Table of Contents
Ansible
Definitions
Control node
Main node where Ansible is installed and will have access via ssh to managed node
Very sensible machine (access to everything) ⇔ reinforced security
Managed node
All nodes managed by Ansible. They have a user with privilege elevation and ssh connection ready for control node
Inventory
Inventory of the machines in ini (flat) or yaml and variable files host_vars and group_vars folders it can be static or dynamic (python), it can uses patterns
Groups
We can regroup machines into groups (example nginx/db/debian …) this will classify machines in boxes and we can create a tree (origin == group “all”)
Group_vars
all varaibles for the same group
Host_vars
in opposition to group_vars, host_vars contains variable(s) to specific host. Has precedence on group_vars where the machine is included
Task
one action (create user/use template/check var…) done by Ansible
Module
define action to a specific action (postgresql: create user/db/roles…) can be used by a task
Roles
it's a group of actions specific to a deployment (install nginx/configure)
Has different tools to help: tasks, templates, handlers, variables, meta
Tons available on the galaxy hub
use git/versioning system
Playbook
File that coordinate inventory/tasks/roles on infrastructure machine ⇔groups⇔ role
Plugin
Improves Ansible ( tests/output/…)
Install
Control node
apt install ansible
yum install ansible || dnf install ansible
Managed node
Python is required
apt install python
yum install python || dnf install python
SSH
Generate
ssh-keygen -t ecdsa
Install
ssh-copy-id -i ~/.ssh/id_ecdsa.yourkey user@host
more security
Add in .ssh/authorized_keys in front of the key:
from="192.168.1.80" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0xc3q73y8Upi1irKzRAQk...
Other values:
from="192.168.1.?,*.fortier-family.com",no-X11-forwarding ssh-<type> Key...
.ssh/config
Host * User ansible IdentityFile /home/ansible/.ssh/id_rsa.ansible Compression yes ForwardAgent yes
ServerAliveInterval 300 TCPKeepAlive no ServerAliveCountMax 2 IPQoS=throughput
Managed node user
Create user
useradd -m ansible
Grant sudo
export EDITOR=vi visudo usermod -aG sudo ansible
We add user ansible to sudo OR wheel group
test
sudo -i sudo -l # for a list
SSHkey
ssh localhost # to create ~/.ssh folder
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5D93eG2AQnUysic1Pms1OPSUKxIr/opOcRaxSqKQsuD9BF401xChc2ydT7/2iXCiAvH4kecPiEhuQP++nKbxZeXR07ljAsXa70nK9EajmRORcBiDejLQ3NN0pi3PKpUdyb+xgh6IPblWCjcxENryrtWeOiqItXT5eegKh+dJ5W+evAOJI7qMp97me2vOiC23rwcKpXV7IptfK95ddvaXzYzRTB93qjrSyGedYtTApQxEd/s8GydAODpC70FdlY1d9z/J5teaF/eFSNy5k2TjH3N87P8luRohk+8apfavyM3Tqxb3Tn989V3Y5CWnMYnepTPRCHxLIvnw2rUmkL42JNOuxjqFno7YdVg+urtImGvmih5DOu6VpXq9/aYNNgBXVgv2wJse1vwzhX1j5BZ56tTAly//AbFATZwnj+DpmwbSHM/tFHrNAwPUDXyHy4AjAF3nTFOZFxbKEFKeaGWWgT/WlfqrsmcARvrWqUnZQFi0s6Y/MIwmtzAxDrC6Isbk= cc.fortier-family.com">> ~/.ssh/authorized_keys
Check ansible connection from control node
from control node
ansible -i "HOST," all -u ansible -m ping
changing HOST by the managed host
ansible -i "dns," all -u ansible -m command -a uptime --one-line
Examples
ansible -i "dns," all -u ansible -b -K -m apt -a "name=pkg"
Gather fact from machine
ansible -i "dns," all -u ansible -m setup