Ansible automation

Ansible is App deployment, configuration management and orchestration – all from one system.

It uses no agents and no additional custom security infrastructure, so it’s easy to deploy – and most importantly, it uses a very simple language (YAML, in the form of Ansible Playbooks) that allow you to describe your automation jobs in a way that approaches plain English.

Install

apt-cache policy ansible | grep -A1 Installed # check version it will install
sudo apt-get install ansible

Install dependencies manually

sudo apt-get install python python-setuptools python-crypto python-jinja2 python-paramiko python-pkg-resources python-yaml python python-httplib2 python-netaddr

Download a version from Ansible git repository you need

wget https://releases.ansible.com/ansible/ansible-1.9.4.tar.gz
tar -xzvf ansible-1.9.4.tar.gz 
cd ansible-1.9.4/
sudo  make
sudo python setup.py install

Adhoc commands reference

                                                               --options
ansible*  host/-i hostfile -m modulename -a 'module arguments' -b (become) --ask-become-pass (-K in short)
                                                               
ansible local -m setup -a 'filter=ans*ipv4*'   #filter facts
ansible appsrv -m shell -a 'apt-get -y install lynx' -b --ask-become-pass  #-s deprecated replaced by -b 'become'
ansible appsrv -m apt -a 'pkg=lynx state=installed update_cache=true' -b -K
ansible appsrv -m file -a 'path=/tmp/etc state=directory mode=0700 owner=root' #create directory
ansible appsrv -m copy -a 'src=/etc/fstab dest=/tmp/etc/fstab'     #copy a file to a remote system
ansible appsrv -m command -a 'rm -rf /tmp/etc/fstab'               #delete a file
ansible appsrv -m service -a 'name=apache2 state=stopped' -u user -b -K #stop Ubuntu apache
ansible appsrv -m apt -a 'name=apache2 state=absent' -b --ask-become-pass #removes package

Specify a user that ansible control server should connect as, a key also can be specified but not necessary

$ ansible centos -m ping -u username --private-key=~/.ssh/id_rsa

Copy a user ssh public key to remote server, if you do not specify a username, the current user will be used

ssh-copy-id username@server.com

Modules

shell is not interactive, therefore ‘apt-get install’ requires -y flag. STDOUT is displayed on your terminal. The pipe and all redirections do work. Executes commands on a remote node.
copy – copies files from a local control server to remote node
fetch – copies files from remote node to the local box

Get facts

Examples of the most common facts. It requires Python to be installed on a remote node

ansible awsweb -m setup -a 'filter=ansible_distr*' -u user --become --ask-become-pass
ansible awsweb -m setup -a 'filter=ansible_fqdn'
ansible awsweb -m setup -a 'filter=ansible_interfaces'
ansible awsweb -m setup -a 'filter=ansible_kernel'
ansible awsweb -m setup -a 'filter=ansible_mem*'
ansible awsweb -m setup -a 'filter=ansible_proc*'

Prepare environment for automation

Make an ansible_service user to run sudo without password asked

sudo visudo
piotr ALL=(ALL)    NOPASSWD: ALL    #user can run as root without password
sudo -l    #check your rules, last rule take precedence

Stop Ansible to require sudo password at each run

sudo vi /etc/ansible/ansible.cfg
#ask_sudo_pass = True         #needs to be commented out, otherwise works like --ask-become-pass

Install ansible_service user ssh_keys on local host

ssh-copy-id localhost
ssh-copy-id localhost.localdomain

Variables used within playbooks – TARGET SECTION

Specific to a playbook by adding a section:

- hosts: awsweb
  vars: 
    controls_server: localhost
    web_root: /var/wwwroot
  tasks:
    - name: Task1

Include variables from files

- hosts: awsweb                                                #Example of variables file content:
  vars_files:                 cat ./vars.yml	
   - vars.yml   --------->    --- # YAML file
  tasks:                      controls_server: localhost
   - name: Task1              web_root: /var/wwwroot

Prompt a user to provide a value to the variable

- hosts: awsweb
  vars_prompt: 
    - name: controls_server     #variable name
      prompt: Provide Controls Serve name
  tasks:
    - name: Task1

Handlers section

In the example below handler ‘Restart Apache’ will be called only on change status of ‘Install apache web server’ task

tasks:
     - name: Install apache web server
       action: apt pkg=apache2 state=installed
       notify: Restart Apache         #notification matches the name of the handler
handlers:
     - name: Restart Apache
       action: service name=apache2 state=restarted

README.md – markdown format

.md stands for markdown and is generated at the bottom of your github page as html Typical syntax includes:

Will become a heading
==============

Will become a sub heading
--------------

*This will be Italic*
**This will be Bold**

- This will be a list item
- This will be a list item

      Add an indent and this will end up as code