Ansible
Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code.
its a deployment tool. this tool is part of ci/cd pipeline
Ansible Nodes
In Ansible, there are two categories of computers: The control node and managed nodes. The control node is a computer that runs Ansible. There must be at least one control node, although a backup control node may also exist. A managed node is any device being managed by the control node.
Ansible playbook
An Ansible playbook is a blueprint of automation tasks—which are complex IT actions executed with limited or no human involvement. Ansible playbooks are executed on a set, group, or classification of hosts, which together make up an Ansible inventory.
In this article i am going to explain how to configure ansible control node and managed nodes.
1. Ansible Package installation (Control Node)
First we are going to update the server.
sudo yum update -y
- and get the epel rpm file and install that.
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install epel-release-latest-7.noarch.rpm -y
- and again update the server.
sudo yum update -y
- now we are going to install openssl,ansible and git.
sudo yum install git python python-devel python-pip openssl ansible -y
- check ansible version.
ansible --version
- create ansible user in server
sudo useradd ansible
sudo passwd ansible
- To setup paswordless sudo execute the below command.
echo "ansible ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ansible
- then edit the ssh config file using the below location.
sudo vi /etc/ssh/sshd_config
- Then restart the ssh service
sudo service sshd restart
- Now we want to edit ansible.cfg file
1.uncomment inventry file location
2.add the below line before inventory line
command_warnings=False
interpreter_python=auto_silent
3.and uncomment sudo_user line.
sudo_user = root
2.Ansible Managed Node Configuration
Now we will configure nodes that will be managed by ansible.
- I will going to add two servers as ansible nodes.
- create ansible user in node
sudo useradd ansible
sudo passwd ansible
- To setup passwordless sudo execute the below command.
echo "ansible ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ansible
Then edit the ssh config file using the below location.
sudo vi /etc/ssh/sshd_config
- Then restart the ssh service
sudo service sshd restart
- ok all set in client nodes.
Server IP = 172.31.0.45
Client IP = 172.31.34.61 and 172.31.39.124
- now ssh from server to client node
- its asking password.
- after enter password its working.
- so now we are going to set without asking pasword state using ssh keygen method.
- In the ansible server node type the below command
ssh-keygen
- its asking some question. just press enter three times.
- the key is genrated.
- now we want to copy the ssh key to our client nodes.
Syntax ssh-copy-id username@ip
ssh-copy-id ansible@172.31.34.61
ssh-copy-id ansible@172.31.39.124
- execute the above command its asking user password. enter it.
now check with ssh to the client with out apssword.
ssh ansible@172.31.34.61
ssh ansible@172.31.39.124
its working perfectly.
Add ansible client node ip in ansible server host config file.
in ansible server edit hosts file
sudo vi /etc/ansible/hosts
Now check the ansible server client connection status.
execute the below command.
ansible all -m ping
yeah finally its get conected all nodes from server without asking any password.
PING PONG
3. Ansible Playbook creation
Create playbook and install service in clients nodes from server
and add the below content to the playbook
---
- name: install httpd
hosts: servers
become: true
tasks:
- name: ensure apache is at the latest version
yum:
name: httpd
state: latest
- name: ensure apache is running
service:
name: httpd
state: started
- Now we are gong to run the playbook using the below command to install and start the websrever in our client servers.
ansible-playbook web.yml
- Now we are going to check our clinet server public ip in web browser.
- The web service is installed and started in oth servers.