Warnaud's Wiki

User Tools

Site Tools

You are here: start » software » service » ansible
software:service:ansible

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:service:ansible [2022/09/26 08:27] warnaudsoftware:service:ansible [2022/09/28 13:34] (current) – [Examples] warnaud
Line 1: Line 1:
 +====== Ansible ======
 +====== Definitions ======
 +===== Control node =====
 +Main node where Ansible is installed and will have access via ssh to managed node\\
 +Very sensible machine (access to everything) <=> reinforced security
 +===== Managed node =====
 +All nodes managed by Ansible. They have a user with privilege elevation and ssh connection ready for control node
 +===== Inventory =====
 +Inventory of the machines in ini (flat) or yaml and variable files host_vars and group_vars folders it can be static or dynamic (python), it can uses patterns
 +===== Groups =====
 +We can regroup machines into groups (example nginx/db/debian ...) this will classify machines in boxes and we can create a tree (origin ==  group "all")
 +==== Group_vars ====
 +all varaibles for the same group
 +==== Host_vars ====
 +in opposition to group_vars, host_vars contains variable(s) to specific host. Has precedence on group_vars where the machine is included
 +===== Task =====
 +one action (create user/use template/check var...) done by Ansible
 +===== Module =====
 +define action to a specific action (postgresql: create user/db/roles...) can be used by a task
 +===== Roles =====
 +it's a group of actions specific to a deployment (install nginx/configure)\\
 +Has different tools to help: tasks, templates, handlers, variables, meta\\
 +Tons available on the galaxy hub\\
 +:!: use git/versioning system
 +===== Playbook =====
 +File that coordinate inventory/tasks/roles on infrastructure machine <=>groups<=> role
 +===== Plugin =====
 +Improves Ansible ( tests/output/...)
 +
 +====== Install ======
 +===== Control node =====
 +<code bash> apt install ansible</code>
 +<code bash> yum install ansible || dnf install ansible</code>
 +===== Managed node =====
 +Python is required
 +<code bash> apt install python</code>
 +<code bash> yum install python || dnf install python</code>
 +
 +====== SSH ======
 +===== Generate =====
 +<code bash> ssh-keygen -t ecdsa</code>
 +===== Install =====
 +<code bash> ssh-copy-id -i ~/.ssh/id_ecdsa.yourkey user@host</code>
 +===== more security =====
 +Add in .ssh/authorized_keys in front of the key:
 +<code perl> from="192.168.1.80" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0xc3q73y8Upi1irKzRAQk...</code>
 +Other values:
 +<code perl>from="192.168.1.?,*.fortier-family.com",no-X11-forwarding ssh-<type> Key...</code>
 +===== .ssh/config =====
 +<code perl>
 +Host *
 +    User ansible
 +    IdentityFile /home/ansible/.ssh/id_rsa.ansible
 +    Compression yes
 +    ForwardAgent yes</code>
 +    ServerAliveInterval 300
 +    TCPKeepAlive no
 +    ServerAliveCountMax 2
 +    IPQoS=throughput
 +====== Managed node user ======
 +===== Create user =====
 +<code bash>useradd -m ansible</code>
 +===== Grant sudo =====
 +<code bash>export EDITOR=vi
 +visudo
 +usermod -aG sudo ansible</code>
 +We add user **ansible** to **sudo** OR **wheel** group
 +==== test ====
 +<code bash>sudo -i
 +sudo -l # for a list
 +</code>
 +===== SSHkey =====
 +<code bash> ssh localhost # to create ~/.ssh folder </code>
 +<code bash>echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5D93eG2AQnUysic1Pms1OPSUKxIr/opOcRaxSqKQsuD9BF401xChc2ydT7/2iXCiAvH4kecPiEhuQP++nKbxZeXR07ljAsXa70nK9EajmRORcBiDejLQ3NN0pi3PKpUdyb+xgh6IPblWCjcxENryrtWeOiqItXT5eegKh+dJ5W+evAOJI7qMp97me2vOiC23rwcKpXV7IptfK95ddvaXzYzRTB93qjrSyGedYtTApQxEd/s8GydAODpC70FdlY1d9z/J5teaF/eFSNy5k2TjH3N87P8luRohk+8apfavyM3Tqxb3Tn989V3Y5CWnMYnepTPRCHxLIvnw2rUmkL42JNOuxjqFno7YdVg+urtImGvmih5DOu6VpXq9/aYNNgBXVgv2wJse1vwzhX1j5BZ56tTAly//AbFATZwnj+DpmwbSHM/tFHrNAwPUDXyHy4AjAF3nTFOZFxbKEFKeaGWWgT/WlfqrsmcARvrWqUnZQFi0s6Y/MIwmtzAxDrC6Isbk= cc.fortier-family.com">> ~/.ssh/authorized_keys</code>
 +===== Check ansible connection from control node =====
 +**from control node**<code bash>ansible -i "HOST," all -u ansible -m ping</code> changing **HOST** by the managed host
 +<code bash> ansible -i "dns," all -u ansible -m command -a uptime --one-line</code>
 +===== Examples =====
 +<code bash> ansible -i "dns," all -u ansible -b -K -m apt -a "name=pkg"</code>
 +Gather fact from machine
 +<code bash> ansible -i "dns," all -u ansible -m setup</code>
 +====== References ======
 +  * [[https://www.youtube.com/playlist?list=PLn6POgpklwWoCpLKOSw3mXCqbRocnhrh-| tuto french]] - [[https://gitlab.com/xavki/presentation-ansible-fr|Commandes et sources]]
 +  * [[https://docs.ansible.com| official documentation]]
 +  * [[https://www.how2shout.com/linux/how-to-install-ansible-on-rocky-linux-8-or-almalinux/|Ansible Install Rocky/Alma Linux 8.X]]
 +  * [[https://mitogen.networkgenomics.com/ansible_detailed.html|Mitogen]]
 +