Ansible Automation Tool

By:

Mohamed Moharam

System Engineer

https://sa.linkedin.com/in/mohamedmoharam

What is Anisble ?

Ansible is an open source, powerful automation software for configuring, managing and deploying software

applications on the nodes without any downtime just by using SSH. Today, most of the IT Automation tools runs as

a agent in remote host, but ansible just need a SSH connection and Python (2.4 or later) to be installed on the

remote nodes to perform it’s action.For example, let’s say you need to deploy a single software or multiple software to 100’s of nodes by a single command, here ansible comes into picture just one command do the job

How Ansible Works?

There are many similar automation tools available like Puppet, Capistrano, Chef, Salt, Space Walk etc, but Ansible

categorize into two types of server: controlling machines and nodes.

1- The controller machine, where Ansible is installed and Nodes managed by it

2- The controlling machine (Ansible) deploys modules to nodes using SSH protocol

and these modules are stored temporarily on remote nodes and communicate through a JSON

3- Ansible is agent-less, that means no need of any agent installation on remote nodes,

4- Ansible can handle 100’s of nodes by one single command ‘ansible’.

5- Ansible can execute multiple commands for a deployment, we can build using (playbooks)

6- Playbooks are bunch of commands which can perform multiple tasks and each playbooks

are in YAML file format. See the below diagram (a)

(a)

What is YAML ? YAML (/ˈjæməl/, rhymes with camel) is a human-readable data serialization format that takes concepts from

programming languages such as C, Perl, and Python, and ideas from XML and the data format of electronic mail

YAML syntax was designed to be easily mapped to data types common to most high-level languages: list, associative

array, and scalar. Its familiar indented outline and lean appearance make it especially suited for tasks where humans

are likely to view or edit data structures, such as configuration files, dumping during debugging, and document headers

For more information refer to the following https://en.wikipedia.org/wiki/YAML

--- # Examples

--- # Sample document

--- # Data structure hierarchy is maintained by outline indentation.

receipt: Oz-Ware Purchase Invoice

date: 2012-08-06

customer:

first_name: Dorothy

family_name: Gale

items:

- part_no: A4786

descrip: Water Bucket (Filled)

price: 1.47

quantity: 4

YAML offers an "in-line" style for denoting associative arrays and lists. Here is a sample of the components. Lists: - Conventional block format uses a hyphen+space to begin a new item in list.

--- # Favorite movies comment

- Casablanca

- North by Northwest

- The Man Who Wasn't There

Optional inline format is delimited by comma+space and enclosed in brackets (similar to JSON)

--- # Shopping list comment

[milk, pumpkin pie, eggs, juice]

Ansible Documentation: Modules As we are dealing with an array of modules during using Ansible tutorials. Here we show how to use Ansible

documentation in order to see what modules are available and how to use them. For more information refer to the

following url http://docs.ansible.com/ansible/list_of_packaging_modules.html to know more about available

modules

[root@mohamedmoharam1 ansible]# ansible --version

ansible 1.9.4

configured module search path = None

[root@mohamedmoharam1 ansible]# ansible-doc --help

Usage: ansible-doc [options] [module...]

Show Ansible module documentation

Options:

--version show program's version number and exit

-h, --help show this help message and exit

-M MODULE_PATH, --module-path=MODULE_PATH

Ansible modules/ directory

-l, --list List available modules

-s, --snippet Show playbook snippet for specified module(s)

-v Show version number and exit

System Architecture Diagram

(b)

My Environment Setup

Controller Machine – Ansible

Operating System : Centos 7

IP Address : 172.31.16.71

Host-name : mohamedmoharam1.mylabserver.com

User : user

Note: in the real implementation nothing defined as controller node any node can be controller and used for automation

For ansible other soultions like puppet require a master node to work as controller.

Remote Nodes

Node 1: mohamedmoharam2.mylabserver.com

Node 2: mohamedmoharam3.mylabserver.com

Node 3: mohamedmoharam4.mylabserver.com

Step 1: Installing Controlling Machine – Ansible

Fedora users can directly install Ansible through default repository, but if you are using RHEL/CentOS 6, 7, you

have to enable EPEL repo.After configuring epel repository, you can install Ansible using following command.

$ sudo yum install ansible -y

After installed successfully, you can verify the version by executing below command.

# ansible --version

Step 2: Preparing SSH Keys to Remote Hosts

4. To perform any deployment or management from the localhost to remote host first we need to create and copy

the ssh keys to the remote host. In every remote host there will be a user account test First let we create a SSH key

using below command and copy the key to remote hosts.

# ssh-keygen -t rsa

5. After creating SSH Key successfully, now copy the created key to all three remote server’s.

# ssh-copy-id user@mohamedmoharam2.mylabserver.com

# ssh-copy-id user@mohamedmoharam3.mylabserver.com

# ssh-copy-id user@mohamedmoharam4.mylabserver.com

6. After copying all SSH Keys to remote host, now perform a ssh key authentication on all remote hosts to check

whether authentication working or not.

$ ssh test@mohamedmoharam2.mylabserver.com

$ ssh test@mohamedmoharam3.mylabserver.com

$ ssh test@mohamedmoharam4.mylabserver.com

Note : you have to add sudo privilege to the ansible normal user so it will not prompt you for the password when

you execute the ansible command “ user ALL=(ALL) NOPASSWD: ALL” >> using visudo command

Ansible Configuration File

Here we explore The various settings within the Ansible configuration file as you see in the following under

/etc/ansible/ansible.cfg

Step 3: Creating Inventory File for Remote Hosts

7. Add these three hosts to inventory file. This file hold the host information’s like which host we need to get

connect from local to remote under /etc/ansible/hosts.

# sudo vim /etc/ansible/hosts

Add the following three hosts IP address..

[webservers]

mohamedmoharam2.mylabserver.com

mohamedmoharam3.mylabserver.com

[DBservers]

mohamedmoharam4.mylabserver.com

Note: The ‘webservers‘ in the brackets indicates as group names, it is used in classifying systems and deciding

which systems you are going to controlling at what times and for what reason.

Now time to check our all 3 doing ping from my localhost. To perform the action we need to use the command

‘ansible‘ with options ‘-m‘ (module) and ‘-all‘ (group of servers). ‘WE ARE HERE USING MODULE PING ’

# ansible -m ping webservers

mohamedmoharam2.mylabserver.com | success >> {

"changed": false,

"ping": "pong"

}

mohamedmoharam3.mylabserver.com | success >> {

"changed": false,

"ping": "pong"

}

Ansible Command Line

Now, here we are using another module called ‘command‘, which is used to execute list of commands (like, df, free, uptim, etc.) on all selected remote hosts at one go, for example watch out few examples shown below.

To check the partitions on all remote hosts

# ansible -m command -a "df -h" webservers

mohamedmoharam2.mylabserver.com | success | rc=0 >>

Filesystem Size Used Avail Use% Mounted on

/dev/xvda1 20G 4.7G 16G 24% /

devtmpfs 477M 0 477M 0% /dev

tmpfs 497M 84K 496M 1% /dev/shm

tmpfs 497M 13M 484M 3% /run

tmpfs 497M 0 497M 0% /sys/fs/cgroup

mohamedmoharam3.mylabserver.com | success | rc=0 >>

Filesystem Size Used Avail Use% Mounted on

/dev/xvda1 20G 4.7G 16G 24% /

devtmpfs 477M 0 477M 0% /dev

tmpfs 497M 0 497M 0% /dev/shm

tmpfs 497M 13M 484M 3% /run

tmpfs 497M 0 497M 0% /sys/fs/cgroup

Installing a package remotely using friendly ansible yum module feature for installing the package httpd on a

remote group of servers

[user@mohamedmoharam1 ansible]$ ansible webservers -s -m yum -a 'pkg=httpd state=installed

update_cache=true'

mohamedmoharam3.mylabserver.com | success >> {

"changed": true,

"msg": "",

"rc": 0,

"results": [

mohamedmoharam3.mylabserver.com | success >> {

"changed": true,

"msg": "",

"rc": 0,

"results": [

To install package remotely on a group of servers over shell using yum command package telent

System Facts

Using Ansible discovers various system information on remote systems using setup ansible module

[user@mohamedmoharam1 ansible]$ ansible -m setup webservers

mohamedmoharam2.mylabserver.com | success >> {

"ansible_facts": {

"ansible_all_ipv4_addresses": [

"172.31.103.160"

],

"ansible_all_ipv6_addresses": [

"fe80::1042:b8ff:fef2:99"

],

"ansible_architecture": "x86_64",

"ansible_bios_date": "12/07/2015",

"ansible_bios_version": "4.2.amazon",

"ansible_cmdline": {

"BOOT_IMAGE": "/boot/vmlinuz-3.10.0-229.14.1.el7.x86_64",

"LANG": "en_US.UTF-8",

"console": "ttyS0,115200n8",

"crashkernel": "auto",

"ro": true,

"root": "UUID=0f790447-ebef-4ca0-b229-d0aa1985d57f",

"vconsole.font": "latarcyrheb-sun16",

"vconsole.keymap": "us"

},

"ansible_date_time": {

"date": "2015-12-15",

"day": "15",

"epoch": "1450215305",

"hour": "21",

"iso8601": "2015-12-15T21:35:05Z",

"iso8601_micro": "2015-12-15T21:35:05.565977Z",

"minute": "35",

"month": "12",

"second": "05",

"time": "21:35:05",

"tz": "UTC",

"tz_offset": "+0000",

"weekday": "Tuesday",

"year": "2015"

},

"ansible_default_ipv4": {

"address": "172.31.103.160"

"alias": "eth0",

"gateway": "172.31.96.1",

"interface": "eth0",

"macaddress": "12:42:b8:f2:00:99",

"mtu": 9001,

"netmask": "255.255.240.0",

"network": "172.31.96.0",

"type": "ether"

},

"ansible_default_ipv6": {},

"ansible_devices": {

"xvda": {

"holders": [],

"host": "",

"model": null,

"partitions": {

"xvda1": {

"sectors": "41927602",

"sectorsize": 512,

"size": "19.99 GB",

"start": "2048"

}

},

"removable": "0",

"rotational": "0",

"scheduler_mode": "deadline",

"sectors": "41943040",

"sectorsize": "512",

"size": "20.00 GB",

"support_discard": "0",

"vendor": null

}

},

"ansible_distribution": "CentOS",

"ansible_distribution_major_version": "7",

"ansible_distribution_release": "Core",

"ansible_distribution_version": "7.1.1503",

"ansible_domain": "mylabserver.com",

Ansible Modules

Ansible ships with a number of modules (called the ‘module library’) that can be executed directly on remote hosts or through Playbooks. Users can also write their own modules. These modules can control system resources, like

services, packages, or files (anything really), or handle executing system commands.

1- Setup Module

Gathers facts about remote hosts related to system information like architecture , domain , distribution

kernel , interfaces …etc we can use filter to extract what we need from it .

2- File Module

Sets attributes of files, symlinks, and directories, or removes or copy files/symlinks/directories. Many other

modules support the same options as the file module - including copy, template, and assemble. In the

following example we list the attributes for /etc/fstab for the remote group of servers to see permissions

group gid owner uid ...etc

In case the remote directory not found it will show error for us as you see in the following

In case we would like to create new directory and change ownership & premissions

3- Copy Module

The copy module copies a file on the controller node to remote locations. Use the fetch module to copy

files from remote locations to the controller node .

In the following example we copy the /etc/fstab from the controller node to the remote server

mohamedmoharam2.mylabserver.com to /tmp/etc/ directory .

In the following example we use the command module to remove the files from remote group of servers

4- YUM Module

Installs, upgrade, removes, and lists packages and groups with the yum package manager.

As you see in the following example we need to install a package to group of webserver

a) List available group of remote servers in the controller node

b) Create new yml playbook and define the group of remote servers we will apply on it , use the yum module

And run the new .yml using ansible-playbook command line as you see below on the controller node

c) N

o

w

t

h

e

p

a

c

k

a

g

e

vsftpd have been installed successfully remotely in all group of webservers .

5- Service Module

Controls services on remote hosts. Supported init systems include BSD init, OpenRC, SysV, Solaris SMF,

systemd, upstart . Here an example of starting service remotely after installing the package using yum

module .

a) We create new .yml for service definition and define the remote group of hosts

b) Run service.yum using ansible-palybook command line as you see below

c) As we see the httpd service have been restarted successfully on all group of servers

6- Copy Module

The copy module copies a file on the local box to remote locations. Use the fetch module to copy files

from remote locations to the local box.

a) First we create new .yml playbook and define group of servers on it we need to copy files to them

b) Run the new .yml playbook using ansible-playbook command as you see below

c) Now the /etc/fstab file on the controller node have been successfully copied to all group of webservers under

/tmp destination

7- Command Module

The command module takes the command name followed by a list of space-delimited arguments. The

given command will be executed on all selected nodes in the following

a) Create new file .yml to define the group of remote hosts and the command that we like to applied

remotely on all servers

b) Run the new playbook .yml using ansible-playbook command

c) The command have been run successfully on all remote servers

8- Cron Module :-

This module allows you to create named crontab entries, update, or delete them. The module includes

one line with the description of the crontab entry "#Ansible: <name>" corresponding to the “name” passed to the module, which is used by future ansible/module calls to find/check the state

a) We have created new playbook .yml file

b) Define the group of hosts in the yml playbook and the cron task we need to apply on the remote servers

c) Run the playbooks using ansible command line

d) Now the cron task have been scheduled successfully on all remote server as you see above

9- User Module

Manage user accounts and user attributes ( useradd - userdel – usermod) in the following

example we have create a normal user in number of group of servers remotely in this

example we created new playbook yml and use user module to apply on group of servers

10- Shell Module The shell module takes the command name followed by a list of space-delimited arguments. It is almost

exactly like the command module but runs the command through a shell (/bin/sh) on the remote node.

In this example we have executed the uptime command remotely in the group of servers over the shell

module and save the result to uptime.log file in the /home/user/

11-Selinux Module

Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue

this reboot but will let you know when it is required.

In the following example we have created new yml playbook file and define on it the group of hosts that

we need to apply selinux policy on them and run the playbook using ansible-playbook command line