Professional Documents
Culture Documents
• Date : 27/08/2019
• Author : Karthik Sivakumar
Maveric Systems 1
Agenda
• How to configure Ansible in your environment. • Executing playbooks and various tasks with
playbooks.
Maveric Systems 2
What is Ansible ?
Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application
deployment, infra-service orchestration, and many more..
Provisioning
Configuration Management
Application Deployment
Continues Delivery
Orchestration
Maveric Systems 3
Why We need to know about Ansible ?
Easy to setup.
SIMPLE
Human readable automation
No special coding skills needed
Multi-tasking like Linux
Code reusable
Maveric Systems 4
Why We need to know about Ansible ?
POWERFUL
App deployment
Configuration management
Workflow orchestration
Time Saving
We can modify the modules with our own programming language
Avoiding manual errors
AGENTLESS
Agentless architecture
Uses OpenSSH
Maveric Systems 5
Setting up Ansible
-> Install the ansible package in the ansible host. No packages needs to install
in the client servers. Needed EPEL repository for installation.
Maveric Systems 6
Setting up Ansible
Maveric Systems 7
Setting up Ansible
Maveric Systems 8
Setting up Ansible
Maveric Systems 9
Setting up Ansible
Maveric Systems 10
Setting up Ansible
Maveric Systems 11
Configuration files and directories
Maveric Systems 12
Configuration files and directories
3. Prepare your client inventory in global inventory /etc/ansible/hosts or in your custom inventory.
Maveric Systems 13
What is inventory , how to manage them ?
Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of
systems listed in Ansible’s inventory file, which defaults to being saved in the location /etc/ansible/hosts.
Ansible provide option to categorize your assets, called groups. you can define several groups as per your convenient.
Maveric Systems 14
What are Ansible modules ?
Modules are the tools in the ansible toolbox, It is a binary program that will directly execute on the
target machines.
Ansible ships with a number of modules that can be executed directly on remote hosts or
through Playbooks.
Users can also write their own modules. These modules can control system resources, like
services, packages, or files , or handle executing system commands.
Maveric Systems 15
Ansible modules execution
You can use regular expression while choosing the target servers from inventory
#ansible all -m ping –k
You can specify particular server also for execution from the host file.
#ansible IP -m ping –k
Maveric Systems 16
Ansible modules execution
This can be done in below method as well
By default ansible will look in global inventory , if you want to use a custom inventory you must specify "-i" and
inventory path.
Maveric Systems 17
Playing with Ansible Ad-hoc commands
Ad-hoc commands are something which you can execute quickly on target hosts, no special files required.
It will really helpful in situations were you want check some configuration on the target hosts. for Example :
Maveric Systems 18
Modules : Examples
COMMAND : with the command module you can execute custom commands on the target hosts
Maveric Systems 19
Modules : Examples
SHELL : with the shell module you can execute custom commands on the target hosts ,which supports I/O
redirections.
Maveric Systems 20
Difference between Command and Shell Module
SHELL module supports I/O redirections but Command module Won’t .
Maveric Systems 21
Modules with Sudo execution
As we all know some commands required more privilege to execute. In such cases, we need to pass sudo
parameter while executing the modules.
Maveric Systems 22
Modules : Run Commands
SCRIPT : with the script module you can execute scripts available in the ansible host to the target hosts
Maveric Systems 23
What are playbooks ?, creating first playbook.
Playbooks are collection of plays. well then what is a play ?
Playbooks are Ansible’s configuration, deployment, and orchestration language. They can describe a policy you want
your remote systems to enforce, or a set of steps in a general IT process.
Playbooks are designed to be human-readable and are developed in a basic text language.
Maveric Systems 24
What are playbooks ?, creating first playbook.
Playbooks are expressed in YAML format and have a minimum of syntax, which intentionally tries to not be a
programming language or script
---
- hosts: all
remote_user: root
tasks:
- name: create a user on webservers
user: name=web home=/home/web shell=/bin/bash state=present
Maveric Systems 25
What are playbooks ?, creating first playbook.
you can iterate the user module for list of user , this how you implement loop in playbook.
---
- hosts: all
remote_user: prasanth
become: true
become_user: root
become_method: sudo
# serial: 20
tasks:
- name: Creatingt the user.
user: name={{ item }} state=present password=$1$bNqDGYtV$tCxY2KwrfuxWhbjyXeYO81
with_items:
- Tux
- Linux
Maveric Systems 26
What are playbooks ?
---
- hosts: all
remote_user: root
serial: 1
vars:
http_port: 81
max_client: 20
pre_tasks:
- name: stop httpd
service: name=httpd state=stopped
tasks:
- name: change the httpd configuration
template: src=./httpd.j2 dest=/etc/httpd/conf/httpd.conf force=yes
post_tasks:
- name: start httpd
service: name=httpd state=started
Maveric Systems 27
What are playbooks ?
Handlers , how to handle them in playbook.
---
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: name=httpd state=latest
- name: write the apache config file
copy: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
handlers:
- name: restart apache
service: name=httpd state=restarted
Maveric Systems 28
What are playbooks ?
You can insert new lines into a file
---
- name: Enabling the ssh ciphers
hosts: all
remote_user: prasanth
become: true
become_user: root
become_method: sudo
tasks:
- name: enable ciphers configuation block in /etc/ssh/sshd_config
blockinfile:
dest: /etc/ssh/sshd_config
block: |
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-
poly1305@openssh.com,arcfour
MACs hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-
etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1,umac-64@openssh.com,umac-
128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160
notify: reload sshd
handlers:
- name: reload sshd
service: name=sshd state=reloaded
Maveric Systems 29
Executing playbooks and various tasks with playbooks.
Once you have create a playbook , you can validate the syntax of a playbook using
#ansible-playbook <playbook.yml>
Maveric Systems 30
Executing playbooks and various tasks with playbooks.
Maveric Systems 31
Playbook copy module example.
Maveric Systems 32
Playbook copy module example.
Maveric Systems 33
Playbook copy module example.
Maveric Systems 34
Playbook copy module example.
Maveric Systems 35
How to get help ?
Ansible has a much better offline documentation
#ansible-doc <module>
Maveric Systems 36
How to get help ?
http://docs.ansible.com/
You can also utilize the ansible-galaxy for reference on roles and playbooks.
https://galaxy.ansible.com/
Maveric Systems 37
Maveric Systems 38
THANK YOU !
- Karthik Sivakumar
Maveric Systems 39
Corporate Headquarters
Lords Tower, Block 1,
nd
2 Floor, Plot No. 1&2 NP,
Jawaharlal Nehru Road,
Thiru Vi Ka Industrial Estate
Ekkaduthangal, Chennai – 600 032
www.maveric-systems.com
Global Locations
SINGAPORE | UK | US | DUBAI | RIYADH | MALAYSIA