Ansible - robbiehume/CS-Notes GitHub Wiki

Overview

  • Ansible Overview (YouTube)
  • Ansible is a tool in a DevOps environment for helping you manage servers
  • It allows you to write a script to describe the installation and have it deploy to multiple servers
    • This means you don't have to manually install it on each server, one by one
  • The main things it helps with are:
    • IT automation: instructions are written to automate the IT professional's work
    • Configuration management: consistency of all systems in the infrastructure is maintained
    • Automatic deployment: applications are deployed automatically on a variety of environments
  • Can use Ansible Tower to provide a GUI

Install / setup Ansible

  • python3 -m pip install --user ansible
    • This puts it in user.site, run python -m site --user-site to see where exactly that is
  • pip3 install boto3 // for AWS modules
  • To work with AWS, need to set up credentials / config in ~/.aws 
    • // ~/.aws/credentials
[default]
aws_access_key_id = YOUR_ACCESS_KEY_ID
aws_secret_access_key = YOUR_SECRET_ACCESS_KEY
    • // ~/.aws/config
[default]
region = YOUR_PREFERRED_REGION

AWS

Pull / push configuration

  • Pull configuration is where nodes check with the main server periodically and fetch configurations from it
    • Each server has client software to connect / communicate with the main server
  • Push configuration is where the main server pushes configuration to the nodes
    • Don't have to install a client; requires less overhead
  • Ansible is a push configuration setup
    • It's agent less, so you don't have to install agent software on the nodes
    • It uses ssh to access and configure the nodes

Ansible architecture

  • The local machine where Ansible is installed and where you'll do all the script writing
    • It is in charge of pushing things out to the remote server
  • The nodes are the servers to be configured. They are controlled by the local machine
  • The local machine also has an inventory it manages
    • The inventory is a document that groups the nodes under specific labels
  • Modules are the configurations pushed to the nodes, they represent one small specific task
    • Multiple modules are combined to create tasks and playbooks
    • Module examples: install Nginx server, create cloud instance, create / copy file, etc.
    • Ansible Module Index
    • Built in modules

Inventory

  • Can group servers into categories to help manage them easier
    • The inventory file is usually located in /etc/ansible/hosts 
    • [webservers]
web1.myserver.com     // can be hostname or IP address
10.24.0.2

[databases]
10.24.0.7
10.24.0.8
  • Can specify an ssh user and key to use to connect to a specific host (useful for AWS instances)
    • hostname.com ansible_ssh_user=<user name> ansible_ssh_private_key_file=<path to key file>
  • Or you can define them for the whole group: 
    • [<group name>:vars]
ansible_ssh_user=ec2-user
ansible_ssh_private_key_file=/Users/rh/Downloads/key_pair.pem

Playbooks

  • Ansible playbooks notes / examples
  • Playbook keywords
  • Playbooks are the core of Ansible
  • They are the instructions to define the architecture of your hardware
  • They're written in YAML
  • You define the host and tasks for each "play" you want to implement on specific servers
  • A play consists of which tasks you want to be executed on which hosts with which user
  • The hosts can come from the inventory hosts file
  • A playbook consists of one or more plays
    • The plays are implemented in the order they're defined
  • Can declare vars to can be used 
    • - name: rename table and set owner 
  hosts: databases
  remote_user: root
  vars: 
      tablename: foo

  tasks:
      - name: Rename table {{ tablename }} to bar
        postgresql_table: 
            table: {{ tablename }}
            rename: bar 
      - name: set owner to someuser 
      ...
  • Running a playbook: ansible-playbook <path to playbook>

YAML

  • YAML has strict indentation levels

Common module tasks

  • command: run the specified command on the host; docs link
    • Ex: command: mv /home/ec2-user/file1.txt /home/ec2-user/file2.txt
  • debug:
  • register:
  • loop:
  • set_fact: allows you to set a variable that is accessible in all plays for that host in the playbook

Specific tasks

  • Looping over a dictionary: loop: "{{ lookup('dict', <dict_name>) }}"

Handling module output (registers, loops)

  • Can use the register module to store the output of a module call
    • register: <reg_name> // this goes in the same column as the module name
  • Can loop through a list or dictionary, or from a module's register results
  • Use loop: {{ list_name }}
    • This will store each list element into the item variable

Roles

  • Roles documentation
  • Roles let you automatically load related vars, files, tasks, handlers, and other Ansible artifacts based on a known file structure
⚠️ **GitHub.com Fallback** ⚠️