Roles makes it easy to configure hosts. Any role can be performed on any host or group of hosts such as: hosts: all roles: role_1 role_2

Companies u sing Ansible

Configuration Management with Ansible Ansible is the simplest solution for configuring the nodes. It’s designed to be minimal in nature, consistent, secure and highly reliable. Any developer, tester or IT manager can easily configure nodes. Any IT person can write playbooks easily. Ansible configurations are simple data descriptions of your infrastructure (human readable) ensuring everyone on your team will be able to understand the meaning of each configuration task. Ansible requires nothing more than a password or SSH key in order to start managing systems and can start managing them without installing any agent software.

V ariables • • Defined Inventory Playbook Discovered (Facts) • Use # playbook - hosts: webservers vars: http_port: 80 # inventory file host1 http_port=80 [webservers:vars] http_port=80 # facts : "ansible_distribution": "Ubuntu", "ansible_distribution_release": "precise", "ansible_distribution_version": “12.04", : # in playbook template: src=foo.cfg.j2 dest={{ remote_install_path }}/foo.cfg # in template files server { listen 80; root /var/www/my_site; index index.html index.htm; server_name {{ ansible_default_ipv4.address }}; }

Conditions • Use Variables & Facts • Conditional Tasks • Conditional Includes • Conditional Roles name: Install Apache (Ubuntu) apt: name=apache state=latest when: ansible_os_family == ‘Debian’ name: Install Apache (CentOS) yum: name= httpd state=latest when: ansible_os_family == ‘RedHat’ - include: tasks/sometasks.yml when: "'reticulating splines' in output" - hosts: webservers roles: - { role: debian_stock_config, when: ansible_os_family == 'Debian' }

Loops # With Loops name: Install Packages apt: name={{item}} state=present with_items: iptables-persistent fail2ban exim4-daemon-light apticron git figlet nginx # Without Loops name: Install Packages apt: name= fail2ban state=present name: Install Packages apt: name= apticron state=present name: Install Packages apt: name= git state=present name: Install Packages apt: name= figlet state=present name: Install Packages apt: name= nginx state=present # Loop with Hash (Dictionary) name: add several users user: name={{ item.name }} state=present groups={{ item.groups }} with_items: { name: 'testuser1', groups: 'wheel' } { name: 'testuser2', groups: 'root' } Other Loop Types Available

V ault • Ansible + GIT • What about passwords? ansible-playbook site.yml —ask-vault-pass ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt $ANSIBLE_VAULT;1.1;AES256 35373133613062323636623536666439396531656662313262326562353261376435343934346433 3563333532333362303430323666313931376138623437380a623461636265633561313064313564 37666561306661663237323466343166653738633765383666383066396234646539633565373636 3961643731363130340a336465666334633839333061356439316237323262633364613037623164 3965 ansible-vault create site.yml ansible-vault edit site.yml

– Anonymous “A lazy sysadmin is the best admin”

Mo r e • http://www.ansible.com/ • http://docs.ansible.com/ • https://galaxy.ansible.com/ • http://docs.ansible.com/list_of_all_modules.html

Ansible as configuration management tool for devops

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Ansible as configuration management tool for devops

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx