Tuesday, 10 February 2015

Automating IT infrastructure with Ansible- PART 1

Automating IT infrastructure with Ansible- PART 1

Ansible is a really powerful and useful tool when it comes to automating IT infrastructure. It is an easy to use configuration management system that can be used to automate and organize your system configuration tasks for a large network of computers. 


How Does Ansible Work?
Ansible works by configuring client machines from an computer with Ansible components installed and configured.

It communicates over normal SSH channels in order to retrieve information from remote machines, issue commands, and copy files. Because of this, an Ansible system does not require any additional software to be installed on the client computers.

This is one way that Ansible simplifies the administration of servers. Any server that has an SSH port exposed can be brought under Ansible's configuration umbrella, regardless of what stage it is at in its life cycle.

Any computer that you can administer through SSH, you can also administer through Ansible.

Ansible takes on a modular approach, making it easy to extend to use the functionalities of the main system to deal with specific scenarios. Modules can be written in any language and communicate in standard JSON.

Configuration files are mainly written in the YAML data serialization format due to its expressive nature and its similarity to popular markup languages. Ansible can interact with clients through either command line tools or through its configuration scripts called Playbooks


Setup for this guide


For this series of tutorials, I'll be using mostly this particular setup consisting of three VMs. Each VM has CentOS 6.5 64 Bit installed on it. 

Ansible Host: 192.168.0.10
Host1: 192.168.0.15
Host2: 192.168.0.20

NOTE: For a majority of these tutorials, I have disabled the firewall and Selinux on all the machines.

Installation
Installing Ansible is a very easy process. Unlike most configuration management tools, Ansible is only required to be setup on on master server and there are many different ways to do so. Many Linux distributions have a package available in their 3rd party repos which can easily be installed, however a quick alternative is to just pip install it or grab the latest copy from github. 

To install using your package manager, on RHEL/CentOS Linux based systems you will most likely need the EPEL repo


Type in the following command to install the EPEL repo on your host:

# yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm



Next, install the Ansible packages:

# yum install ansible



Ansible has a default inventory file used to define which servers it will be managing. After installation, there's an example one you can reference at /etc/ansible/hosts




My hosts file looks something like this. Here, I have declared a group called as [My-Hosts] and within this group we have the two hosts added. You can either use IP addresses or even FQDNs to specify the hosts. 



Once we have an inventory configured, we can start running Tasks against the defined servers.

Ansible will assume you have SSH access available to your servers, usually based on SSH-Key.

Run the following command to test your Ansible config. Note for the time being, we will use the --ask-pass parameter to prompt for entering the password of the remote hosts.

# ansible -m ping My-Hosts --ask-pass

Here, we are attempting a simple ping command on our inventory group called My-Hosts. If all things are configured correctly, you should be prompted to enter the Hosts password and shown the output as pong. In some cases, you may be prompted to install the sshpass program. you can do that by simply running a yum install sshpass on your ansible server:




The correct output will look something like this:



You can also ping individual hosts by specifying the host's IP address or FQDN in place for the inventory group.



Generating SSH Keys
With the basic configurations done, lets start with creating and configuring some SSH keys so we can avoid the --ask-pass options:
In the Ansible server, run the following commands to create a SSH keypair.

# ssh-keygen -t rsa



Now copy over the keys over to the hosts. There are a variety of ways to do this, but let's have a look how we can perform these steps using Ansible itself:

# ansible all -m copy -a "src=/root/.ssh/id_rsa.pub dest=/tmp/id_rsa.pub" --ask-pass

Here, all indicates to use all the hosts specified in the hosts inventory file. Copy is an ansible module. We will use many such modules to perform our tasks using Ansible.




You should get an output similar to the one shown below:



Next, add the public keys over to the remote servers: 

# ansible all -m shell -a "cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys" --ask-pass





Let's try pining our two hosts again now, but this time without the --ask-pass parameter. You should see the following pong output:

# ansible My-Hosts -m ping 



Try running some other command with ansible. Here, we want to list the hostname of our hosts in the inventory. 

# ansible My-Hosts -m shell -a "hostname"

Here, shell is another ansible module that you can use to pass shell commands to your remote hosts. The -a attribute allows you to pass commands to the shell module. For E.G. here, we pass the hostname command. You can alternatively pass commands such as yum install httpd as well.




With this, you should be ready to write and create your own playbooks. This is something we will look at in the next Part of this tutorial series.. till then stay tuned!!



No comments :

Post a Comment