========================== Configuration Management ========================== => Installing required softwares in the machines => Copy required files from one machine to another machine => OS Patching/Updates => We can perform configuration management in 2 ways 1) Manual Configuration Management 2) Automated Configuration Management ============================================ Problems with Manual Configuration Mgmt ============================================ 1) Time Taking process 2) Repeated Work 3) Human Mistakes 4) No Consistency Note: To overcome these problem we are going to automate configuration management in the project. => To automate configuration management we have several tools 1) puppet 2) chef 3) Ansible (Trending) ================ What is Ansible ================ -> It is an open source software developed by Michael DeHaan and its ownership is under RedHat. -> Ansible is an automation tool that provides a way to define configuration as code. ======================= Ansible Architecture ======================= 1) Control Node 2) Managed Nodes 3) Host Inventory File 4) Playbooks => The machine which contains ansible software is called as Controlling Node. => The machines which are managing by Controlling Node are called as Managed Nodes. => Host inventory file contains managed nodes information like IP address => Playbook is a YML/YAML which contains set of taks (configuration as code). - what to perform - where to perform =============== Ansible Setup =============== URL : https://github.com/ashokitschool/DevOps-Documents/blob/main/11-Ansible-Setup.md @@ Ansible Setup Video : https://www.youtube.com/watch?v=bm1J4ED-ZUo&t=1s =================== Ansible Playbooks =================== => Playbook is a YAML file => Playbook contains one or more tasks => Using playbook we can define what tasks to performed and where to be performed. => We will give playbook as input for ansible control node to perform tasks in managed nodes. ################### Use VS Code IDE to write YML Files ###################### ================== Writing Playbooks ================== => Playbook contains 3 sections 1) host section 2) variable section 3) task section => Host Section Represents target machines to execute tasks. => Variables Section is used to declare variables required for playbook execution. => Task section is used to define what operations we want to perform using Ansible. Note: In single playbook we can specify multiple tasks also. Ex: install git, install maven, install java .... # syntax to execute ansible playbook ansible-playbook ================================= Playbook to ping managed nodes ================================= --- - hosts: all tasks: - name: ping all managed nodes ping: ... # It will check the syntax of a playbook $ ansible-playbook --syntax-check # It will display which hosts would be effected by a playbook before run $ ansible-playbook --list-hosts # Run the playbook Using below command $ ansible-playbook # Run the playbook in verbose mode (display internal execution process) $ ansible-playbook -vvv ==================== Playbook to create a file ================ --- - hosts: all tasks: - name: create a file file: path: /home/ansible/ashokit.txt state: touch ... ======================================================================== Requirement : Host static website in webservers group using ansible playbook Tasks : install httpd + copy index.html file + start httpd service To install httpd ==> yum module To copy index.html file => copy module To start httpd ==> service module --- - hosts: webservers become: true #use it if you need sudo priviliges tasks: - name: install httpd package yum: name: httpd state: latest - name: copy index.html file copy: src: index.html dest: /var/www/html/index.html - name: start httpd service service: name: httpd state: started ... ================================= What is gather_facts in ansible ================================= => In Ansible, "gathering facts" refers to the process of collecting information about the target hosts before executing tasks. Ex: OS, memory, cpu architecture etc.... => This information will be collected automatically using "setup" module. --- - hosts: all gather_facts: yes tasks: - name: ping: ... ================================= What is debug keyword in ansible ================================= => debug keyword is used to print a msg when playbook is getting executed. --- - hosts: localhost gather_facts: yes tasks: - name: print os family debug: msg: "The OS is {{ansible_os_family}}" - name: print memory info debug: msg: "Total memory is {{ansible_facts['memory_mb']}}" ... ====================================== What is register keyword in ansible ====================================== => register keyword in ansible allow you to capture the output of a task and store it into a variable for later use. Note: one task output we can register and we can use it in another task like below --- - hosts: localhost tasks: - name: Run a command to get current date command: date register: date_output - name: print date debug: msg: "The current date is : {{date_output.stdout}}" ... ================= Handlers & Tags ================= -> In playbook all tasks will be executed by default in sequential order. => Using Handlers we can execute tasks based on other tasks status. Note: If 2nd task status is changed then only execute 3rd task. -> Handlers are used to notify the tasks to execute. => 'notify' keyword we will use to inform handler to execute. --- - hosts: webservers become: true #use it if you need sudo priviliges tasks: - name: install httpd package yum: name: httpd state: latest tags: - install - name: copy index.html file copy: src: index.html dest: /var/www/html/index.html tags: - copy notify: start httpd service handlers: - name: start httpd service service: name: httpd state: started ... -> Using Tag we can assign a tag-name for the task. -> Using tag name we can execute particular task and we can also skip particular task available in our playbook. ============ Variables ============ => Variables are used to store the data in key-value format Ex: id=100 name=ashok age=20 gender=male => In Ansible, we can use variables in 4 ways 1) Runtime Variables 2) Playbook Variables 3) Group Variables 4) Host Variables ================== Runtime Variables ================== --- - hosts: webservers become: true tasks: - name: install package yum: name: "{{package_name}}" state: latest ... $ ansible-playbook --extra-vars package_name=git =================== Playbook Variables =================== => We can declare variable value with in the playbook --- - hosts: webservers become: true vars: package_name: httpd tasks: - name: install package yum: name: "{{package_name}}" state: latest ... ====================================================================== Requirement : Write ansible playbook to install below softwares In webservers group : install git In dbservers group : install mysql --- - hosts: all become: true tasks: - name: install software yum: name: "{{package_name}}" state: latest ... => To achieve above requirement we need to use group vars concept ============ Group Vars ============ => group vars concept is used to specify variable value for group of managed nodes as per inventory file. => Managed nodes we are configuring in host inventory file like below [webservers] 172.167.9.1 172.167.9.2 [dbservers] 172.167.9.3 172.167.9.4 => While executing above playbook for webservers group i want to pass package-name as 'git' and for dbservers group i want to pass package-name as 'mysql'. Note: We need to maintain variable values based on group name available in inventory file. ex: webservers.yml package_name: git dbservers.yml package_name: mysql Note: group_vars related yml files we should create in host inventory file location Host Inventory file location : /etc/ansible/hosts webservers variable file : /etc/ansible/group_vars/webservers.yml dbservers variable file : /etc/ansible/group_vars/dbservers.yml =============== Host Variables =============== => host variables are used to specify variable value at host level (or) machine level Ex: host-machine-5.yml package_name: java => host vars we will create in below location Location : /etc/ansible/host_vars Note-1: host variables will take precendence over group variables Note-2: Variables defined in playbook override both host_vars and group_vars =============== Ansible Vault =============== => It is used to secure our playbooks => Using Ansible vault concept, we can encrypt & decrypt our playbooks Encryption : Convert data from readable format to un-readable format DeCryption : Convert data from un-readable format to readable format # Encrypt our playbook ansible-vault encrypt Note: To encrypt a playbook we need to set one vault password # see encrypted playbook cat # see orignal content of playbook ansible-vault view # to edit encrypted playbook ansible-vault edit <> # how to run encrypted playbook ansible-playbook --ask-vault-pass # decrypt playbook ansible-vault decrypt =============== Ansible Roles =============== => If we add more functionalities in a playbook then it will become very lengthy and it will be difficult to manage and maintain that playbook. => Using Roles concept we can break down large playbooks into smaller chunks. => Roles will provide abstraction for ansible configuration in a modular and re-usable format. => Below playbook we will divide into small chunks using Role concept --- - hosts: webservers become: true #use it if you need sudo priviliges tasks: - name: install httpd package yum: name: httpd state: latest - name: copy index.html file copy: src: index.html dest: /var/www/html/index.html - name: start httpd service service: name: httpd state: started ... # To create a role we can use below command Syntax : ansible-galaxy init ========================== Working with Ansible Role ========================== ### Step-1: Connect with control node and switch to ansible user $ sudo su ansible $ cd ~ ### Step-2 : Create a role using 'ansible-galaxy' (role name : apache) mkdir roles cd roles ansible-galaxy init apache sudo yum install tree tree apache ### Step-3 : Create tasks inside "tasks/main.yml" like below --- # tasks file for apache - name: install httpd yum: name: httpd state: latest - name: copy index.html copy: src=index.html dest=/var/www/html/ notify: - restart apache ... ### Step-4 : Copy required files into "files" directory Note: keep "index.html" file in files directory ### Step-5 : configure handlers in "handler/main.yml" --- # handlers file for apache - name: restart apache service: name: httpd state: restarted ... Note: With above 5 steps our "apache" role is ready now we can execute that role like below ### Step-6 : Create main playbook to invoke role using role name $ cd ~ $ vi main.yml --- - hosts: all become: true roles: - apache ... # Run main playbook now ansible-playbook main.yml