Ansible
Thu 20 August 2015 sysadmin /
Ansible sysadmin tool
Ansible is a great tool to keep your servers or workstations in check, I have started to use this on my systems due to the fact that it is great for reproducing standard machines each and every time.
Installation
First lets get it installed:
# apt-get update && apt-get install ansible
This will be enough to get you started, but I have found that it is often better to start with the latest installation. This needs to be complied manually.
$ git clone git://github/ansible/ansible.git --recursive
$ cd ../ansible
$ source ./hacking/env-setup
In both cases there are a number of packages also needed
# easy_install pip
# pip install paramiko PyYAML Jinja2 httplib2
Thats it as far as installation goes installation
Configuration
Ansibile needs to have an input of somekind to give it an inventory of the machines that are being worked upon, the most simplelist one is the use of a host file.
Machines can be added singulary or they can be added as a group, it is by far the easyist way to remoeber by entering it as a grouped server like so: [standard] testserver ansible_ssh_host=192.168.1.30 ansible_ssh_port=22
it would then be easy if you are provisioning lots of machines to do something like this
[testwebservers]
server1 ansible_ssh_host=192.168.1.1 ansible_ssh_port=22
server2 ansible_ssh_host=192.168.1.2 ansible_ssh_port=22
server3 ansible_ssh_host=192.168.1.3 ansible_ssh_port=22
server4 ansible_ssh_host=192.168.1.4 ansible_ssh_port=22
[production]
pr_server1 ansible_ssh_host=192.168.2.1 ansible_ssh_port=22
pr_server2 ansible_ssh_host=192.168.2.2 ansible_ssh_port=22
pr_server3 ansible_ssh_host=192.168.2.3 ansible_ssh_port=22
pr_server4 ansible_ssh_host=192.168.2.4 ansible_ssh_port=22
all the machines that have been defined in the hosts files can have ansibile commands run against them
All the remote commands run on the host is done via ssh, this means that the server needs to have already had ssh installed and the key added for the user running the configurations.
This has been take care of in the PXE Server setup.
Once you have added the servers to the hosts file check that it is accessable
$ansible server1 -u root -k -m ping
You should get asked the remote machines root password and will retrive and answer like so:
server1 | success >> {
"changed": false,
"ping": "pong"
}
Playbooks
Ansible is made up of what is referred to as playbooks, basically a list of things to do on a server or workstation.
playbook/
├── ansible.cfg
├── files
│ └── src
│ ├── auto.net
│ ├── bacula-fd.conf
│ ├── ssh_public_key
│ ├── sudoers
│ └── vncserver
├── filter_plugins
├── group_vars
├── hosts
├── library
├── roles
│ ├── common
│ │ ├── tasks
│ │ │ └── main.yml
│ └── webserver
│ ├── defaults
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ ├── templates
│ └── vars
├── site.yml
└── standard.yml
Here is the general layout of a simple playbook. In this instance the important files are the yml files iand the hosts they are what makes Ansible tick.
In the example I work though this is what is contained in the hosts file:
[standard]
testserver ansible_ssh_host=192.168.1.30 ansible_ssh_port=22
this just makes it easier rather than keep remembering the ip address of the server.
root@asset# (svn::/trunk) ansible-playbook site.yml
PLAY: Configure standard settings on new debian machine *************************
TASK [setup] ********************************************************************
ok: [testserver]
TASK [common : Install Server Basics] *******************************************
{'invocation': {'module_name': u'apt', 'module_args': {u'state': u'installed', u'update_cache': u'true', u'pkg': u'aptitude,ntp,wget,curl,git,htop,tcpdump,unzip,firmware-linux-nonfree'}}, 'item': u'aptitude,ntp,wget,curl,git,htop,tcpdump,unzip,firmware-linux-nonfree', u'changed': False, u'cache_update_time': 1438699155, u'cache_updated': True}
ok: [testserver]
TASK [common : Perform safe upgrade] ********************************************
changed: [testserver]
TASK [common : Create NFS Enviroment] *******************************************
ok: [testserver]
TASK [common : stat path=/etc/auto.master] **************************************
ok: [testserver]
TASK [common : lineinfile dest=/etc/auto.master line=/net /etc/auto.net --timeout=60] ***
ok: [testserver]
TASK [common : group state=present name=ssh] ************************************
ok: [testserver]
TASK [common : user name=root groups=ssh] ***************************************
ok: [testserver]
TASK [common : copy dest=/etc/pam_ldap.conf src=src/ldap.conf] ******************
ok: [testserver]
TASK [common : copy dest=/etc/network/dns_update.sh src=src/dns_update.sh] ******
ok: [testserver]
TASK [common : copy dest=/etc/network/interfaces src=src/interfaces] ************
ok: [testserver]
TASK [common : copy dest=/etc/dhcp/dhclient.conf src=src/dhclient.conf] *********
ok: [testserver]
TASK [common : copy dest=/etc/sudoers src=src/sudoers] **************************
ok: [testserver]
TASK [common : lineinfile dest=/etc/timezone line=UTC] **************************
ok: [testserver]
TASK [common : Disable ipv6] ****************************************************
ok: [testserver]
TASK [common : Setup SSHD Config] ***********************************************
changed: [testserver]
TASK [common : lineinfile dest=/etc/ssh/sshd_config line=PermitRootLogin yes] ***
changed: [testserver]
TASK [common : Install Ldap] ****************************************************
{'invocation': {'module_name': u'apt', 'module_args': {u'state': u'installed', u'update_cache': u'true', u'pkg': u'libnss-ldapd,libpam-ldap'}}, 'item': u'libnss-ldapd,libpam-ldap', u'changed': False, u'cache_update_time': 1438699218, u'cache_updated': True}
ok: [testserver]
TASK [common : Add backports to jessie] *****************************************
ok: [testserver]
TASK [common : Install docker] **************************************************
{'invocation': {'module_name': u'apt', 'module_args': {u'state': u'installed', u'update_cache': u'true', u'pkg': u'docker.io,vagrant,ansible'}}, 'item': u'docker.io,vagrant,ansible', u'changed': False, u'cache_update_time': 1438699221, u'cache_updated': True}
ok: [testserver]
TASK [common : Install VirtualBox] **********************************************
{'invocation': {'module_name': u'apt', 'module_args': {u'state': u'installed', u'update_cache': u'true', u'pkg': u'virtualbox,wget,openssh-client'}}, 'item': u'virtualbox,wget,openssh-client', u'changed': False, u'cache_update_time': 1438699224, u'cache_updated': True}
ok: [testserver]
TASK [common : Check if there udev rule] ****************************************
ok: [testserver]
TASK [common : remove the rule] *************************************************
skipping: [testserver]
TASK [common : test hostname] ***************************************************
changed: [testserver]
PLAY RECAP **********************************************************************
testserver : ok=23 changed=4 unreachable=0 failed=0