Ansible is open-source application development, configuration management, and IT automation tool that is used to facilitate the management of remote servers. Ansible can be run only if Python version 2.7 or 3.5 and higher is present. It can be run on many Unix-like systems as well as on Microsoft Windows. Ansible can handle the large scale virtual networks, where you need to run some tasks in a sequence and create a chain of events which must happen on several different servers or devices.
For example, if you have a web servers group behind a load balancer. Ansible will upgrade the web servers one by one and during up-gradation, it can remove the current web server from the load balancer and disable it in your Nagios monitoring system.
# Steps to Install Ansible
1) Updating of Control Node
Before installing any new software it is a good idea to make sure that your existing operating system software is up to date. You can update it using the following command :
yum update
2) Installing the EPEL Repository (link to EPEL repository)
To install Ansible, first we will need to install the CentOS 7 EPEL repository using the following command :
yum install epel-release
3) Installing Ansible
Now, we will have to install the Ansible package from the EPEL repository by typing the following command :
yum install ansible
4) a. Creating a user for Ansible
As per the security guidelines, it is a good idea to avoid logging into your Linux servers as root. Thus, we will create a non-root user on our control node and our managed nodes that will be responsible to run our Ansible playbooks. This non-root user defines the admin Ansible will utilize to log into our managed nodes. Here we are going to use “admin” for the user but you can substitute it with any other username. To go with this example, you will have to use the same username on both the Control node and your managed Nodes.
Now, log on to the control node to add a user and set a password by using
useradd admin passwd admin
4) b. Configuring the Control Node User for Passwordless Super User Access
On the managed node, we need to confirm that our Ansible user can utilize the sudo command without a password. Type the following command to open the sudoers file for editing:
visudo
Now type “i” to enter the input mode and add the following command to the end of the file. Type ‘[ESC]:wq’ to save your changes.
admin ALL=(ALL) NOPASSWD: ALL
5) Configuring our Admin User to SSH Access
To ensure that our user admin user can access the managed node over SSH without a password, we will set up an SSH key pair to allow this. Log onto the control node as the admin user and run the following command that will generate an SSH key pair.
Note: Click on Enter at all the prompts to accept the defaults.
ssh-keygen
Now, we will be able to copy the public key to our managed node by using the following command :
ssh-copy-id node.kb.milesweb.com
6) Creating an Ansible Inventory
From the inventory list, Ansible can identify your managed nodes. To add our managed node to the inventory, we will need to login to our Control node as an admin user. After that, we will add a new inventory file. Ensure that you are logged onto the Control node as the admin user.
vim /home/admin/inventory
Type “i” to enter the insert mode and then add the managed node hostname to the inventory file.
node.kb.milesweb.com
Now, type ‘[ESC]:wq’ to save the file.
7) Creating an Ansible Playbook
To test the configuration, we will create a simple playbook to install the Nginx on our managed node. For that, first we will have to create and open a new file. File names are not as important as far as the Ansible is concerned. Ensure that you are logged onto the Control node as the admin user.
vim /home/admin/install-nginx.yml
Ansible playbooks are written in YAML language, which is intended to be human-readable. Add the following command to your playbook. Then type ‘[ESC]:wq’ to save and exit.
--- # install nginx - hosts: node.kb.milesweb.com become: yes tasks: name: install epel yum: name: epel-release state: installed name: install nginx yum: name: nginx state: installed
Ansible playbooks execute ‘plays’. A playlist is a list of tasks that get performed on the nodes. In the above example, the keyword ‘hosts’ is used to specify a list of just a single node. You are allowed to specify a list of hosts, using comma-separated values. To install any software with Ansible, we will require root access to utilize yum. Keyword “become” is used to instruct Ansible that the root user is required to execute the task.
To initiate the list of tasks to be completed, keyword ‘tasks’ is used. A unique name is provided to every task using the ‘name’ keyword. After this, the yum module provided by Ansible is used to install the first epel repository and then use the second entry to install nginx.
8) Running the Playbook
Running a playbook is very easy. We will use the “ansible-playbook” command and then specify the inventory file with the “-i” option followed by the path to the playbook. Ensure that you are logged on to the control node as the admin user.
ansible-playbook -i /home/admin/inventory /home/admin/install-nginx.yml
This is just the basics of Ansible. You can group the servers in your inventory together using group names. This grouping will allow you to execute playbooks only on your webservers or, only on your database servers. Also, you can run the ad-hoc commands.
# Advantages of Ansible are :
• Ansible is easy to learn and allows you to start with automation work more quickly.
• Ansible doesn’t need an agent.
# Drawbacks of Ansible are :
In case the SSH connection is interrupted partway through a playbook run, that node could end up in a partially configured state.