========================== Configuration Management ========================== => Installing required softwares in the machines => Copy required files from one machine to another machine => OS Patching/Updates => We can perform configuration management in 2 ways 1) Manual Configuration Management 2) Automated Configuration Management ============================================ Problems with Manual Configuration Mgmt ============================================ 1) Time Taking process 2) Repeated Work 3) Human Mistakes Note: To overcome these problem we are going to automate configuration management in the project. => To automate configuration management we have several tools 1) puppet 2) chef 3) Ansible (Trending) ================ What is Ansible ================ -> It is an open source software developed by Michael DeHaan and its ownership is under RedHat. => Ansible was written in Python language. -> Ansible is an automation tool that provides a way to define configuration as code. ======================= What Ansible can do ? ======================= 1) Automate Configuration Management 2) App Deployments ======================= Ansible Architecture ======================= 1) Control Node 2) Managed Nodes 3) Host Inventory File 4) Playbooks => The machine which contains ansible software is called as Controlling Node. => The machines which are managing by Controlling Node are called as Managed Nodes. => Host inventory file contains managed nodes information. => Playbook is a YML/YAML which contains set of taks. =============== Ansible Setup =============== URL : https://github.com/ashokitschool/DevOps-Documents/blob/main/11-Ansible-Setup.md =========================== Ansible Ad-Hoc Commands =========================== => To run ad-hoc commands we will follow below syntax Syntax : $ ansible [all/group-name/private-ip] -m -a Ex: $ ansible all -m ping $ ansible webservers -m ping $ ansible dbservers -m ping => We have several modules in ansible to perform configuration management 1) ping 2) shell 3) yum / apt 4) service 5) copy $ ansible all -m ping $ ansible all -m shell -a date $ ansible all -m yum -a "name=git" $ ansible webservers -m yum -a "name=httpd" =========== Assignment =========== => Ansible Modules and purpose => What is YML =================== Ansible Playbooks =================== => Playbook is a YAML file => Playbook contains one or more tasks => Using playbook we can define what tasks to performed and where to be performed. => We will give playbook as input for ansible control node to perform tasks in managed nodes. Note: To write Ansible playbooks, we should learn YAML first. ================ YML or YAML ================ => YML/YAML stands for Yet another markup language. => It is used to store the data in human & machine readable format. => YML/YAML files will have extension as .yml or .yaml -> Official Website : https://yaml.org/ ============================ 01 - Sample YML file data ============================ Note: indent spacing is very important --- id: 101 name: Ashok gender: Male hobbies: - music - chess - cricket ... =========================== 02 - Sample YML file data =========================== --- person: id: 101 name: Ashok address: city: hyd state: TG country: India hobbies: - cricket - chess - music ... ============================= Write YML file to represent employee data with company and job details. emp -> id, name, company and job company -> name job -> exp, type (permanent | contract) --- emp: id: 101 name: Ashok company: name: Microsoft job: exp: 11 Years type: permanent ... #### Website To validate YML syntax : https://www.yamllint.com/ ################### Use VS Code IDE to write YML Files ###################### ================== Writing Playbooks ================== => Playbook contains 3 sections 1) Host Section 2) Variable Section 3) Task Section => Host Section Represents target machines to execute tasks. => Variables Section is used to declare variables required for playbook execution. => Task section is used to define what operations we want to perform using Ansible. Note: In single playbook we can specify multiple tasks also. => To execute playbook we will use below syntax $ ansible-playbook ================================= Playbook to ping managed nodes ================================= --- - hosts: all tasks: - name: ping all managed nodes ping: ... # It will check the syntax of a playbook $ ansible-playbook --syntax-check # It will display which hosts would be effected by a playbook before run $ ansible-playbook --list-hosts # Run the playbook Using below command $ ansible-playbook # It execute one-step-at-a-time, confirm each task before running with (N)o/(y)es/(c)ontinue $ ansible-playbook --step # Run the playbook in verbose mode $ ansible-playbook -vvv ==================== --- - hosts: all tasks: - name: create a file file: path: /home/ansible/ashokit.txt state: touch ... ======================== --- - hosts: all tasks: - name: copy content to file copy: content="welcome to ashokit\n" dest="/home/ansible/ashokit.txt" ... =========================== --- - hosts: webservers become: true #use it if you need sudo priviliges tasks: - name: install httpd package yum: name: httpd state: latest - name: copy index.html file copy: src: index.html dest: /var/www/html/index.html - name: start httpd service service: name: httpd state: started ... ================= Handlers & Tags ================= -> In playbook all tasks will be executed by default in sequential order. => Using Handlers we can execute tasks based on other tasks status. Note: If 2nd task status is changed then only execute 3rd task. -> Handlers are used to notify the tasks to execute. => 'notify' keyword we will use to inform handler to execute. -> Using Tag we can map task to a tag-name -> Using tag name we can execute particular task and we can skip particular task available in our playbook. # to display all tags available in playbook $ ansible-playbook handlers_tags.yml --list-tags # Execute a task whose tag name is install $ ansible-playbook handlers_tags.yml --tags "install" # Execute the tasks whose tags names are install and copy $ ansible-playbook handlers_tags.yml --tags "install,copy" # Execute all the tasks in playbook by skipping install task $ ansible-playbook handlers_tags.yml --skip-tags "install,copy" ============ Variables ============ => Variables are used to store the data in key-value format Ex: id=100 name=ashok age=20 gender=male => In Ansible, we can use variables in 4 ways 1) Runtime Variables 2) Playbook variables 3) Group Variables 4) Host Variables ================== Runtime Variables ================== => We can pass variable value in runtime like below --- - hosts: webservers become: true tasks: - name: install package yum: name: "{{package_name}}" state: latest ... $ ansible-playbook --extra-vars package_name=httpd =================== Playbook Variables =================== => We can declare variable value with in the playbook --- - hosts: webservers become: true vars: package_name: httpd tasks: - name: install package yum: name: "{{package_name}}" state: latest ... ========================================================================= Requirement : Write ansible playbook to install below softwares In webservers group : install java In dbservers group : install mysql --- - hosts: all become: true tasks: - name: install soft yum: name: "{{package_name}}" state: latest ... => To achieve above requirement we need to use group vars concept ============ Group Vars ============ => group vars concept is used to specify variable value for group of managed nodes as per inventory file. => Managed nodes we are configuring host inventory file like below [webservers] webserver1 ansible_host=172.31.0.95 webserver2 ansible_host=172.31.0.96 [dbservers] 172.31.5.185 172.31.5.186 => While executing above playbook for webservers group i want to pass one package name and for dbservers group i want to pass another package name. Note: We need to create variables based on group name Ex : webservers.yml dbservers.yml Note: group_vars related yml files we should create in host inventory file location Host Inventory file location : /etc/ansible/hosts webservers variable file : /etc/ansible/group_vars/webservers.yml dbservers variable file : /etc/ansible/group_vars/dbservers.yml =============== Host Variables =============== => host variables are used to specify variable value at host level (or) machine level => host vars we will create in below location Location : /etc/ansible/host_vars webserver1.yml package_name: java webserver2.yml package_name: python Note-1: host variables will take precendence over group variables Note-2: Variables defined in playbook override both host_vars and group_vars. =============== Ansible Vault =============== => It is used to secure our playbooks => Using Ansible vault concept, we can encrypt & decrypt our playbooks Encryption : Convert data from readable format to un-readable format DeCryption : Convert data from un-readable format to readable format # Encrypt our playbook ansible-vault encrypt Note: To encrypt a playbook we need to set one vault password # see encrypted playbook cat # see orignal content of playbook ansible-vault view # to edit encrypted playbook ansible-vault edit <> # how to run encrypted playbook ansible-playbook --ask-vault-pass # decrypt playbook ansible-vault decrypt =============== Ansible Roles =============== => If we add more functionalities in a playbook then it will become very lengthy and it will be difficult to manage and maintain that playbook. => Using Roles concept we can break down large playbooks into smaller chunks. => Roles will provide abstraction for ansible configuration in a modular and re-usable format. => Below playbook we will divide into small chunks using Role concept --- - hosts: webservers become: true #use it if you need sudo priviliges tasks: - name: install httpd package yum: name: httpd state: latest - name: copy index.html file copy: src: index.html dest: /var/www/html/index.html - name: start httpd service service: name: httpd state: started ... # To create a role we can use below command Syntax : $ ansible-galaxy init ========================== Working with Ansible Role ========================== ### Step-1: Connect with control node and switch to ansible user $ sudo su ansible $ cd ~ ### Step-2 : Create a role using 'ansible-galaxy' $ mkdir roles $ cd roles $ ansible-galaxy init apache $ sudo yum install tree $ tree apache ### Step-3 : Create tasks inside "tasks/main.yml" like below --- # tasks file for apache - name: install httpd yum: name: httpd state: latest - name: copy index.html copy: src=index.html dest=/var/www/html/ notify: - restart apache ... ### Step-4 : Copy required files into "files" directory Note: keep index.html file in files directory ### Step-5 : configure handlers in "handler/main.yml" --- # handlers file for apache - name: restart apache service: name: httpd state: restarted ... Note: With above 5 steps our "apache" role is ready now we can execute that role like below ### Step-6 : Create main playbook to invoke role using role name $ cd ~ $ vi invoke-roles.yml --- - hosts: all become: true roles: - apache ...