3
All available tools (Ansible, Puppet,
Saltstack, Chef, CFEngine) allow the
infrastructure automation, cloud
automation, compliance andsecurity
management.
The dificult task of prospecting one of
these tools keeps Syadmin from
evolving technically and proposing
improvements in the managed
environment. They work the old-
fashionedway and are conservative and
averse to change, where “don’t move on
a winningteam”.
What is the best tool for who with zero
maturity in automation? The quick
answer to thatquestion: Ansible.
- Noagent
- Push-based
- Very simpleto learn
- Powerful opensource
community.
- Easy to read syntax as
YAML file
- Currently more than750
modules
- Use SSH protocolto
connect tohosts
- Documentation is
simple and withmany
examples
But… WhyAnsible?
Slide 2
Slide 2 text
Ansible: Powerful AutomationTool
—
Amaury Souza
Linux Systems SupportAssistant
Slide 3
Slide 3 text
What isAnsible?
2
Ansible is an IT automation tool.
It can configure systems, deploy
software and orchestrate more
advanced tasks, suchas:
Cloud provisioning
Configuration management
Ad-hoc task-execution
Application deployment
Many other ITneeds
Slide 4
Slide 4 text
- WhyAnsible?
“We see in Ansible a perfect alignment
with the core principles that shape Red
Hat’s management, both at the product
level and at the portfolio level”.
-Ansible is a very popular open source
project.
“Ansible is and incredibly popular open
source and the community members
contribute to both the core technology
and the modules that come with the
core. We believe that supporting and
nurturing great open source
communities is the only way to
guarantee a continuous stream of
innovation” Byredhat.com.
4
Ansible and RedHat
Slide 5
Slide 5 text
How to installAnsible?
5
● On RHEL andCentOS:
$ sudo yuminstall epel-release -y
$ sudo yum install ansible -y
● On Fedora:
$ sudo dnf install ansible -y
● On Debian:
$ deb http:/ ppa.launchpad.net/ansible/ansible/ubuntu trusty main
$ sudo apt-key adv --keyserver keyserver
.ubuntu.com --recv-keys 93C4A3FD7BB9C367
$ sudo aptupdate
$ sudo apt install ansible -y
How Ansible works in Microsoft environment?
● Windows desktops: 7, 8.1,10
Windows servers: 2008, 2008 R2, 2012, 2012 R2, 2016 and
2019
PowerShell 3.0
.NET 4.0
Activate WinRM
Some modulesavailable:
- win_command
- win_domain_computer
- win_domain_user
- win_firewall
- win_domain_group
●
●
●
●
●
7
Slide 8
Slide 8 text
InventoryFile
Group name
– List of machine youwant to manage
– Define how Ansible will interact with
remote hosts
– A hostname/IP can be a member of
multiple groups
– Default location:/etc/ansible/hosts
– Groups of hosts are delimited by[]
[local]
127.0.0.1
[webservers]
192.168.1.100
192.168.1.110
[dbservers]
192.168.100.1
192.168.100.2
192.168.100.3
- Inventory file in YAML format
8
Slide 9
Slide 9 text
Ad-hoc Commands
Usage: $ ansible [pattern] -m [module] -a "[module options]"
- Ensure a service is started on all webservers:
$ ansible webservers -m service -a "name=httpd state=started"
- Toensure a specific version of a package is installed:
$ ansible webservers -m yum-a "name=acme-1.5 state=present"
- Toensure a package is at the latest version:
$ ansible webservers -m yum-a "name=acme state=latest"
- Ensure a service is stopped:
$ ansible webservers -m service -a "name=httpd state=stopped"
9
Slide 10
Slide 10 text
Ansible Hands-On: Ad-hocCommands
10
Usage: $ ansible [pattern] -m [module] -a "[module options]"
- Ensure the connectivity with the local host:
$ ansible local -m ping
- Install “net-tools” package in the system:
$ ansible local -m apt -a “name=net-toolsstate=present”
- Create directory foo in /tmp:
$ ansible local -m shell -a “mkdir /tmp/foo”
- Running acommand:
$ ansible local -m command -a “uptime”
Ansible Modules
12
- service module
- name: Restart service httpd, in all cases
service:
name: httpd
state: restarted
-name: Enable service httpd,
and not touch the state
service:
name: httpd
enabled: yes
-name: Restart network service
for interface eth0
service:
name: network
state: restarted
args: eth0
Slide 13
Slide 13 text
Ansible Modules
13
- git module
# Example clone a repo with separate git directory
- git:
repo: https://github.com/ansible/ansible-examples.git
dest: /src/ansible-examples
separate_git_dir: /src/ansible-examples.git
# Example read-write git checkout from github
- git:
repo: [email protected]:mylogin/hello.git
dest: /home/mylogin/hello
# Example Create git archive from repo
- git:
repo: https://github.com/ansible/ansible-
examples.git
dest: /src/ansible-examples
archive: /tmp/ansible-examples.zip
Slide 14
Slide 14 text
Ansible Modules
14
- command module
- name: SISOP | creating user and password
command: openssl rand -base64 14
creates=/root/.my.cnf
register: mysql_root_pass
- name: secure copy of the /etc/nginx
command: mv /etc/nginx /etc/nginx_original
args:
warn: false
when: ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS'
Slide 15
Slide 15 text
Ansible Playbooks
●
●
●
●
●
●
●
Playbooks are expressed in “YAML” format;
More powerful configurationmanagement;
Arrange and run tasks synchronously or
asynchronously;
Composed of one or more “plays” in a list;
You can check syntax of the playbooks files
with the option“--syntax-check”;
You can see hosts would br affected bya
playbook with the option “--list-hosts”;
You can run playbook without apply
configurations, with the option “--check”
15
Slide 16
Slide 16 text
Understand thePlaybooks
Host would beaffected
Command to run playbook like root
Remote user to execute the tasks
Playbook modules
Task name
16
Slide 17
Slide 17 text
How do yourun a playbook? Some examples below:
17
Usage: $ ansible-playbook playbook.yml
- Check the syntax of a playbook:
$ ansible-playbook playbook.yml--syntax-check
- Using the check option to run a playbook without apply changes in remote hosts:
$ ansible-playbook playbook.yml--check
- Verify what hosts would be affected by a playbook before run it:
$ ansible-playbook playbook.yml--list-hosts
- Using help option to verify informations about the command:
$ ansible-playbook--help
Slide 18
Slide 18 text
Running aplaybook...
It’s
18
Slide 19
Slide 19 text
YAML
19
-According Ansible documentation: “We use YAML because it is easier for humans to read and write than other
common data formats like XML or JSON. Further
, there are libraries available in most programming languages
for working withYAML”.
- You can use key:value to write roles, tasks and playbooks in Ansible.
- All members of a list are lines beginning at the same indentation level starting with a "- " (adash and a space):
---
#A list of tasty fruits
- Apple
- Orange
- Strawberry
- Mango
- ...
# An employeerecord
martin:
name: Martin D'vloper
job:Developer
skill: Elite
Slide 20
Slide 20 text
Ansible Roles
20
●
●
Roles are ways of automatically loading certain vars_files,
tasks, and handlers based on a known file structure.
Roles:
- tasks (list of tasks to be executed by a role)
-handlers (may be used by this role or even anywhere
outside thisrole)
- files (contains files which can be deployed via this role)
-templates (contains templates which can be deployed
via thisrole)
- vars (variables for therole)
- defaults (default variables for the role)
- meta (defines some meta data for this role)
site.yml
webservers.yml
fooservers.yml
roles/
common/
tasks/
handlers/
files/
templates/
vars/
defaults/
meta/
webservers/
tasks/
defaults/
meta/
Role DirectoryStructure
Slide 21
Slide 21 text
Ansible Roles – How to create a role in Ansible?
●
Using the ansible-galaxy command line tool that comes bundled with Ansible, you can create a role with the
init command
$ ansible-galaxy init automation_project
- Role automation_projectwas created successfully
● Displaying rolestructure:
$ treeautomation_project/
automation_project/
|--README.md
|--defaults
| `-- main.yml
|--files
|--handlers
| `-- main.yml
|--meta
| `-- main.yml
|--tasks
| `-- main.yml
|--templates
|--tests
| |--inventory
| `-- test.yml
`-- vars
`-- main.yml
21