Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ansible Talk

Ansible Talk

Ansible is a powerful automation tool, you can use for any porposes to managing the infrastructure and configurations of your servers.

Amaury Borges Souza

August 29, 2022

More Decks by Amaury Borges Souza

Other Decks in Technology


  1. 3 All available tools (Ansible, Puppet, Saltstack, Chef, CFEngine) allow

    the infrastructure automation, cloud automation, compliance andsecurity management. The dificult task of prospecting one of these tools keeps Syadmin from evolving technically and proposing improvements in the managed environment. They work the old- fashionedway and are conservative and averse to change, where “don’t move on a winningteam”. What is the best tool for who with zero maturity in automation? The quick answer to thatquestion: Ansible. - Noagent - Push-based - Very simpleto learn - Powerful opensource community. - Easy to read syntax as YAML file - Currently more than750 modules - Use SSH protocolto connect tohosts - Documentation is simple and withmany examples But… WhyAnsible?
  2. What isAnsible? 2 Ansible is an IT automation tool. It

    can configure systems, deploy software and orchestrate more advanced tasks, suchas: Cloud provisioning Configuration management Ad-hoc task-execution Application deployment Many other ITneeds
  3. - WhyAnsible? “We see in Ansible a perfect alignment with

    the core principles that shape Red Hat’s management, both at the product level and at the portfolio level”. -Ansible is a very popular open source project. “Ansible is and incredibly popular open source and the community members contribute to both the core technology and the modules that come with the core. We believe that supporting and nurturing great open source communities is the only way to guarantee a continuous stream of innovation” Byredhat.com. 4 Ansible and RedHat
  4. How to installAnsible? 5 • On RHEL andCentOS: $ sudo

    yuminstall epel-release -y $ sudo yum install ansible -y • On Fedora: $ sudo dnf install ansible -y • On Debian: $ deb http:/ ppa.launchpad.net/ansible/ansible/ubuntu trusty main $ sudo apt-key adv --keyserver keyserver .ubuntu.com --recv-keys 93C4A3FD7BB9C367 $ sudo aptupdate $ sudo apt install ansible -y
  5. How itworks? SSH “Ansible tool” “Servers” Inventory file Playbooks db.yml web.yml install-app.yml Roles tasks vars handlers Modules apt yum vmware_clusters 6 Dependencies Python > 2.6
  6. How Ansible works in Microsoft environment? • Windows desktops: 7,

    8.1,10 Windows servers: 2008, 2008 R2, 2012, 2012 R2, 2016 and 2019 PowerShell 3.0 .NET 4.0 Activate WinRM Some modulesavailable: - win_command - win_domain_computer - win_domain_user - win_firewall - win_domain_group • • • • • 7
  7. InventoryFile Group name – List of machine youwant to manage

    – Define how Ansible will interact with remote hosts – A hostname/IP can be a member of multiple groups – Default location:/etc/ansible/hosts – Groups of hosts are delimited by[] [local] [webservers] [dbservers] - Inventory file in YAML format 8
  8. Ad-hoc Commands Usage: $ ansible [pattern] -m [module] -a "[module

    options]" - Ensure a service is started on all webservers: $ ansible webservers -m service -a "name=httpd state=started" - Toensure a specific version of a package is installed: $ ansible webservers -m yum-a "name=acme-1.5 state=present" - Toensure a package is at the latest version: $ ansible webservers -m yum-a "name=acme state=latest" - Ensure a service is stopped: $ ansible webservers -m service -a "name=httpd state=stopped" 9
  9. Ansible Hands-On: Ad-hocCommands 10 Usage: $ ansible [pattern] -m [module]

    -a "[module options]" - Ensure the connectivity with the local host: $ ansible local -m ping - Install “net-tools” package in the system: $ ansible local -m apt -a “name=net-toolsstate=present” - Create directory foo in /tmp: $ ansible local -m shell -a “mkdir /tmp/foo” - Running acommand: $ ansible local -m command -a “uptime”
  10. Ansible Modules 11 - yum module - name: upgrade all

    packages, excluding kernel & foo related packages yum: name: '*' state: latest exclude: kernel*,foo* - name: Install a list of packages yum: name: - nginx - postgresql - postgresql-server state: present - name: remove theApache package yum: name: httpd state: absent
  11. Ansible Modules 12 - service module - name: Restart service

    httpd, in all cases service: name: httpd state: restarted -name: Enable service httpd, and not touch the state service: name: httpd enabled: yes -name: Restart network service for interface eth0 service: name: network state: restarted args: eth0
  12. Ansible Modules 13 - git module # Example clone a

    repo with separate git directory - git: repo: https://github.com/ansible/ansible-examples.git dest: /src/ansible-examples separate_git_dir: /src/ansible-examples.git # Example read-write git checkout from github - git: repo: [email protected]:mylogin/hello.git dest: /home/mylogin/hello # Example Create git archive from repo - git: repo: https://github.com/ansible/ansible- examples.git dest: /src/ansible-examples archive: /tmp/ansible-examples.zip
  13. Ansible Modules 14 - command module - name: SISOP |

    creating user and password command: openssl rand -base64 14 creates=/root/.my.cnf register: mysql_root_pass - name: secure copy of the /etc/nginx command: mv /etc/nginx /etc/nginx_original args: warn: false when: ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS'
  14. Ansible Playbooks • • • • • • • Playbooks

    are expressed in “YAML” format; More powerful configurationmanagement; Arrange and run tasks synchronously or asynchronously; Composed of one or more “plays” in a list; You can check syntax of the playbooks files with the option“--syntax-check”; You can see hosts would br affected bya playbook with the option “--list-hosts”; You can run playbook without apply configurations, with the option “--check” 15
  15. Understand thePlaybooks Host would beaffected Command to run playbook like

    root Remote user to execute the tasks Playbook modules Task name 16
  16. How do yourun a playbook? Some examples below: 17 Usage:

    $ ansible-playbook playbook.yml - Check the syntax of a playbook: $ ansible-playbook playbook.yml--syntax-check - Using the check option to run a playbook without apply changes in remote hosts: $ ansible-playbook playbook.yml--check - Verify what hosts would be affected by a playbook before run it: $ ansible-playbook playbook.yml--list-hosts - Using help option to verify informations about the command: $ ansible-playbook--help
  17. YAML 19 -According Ansible documentation: “We use YAML because it

    is easier for humans to read and write than other common data formats like XML or JSON. Further , there are libraries available in most programming languages for working withYAML”. - You can use key:value to write roles, tasks and playbooks in Ansible. - All members of a list are lines beginning at the same indentation level starting with a "- " (adash and a space): --- #A list of tasty fruits - Apple - Orange - Strawberry - Mango - ... # An employeerecord martin: name: Martin D'vloper job:Developer skill: Elite
  18. Ansible Roles 20 • • Roles are ways of automatically

    loading certain vars_files, tasks, and handlers based on a known file structure. Roles: - tasks (list of tasks to be executed by a role) -handlers (may be used by this role or even anywhere outside thisrole) - files (contains files which can be deployed via this role) -templates (contains templates which can be deployed via thisrole) - vars (variables for therole) - defaults (default variables for the role) - meta (defines some meta data for this role) site.yml webservers.yml fooservers.yml roles/ common/ tasks/ handlers/ files/ templates/ vars/ defaults/ meta/ webservers/ tasks/ defaults/ meta/ Role DirectoryStructure
  19. Ansible Roles – How to create a role in Ansible?

    • Using the ansible-galaxy command line tool that comes bundled with Ansible, you can create a role with the init command $ ansible-galaxy init automation_project - Role automation_projectwas created successfully • Displaying rolestructure: $ treeautomation_project/ automation_project/ |--README.md |--defaults | `-- main.yml |--files |--handlers | `-- main.yml |--meta | `-- main.yml |--tasks | `-- main.yml |--templates |--tests | |--inventory | `-- test.yml `-- vars `-- main.yml 21
  20. References 24 - http:/ ansible-br .org/ - https:/ www.redhat.com/sysadmin/ -

    https:/ github.com/ansible/ansible - https:/ leanpub.com/ansible-for-devops - https:/ geekflare.com/ansible-ad-hoc-command/ - https:/ docs.ansible.com/ansible/latest/index.html - https:/ www.edureka.co/blog/what-is-ansible/ - https:/ medium.com/@amaurybsouza/modules-ansible-e62b7849b94c - https:/ medium.com/@amaurybsouza/ansible-dozeroaozabbix-a52a5c98175c
  21. Improve your knowledge inautomation 25 - https:/ www.redhat.com/en/services/training-and-certification?learning_options=free_courses - https:/

    leanpub.com/ansible-for-devops - https:/ pages.github.ibm.com/Continuous-Engineering/ansible/ansible-home/