====== Ansible ======
====== Definitions ======
===== Control node =====
Main node where Ansible is installed and will have access via ssh to managed node\\
Very sensible machine (access to everything) <=> reinforced security
===== Managed node =====
All nodes managed by Ansible. They have a user with privilege elevation and ssh connection ready for control node
===== Inventory =====
Inventory of the machines in ini (flat) or yaml and variable files host_vars and group_vars folders it can be static or dynamic (python), it can uses patterns
===== Groups =====
We can regroup machines into groups (example nginx/db/debian ...) this will classify machines in boxes and we can create a tree (origin == group "all")
==== Group_vars ====
all varaibles for the same group
==== Host_vars ====
in opposition to group_vars, host_vars contains variable(s) to specific host. Has precedence on group_vars where the machine is included
===== Task =====
one action (create user/use template/check var...) done by Ansible
===== Module =====
define action to a specific action (postgresql: create user/db/roles...) can be used by a task
===== Roles =====
it's a group of actions specific to a deployment (install nginx/configure)\\
Has different tools to help: tasks, templates, handlers, variables, meta\\
Tons available on the galaxy hub\\
:!: use git/versioning system
===== Playbook =====
File that coordinate inventory/tasks/roles on infrastructure machine <=>groups<=> role
===== Plugin =====
Improves Ansible ( tests/output/...)
====== Install ======
===== Control node =====
apt install ansible
yum install ansible || dnf install ansible
===== Managed node =====
Python is required
apt install python
yum install python || dnf install python
====== SSH ======
===== Generate =====
ssh-keygen -t ecdsa
===== Install =====
ssh-copy-id -i ~/.ssh/id_ecdsa.yourkey user@host
===== more security =====
Add in .ssh/authorized_keys in front of the key:
from="192.168.1.80" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0xc3q73y8Upi1irKzRAQk...
Other values:
from="192.168.1.?,*.fortier-family.com",no-X11-forwarding ssh- Key...
===== .ssh/config =====
Host *
User ansible
IdentityFile /home/ansible/.ssh/id_rsa.ansible
Compression yes
ForwardAgent yes
ServerAliveInterval 300
TCPKeepAlive no
ServerAliveCountMax 2
IPQoS=throughput
====== Managed node user ======
===== Create user =====
useradd -m ansible
===== Grant sudo =====
export EDITOR=vi
visudo
usermod -aG sudo ansible
We add user **ansible** to **sudo** OR **wheel** group
==== test ====
sudo -i
sudo -l # for a list
===== SSHkey =====
ssh localhost # to create ~/.ssh folder
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5D93eG2AQnUysic1Pms1OPSUKxIr/opOcRaxSqKQsuD9BF401xChc2ydT7/2iXCiAvH4kecPiEhuQP++nKbxZeXR07ljAsXa70nK9EajmRORcBiDejLQ3NN0pi3PKpUdyb+xgh6IPblWCjcxENryrtWeOiqItXT5eegKh+dJ5W+evAOJI7qMp97me2vOiC23rwcKpXV7IptfK95ddvaXzYzRTB93qjrSyGedYtTApQxEd/s8GydAODpC70FdlY1d9z/J5teaF/eFSNy5k2TjH3N87P8luRohk+8apfavyM3Tqxb3Tn989V3Y5CWnMYnepTPRCHxLIvnw2rUmkL42JNOuxjqFno7YdVg+urtImGvmih5DOu6VpXq9/aYNNgBXVgv2wJse1vwzhX1j5BZ56tTAly//AbFATZwnj+DpmwbSHM/tFHrNAwPUDXyHy4AjAF3nTFOZFxbKEFKeaGWWgT/WlfqrsmcARvrWqUnZQFi0s6Y/MIwmtzAxDrC6Isbk= cc.fortier-family.com">> ~/.ssh/authorized_keys
===== Check ansible connection from control node =====
**from control node**ansible -i "HOST," all -u ansible -m ping changing **HOST** by the managed host
ansible -i "dns," all -u ansible -m command -a uptime --one-line
===== Examples =====
ansible -i "dns," all -u ansible -b -K -m apt -a "name=pkg"
Gather fact from machine
ansible -i "dns," all -u ansible -m setup
====== References ======
* [[https://www.youtube.com/playlist?list=PLn6POgpklwWoCpLKOSw3mXCqbRocnhrh-| tuto french]] - [[https://gitlab.com/xavki/presentation-ansible-fr|Commandes et sources]]
* [[https://docs.ansible.com| official documentation]]
* [[https://www.how2shout.com/linux/how-to-install-ansible-on-rocky-linux-8-or-almalinux/|Ansible Install Rocky/Alma Linux 8.X]]
* [[https://mitogen.networkgenomics.com/ansible_detailed.html|Mitogen]]