Ansible - Basics

From Linux - Help
Jump to navigation Jump to search


Ansible-logo.png

Introduction

Ansible is a configuration management tool, that can be used by developer to deploy code to production or for systems administrator looking for a better way to automate.

What is Ansible good for?

  • Configuration management tool (like chef, puppet or salt).

> Writing some kind of state description for our servers, and then using a tool to enforce that the servers are, indeed, in that state.

  • Deployment tool (Capistrano and Fabric).

> Referring to the process of taking software that was written in-house, generating binaries or static assets, copying the required files to the server(s), and then starting up the services.

  • Orchestration of deployment

> Multiple remote servers are involved, and things have to happen in a specific order (for ex.: you need to bring up the database before bringing up the web servers).

  • Provisioning new servers

> Refers to spinning up a new virtual machine instance.

How Ansible works

In Ansible, a script is called a *playbook*. A playbook describes which hosts (which Ansible call remote servers) to configure, and an ordered list of *tasks* to perform on those hosts.

For example:

1. Install Nginx 2. Generate an Nginx configuration file 3. Copy over the security certificate 4. Start the Nginx service

You executes the playbook by using the ansible-playbook command. In the example, the playbook is named webserver.yml, and is executed by typing the following:

 $ ansible-playbook webserver.yml

Ansible will make SSH connections in parallel. It will execute the first task on the list on all the hosts simultaneously. In this example, the first task is installing the Nginx package.

Example of a playbook:

 ---
   - name: Install nginx
     yum:
       name: nginx
       state: present

Ansible will do the following:

1. Generate a Python script that installs the Nginx package 2. Copy the script to the remote servers 3. Exscute the script on the remote servers 4. Wait for the script to be complete execution on all remote servers

Ansible will then remove to the next task in the list, and go through these same four steps.

It'simportant to note the following:

  • Ansible runs each task in parallel across all hosts.
  • Ansible waits until all remote servers have completed a task before moving to the next task.
  • Ansible runs the tasks in the order that you specify them.

What's so great about Ansible?

  • Easy-to-read Syntax
  • Nothing to install on the Remote Servers
  • Push based
  • Scales down
  • Built-in modules
  • Very thin layer of abstraction

What do i need to know?

To be productive with Ansible, you need to be familiar with basic Linux system administration tasks. Ansible make it easier to automate your tasks, but it's not the kind of tool that "automagically" does things that you otherwise wouldn't know how to do.

You need to be familiar with at least one Linux distribution (e.g.: RHEL/CentOS, Ubuntu & Suse), and know how to:

  • Connect to a remote server using SSH
  • Interact with the BASH command-line shell
  • Install packages
  • Use the sudo command
  • Check and set file permissions
  • Start and stop services
  • Set environment variables
  • Write scripts (any language)

If these concepts are all familiar to you, you're good to go with Ansible.

> Check this wiki to prepare your Ansible env to start working with Ansible.

    1. Inventory File - Telling Ansible about your remote server

Ansible can manage only the servers it explicitly knows about. You provide Ansible with information about remote servers by specifiying them in an inventory file. Each remote server needs a name that Ansible will use to identify it. You can use the hostname of the server, or you can give it an alias and pass aditional arguments to tell Ansible how to connectto it. We'll give here for example the alias name: *xxx.example.com*.

Here’s that same basic inventory file in YAML format:

 ---
 all:
   hosts:
     mail.example.com:
       ansible_host: 192.168.1.10
   children:
     webservers:
       hosts:
         foo.example.com:
         bar.example.com:
     dbservers:
       hosts:
         one.example.com:
         two.example.com:
         three.example.com:

> Inventory file has different format to use, for example: INI and yaml, I will cover only the yaml format.

We'll use the ansible command-line tool to verify that we can use Ansible to connect to the server. You won't use the Ansible command often; it's mostly used for ad hoc.

 ansible mail.example.com -i inventory.yml -m ping

If it failed, output may look like this:

 mail.example.com | UNREACHABLE! => {
     "changed": false,
     "msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.1.10 port 22: Connection refused",
     "unreachable": true
 }

If it succeeded, output will look like this:

 mail.example.com | SUCCESS => {
     "ansible_facts": {
         "discovered_interpreter_python": "/usr/bin/python"
     },
     "changed": false,
     "ping": "pong"
 }

We can see that the *ping* module succeeded. The "changed": false part of the output tells us that executing the module did not change the state of the server. The "ping": "pong" text is output that is specific to the ping module.

The ping module is a useful tool for testing that Ansible can connect to the server.

The ansible.cfg File

Ansible has a way to specify some variables so we don't have to put them all in one place. Right now, we'll use one such mechanism, the ansible.cfg file, to set some defaults so we don't need to type as much.

Ansible looks for an ansible.cfg file in the following places and in this order:

1. File specified by the ANSIBLE_CONFIG environment variable 2. *./ansible.cfg* (the current directory) 3. *~/.ansible.cfg* (in your home directory) 4. */etc/ansible/ansible.cfg*

> Put your ansible.cfg file in the current directory, alongside your playbooks. That way, you can check it into the same version-control (version-control system such as Git is used maintain all your code) repository that your playbooks are in.

Command module

You can use the ansible command-line tool to run arbitrary commands on remote servers, using the command module. When invoking this module, you also need to pass an argument to the module with the -a flag. The command module is so commonly used that it's the default module, so we can omit it, for example with the uptime command:

 $ ansible mail.example.com -m command -a "uptime"
 $ ansible mail.example.com -a "uptime"

Another example:

 $ ansible mail.example.com -m command -a "tail /var/log/dmesg"
 $ ansible mail.example.com -a "tail /var/log/dmesg"

Another example becoming root user:

 $ ansible mail.example.com -m command -b -a "tail /var/log/syslog"
 $ ansible mail.example.com -b -a "tail /var/log/syslog"

You aren't just restricted to the ping and command modules when using the ansible command-line tool: you can use any module that you like. For example, you can install Nginx on CentOS by using the following command:

 $ ansible mail.example.com -b -m yum -a "name=nginx"
 

Books and Documentation

Syntheses of the book:

  • Ansible: Up & Running (please buy the book!)
  • The practice of Cloud System Administration
  • Designing Data-Intesive Applications