Ansible
Last updated: 06-11-2016 22:36
What is ansible
Ansible is an automation language that runs Ansible playbooks. It is simple, powerful and agentless as it uses SSH to connect to remote servers. It can do the following:
- Configuration Management
- Application deployment
- Orchestrate an application lifecycle
Install Ansible
Only the control node requires Ansible installed. Remote systems being configured do not require an Ansible installation.
~ $ sudo apt-get update ~ $ sudo apt-get install ansible
Confirm installation.
~ $ ansible --version ansible 2.0.0.2 config file = /etc/ansible/ansible.cfg configured module search path = Default w/o overrides
Ansible automation engine
To execute some form of action on a remote system, the following elements are required:
- Inventory - Lists of hosts
- Playbook - List of commands
- Transport - Secure Shell (SSH), Windows Remote Management (WinRM), Cloud API (REST, JSON, ..)
- Modules - Reusable, standalone scripts that can be used by the Ansible API, ansible or ansible-playbook programs to control system resources, packages, files, ..
- Plugins - Pluggable function code blocks that are infrequently needed and not necessary to be in the core code. By default Ansible includes SSH.
Ansible Playbook
Ansible Playbooks are written in YAML Ain't Markup Language (YAML) based format. YAML is a human friendly data serialisation. Playbook files describe the end state of a server or networking device. Playbooks contain plays which contain tasks. Tasks call modules. A handler can be triggered by a task and are run once at the end of a play. Tasks are run sequentially.
The playbook consists of a hosts property which defines which servers, networking devices or groups to apply tasks on.
Variables
These can be used to alter how a playbook is run. Variables can be:
- Inherited from an inventory.
- Explicitly set at runtime.
- Discovered at the start of a playbook run.
- Read from files.
Inventory
Can be a list of targets, i.e. servers or networking devices in a file or a script that pulls a list and offers it to Ansible. Lists can be stored in several ways:
- Static files.
- Dynamically generated by an inventory script.
The default location for these hosts is /etc/ansible/hosts. The names in square brackets are called Group names and cannot contain spaces.
~ $ cat /etc/ansible/hosts Sample list; [UNIX_Servers] unix01.lovelace.com unix02.lovelace.com [Networking] router01.lovelace.com
Task
A task consists of a name and an action. An action consists of a module name and module options. The modules used in this example are apt, service, copy.
- name: A package name. See http://docs.ansible.com/ansible/apt_module.html)
- state: Indicates the desired package state. latest ensures that the latest version is installed. build-dep ensures the package build dependencies are installed.
--- - hosts: all tasks: - name: Install Apache apt: name=apache2 state=present
Building a playbook
As an example build a playbook and an inventory to install a webserver, confirm it is installed on a Debian GNU/Linux host.
The Ansible script will:
- Update
- Distribution upgrade
- Install Apache
- Install PHP
- Start Apache
- Show "Hello World!"
First make an inventory list. ansible_ssh_pass The ssh password to use (this is insecure, we strongly recommend using --ask-pass or SSH keys)
~ $ mkdir ansible ~ $ cd ansible ~/ansible $ sudo mv /etc/ansible/hosts /etc/ansible/hosts.orig ~/ansible $ sudo vi /etc/ansible/hosts # hosts 192.168.10.6 ansible_user=debian :wq!
Review the ansible.cfg file.
~ $ cat /etc/ansible/ansible.cfg inventory = /etc/ansible/hosts library = /usr/share/my_modules/ remote_tmp = $HOME/.ansible/tmp #forks = 5 poll_interval = 15 #sudo_user = root ask_sudo_pass = True ask_pass = True transport = smart remote_port = 22 module_lang = C # uncomment this to disable SSH key host checking host_key_checking = False
Test that the host file is OK by using the ping test module in Ansible.
~ $ ansible all --connection ssh --module-name ping 192.168.10.6 | SUCCESS => { "changed": false, "ping": "pong" }
Now create a Hello World script that can be uploaded by Ansible.
~ $ vi index.php <html> <head> <title>PHP Test</title> </head> <body> <?php echo '<p>Hello World</p>'; ?> </body> </html> :wq!
Create a playbook to carry out the work on the server.
~/ansible $ cat playbook.yml # playbook.yml --- - hosts: all tasks: - name: Step 1 - Update host become: yes apt: update_cache=yes - name: Step 2 - Upgrade host become: yes apt: upgrade=dist - name: Step 3 - Install Apache become: yes apt: name=apache2 state=present - name: Step 4 - Install PHP module for Apache become: yes apt: name=libapache2-mod-php5 state=present - name: Step 5 - Start Apache become: yes service: name=apache2 state=running enabled=yes - name: Step 6 - Remove default index files at apache2 webserver root become: yes file: path=/var/www/html/* state=absent - name: Step 5 - Install Hello World PHP script become: yes copy: src=index.php dest=/var/www/html/index.php owner=www-data group=www-data mode=0664
Running the playbook.
$ ansible-playbook playbook.yml SSH password: SUDO password[defaults to SSH password]: ______ < PLAY > ------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ______________ < TASK [setup] > -------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ok: [192.168.10.7] _____________________________ < TASK [Step 1 - Update host] > ----------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ok: [192.168.10.7] ______________________________ < TASK [Step 2 - Upgrade host] > ------------------------------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || changed: [192.168.10.7] ________________________________ < TASK [Step 3 - Install Apache] > -------------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || changed: [192.168.10.7] _______________________________________________ < TASK [Step 4 - Install PHP module for Apache] > ----------------------------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || changed: [192.168.10.7] ______________________________ < TASK [Step 5 - Start Apache] > ------------------------------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ok: [192.168.10.7] ______________________________________________________ / TASK [Step 6 - Remove default index files at apache2 \ \ webserver root] / ------------------------------------------------------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ok: [192.168.10.7] ________________________________________________ < TASK [Step 5 - Install Hello World PHP script] > ------------------------------------------------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || changed: [192.168.10.7] ____________ < PLAY RECAP > ------------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || 192.168.10.7 : ok=8 changed=4 unreachable=0 failed=0