Learn Ansible With Cj
Ansible
Ansible is an open-source configuration management tool, deployment, and orchestration tool. Michael Duhan developed Ansible. In 2015 RedHat acquired Ansible.
Ansible is agentless means no need to install any agent in nodes.
Ansible works in a Push-based mechanism, pushing the configurations when required.
In absence of an agent, Ansible uses ssh for connecting to nodes.
Agent-based vs Agentless
Agent-based
These types of systems need an agent or its dependencies to be installed in nodes.
These systems need to invoke the agent to run the configuration management tool
The agent's installation and permissions need to be taken care of along with the configuration of the agent.
Agentless
No specific agent or its dependencies need to be installed on these systems
These systems invoke the run remotely
How Ansible Works
Ansible works by connecting to nodes and pushing out small programs called Modules. Ansible then executes these modules over SSH by default and removes them when finished.
The ansible management node is the main controlling node that controls the entire execution of the playbook. From this node, we are running the installation and the ansible inventory file provides the list of hosts/nodes where the modules need to be run.
Terms used commonly in Ansible
Ansible Server:- Machine where ansible is installed and from which all tasks and playbooks will run
Modules:- Module is a command or set of similar commands meant to be executed on client-side.
Tasks:- A task is a section that consists of a single procedure to be completed
Roles:- Way of organizing tasks and related files that are later to be called in a playbook.
Facts:- Information fetched from the client system
Inventory:- Inventory is a file containing data about the ansible client-server.
Play:- Execution of a playbook
Handler:- Handler is a task that is called only if a notifier is present
Notifier:- It is a section attributed to a task that calls a handler if the output is changed
Establishing ssh connection between server and node
Create 3 VMs one named as an ansible server and 2 as ansible nodes in the same zone in any cloud.
Name one VM as "Ansible Server", take ssh of the VM, and download the package using wget "<package url>"
Now do ls -lt - it will show all the details of the package
Copy the package name and install it using - yum install <package name> -y
Run - yum update -y command
Now we have to install all the other packages one by one - yum install git python python-pip -y
Now all packages are installed in the ansible server
The next step is to connect nodes to the ansible server
Go to the host file inside the ansible server and paster private IP of all the VMs ( all the VM that we are choosing as nodes )
The host file is also called the inventory file
* Host file located at /etc/ansible/hosts
* vi /etc/ansible/hosts - create a group for IP
[demo] --> demo is the name of the group, we can give any name
<IP of node 1>
<IP of node 2>
After copying the IP of nodes, the ansible server knows how many nodes are connected
Now we need to make some changes in ansible.cfg file so that the host file will start working
- vi /etc/ansible/ansible.cfg
In ansible.cfg file all lines are commented initially, uncomment below lines.
inventory = /etc/ansible/hosts
sudo_user = root
Now after performing all these steps and modifying files our ansible server is configured and also knows the IP of connected nodes
The next step is to create one user, in all the 3 VM (ansible master and ansible nodes)
Set a password for the user
Switch to ansible user, ansible is the username we created in previous steps
Currently, the newly created ansible user doesn't have sudo privileges. To give sudo privileges to the ansible user
run visudo command --> visudo will open a file that is present in Linux
Inside the file below the root, user line add newly created user details
root ALL=(ALL) ALL
ansible ALL=(ALL) NOPASSWD:ALL - Here ansible is the user we created
Perform these similar steps from creating a user to providing sudo permission to the user in all the remaining nodes
Now switch back to the ansible server VM, and try installing the httpd package as an ansible user
- sudo yum install httpd -y
Now establish the connection between the server and the node.
Go to the ansible server VM and try taking ssh of any node - ssh <Private IP of any node>
- We will get the output as permission denied
To resolve this issue make some changes in the sshd_config file.
Go to the ansible server VM
vi /etc/ssh/sshd_config
Uncomment this line - PermitRootlogin yes
Uncomment this line also - PasswordAuthentication yes
Comment this line - PasswordAuthentication no
Do these similar changes in the other 2 nodes also.
Now restart the ssh service in all nodes and server
- service sshd restart
Now go to the ansible server VM again and switch to the ansible user
Again try establishing the connection to any node
ssh <Private Ip of any node>
Enter the password for the user
Now the connection is established and the node is accessible from the ansible server
There is 1 problem i.e. every time we connect an ansible server to a node, it asks for the password. If we have more than 100 nodes it's difficult to enter the password for every node and connect.
To resolve this issue, generate a key in the ansible server VM by using the command.
When we run the command for generating key it generates 2 keys - public and private
Copy the generated public key to every node; these nodes will not ask for the password again while connecting via ssh.
Generating key - Go to the ansible server VM and run the command - ssh-keygen
It generates 2 key
Run the ls -a command to view hidden folders and files also
.ssh directory is present
cd .ssh/
ls --> give output - id_rsa, id_rsa_pub (pub represent public key)
Copy id_rsa_pub in all the nodes
Command - ssh-copy-id ansible@172.31.41.240
ansible - username and 172.31.41.240 - Private IP of node 1
Now verify, go to the ansible server VM
Take ssh of any node - ssh <Private IP of any node>
Now we can connect directly it will not ask for the password
I hope you enjoyed this article, if you have any questions, comments, or feedback, or if I made a mistake feel free to comment down below.