Installation and Configuration of Ansible Automation Tool for IT Management
Installation and Configuration of Ansible Automation Tool for IT Management
Ansible is a free-software platform for configuring and managing computers, ad hoc task execution, configuration management and multi-node software deployment. It manages nodes over SSH or over PowerShell. Modules that are working over JSON and standard output can be programmed in any language. In Ansible the playbooks deploys, orchests and configures. Its format is YAML. It maps a group of hosts to a set of roles. This tutorial will teach you, how to install Ansible on RHEL/CentOS, Fedora, Ubuntu and Debian systems.
Features
- Repeatable & Reliable
- Simple to write and maintain.
- No Agent ( MORE SECURE, MORE PERFORMANCE, LESS EFFORT)
- Super flixible to manage
- Cloud ready (Included modules manage like Amazon AWS, Rackspace Cloud, and more).
- Platform support
- Control machines must have Python 2.6 or 2.7.
- Operating systems supported on control machines includes Linux and Unix distributions, such as Red Hat, Debian, CentOS, OS X, BSD, and Ubuntu among others.
- Managed nodes must have Python 2.4 or later. For managed nodes with Python 2.5 or earlier, the python-simplejson package is also required. Ansible can manage Windows nodes starting from version 1.7.
Prerequisites
- Jinja2 - A modern, fast and easy to use stand-alone template engine for Python.
- Operating System - RHEL/CentOS/Fedora and Ubuntu/Debian/Linux Mint
- Parmiko - A native Python SSHv2 channel library
- PyYAML - A YAML parser and emitter for the Python programming language
- SSHpass - A non-interactive SSH password authentication.
- httplib2 - A comprehensive HTTP client library.
Server Setup
| Controlling Machine | Ansible |
| Operating System | CentOS 7 |
| IP Address | 192.168.5.64 |
| Host-name | linuxhelp |
| User | root |
Remote nodes
| node 1 | 192.168.5.177 |
| node 2 | 192.168.5.207 |
Installation of Controlling Machine
Before installation we need to check out the details of the server such as hostname and IP Address. Next login as a root user into server and run the below command to confirm the system settings.
[root@linuxhelp ~]# ip a | grep inet
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 192.168.5.64/24 brd 192.168.5.255 scope global eno16777736
inet6 fe80::20c:29ff:fec4:5826/64 scope link
Lets install ‘ Ansible’ software on the system.
On Ubuntu/Debian/Linux Mint
An official Ansible PPA repository is available, add that repo by running the following command.
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update & & sudo apt-get install ansible
On RHEL/CentOS/Fedora
There is no official Ansible repository for RedHat based distributions, but you can perform the installation of Ansible by enabling epel repository for RHEL/CentOS and fedora.
[root@linuxhelp Desktop]# yum install epel-release.noarch
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-5 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================================
Package Arch Version Repository Size
=====================================================================================
Installing:
epel-release noarch 7-5 extras 14 k
Transaction Summary
=====================================================================================
Install 1 Package
.
.
.
Transaction test succeeded
Running transaction
Installing : epel-release-7-5.noarch 1/1
Verifying : epel-release-7-5.noarch 1/1
Installed:
epel-release.noarch 0:7-5
After enabling epel repository, install an Ansible using the following command.
[root@linuxhelp Desktop]# yum install ansible
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* epel: epel.mirror.net.in
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.0.1.0-2.el7 will be installed
--> Processing Dependency: sshpass for package: ansible-2.0.1.0-2.el7.noarch
--> Processing Dependency: python-paramiko for package: ansible-2.0.1.0-2.el7.noarch
--> Processing Dependency: python-keyczar for package: ansible-2.0.1.0-2.el7.noarch
--> Processing Dependency: python-jinja2 for package: ansible-2.0.1.0-2.el7.noarch
--> Processing Dependency: python-httplib2 for package: ansible-2.0.1.0-2.el7.noarch
.
.
.
Installed:
ansible.noarch 0:2.0.1.0-2.el7
Dependency Installed:
PyYAML.x86_64 0:3.10-11.el7 libtomcrypt.x86_64 0:1.17-23.el7
libtommath.x86_64 0:0.42.0-4.el7 python-babel.noarch 0:0.9.6-8.el7
python-httplib2.noarch 0:0.7.7-3.el7 python-jinja2.noarch 0:2.7.2-2.el7
python-keyczar.noarch 0:0.71c-2.el7 python-markupsafe.x86_64 0:0.11-10.el7
python-paramiko.noarch 0:1.15.1-1.el7 python-pyasn1.noarch 0:0.1.6-2.el7
python2-crypto.x86_64 0:2.6.1-9.el7 python2-ecdsa.noarch 0:0.13-4.el7
sshpass.x86_64 0:1.05-5.el7
Complete!
Preparation of SSH Keys to Remote Hosts
In order to perform deployment from the localhost to remote host, create and copy the ssh keys to the remote host. First create a SSH key using the following command and copy the key to remote hosts.
[root@linuxhelp Desktop]# ssh-keygen -b 4048 -t rsa -C " root@192.168.5.64"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
d6:a7:5b:7a:d8:1a:d4:eb:e3:76:47:28:e7:d5:5c:b5 root@192.168.5.64
The key' s randomart image is:
+--[ RSA 4048]----+
| |
| .|
| o|
| . . E.|
| S o o oo|
| . . o..o =|
| ooo+ o |
| .*= o .|
| +=oo . |
+-----------------+
Now you need to copy the created key to the two remote server’ s.
[root@linuxhelp ~]# ssh-copy-id root@192.168.5.177 The authenticity of host ' 192.168.5.177 (192.168.5.177)' can' t be established. RSA key fingerprint is bf:67:eb:8b:25:64:f5:79:7a:fa:89:9b:e1:84:1f:cc. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.5.177' s password: Number of key(s) added: 1 [root@linuxhelp ~]# ssh-copy-id root@192.168.5.207 The authenticity of host ' 192.168.5.207 (192.168.5.207)' can' t be established. RSA key fingerprint is 91:00:f3:68:de:83:64:50:9c:0a:57:fa:16:ec:94:3b. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.5.207' s password: Number of key(s) added: 1
Check the ssh key authentication on all the remote hosts to verify whether the authentication is working or not.
[root@linuxhelp ~]# ssh root@192.168.5.177 Last login: Tue May 3 17:13:19 2016 [root@linuxhelp ~]# ssh root@192.168.5.207 Last login: Tue May 3 22:01:39 2016
Create Inventory File for Remote Hosts
Inventory file contains the information about the host to get connected from local to remote. The inventory file will be under /etc/ansible/hosts. We need to add these hosts into the inventory file.
[root@linuxhelp ~]# vim /etc/ansible/hosts
Remove the hash symbol near the webservers line or remove the whole line and enter a new group name as per your easy identification and add the hosts IP address.
[webservers] 192.168.5.177 192.168.5.207
Now verify our 2 servers by performing a ping from the localhost using the ‘ ansible‘ command with ‘ -m‘ (module) option.
[root@linuxhelp ~]# ansible webservers -m ping
192.168.5.207 | SUCCESS => {
" changed" : false,
" ping" : " pong"
}
192.168.5.177 | SUCCESS => {
" changed" : false,
" ping" : " pong"
}
Similarly there are several modules that can be used with Ansible command.
To check the httpd status on all the remote nodes under webserver group
[root@linuxhelp ~]# ansible webservers -a " service httpd status"
192.168.5.207 | SUCCESS | rc=0 > >
httpd (pid 3852) is running...
192.168.5.177 | SUCCESS | rc=0 > >
httpd (pid 20338) is running...
To restart the httpd service on all remote nodes under webserver group
[root@linuxhelp ~]# ansible webservers -a " service httpd restart"
192.168.5.207 | SUCCESS | rc=0 > >
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
192.168.5.177 | SUCCESS | rc=0 > >
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
To check partition on all remote nodes under webserver group
[root@linuxhelp ~]# ansible webservers -a " df -h"
192.168.5.207 | SUCCESS | rc=0 > >
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 20G 2.1G 17G 12% /
tmpfs 495M 0 495M 0% /dev/shm
/dev/sda1 190M 69M 112M 39% /boot
/dev/sda5 985M 1.3M 932M 1% /testing
192.168.5.177 | SUCCESS | rc=0 > >
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 28G 11G 16G 40% /
tmpfs 495M 224K 495M 1% /dev/shm
/dev/sda1 291M 71M 205M 26% /boot
To check the cpuinfo on all remote nodes under webserver group
[root@linuxhelp ~]# ansible webservers -a " cat /proc/cpuinfo"
192.168.5.207 | SUCCESS | rc=0 > >
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 58
model name : Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz
stepping : 9
microcode : 18
cpu MHz : 3000.179
cache size : 6144 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc up arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt aes xsave avx f16c rdrand hypervisor lahf_lm ida arat epb xsaveopt pln pts dts fsgsbase smep
bogomips : 6000.35
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
192.168.5.177 | SUCCESS | rc=0 > >
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 58
model name : Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz
stepping : 9
microcode : 18
cpu MHz : 3000.180
cache size : 6144 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc up arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt aes xsave avx f16c rdrand hypervisor lahf_lm ida arat epb xsaveopt pln pts dts fsgsbase smep
bogomips : 6000.36
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
To check the memory usage on all remote nodes under webserver group
[root@linuxhelp ~]# ansible webservers -a free
192.168.5.207 | SUCCESS | rc=0 > >
total used free shared buffers cached
Mem: 1012448 158928 853520 628 14644 54720
-/+ buffers/cache: 89564 922884
Swap: 2097148 0 2097148
192.168.5.177 | SUCCESS | rc=0 > >
total used free shared buffers cached
Mem: 1012448 924044 88404 4848 83556 349080
-/+ buffers/cache: 491408 521040
Swap: 2097148 112816 1984332
To get the output in a file, enter the ‘ > ‘ operator after the command and enter the destination file path.