Key tasks or responsibilities that can handle through Ansible
- Automated various infrastructure activities like Continuous Deployment, Application Server setup, Stack monitoring using Ansible playbooks and has Integrated Ansible with Jenkins.
- Used various services of AWS for this infrastructure. I used EC2 as virtual servers to host Git, Jenkins and configuration management tool like Ansible. Converted slow and manual procedures to dynamic API generated procedures.
- Wrote Ansible Playbooks with Python SSH as the Wrapper to Manage Configurations of AWS nodes and Tested Playbooks on AWS instances using Python. Run Ansible Scripts to Provide Dev Servers.
- Configured Generic data source, Multi data source using configuration management Process using Ansible.
- Configured JMS Modules, SAF Agents, SAF Modules, using Configuration Management Process using Ansible.
- Developed Ansible scripts for an automated server provisioning and Docker images for isolation, reducing the time between provisioning and deployment from over 3 hours to less than 10 minutes.
================================================================
- Before & After Configuration Management
- What is Ansible ?
- Features of Ansible
- Ansible Case Study : NASA
- Ansible for Orchestration
- Ansible for Provisioning
- Ansible for Configuration Management
- Ansible for Application Deployment
- Ansible for Security
- Write Ansible Playbooks to install LAMP Stack and Host a website
================================================================
How Ansible Works?
- There are many similar automation tools available like Puppet, Capistrano, Chef, Salt, Space Walk, etc, but Ansible categorizes into two types of server: controlling machines and nodes.
- The controlling machine, where Ansible is installed, and Nodes are managed by this controlling machine over SSH(Secure Shell). By controlling the machine through inventry, location of nodes is specified.
- Using SSH protocol, the controlling machine (Ansible) deploys modules to nodes and these modules are stored temporarily on remote nodes and through a JSON connection, they will communicate with the Ansible machine over the standard output.
- There is no need for any agent installation on remote nodes because Ansible is agent-less, so it means there are no any background daemons or programs are executing for Ansible when it’s not managing any nodes.
- Ansible can handle 100’s of nodes from a single system over SSH connection and the entire operation can be handled and executed by one single command ‘ansible’. But, in some cases, where you required to execute multiple commands for a deployment, here we can build playbooks.
- Playbooks are a bunch of commands which can perform multiple tasks, and each playbook are in YAML file format.
What’s the Use of Ansible?
Ansible can be used in IT infrastructure to manage and deploy software applications to remote nodes. For example, let’s say you need to deploy a single software or multiple software to 100’s of nodes by a single command, here ansible comes into picture, with the help of Ansible you can deploy as many as applications to many nodes with one single command, but you must have a little programming knowledge for understanding the ansible scripts.
We’ve compiled a series on
Ansible, title ‘
Preparation for the Deployment of your IT Infrastructure with Ansible IT Automation Tool‘, through parts 1-4 and covers the following topics.
Is there a web interface / REST API / etc?
Yes, Ansible, Inc makes a great product that makes Ansible even more powerful and easy to use. See
Ansible Tower.
How do I submit a change to the documentation?
Documentation for Ansible is kept in the main project git repository, and complete instructions for contributing can be found in the docs.
When should I use {{ }}? Also, how to interpolate variables or dynamic variable names
- A steadfast rule is ‘always use {{ }} except when when:‘. Conditionals are always run through Jinja2 as to resolve the expression, so when: failed_when: and changed_when: are always templates and you should avoid adding {{}}.
- In most other cases you should always use the brackets, even if previously you could use variables without specifying (like with_ clauses), as this made it hard to distinguish between an undefined variable and a string.
- Another rule is ‘moustaches don’t stack’. We often see this:
- {{ somevar_{{other_var}} }}
- The above DOES NOT WORK, if you need to use a dynamic variable use the hostvars or vars dictionary as appropriate:
- {{ hostvars[inventory_hostname][‘somevar_’ + other_var] }}
How to install Ansible
Installation of Ansible Ubuntu 14.04
The best way to get Ansible for Ubuntu is to add the project’s PPA (personal package archive) to your system.
To do this effectively, we need to install the software-properties-common package, which will give us the ability to work with PPAs easily. (This package was called python-software-properties on older versions of Ubuntu.)
sudo apt-get update
sudo apt-get install software-properties-common
Once the package is installed, we can add the Ansible PPA by typing the following command:
sudo apt-add-repository ppa:ansible/ansible
For the PPA addition, press enter.
After that we can refresh our system package, we can see available PPA packages and can install the software.
sudo apt-get install ansible
sudo apt-get update
Through Ansible, we have the software required to administer our servers.
How do I generate crypted passwords for the user module?
The mkpasswd utility that is available on most
Linux systems is a great option:
mkpasswd --method=sha-512
If this utility is not installed on your system (e.g. you are using OS X) then you can still easily generate these passwords using Python. First, ensure that the
Passlib password hashing library is installed.
pip install passlib
Once the library is ready, SHA512 password values can then be generated as follows:
python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"
Use the integrated
Hashing filters to generate a hashed version of a password. You shouldn’t put plaintext passwords in your playbook or host_vars; instead, use
Vault to encrypt sensitive data.
By enabling Kerberized SSH, How do I get ansible to reuse connections?
- Use ‘-c ssh or ssh’ to Switch your default connection type in the configuration file, instead of the Python use Native Open SSH for connections. paramiko library. In Ansible 1.2.1 and later, ‘ssh’ will be used by default if Open SSH is new enough to support Control Persist as an option.
- Paramiko is great for starting out, but the OpenSSH type offers many advanced options. You will want to run Ansible from a machine new enough to support ControlPersist, if you are using this connection type. You can still manage older clients. If you are using RHEL 6, CentOS 6, SLES 10 or SLES 11, the version of OpenSSH, is still a bit old, so consider managing from a Fedora or openSUSE client even though you are managing older nodes, or just use paramiko.
- We keep paramiko as the default as if you are first installing Ansible on an EL box, it offers a better experience for new users.
What is the best way to make content reusable/redistributable?
If you have not done so already, read all about “Roles” in the playbooks documentation. This helps you make playbook content self-contained and works well with things like git sub modules for sharing content with others.
If some of these plugin types look strange to you, see the API documentation for more details about ways Ansible can be extended.
How do I see all the inventory vars defined for my host?
You can see the resulting vars you define in inventory running the following command:
ansible -m debug -a "var=hostvars['hostname']" localhost
How do I copy files recursively onto a target host?
The “copy” module has a recursive parameter, though if you want to do something more efficient for many files, look at the “synchronize” module instead, which wraps rsync. See the module index for info on both modules.
What is Ansible Role?
Ansible can interact with configured clients from the command line with the ansible command, and how you can automate configuration with playbooks run through the ansible-playbook command.
The first step in creating a role is creating its directory structure. To create the base directory structure, we’re going to use a tool bundled with Ansible called ansible-galaxy:
$ ansible-galaxy init azavea.packer
azavea.packer was created successfully
That command will create an azavea.packer directory with the following structure:
├── README.md
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
└── vars
└── main.yml
Difference between Variable name and Environment Variables.
| Variable Name | Environment Variables |
| Variable Name can be built by adding strings. | To access the environment variable need to access existing variables. |
| {{ hostvars[inventory_hostname][‘ansible_’ + which_interface][‘ipv4’][‘address’] }} | # … vars: local_home: “{{ lookup(‘env’,’HOME’) }}” |
| We can add strings | if we want to set variables, see the advanced playbooks section. |
| For Variable names we use ipv4 address. | For Remote environment variables, use {{ ansible_env.SOME_VARIABLE }} |
References :
