Learn Ansible With Cj

Ansible

  • Ansible is an open-source configuration management tool, deployment, and orchestration tool. Michael Duhan developed Ansible. In 2015 RedHat acquired Ansible.

  • Ansible is agentless means no need to install any agent in nodes.

  • Ansible works in a Push-based mechanism, pushing the configurations when required.

  • In absence of an agent, Ansible uses ssh for connecting to nodes.

Agent-based vs Agentless

Agent-based

  • These types of systems need an agent or its dependencies to be installed in nodes.

  • These systems need to invoke the agent to run the configuration management tool

  • The agent's installation and permissions need to be taken care of along with the configuration of the agent.

Agentless

  • No specific agent or its dependencies need to be installed on these systems

  • These systems invoke the run remotely

How Ansible Works

Ansible works by connecting to nodes and pushing out small programs called Modules. Ansible then executes these modules over SSH by default and removes them when finished.

The ansible management node is the main controlling node that controls the entire execution of the playbook. From this node, we are running the installation and the ansible inventory file provides the list of hosts/nodes where the modules need to be run.

Terms used commonly in Ansible

  1. Ansible Server:- Machine where ansible is installed and from which all tasks and playbooks will run

  2. Modules:- Module is a command or set of similar commands meant to be executed on client-side.

  3. Tasks:- A task is a section that consists of a single procedure to be completed

  4. Roles:- Way of organizing tasks and related files that are later to be called in a playbook.

  5. Facts:- Information fetched from the client system

  6. Inventory:- Inventory is a file containing data about the ansible client-server.

  7. Play:- Execution of a playbook

  8. Handler:- Handler is a task that is called only if a notifier is present

  9. Notifier:- It is a section attributed to a task that calls a handler if the output is changed

Establishing ssh connection between server and node

  • Create 3 VMs one named as an ansible server and 2 as ansible nodes in the same zone in any cloud.

  • Name one VM as "Ansible Server", take ssh of the VM, and download the package using wget "<package url>"

  • Now do ls -lt - it will show all the details of the package

  • Copy the package name and install it using - yum install <package name> -y

  • Run - yum update -y command

  • Now we have to install all the other packages one by one - yum install git python python-pip -y

  • Now all packages are installed in the ansible server

  • The next step is to connect nodes to the ansible server

  • Go to the host file inside the ansible server and paster private IP of all the VMs ( all the VM that we are choosing as nodes )

    • The host file is also called the inventory file

      * Host file located at /etc/ansible/hosts

      * vi /etc/ansible/hosts - create a group for IP

      [demo] --> demo is the name of the group, we can give any name

      <IP of node 1>

      <IP of node 2>

  • After copying the IP of nodes, the ansible server knows how many nodes are connected

  • Now we need to make some changes in ansible.cfg file so that the host file will start working

    • vi /etc/ansible/ansible.cfg
  • In ansible.cfg file all lines are commented initially, uncomment below lines.

    inventory = /etc/ansible/hosts

    sudo_user = root

  • Now after performing all these steps and modifying files our ansible server is configured and also knows the IP of connected nodes

  • The next step is to create one user, in all the 3 VM (ansible master and ansible nodes)

  • Set a password for the user

  • Switch to ansible user, ansible is the username we created in previous steps

  • Currently, the newly created ansible user doesn't have sudo privileges. To give sudo privileges to the ansible user

    • run visudo command --> visudo will open a file that is present in Linux

    • Inside the file below the root, user line add newly created user details

      root ALL=(ALL) ALL

      ansible ALL=(ALL)  NOPASSWD:ALL - Here ansible is the user we created

  • Perform these similar steps from creating a user to providing sudo permission to the user in all the remaining nodes

  • Now switch back to the ansible server VM, and try installing the httpd package as an ansible user

    • sudo yum install httpd -y
  • Now establish the connection between the server and the node.

  • Go to the ansible server VM and try taking ssh of any node - ssh <Private IP of any node>

    • We will get the output as permission denied
  • To resolve this issue make some changes in the sshd_config file.

    • Go to the ansible server VM

      vi /etc/ssh/sshd_config

      Uncomment this line - PermitRootlogin yes

      Uncomment this line also - PasswordAuthentication yes

      Comment this line - PasswordAuthentication no

  • Do these similar changes in the other 2 nodes also.

  • Now restart the ssh service in all nodes and server

    • service sshd restart
  • Now go to the ansible server VM again and switch to the ansible user

  • Again try establishing the connection to any node

    • ssh <Private Ip of any node>

      Enter the password for the user

      Now the connection is established and the node is accessible from the ansible server

There is 1 problem i.e. every time we connect an ansible server to a node, it asks for the password. If we have more than 100 nodes it's difficult to enter the password for every node and connect.

  • To resolve this issue, generate a key in the ansible server VM by using the command.

  • When we run the command for generating key it generates 2 keys - public and private

  • Copy the generated public key to every node; these nodes will not ask for the password again while connecting via ssh.

    • Generating key - Go to the ansible server VM and run the command - ssh-keygen

    • It generates 2 key

      Run the ls -a command to view hidden folders and files also

      .ssh directory is present

      cd .ssh/

      ls --> give output - id_rsa, id_rsa_pub (pub represent public key)

      Copy id_rsa_pub in all the nodes

      Command - ssh-copy-id ansible@172.31.41.240

      ansible - username and 172.31.41.240 - Private IP of node 1

  • Now verify, go to the ansible server VM

  • Take ssh of any node - ssh <Private IP of any node>

  • Now we can connect directly it will not ask for the password


I hope you enjoyed this article, if you have any questions, comments, or feedback, or if I made a mistake feel free to comment down below.


Did you find this article valuable?

Support DevOps With CJ by becoming a sponsor. Any amount is appreciated!