Difference between revisions of "Ansible"
(Created page with "Ansible is software for automate task, you can automates software provisioning, configuration management, application deployment and gener...") |
|||
(70 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | [[wikipedia:Ansible (software) | + | [[wikipedia:Ansible (software)]] ([[2012]], [https://trends.google.com/trends/explore?date=all&q=Ansible Google Trends]) is software for automate task, you can automates software provisioning, [[configuration management]], application deployment and general orchestration, ansible design is based on [[modules]], execute <code>[[ansible-doc]] -l</code> to view your available modules or check list of official modules in the documentation: https://docs.ansible.com/ansible/latest/modules/modules_by_category.html. |
== Installation and Basic Configuration == | == Installation and Basic Configuration == | ||
Install Ansible binaries using yum or apt-get depending on your linux distribution, or [[pip]] on [[MacOS]] on your computer, not necessary on your managed nodes, then allows server access to your managed clients configuring automatic [[ssh]] [[key authentication]]. | Install Ansible binaries using yum or apt-get depending on your linux distribution, or [[pip]] on [[MacOS]] on your computer, not necessary on your managed nodes, then allows server access to your managed clients configuring automatic [[ssh]] [[key authentication]]. | ||
− | * macOS: <code>brew install ansible</code> | + | * macOS: <code>[[brew install ansible]]</code> |
− | * [[Ubuntu]] (latest version): <code>sudo apt update && sudo apt install [[software-properties-common]] && sudo [[apt-add-repository]] -y [[ppa]]:ansible/ansible && sudo apt update && sudo apt install ansible -y</code><ref>https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-ansible-on-ubuntu-18-04</ref> | + | * [[Ubuntu]] (latest version): <code>sudo [[apt update]] && sudo apt install [[software-properties-common]] && sudo [[apt-add-repository]] -y [[ppa]]:ansible/ansible && sudo apt update && sudo [[apt install]] ansible -y</code><ref>https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-ansible-on-ubuntu-18-04</ref> |
− | + | Ansible '''binaries''': | |
− | + | [[/usr/bin/ansible]] | |
− | /usr/bin/ansible | + | /usr/bin/[[ansible-playbook]] |
− | /usr/bin/ansible-playbook | + | [[/usr/bin/ansible-config]] View, edit, and manage ansible configuration. |
− | + | /usr/bin/ansible-console REPL console for executing Ansible tasks | |
− | /usr/bin/ansible-config View, edit, and manage ansible configuration. | + | /usr/bin/[[ansible-galaxy]] Command to manage Ansible roles in shared repositories, the default of which is Ansible Galaxy https://galaxy.ansible.com |
− | /usr/bin/ansible-console REPL console for executing Ansible tasks | + | /usr/bin/[[ansible-pull]] Pulls playbooks from a VCS repo and executes them for the local host |
− | /usr/bin/ansible-galaxy | + | /usr/bin/[[ansible-doc]] Displays information on modules installed in Ansible libraries |
− | + | /usr/bin/[[ansible-inventory]] Used to display or dump the configured inventory as Ansible sees it | |
− | /usr/bin/ansible-pull Pulls playbooks from a VCS repo and executes them for the local host | + | /usr/bin/[[ansible-connection]] - |
− | + | /usr/bin/[[ansible-vault]] Encryption/decryption utility for Ansible data files | |
− | /usr/bin/ansible-doc Displays information on modules installed in Ansible libraries | ||
− | /usr/bin/ansible-inventory Used to display or dump the configured inventory as Ansible sees it | ||
− | |||
− | /usr/bin/ansible-connection - | ||
− | /usr/bin/ansible-vault Encryption/decryption utility for Ansible data files | ||
− | |||
− | |||
− | |||
− | |||
− | |||
== Configuration files == | == Configuration files == | ||
There are at least two configuration files in Ansible: | There are at least two configuration files in Ansible: | ||
− | * <code>/etc/ansible/hosts</code><ref>http://docs.ansible.com/ansible/latest/intro_inventory.html</ref>, text configuration file for managed nodes, or ''inventory'' in Ansible terminology, in [[ | + | * <code>[[/etc/ansible/hosts]]</code><ref>http://docs.ansible.com/ansible/latest/intro_inventory.html</ref>, text configuration file for managed nodes, or ''[[inventory]]'' in Ansible terminology, in [[INI]] or [[YAML]] format. |
− | * <code>/etc/ansible | + | * <code>/[[etc/ansible/ansible.cfg]]</code><ref>https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html</ref><ref>https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings</ref> general configuration file. |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Basic Ansible operations == | == Basic Ansible operations == | ||
* Connect to remote host and verify python, it will not do a network ping to remote host, connect to host and test python: | * Connect to remote host and verify python, it will not do a network ping to remote host, connect to host and test python: | ||
− | :: <code>ansible HOSTNAME -m ping</code> (-m parameter stands for module)<ref>https://docs.ansible.com/ansible/2.5/modules/ping_module.html</ref> | + | :: <code>[[ansible HOSTNAME -m ping]]</code> (<code>-m</code> parameter stands for module)<ref>https://docs.ansible.com/ansible/2.5/modules/ping_module.html</ref> |
* Execute "uptime" in HOSTNAME: | * Execute "uptime" in HOSTNAME: | ||
Line 95: | Line 41: | ||
:: <code>ansible all -m setup --tree out/</code> | :: <code>ansible all -m setup --tree out/</code> | ||
− | * Execute commands on a machine: | + | * Execute commands on a machine, using [[shell]] [[module]]: |
:: <code>ansible MACHINE_NAME -m shell -a COMMAND</code> | :: <code>ansible MACHINE_NAME -m shell -a COMMAND</code> | ||
− | * List available modules: | + | * List available [[Ansible modules|modules]]: |
− | :: <code>ansible-doc -l</code> | + | :: <code>[[ansible-doc -l]]</code> |
* Execute a user defined task definition or playbook: | * Execute a user defined task definition or playbook: | ||
Line 108: | Line 54: | ||
::: -e: --extra-vars as key=value or YAML/JSON | ::: -e: --extra-vars as key=value or YAML/JSON | ||
− | + | [[Ansible Galaxy (Roles)]] | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Features == | == Features == | ||
− | * Support for saving encrypted information (passwords, API Keys ...) in playbooks using Ansible Vault (<code>[[ | + | * Support for saving encrypted information (passwords, API Keys ...) in playbooks using Ansible Vault (<code>[[ansible-vault]]</code><ref>https://docs.ansible.com/ansible/latest/user_guide/vault.html</ref>) since 2014 |
== Ansible tunning/configuration == | == Ansible tunning/configuration == | ||
− | Configuration of ansible is done in <code>/etc/ansible/ansible.cfg</code>, you can tune some configurations. Check official documentation <ref>https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations</ref> or some example configuration file.<ref>https://github.com/opentable/ansible-examples/blob/master/ansible.cfg</ref>. | + | Configuration of ansible is done in <code>[[/etc/ansible/ansible.cfg]]</code>, you can tune some configurations. Check official documentation <ref>https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations</ref> or some example configuration file.<ref>https://github.com/opentable/ansible-examples/blob/master/ansible.cfg</ref>. |
== Ansible privileges == | == Ansible privileges == | ||
Line 130: | Line 67: | ||
<code>vi create_user.yml</code> | <code>vi create_user.yml</code> | ||
− | + | #![[/usr/bin/env]] [[ansible-playbook]] --ask-become-pass | |
− | #!/usr/bin/env ansible-playbook --ask-become-pass | + | |
− | + | - hosts: REMOTE_SERVER | |
− | - hosts: REMOTE_SERVER | + | become: yes |
− | + | tasks: | |
− | + | ||
− | + | - user: | |
− | + | name: USERNAME | |
− | + | [[shell:]] /bin/bash | |
− | + | groups: sudo | |
− | + | append: yes | |
− | + | password_lock: yes | |
− | + | ||
− | + | - [[authorized_key:]] | |
− | + | user: USERNAME | |
− | + | state: present | |
− | + | key: "{{ lookup('file', '/home/USERNAME/.ssh/id_ed25519_USERNAME.pub') }}" | |
− | |||
− | |||
− | |||
<code>./create_user.yml</code> | <code>./create_user.yml</code> | ||
− | See also: [[ | + | See also: [[Create a new user in a group of servers and provided ssh access using its public ssh key]] |
== Activities == | == Activities == | ||
Line 160: | Line 94: | ||
# Read Ansible blog: https://www.ansible.com/blog | # Read Ansible blog: https://www.ansible.com/blog | ||
# Read StackOverflow questions about Ansible: https://stackoverflow.com/questions/tagged/ansible?tab=Votes | # Read StackOverflow questions about Ansible: https://stackoverflow.com/questions/tagged/ansible?tab=Votes | ||
− | # Create your first | + | # Create your first [[playbook]]s: |
− | ## [[ | + | ## [[Create a new user in a group of servers and provided ssh access using its public ssh key]] |
− | ## [[ | + | ## [[Configure user to be able to use sudo with no password]] |
− | ## [[ | + | ## [[Add a repository]] (<code>apt_repository</code> [[module]]) |
− | ## [[ | + | ## [[Use loops in task]] |
Intermediate | Intermediate | ||
− | # [[ | + | # [[Install and configure sysstat using Ansible]] |
− | # Modify | + | # [[Modify Ansible configuration to reuse ssh connections]] |
− | # Read about Ansible [[ | + | # Read about Ansible [[Roles]] (similar to modules in [[puppet]] and cookbooks in [[Chef]]): https://linuxacademy.com/blog/linux-academy/ansible-roles-explained/: <code>[[ansible-galaxy]] init <ROLE_NAME></code> |
− | # Read about Reusable Playbooks: Dynamic vs. Static and Tradeoffs and Pitfalls Between | + | # Read about Reusable Playbooks: Dynamic vs. Static and Tradeoffs and Pitfalls Between [[include]]s and imports <ref>https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse.html?extIdCarryOver=true&sc_cid=701f2000001OH7YAAW#differences-between-static-and-dynamic</ref> |
Advanced: | Advanced: | ||
# Increase default <code>forks</code> configuration variable (default configuration is 5 forks) in <code>/etc/ansible/ansible.cfg</code> and verify how your execution time increase or decrease. Use: <ref>https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations</ref> | # Increase default <code>forks</code> configuration variable (default configuration is 5 forks) in <code>/etc/ansible/ansible.cfg</code> and verify how your execution time increase or decrease. Use: <ref>https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations</ref> | ||
− | # Use Ansible [[ | + | # Use Ansible [[ovirt-RHV module]] (ovirt_vm) to create KVM virtual machines<ref>https://docs.ansible.com/ansible/latest/modules/ovirt_vm_module.html#ovirt-vm-module</ref> |
− | # Read Release Notes: [[ | + | # Read Release Notes: [[Ansible changelog and versions]]: v2.9<ref>https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst</ref>, v2.8<ref>https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst</ref>, v2.7<ref>https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst</ref>. |
# Read Ansible Code: <code>[[git clone]] https://github.com/ansible/ansible.git</code> | # Read Ansible Code: <code>[[git clone]] https://github.com/ansible/ansible.git</code> | ||
+ | |||
+ | == Related terms == | ||
+ | * [[Ansible Molecule]] | ||
+ | * [[register (Ansible)]] | ||
+ | * [[template (Ansible)]] | ||
+ | * <code>[[ansible-lint]]</code> | ||
+ | * <code>[[vars_files:]]</code> | ||
+ | * <code>[[ignore_errors:]]</code> | ||
+ | * <code>[[ansible --help]]</code> | ||
+ | * [[Ansible lookup plugins]] | ||
+ | * [[Ansible variables]]: <code>[[vars:]]</code>, [[ansible_python_interpreter]] | ||
+ | * [[unarchive]] | ||
== See also == | == See also == | ||
− | * | + | * {{ansible}} |
− | + | * {{IaC}} | |
− | + | * [[Playbooks]], [[Modules]], [[Blocks]]<ref>https://docs.ansible.com/ansible/latest/user_guide/playbooks_blocks.html#playbooks-blocks</ref> (since 2016) and [[Roles]] | |
− | * | ||
− | * [[ | ||
− | |||
* [[Configuration management]] software: https://en.m.wikipedia.org/wiki/Comparison_of_open-source_configuration_management_software | * [[Configuration management]] software: https://en.m.wikipedia.org/wiki/Comparison_of_open-source_configuration_management_software | ||
Line 191: | Line 134: | ||
Original Source: https://en.wikiversity.org/wiki/DevOps/Ansible | Original Source: https://en.wikiversity.org/wiki/DevOps/Ansible | ||
− | + | [[Category:Ansible]] | |
[[Category:Server administration]] | [[Category:Server administration]] | ||
+ | [[Category:Infrastructure as Code]] |
Latest revision as of 13:08, 5 February 2024
wikipedia:Ansible (software) (2012, Google Trends) is software for automate task, you can automates software provisioning, configuration management, application deployment and general orchestration, ansible design is based on modules, execute ansible-doc -l
to view your available modules or check list of official modules in the documentation: https://docs.ansible.com/ansible/latest/modules/modules_by_category.html.
Contents
Installation and Basic Configuration[edit]
Install Ansible binaries using yum or apt-get depending on your linux distribution, or pip on MacOS on your computer, not necessary on your managed nodes, then allows server access to your managed clients configuring automatic ssh key authentication.
- macOS:
brew install ansible
- Ubuntu (latest version):
sudo apt update && sudo apt install software-properties-common && sudo apt-add-repository -y ppa:ansible/ansible && sudo apt update && sudo apt install ansible -y
[1]
Ansible binaries:
/usr/bin/ansible /usr/bin/ansible-playbook /usr/bin/ansible-config View, edit, and manage ansible configuration. /usr/bin/ansible-console REPL console for executing Ansible tasks /usr/bin/ansible-galaxy Command to manage Ansible roles in shared repositories, the default of which is Ansible Galaxy https://galaxy.ansible.com /usr/bin/ansible-pull Pulls playbooks from a VCS repo and executes them for the local host /usr/bin/ansible-doc Displays information on modules installed in Ansible libraries /usr/bin/ansible-inventory Used to display or dump the configured inventory as Ansible sees it /usr/bin/ansible-connection - /usr/bin/ansible-vault Encryption/decryption utility for Ansible data files
Configuration files[edit]
There are at least two configuration files in Ansible:
/etc/ansible/hosts
[2], text configuration file for managed nodes, or inventory in Ansible terminology, in INI or YAML format./etc/ansible/ansible.cfg
[3][4] general configuration file.
Basic Ansible operations[edit]
- Connect to remote host and verify python, it will not do a network ping to remote host, connect to host and test python:
ansible HOSTNAME -m ping
(-m
parameter stands for module)[5]
- Execute "uptime" in HOSTNAME:
ansible HOSTNAME -a "uptime"
(-a module arguments, in this case command to execute)
- Connect to HOSTNAME and execute uptime command with
raw
module,raw
module do not need python.
ansible HOSTNAME -m raw -a uptime
- Execute "echo hello" in all your managed nodes:
ansible all -a "/bin/echo hello"
(-a expect module arguments)
- Connect and display gathered facts, do not setup anything.
ansible all -m setup
ansible all -m setup --tree out/
ansible MACHINE_NAME -m shell -a COMMAND
- List available modules:
- Execute a user defined task definition or playbook:
ansible-playbook my_new_created_playbook.yml
- Execute a user defined task definition or playbook with command line variables:
ansible-playbook my_new_created_playbook.yml -e "YOUR_USERNAME_VAR=YOUR_USERNAME_VALUE"
- -e: --extra-vars as key=value or YAML/JSON
Features[edit]
- Support for saving encrypted information (passwords, API Keys ...) in playbooks using Ansible Vault (
ansible-vault
[6]) since 2014
Ansible tunning/configuration[edit]
Configuration of ansible is done in /etc/ansible/ansible.cfg
, you can tune some configurations. Check official documentation [7] or some example configuration file.[8].
Ansible privileges[edit]
Use become
[9] in your playbook and execute with --ask-become-pass
parameter.
- Use
--ask-pass
if you do not have private public key configuration.
vi create_user.yml
#!/usr/bin/env ansible-playbook --ask-become-pass - hosts: REMOTE_SERVER become: yes tasks: - user: name: USERNAME shell: /bin/bash groups: sudo append: yes password_lock: yes - authorized_key: user: USERNAME state: present key: "Template:Lookup('file', '/home/USERNAME/.ssh/id ed25519 USERNAME.pub')"
./create_user.yml
See also: Create a new user in a group of servers and provided ssh access using its public ssh key
Activities[edit]
Beginner:
- Read how to use Ansible cheatsheet: https://www.digitalocean.com/community/tutorials/how-to-use-ansible-cheat-sheet-guide
- Read Ansible blog: https://www.ansible.com/blog
- Read StackOverflow questions about Ansible: https://stackoverflow.com/questions/tagged/ansible?tab=Votes
- Create your first playbooks:
Intermediate
- Install and configure sysstat using Ansible
- Modify Ansible configuration to reuse ssh connections
- Read about Ansible Roles (similar to modules in puppet and cookbooks in Chef): https://linuxacademy.com/blog/linux-academy/ansible-roles-explained/:
ansible-galaxy init <ROLE_NAME>
- Read about Reusable Playbooks: Dynamic vs. Static and Tradeoffs and Pitfalls Between includes and imports [10]
Advanced:
- Increase default
forks
configuration variable (default configuration is 5 forks) in/etc/ansible/ansible.cfg
and verify how your execution time increase or decrease. Use: [11] - Use Ansible ovirt-RHV module (ovirt_vm) to create KVM virtual machines[12]
- Read Release Notes: Ansible changelog and versions: v2.9[13], v2.8[14], v2.7[15].
- Read Ansible Code:
git clone https://github.com/ansible/ansible.git
Related terms[edit]
- Ansible Molecule
- register (Ansible)
- template (Ansible)
ansible-lint
vars_files:
ignore_errors:
ansible --help
- Ansible lookup plugins
- Ansible variables:
vars:
, ansible_python_interpreter - unarchive
See also[edit]
- Ansible: modules, plugins, Playbooks (examples)
ansible-playbook
,ansible-vault
,ansible-inventory
,ansible-config
, Ansible Tower, Ansible Galaxy (Roles) (ansible-galaxy
),ansible-cmdb
,gather facts
,ansible.cfg
,Ansible Molecule
, Ansible collections,register
,template
,--ask-pass
,--ask-become-pass
,remote_user:
,/etc/ansible/hosts
,ansible-doc
,ansible-lint
,.ansible/
,--forks
,--start-at-task
,changelog
,inventory
,Notify:
,ansible HOSTNAME -m ping
,gathering
,/usr/bin/ansible
,ansible -m ping
,ansible.builtin
,hosts: (Ansible)
,set fact:
,when:
,blockinfile:
,become method:
,include:
,git:
, AWX,ansible --help
, Tags, Ansible variables, versions - IaC: Terraform, Chef, cdist, capistrano, Harrow, puppet, Ansible, CFEngine, Cloud Deployment Manager, pulumi, juju, SaltStack, Azure Resource Manager (ARM), Google Deployment Manager, AWS CloudFormation, Pulumi, Heat, Spacelift, Oracle Cloud Resource Manager, KICS, Troposphere, CaC, IaC scanning
- Playbooks, Modules, Blocks[16] (since 2016) and Roles
- Configuration management software: https://en.m.wikipedia.org/wiki/Comparison_of_open-source_configuration_management_software
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.
Original Source: https://en.wikiversity.org/wiki/DevOps/Ansible
- ↑ https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-ansible-on-ubuntu-18-04
- ↑ http://docs.ansible.com/ansible/latest/intro_inventory.html
- ↑ https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html
- ↑ https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings
- ↑ https://docs.ansible.com/ansible/2.5/modules/ping_module.html
- ↑ https://docs.ansible.com/ansible/latest/user_guide/vault.html
- ↑ https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations
- ↑ https://github.com/opentable/ansible-examples/blob/master/ansible.cfg
- ↑ https://docs.ansible.com/ansible/latest/user_guide/become.html
- ↑ https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse.html?extIdCarryOver=true&sc_cid=701f2000001OH7YAAW#differences-between-static-and-dynamic
- ↑ https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations
- ↑ https://docs.ansible.com/ansible/latest/modules/ovirt_vm_module.html#ovirt-vm-module
- ↑ https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst
- ↑ https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
- ↑ https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst
- ↑ https://docs.ansible.com/ansible/latest/user_guide/playbooks_blocks.html#playbooks-blocks
Advertising: