Ansible automation tool - Introduction
Ansible control-system installation, configuration and basic tasks
Ansible is a tool for IT automation. We can use it for configure, deploy, provision and orchestrate tasks. In an integrated IT environent with a grade of complexity, all these continuous operations have to be done in a automatic way to minimise errors and downtimes.
Ansible is a tool focused on simlicity and easy of use without compromising security and reliability. It is also agentless using SSH as its transport protocol for controling remote systems. All these Ansible designers's choises made the tool appealing for us to use in complex, versatile and mission critical environments.
This post is a simple tutorial - introduction to the tool. We are installing ansible inside a dedicated python virtual environment avoiding messing up with system-wide python libraries and we are running some very basic tasks. Other articles about more complex tasks (for example controling AWS instances, security services etc.) will follow on epilis.gr in the "administration" category.
Create python virtual environment
At first we are creating a new virtual python environment:
~$ virtualenv ansible_env
New python executable in ansible_env/bin/python
Installing setuptools, pip...done.
Ansible installation
Activate the virtual enviroment just created:
~$ . ansible_env/bin/activate
Then install ansible with pip:
~$ pip install ansible
This will install ansible with all the dependencies like paramiko, PyYAML, pycrypto, jinja2.
If you got something like: "fatal error: Python.h: No such file or directory", you need to install python-dev e.g: sudo apt-get install python-dev
Basic tasks
Now that ansible is installed in our virtual environment it is time to get started with some basics:
Lets say that we have 2 linux servers (linux10 and linux11) in our local network and one on aws cloud (example.com) that we want to control with ansible.
Firstly we want to setup SSH keys for authentication to every server without password (optional but recomended):
~$ ssh-keygen
~$ ssh-copy-id linux10
~$ ssh-copy-id linux11
Check the password-less login with:
~$ ssh linux10
~$ ssh linux11
We assume that you already have an ssh key for login to your AWS cloud server.
Lets create a "workspace" directory named ansible and a "hosts" file inside:
hosts
linux10
linux11
[aws_servers]
example.com ansible_user=username ansible_ssh_private_key_file=/home/pi/private_key.pem
This "hosts" file is basically our inventory that contains the servers we want to control in groups.
We can check the connections on all our servers with the command:
~$ ansible -i hosts all -m ping
linux10 | SUCCESS => {
"changed": false,
"ping": "pong"
}
linux11 | SUCCESS => {
"changed": false,
"ping": "pong"
}
example.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
Now we can check only a group of servers for example aws_servers:
~$ ansible -i hosts aws_servers -m ping
example.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
Lets try to run a command on the remote systems (all of them):
~$ ansible -i hosts all -a "/bin/echo hello"
linux10 | SUCCESS | rc=0 >>
hello
linux11 | SUCCESS | rc=0 >>
hello
example.com | SUCCESS | rc=0 >>
hello
Lets run the same command to our "local_servers" group of servers, this time with sudo priveledges:
~$ ansible -i hosts local_servers --sudo -a "/bin/echo hello"
linux10 | SUCCESS | rc=0 >>
hello
linux11 | SUCCESS | rc=0 >>
hello
Now that everything is working fine lets upgrade our local servers with ansible (all at once).
We are using the "apt" ansible module for running "apt-get update" and "apt-get upgrade" commands to the remote systems.
For our convenience we can set the hosts file as an environment variable:
~$ export ANSIBLE_HOSTS=./hosts
We are creating a file named "upgrade_local_servers.yml" as our "playbook"
upgrade_local_servers.yml
- hosts: local_servers become: true tasks: - name: updates a server apt: update_cache=yes - name: upgrades a server apt: upgrade=full
Now we are running the tasks:
~$ ansible-playbook upgrade_local_servers.yml
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [linux10]
ok: [linux11]
TASK [updates a server] ********************************************************
ok: [linux10]
ok: [linux11]
TASK [upgrade a server] ********************************************************
ok: [linux10]
ok: [linux11]
PLAY RECAP *********************************************************************
linux10 : ok=3 changed=0 unreachable=0 failed=0
linux11 : ok=3 changed=0 unreachable=0 failed=0
- Posted by Kostas Koutsogiannopoulos · April 12, 2016