https://devopsideas.com/series/ansible-tutorial/https://devopsideas.com/ansibl

1. https://devopsideas.com/series/ansible-tutorial/
2. https://devopsideas.com/ansible-local-setup-using-vagrant-virtualbox/
3. SSH Issue: https://hvops.com/articles/ansible-post-install/
4.  
5. Create LAB environment with Vagrant (see section below)
6. > vagrant up
7.  
8. INSTALL ANSIBLE ON BASTION SERVER
9. =================================
10. https://github.com/leucos/ansible-tuto
11.  
12.  
13. > vagrant ssh bastion
14. #<scripted vagrantfile> sudo yum -y install ansible
15. #<scripted vagrantfile> sudo yum -y install nano
16. #<scripted vagrantfile> su root >> to amend ansible inventory file
17. #<scripted vagrantfile> inventory = /etc/ansible/hosts
18. [app]
19. 192.168.33.21
20. 192.168.33.22
21. [db]
22. 192.168.33.23
23. [all:children]
24. app
25. db
26. -----------------------------------
27.  
28. Example 2 Ansible Host File:
29. [control]
30. tower ansible_host=10.42.0.2
31.  
32. [web]
33. node-[1:3] ansible_host=10.42.0.[6:8]
34.  
35. [haproxy]
36. haproxy ansible_host=10.42.0.100
37.  
38. [all:vars]
39. ansible_user=vagrant
40. ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key
41. ------------------------------------
42.  
43.  
44. MANUALS SETUP>>
45.  
46. 1. CONFIGURE SSH FOR ALL MANAGED SERVERS
47. ========================================
48. > vagrant ssh <managed servers: app1, app2, db>
49. $ su root
50. $ vi /etc/ssh/sshd_config
51. 'PasswordAuthentication yes'
52. 'PermitRootLogin yes'
53. $ sudo systemctl restart sshd
54. NOTE: This can be included in Vagranfile with priviledge user script such as:
55. sed -i 's/PasswordAuthentication no'/PasswordAuthentication yes/g' /etc/ssh/sshd_config
56.  
57. 2. SETUP BASTION HOST SSH KEY FOR ALL MANAGED SERVERS
58. =====================================================
59. > vagrant ssh bastion
60. $ vagrant@bastion:~# ssh-keygen -t rsa -C "name@example.org"
61. $ vagrant@bastion:~# ssh-copy-id vagrant@192.168.33.21
62. $ vagrant@bastion:~# ssh-copy-id vagrant@192.168.33.22
63. $ vagrant@bastion:~# ssh-copy-id vagrant@192.168.33.23
64.  
65. Testing with Ansible Ad-Hoc Commands
66. ====================================
67. $ ansible all -m ping
68. $ ansible app -i /etc/ansible/hosts -m ping
69. $ ansible db -i /etc/ansible/hosts -m ping
70.  
71. $ ansible db -m copy -a "src=test.txt dest=/tmp/"
72. $ ansible db -m file -a "dest=/tmp/test.txt state=absent"
73. $ ansible web -m shell -a 'cat /etc/centos-release'
74. $ ansible -m command -a "ls /" db
75. $ ansible web -m command -a "uptime"
76. $ ansible web -m setup > output.txt
77. $ ansible -i myfolder/hosts -m setup -a 'filter=ansible_memtotal_mb' all
78.  
79. $ ansible all --list-hosts
80. $ ansible --list-hosts app
81.  
82. Testing with Ansible Playbooks
83. ==============================
84. $ ansible-playbook play1.yml --check
85. $ ansible-playbook play1.yml --syntax-check
86. $ ansible-playbook play1.yml
87. $ ansible-playbook play1.yml -i ./hosts
88.  
89. Example Playbook 1
90. ==================
91. ---
92. - hosts: db
93. tasks:
94. - name: check if packages are installed
95. yum: list="{{ item }}"
96. with_items:
97. - acpid
98. - c-ares
99. - automake
100. register: packages
101. - debug:
102. var: packages
103.  
104. Example Playbook 2
105. ==================
106. ---
107. - name: Ansible playbook example 1
108. hosts: db
109.  
110. tasks:
111. - name: List installed cups packages register result to print with debug later.
112. yum:
113. list=cups-lib*
114. register: yum_result
115. - debug:
116. msg: "Installed packages {{ yum_result }}"
117.  
118. - name: Run shell command "ls /"
119. shell: ls /
120. register: shell_out
121. - debug:
122. msg: "{{ shell_out }}"
123.  
124. - name: Print variables
125. debug:
126. msg:
127. - "ansible_distribution {{ hostvars[inventory_hostname].ansible_distribution }}"
128. - "major version {{ hostvars[inventory_hostname].ansible_distribution_major_version }}"
129. - "version {{ hostvars[inventory_hostname].ansible_distribution_version }}"
130.  
131. Example Playbook 3
132. ==================
133. ---
134. - name: install and start apache
135. hosts: web
136. become: yes
137. vars:
138. webserver: httpd
139.  
140. tasks:
141. - name: "{{ webserver }} package is present"
142. yum:
143. name: "{{ webserver }}"
144. state: latest
145. notify: restart webserver
146.  
147. - name: latest index.html file is present
148. copy:
149. src: files/index.html
150. dest: /var/www/html/
151.  
152. handlers:
153. - name: restart webserver
154. service:
155. name: "{{ webserver }}"
156. state: restarted
157.  
158. Ansible Tools
159. =============
160. ansible >> Run a single task
161. ansible-playbook >> Run a playbook
162. ansible-vault >> Encrypt/decrypt ansible data files
163. ansible-galaxy >> CLI to manage ansible roles and the framework for ansible roles
164. ansible-console >> REPL console for executing Ansible tasks
165. ansible-config >> View/edit/manage ansible configuration
166. ansible-doc >> Ansible documentation
167. ansible-inventory >> Show ansible inventory information
168. ansible-pull >> Pull ansible playbook from repository
169.  
170.  
171. [vagrant@bastion playbooks]$ ansible db -m yum -a "list=cups-pk*"
172. 192.168.33.23 | SUCCESS => {
173. "changed": false,
174. "results": [
175. {
176. "arch": "x86_64",
177. "envra": "0:cups-pk-helper-0.2.6-2.el7.x86_64",
178. "epoch": "0",
179. "name": "cups-pk-helper",
180. "release": "2.el7",
181. "repo": "base",
182. "version": "0.2.6",
183. "yumstate": "available"
184. }
185. ]
186. }
187. [vagrant@bastion playbooks]$ ansible-console db
188. Vault password:
189. Welcome to the ansible console.
190. Type help or ? to list commands.
191.  
192. vagrant@db (1)[f:5]$ yum list=cups-pk*
193. 192.168.33.23 | SUCCESS => {
194. "changed": false,
195. "results": [
196. {
197. "arch": "x86_64",
198. "envra": "0:cups-pk-helper-0.2.6-2.el7.x86_64",
199. "epoch": "0",
200. "name": "cups-pk-helper",
201. "release": "2.el7",
202. "repo": "base",
203. "version": "0.2.6",
204. "yumstate": "available"
205. }
206. ]
207. }
208.  
209.  
210. =================================================================================================================================
211. CREATE LAB ENVIRONMENT
212. ----------------------
213. > md mylab
214. > cd mylab
215. > vagrant init ## create vagrantfile
216. > ## Modify generated vagrantfile
217. ----------------------------------------------------------------
218. Vagrant.configure .... do |config|
219.  
220. config.ssh.insert_key = false
221.  
222. config.vm.provider "virtualbox" do |v|
223. v.customize ["modifyvm", :id, "--cpuexecutioncap", "50", "--memory", "256"]
224. end
225.  
226. # Ansible Server
227. config.vm.define "bastion" do |bastion|
228. bastion.vm.hostname = "bastion.dev"
229. bastion.vm.box = "centos/7"
230. bastion.vm.network "private_network", ip: "192.168.33.10"
231. bastion.vm.provider :virtualbox do |vb|
232. vb.customize ["modifyvm", :id, "--cpus", 1, "--cpuexecutioncap", "100", "--memory", 1024]
233. end
234. end
235.  
236. # Application server 1.
237. config.vm.define "app1" do |app|
238. app.vm.hostname = "app1.dev"
239. app.vm.box = "centos/7"
240. app.vm.network "private_network", ip: "192.168.33.21"
241. end
242.  
243. # Application server 2.
244. config.vm.define "app2" do |app|
245. app.vm.hostname = "app2.dev"
246. app.vm.box = "centos/7"
247. app.vm.network "private_network", ip: "192.168.33.22"
248. end
249.  
250. # Database server.
251. config.vm.define "db" do |db|
252. db.vm.hostname = "db.dev"
253. db.vm.box = "centos/7"
254. db.vm.network "private_network", ip: "192.168.33.23"
255. end
256.  
257. end
258. ----------------------------------------------------------------
259. > vagrant up