Ansible

From Ever changing code
Jump to navigation Jump to search

Ansible - management and configuration system

... watch the space :j

Install

apt-cache policy ansible | grep -A1 Installed # check version it will install
sudo apt-get install ansible

Install dependencies manually 

sudo apt-get install python python-setuptools python-crypto python-jinja2 python-paramiko python-pkg-resources python-yaml python python-httplib2 python-netaddr

Download a version from Ansible git repository you need 

wget https://releases.ansible.com/ansible/ansible-1.9.4.tar.gz
tar -xzvf ansible-1.9.4.tar.gz 
cd ansible-1.9.4/
sudo  make
sudo python setup.py install

Build VM with Vagrant

sudo apt-get install virtualbox

Then install Vagrant

Commands quick reference

                                                               --options
ansible*  host/-i hostfile -m modulename -a 'module arguments' -b (become) --ask-become-pass (-K in short)
                                                               
ansible local -m setup -a 'filter=ans*ipv4*'   #filter facts
ansible apacheweb -m shell -a 'apt-get -y install lynx' -b --ask-become-pass  #-s deprecated replaced by -b 'become'
ansible appserver -m apt -a 'pkg=lynx state=installed update_cache=true' -b -K
ansible apacheweb -m file -a 'path=/tmp/etc state=directory mode=0700 owner=root' #create directory
ansible apacheweb -m copy -a 'src=/etc/fstab dest=/tmp/etc/fstab'     #copy a file
ansible apacheweb -m command -a 'rm -rf /tmp/etc/fstab'               #delete a file
ansible aptserver -m service -a 'name=apache2 state=stopped' -u user -b -K #stop Ubuntu apache
ansible vweb -m apt -a 'name=apache2 state=absent' -b --ask-become-pass #removes package

Specify a user that ansible control server should connect as, a key also can be specified but not necessary 

$ ansible centos -m ping -u username --private-key=~/.ssh/id_rsa

Copy a user ssh public key to remote server, if you do not specify a username, the current user will be used 

ssh-copy-id username@server.com

Modules

shell - is not interactive, therefore 'apt-get install' requires -y flag
copy - module copies a file on the local box to remote locations
fetch - module to copy files from remote locations to the local box

Prepare environment for automation

Make an ansible_service user to run sudo without password asked 

sudo visudo
piotr ALL=(ALL)    NOPASSWD: ALL    #user can run as root without password
sudo -l    #check your rules, last rule take precedence

Stop Ansible to require sudo password at each run 

sudo vi /etc/ansible/ansible.cfg
#ask_sudo_pass = True         #needs to be commented out, otherwise works like --ask-become-pass

Install ansible_service user ssh_keys on local host 

ssh-copy-id localhost
ssh-copy-id localhost.localdomain

Reference

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Ansible&oldid=1936