Ansible --- Devops

• Date : 27/08/2019
• Author : Karthik Sivakumar
Maveric Systems 1
 Agenda

• What are Ansible modules

• What are playbooks ?, creating first playbook

• How to configure Ansible in your environment. • Executing playbooks and various tasks with
playbooks.

• What is inventory , how to manage them ? • Advanced playbooks, roles.

Maveric Systems 2
 What is Ansible ?

Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application
deployment, infra-service orchestration, and many more..

 Provisioning

 Configuration Management

 Application Deployment

 Continues Delivery

 Orchestration

Maveric Systems 3
 Why We need to know about Ansible ?

 Can control/handle whole infra.

 Easy to setup.

 No additional infra changes for implementation.

 Can be used as documentation of your infra.

SIMPLE
 Human readable automation
 No special coding skills needed
 Multi-tasking like Linux
 Code reusable

Maveric Systems 4
 Why We need to know about Ansible ?

POWERFUL
 App deployment
 Configuration management
 Workflow orchestration
 Time Saving
 We can modify the modules with our own programming language
 Avoiding manual errors

AGENTLESS
 Agentless architecture
 Uses OpenSSH

Maveric Systems 5
 Setting up Ansible
-> Install the ansible package in the ansible host. No packages needs to install
in the client servers. Needed EPEL repository for installation.

On Redhat/Centos based systems.

# yum install ansible

On Debian/Ubuntu based servers.

# apt-get install ansible

Maveric Systems 6
Setting up Ansible

Maveric Systems 7
 Setting up Ansible

-> Master server

-> Client servers

Maveric Systems 8
Setting up Ansible

Maveric Systems 9
Setting up Ansible

Maveric Systems 10
 Setting up Ansible

Three ways we can access the clients

1. Setup a password less authentication between ansible host and clients.

2. Setup a password less authentication between ansible host and clients

with passphrase key.

3. Setup a password authentication between ansible host and clients.

Maveric Systems 11
Configuration files and directories

Maveric Systems 12
 Configuration files and directories
3. Prepare your client inventory in global inventory /etc/ansible/hosts or in your custom inventory.

That is it.!!! , you are good to go....

Maveric Systems 13
 What is inventory , how to manage them ?
Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of
systems listed in Ansible’s inventory file, which defaults to being saved in the location /etc/ansible/hosts.

Ansible provide option to categorize your assets, called groups. you can define several groups as per your convenient.

Maveric Systems 14
 What are Ansible modules ?

 Modules are the tools in the ansible toolbox, It is a binary program that will directly execute on the
target machines.

 Ansible ships with a number of modules that can be executed directly on remote hosts or
through Playbooks.

 Users can also write their own modules. These modules can control system resources, like
services, packages, or files , or handle executing system commands.

 Modules : yum , user , file , service .......

Maveric Systems 15
 Ansible modules execution
 You can use regular expression while choosing the target servers from inventory
#ansible all -m ping –k

 You can specify particular server also for execution from the host file.
#ansible IP -m ping –k

Maveric Systems 16
 Ansible modules execution
 This can be done in below method as well

#ansible ansible* -m ping -k

 By default ansible will look in global inventory , if you want to use a custom inventory you must specify "-i" and
inventory path.

#ansible -i /root/myinventory webservers -m ping

Maveric Systems 17
 Playing with Ansible Ad-hoc commands
 Ad-hoc commands are something which you can execute quickly on target hosts, no special files required.

#ansible all -m ping

 It will really helpful in situations were you want check some configuration on the target hosts. for Example :

• Reachability of the hosts

• Check whether a configuration file exist on the target host.
• Check whether a package is installed or not.

Maveric Systems 18
 Modules : Examples

COMMAND : with the command module you can execute custom commands on the target hosts

#ansible all -m command -a " uptime“ -k

Maveric Systems 19
 Modules : Examples

SHELL : with the shell module you can execute custom commands on the target hosts ,which supports I/O
redirections.

#ansible all -m shell -a " uptime“ -k

Maveric Systems 20
 Difference between Command and Shell Module
SHELL module supports I/O redirections but Command module Won’t .

Maveric Systems 21
 Modules with Sudo execution
As we all know some commands required more privilege to execute. In such cases, we need to pass sudo
parameter while executing the modules.

#ansible all -m shell -a “lvs" –become –become-user=root –become-method=sudo -k

Maveric Systems 22
 Modules : Run Commands

SCRIPT : with the script module you can execute scripts available in the ansible host to the target hosts

#ansible all -m script -a "/opt/scripts/osconfbkp.sh" -k

Maveric Systems 23
 What are playbooks ?, creating first playbook.
 Playbooks are collection of plays. well then what is a play ?

 A play is simple task , like a command , script , yum ..etc.....

 Playbooks are Ansible’s configuration, deployment, and orchestration language. They can describe a policy you want
your remote systems to enforce, or a set of steps in a general IT process.

 Playbooks are designed to be human-readable and are developed in a basic text language.

Maveric Systems 24
 What are playbooks ?, creating first playbook.
 Playbooks are expressed in YAML format and have a minimum of syntax, which intentionally tries to not be a
programming language or script

 Each playbook is composed of one or more ‘plays’ in a list.

---
- hosts: all
remote_user: root

tasks:
- name: create a user on webservers
user: name=web home=/home/web shell=/bin/bash state=present

Maveric Systems 25
 What are playbooks ?, creating first playbook.
 you can iterate the user module for list of user , this how you implement loop in playbook.

---
- hosts: all
remote_user: prasanth
become: true
become_user: root
become_method: sudo
# serial: 20
tasks:
- name: Creatingt the user.
user: name={{ item }} state=present password=$1$bNqDGYtV$tCxY2KwrfuxWhbjyXeYO81
with_items:
- Tux
- Linux

Maveric Systems 26
 What are playbooks ?

 variables declaration inside a playbook and pre_tasks , post_tasks

---
- hosts: all
remote_user: root
serial: 1
vars:
http_port: 81
max_client: 20
pre_tasks:
- name: stop httpd
service: name=httpd state=stopped
tasks:
- name: change the httpd configuration
template: src=./httpd.j2 dest=/etc/httpd/conf/httpd.conf force=yes
post_tasks:
- name: start httpd
service: name=httpd state=started

Maveric Systems 27
 What are playbooks ?
 Handlers , how to handle them in playbook.

---
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: name=httpd state=latest
- name: write the apache config file
copy: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
handlers:
- name: restart apache
service: name=httpd state=restarted
Maveric Systems 28
 What are playbooks ?
You can insert new lines into a file
---
- name: Enabling the ssh ciphers
hosts: all
remote_user: prasanth
become: true
become_user: root
become_method: sudo
tasks:
- name: enable ciphers configuation block in /etc/ssh/sshd_config
blockinfile:
dest: /etc/ssh/sshd_config
block: |
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-
poly1305@openssh.com,arcfour
MACs hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-
etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1,umac-64@openssh.com,umac-
128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160
notify: reload sshd

handlers:
- name: reload sshd
service: name=sshd state=reloaded

Maveric Systems 29
 Executing playbooks and various tasks with playbooks.

 Once you have create a playbook , you can validate the syntax of a playbook using

#ansible-playbook –syntax-check <playbook.yml>

 Execute the playbook using below command.

#ansible-playbook <playbook.yml>

 You can limit number of hosts for playbook execution

#ansible-playbook <playbook.yml> --limit='!192.168.1.62'  this will exclude 192.168.1.62 node

#ansible-playbook <playbook.yml> --limit='192.168.1.62'  playbook will only run on 192.168.1.62

Maveric Systems 30
 Executing playbooks and various tasks with playbooks.

 you can list the target host for a playbook execution

#ansible-playbook --list-host <playbook.yml>

 you can list the task in a playbook

#ansible-playbook --list-task <playbook.yml>

 you can perform a dry-run of a playbook by using

#ansible-playbook --check <playbook.yml>

Maveric Systems 31
Playbook copy module example.

Maveric Systems 32
Playbook copy module example.

Maveric Systems 33
Playbook copy module example.

Maveric Systems 34
Playbook copy module example.

Maveric Systems 35
 How to get help ?
 Ansible has a much better offline documentation

#ansible-doc <module>

Maveric Systems 36
 How to get help ?

 There is vast and detailed documentation available in doc.ansible.com

http://docs.ansible.com/

 You can also utilize the ansible-galaxy for reference on roles and playbooks.

https://galaxy.ansible.com/

Maveric Systems 37
Maveric Systems 38
THANK YOU !

- Karthik Sivakumar
Maveric Systems 39
 Corporate Headquarters
Lords Tower, Block 1,
nd
2 Floor, Plot No. 1&2 NP,
Jawaharlal Nehru Road,
Thiru Vi Ka Industrial Estate
Ekkaduthangal, Chennai – 600 032

www.maveric-systems.com

Global Locations
SINGAPORE | UK | US | DUBAI | RIYADH | MALAYSIA

COPYRIGHT © 2016. ALL RIGHTS PROTECTED AND RESERVED.

The information contained in this document, much of which is confidential to Maveric Systems, is for the
sole use of the intended recipients. No part of this document may be reproduced in any form or by any
means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written
permission of Maveric Systems.