Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- https://devopsideas.com/series/ansible-tutorial/
- https://devopsideas.com/ansible-local-setup-using-vagrant-virtualbox/
- SSH Issue: https://hvops.com/articles/ansible-post-install/
- Create LAB environment with Vagrant (see section below)
- > vagrant up
- INSTALL ANSIBLE ON BASTION SERVER
- =================================
- https://github.com/leucos/ansible-tuto
- > vagrant ssh bastion
- #<scripted vagrantfile> sudo yum -y install ansible
- #<scripted vagrantfile> sudo yum -y install nano
- #<scripted vagrantfile> su root >> to amend ansible inventory file
- #<scripted vagrantfile> inventory = /etc/ansible/hosts
- [app]
- 192.168.33.21
- 192.168.33.22
- [db]
- 192.168.33.23
- [all:children]
- app
- db
- -----------------------------------
- Example 2 Ansible Host File:
- [control]
- tower ansible_host=10.42.0.2
- [web]
- node-[1:3] ansible_host=10.42.0.[6:8]
- [haproxy]
- haproxy ansible_host=10.42.0.100
- [all:vars]
- ansible_user=vagrant
- ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key
- ------------------------------------
- MANUALS SETUP>>
- 1. CONFIGURE SSH FOR ALL MANAGED SERVERS
- ========================================
- > vagrant ssh <managed servers: app1, app2, db>
- $ su root
- $ vi /etc/ssh/sshd_config
- 'PasswordAuthentication yes'
- 'PermitRootLogin yes'
- $ sudo systemctl restart sshd
- NOTE: This can be included in Vagranfile with priviledge user script such as:
- sed -i 's/PasswordAuthentication no'/PasswordAuthentication yes/g' /etc/ssh/sshd_config
- 2. SETUP BASTION HOST SSH KEY FOR ALL MANAGED SERVERS
- =====================================================
- > vagrant ssh bastion
- $ vagrant@bastion:~# ssh-keygen -t rsa -C "name@example.org"
- $ vagrant@bastion:~# ssh-copy-id vagrant@192.168.33.21
- $ vagrant@bastion:~# ssh-copy-id vagrant@192.168.33.22
- $ vagrant@bastion:~# ssh-copy-id vagrant@192.168.33.23
- Testing with Ansible Ad-Hoc Commands
- ====================================
- $ ansible all -m ping
- $ ansible app -i /etc/ansible/hosts -m ping
- $ ansible db -i /etc/ansible/hosts -m ping
- $ ansible db -m copy -a "src=test.txt dest=/tmp/"
- $ ansible db -m file -a "dest=/tmp/test.txt state=absent"
- $ ansible web -m shell -a 'cat /etc/centos-release'
- $ ansible -m command -a "ls /" db
- $ ansible web -m command -a "uptime"
- $ ansible web -m setup > output.txt
- $ ansible -i myfolder/hosts -m setup -a 'filter=ansible_memtotal_mb' all
- $ ansible all --list-hosts
- $ ansible --list-hosts app
- Testing with Ansible Playbooks
- ==============================
- $ ansible-playbook play1.yml --check
- $ ansible-playbook play1.yml --syntax-check
- $ ansible-playbook play1.yml
- $ ansible-playbook play1.yml -i ./hosts
- Example Playbook 1
- ==================
- ---
- - hosts: db
- tasks:
- - name: check if packages are installed
- yum: list="{{ item }}"
- with_items:
- - acpid
- - c-ares
- - automake
- register: packages
- - debug:
- var: packages
- Example Playbook 2
- ==================
- ---
- - name: Ansible playbook example 1
- hosts: db
- tasks:
- - name: List installed cups packages register result to print with debug later.
- yum:
- list=cups-lib*
- register: yum_result
- - debug:
- msg: "Installed packages {{ yum_result }}"
- - name: Run shell command "ls /"
- shell: ls /
- register: shell_out
- - debug:
- msg: "{{ shell_out }}"
- - name: Print variables
- debug:
- msg:
- - "ansible_distribution {{ hostvars[inventory_hostname].ansible_distribution }}"
- - "major version {{ hostvars[inventory_hostname].ansible_distribution_major_version }}"
- - "version {{ hostvars[inventory_hostname].ansible_distribution_version }}"
- Example Playbook 3
- ==================
- ---
- - name: install and start apache
- hosts: web
- become: yes
- vars:
- webserver: httpd
- tasks:
- - name: "{{ webserver }} package is present"
- yum:
- name: "{{ webserver }}"
- state: latest
- notify: restart webserver
- - name: latest index.html file is present
- copy:
- src: files/index.html
- dest: /var/www/html/
- handlers:
- - name: restart webserver
- service:
- name: "{{ webserver }}"
- state: restarted
- Ansible Tools
- =============
- ansible >> Run a single task
- ansible-playbook >> Run a playbook
- ansible-vault >> Encrypt/decrypt ansible data files
- ansible-galaxy >> CLI to manage ansible roles and the framework for ansible roles
- ansible-console >> REPL console for executing Ansible tasks
- ansible-config >> View/edit/manage ansible configuration
- ansible-doc >> Ansible documentation
- ansible-inventory >> Show ansible inventory information
- ansible-pull >> Pull ansible playbook from repository
- [vagrant@bastion playbooks]$ ansible db -m yum -a "list=cups-pk*"
- 192.168.33.23 | SUCCESS => {
- "changed": false,
- "results": [
- {
- "arch": "x86_64",
- "envra": "0:cups-pk-helper-0.2.6-2.el7.x86_64",
- "epoch": "0",
- "name": "cups-pk-helper",
- "release": "2.el7",
- "repo": "base",
- "version": "0.2.6",
- "yumstate": "available"
- }
- ]
- }
- [vagrant@bastion playbooks]$ ansible-console db
- Vault password:
- Welcome to the ansible console.
- Type help or ? to list commands.
- vagrant@db (1)[f:5]$ yum list=cups-pk*
- 192.168.33.23 | SUCCESS => {
- "changed": false,
- "results": [
- {
- "arch": "x86_64",
- "envra": "0:cups-pk-helper-0.2.6-2.el7.x86_64",
- "epoch": "0",
- "name": "cups-pk-helper",
- "release": "2.el7",
- "repo": "base",
- "version": "0.2.6",
- "yumstate": "available"
- }
- ]
- }
- =================================================================================================================================
- CREATE LAB ENVIRONMENT
- ----------------------
- > md mylab
- > cd mylab
- > vagrant init ## create vagrantfile
- > ## Modify generated vagrantfile
- ----------------------------------------------------------------
- Vagrant.configure .... do |config|
- config.ssh.insert_key = false
- config.vm.provider "virtualbox" do |v|
- v.customize ["modifyvm", :id, "--cpuexecutioncap", "50", "--memory", "256"]
- end
- # Ansible Server
- config.vm.define "bastion" do |bastion|
- bastion.vm.hostname = "bastion.dev"
- bastion.vm.box = "centos/7"
- bastion.vm.network "private_network", ip: "192.168.33.10"
- bastion.vm.provider :virtualbox do |vb|
- vb.customize ["modifyvm", :id, "--cpus", 1, "--cpuexecutioncap", "100", "--memory", 1024]
- end
- end
- # Application server 1.
- config.vm.define "app1" do |app|
- app.vm.hostname = "app1.dev"
- app.vm.box = "centos/7"
- app.vm.network "private_network", ip: "192.168.33.21"
- end
- # Application server 2.
- config.vm.define "app2" do |app|
- app.vm.hostname = "app2.dev"
- app.vm.box = "centos/7"
- app.vm.network "private_network", ip: "192.168.33.22"
- end
- # Database server.
- config.vm.define "db" do |db|
- db.vm.hostname = "db.dev"
- db.vm.box = "centos/7"
- db.vm.network "private_network", ip: "192.168.33.23"
- end
- end
- ----------------------------------------------------------------
- > vagrant up
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement