Ansible is a deployment and configuration management system. It can be thought of as Puppet, but the servers to be managed do not run any agents or request any configuration. Instead, the server where we have the configurations will apply them to the servers on demand via ssh whenever the sysadmin wishes to do so. The only dependencies are ssh access and the necessary python libraries for the operations to be performed.
We compile ansible:
emerge -av app-admin/ansible
On the servers to be managed, it is necessary to have gentoolkit installed:
NOTE: Ansible reads all our SSH config -> ~/.ssh/config but only if the openssh mode is used, if paramiko is enabled, it does not.
We add hosts to manage:
chown -R root:kr0m /etc/ansible/
chmod 775 /etc/ansible/
vi /etc/ansible/hosts
We ping the hosts to ensure connectivity:
node00 | SUCCESS => {
"changed": false,
"ping": "pong"
}
If we have access with a restricted user and want to switch to root using sudo.
We access as bruce and switch to root using sudo:
We access as bruce and switch to batman using sudo:
We can execute an Ad-Hoc command on all servers with:
node00 | SUCCESS | rc=0 >>
Linux node00 4.4.0-16-generic #32-Ubuntu SMP Thu Mar 24 22:38:01 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
To manage software:
http://docs.ansible.com/ansible/portage_module.html
We install htop using Ansible:
lxd00 | SUCCESS => {
"changed": false,
"msg": "Packages already present."
}
In the hosts file, we can organize by groups:
[webservers]
foo.example.com
bar.example.com
[dbservers]
one.example.com
two.example.com
three.example.com
In addition, we can indicate the port to use:
badwolf.example.com:5309
It is also possible to use patterns:
[webservers]
www[01:50].example.com
[databases]
db-[a:f].example.com
If we need to use variables to configure the hosts, we can define them here as well:
[atlanta]
host1 http_port=80 maxRequestsPerChild=808
host2 http_port=303 maxRequestsPerChild=909
Another option is to leave the host list “clean” and define the group variables in another section:
[atlanta]
host1
host2
[atlanta:vars]
ntp_server=ntp.atlanta.example.com
proxy=proxy.atlanta.example.com
It is also possible to have the inventory file of hosts/groups in the main file and put the group variables in:
ntp_server: acme.example.org
database_server: storage.example.org
Ansible has a wide variety of modules, some of them are:
-
Users:
ansible all -m user -a “name=foo password=”
ansible all -m user -a “name=foo state=absent” -
Git repositories:
ansible webservers -m git -a “repo=git://foo.example.org/repo.git dest=/srv/myapp version=HEAD” -
Services:
ansible webservers -m service -a “name=httpd state=started”
ansible webservers -m service -a “name=httpd state=restarted”
ansible webservers -m service -a “name=httpd state=stopped”
Facts are variables that can be used to make certain decisions in the playbook execution.
We can check the facts with:
We obtain the fact ansible_distribution and where it matches, execute X:
# talk to all hosts just so we can learn about them
- hosts: all
tasks:
- group_by: key=os_{{ ansible_distribution }}
- name: Gentoos stuff
hosts: os_Gentoo
tasks:
- name: install nano
portage: package=app-editors/nano state=present
- name: Ubuntuss stuff
hosts: os_Ubuntu
tasks:
- name: install nano
apt: name=nano state=present
We execute the playbook:
We can debug by executing the playbook step by step:
It is also possible to execute a playbook on a single host. In the playbook, we will indicate - hosts: all and filter with an extra argument, --limit: