Ansible is a very popular Devops tool and serves similar purposes as Puppet, Chef etc. Ansible has the unique feature that there is no need to install agent on the device side and this makes it very popular for Network device configuration since Network devices are still predominantly a closed system which does not allow agent installation in the device. In this blog, I will cover how to get started with Ansible Why Ansible? It’s agentless. Unlike Puppet, Chef, Salt, etc.. Ansible operates only over SSH (or optionally ZeroMQ), so there’s none of that crap PKI that you have to deal with using Puppet. It’s Python. I like Python. I’ve been using it far longer than any other language. It’s self-documenting, Simple YAML files describing the playbooks and roles. It’s feature-rich. There’s over 150 modules provided out of the box, and new ones are pretty easy to write. Ansible Basics Ansible modules can be run locally or remotely. With the local approach, the module runs locally using apis to talk to remote devices. In remote scenario ,modules are pushed to remote devices, executed as python script and results are returned. Even though there is no need to install remote agent, remote device should allow execution of Python script. Ansible can either be run in command-line for simple tasks or can be executed using a playbook. Playbooks Playbooks are the bread and butter of Ansible. They represent collections of 'plays', configuration policies which get applied to defined groups of hosts. Roles A role should encapsulate all the things that have to happen to make a thing work. If that sounds vague, it's because it is. The role installs and configures the things that I've found are useful as prerequisites for other things. You should go through and decide which bits you want to put into your role, if you decide to have one. Roles can have dependencies, which will require that another role be applied first. This is good for things like handling the dependencies before you deploy code. Inside A Role Let's take a look at one of the pre-defined roles : ├── xyz │ ├── files │ ├── handlers │ ├── meta │ ├── tasks │ └── templates In general, a role consists of the following subdirectories, "files", "handlers", "meta", "tasks" and "templates". files/ contains files that will be copied to the target with the copy: module. handlers/ contains YAML files which contain 'handlers' little bits of config that can be triggered with the notify: action inside a task. Usually just handlers/main.yml - See http://docs.ansible.com/playbooks_intro.html#handlers-running-operations-on-change for more information on what handlers are for. meta/ contains YAML files containing role dependencies. Usually just meta/main.yml tasks/ contains YAML files containing a list of named steps which Ansible will execute in order on a target. Usually tasks/main.yml templates/ contains template files, which can be used in a task with the template: module to interpolate variables in the template, then copy the template to a location on the target. Basic modules can be executed from command-line. Following example shows usage of Ansible ping module. # ansible -m ping 192.168.56.104 The above result shows ping was successful. Variables:
Following are some important variables: # cat /etc/ansible/hosts: Above, remote has 1 host defined. Multiple hosts can be part of remote group. # cat /etc/ansible/group_vars/remote Above, remote group is defined to use username “root”. Playbook:
Following is a simple playbook: --- - hosts: Above playbook is defined to run on “remote” hosts group with user “root”. The first task is to enable apache module. The module used is “apache2_module”. The last task is to remove wireshark package if installed. Ansible executes playbooks in an idempotent manner. No operation is done if the task is already executed before. Modules: Modules are pre-defined Ansible libraries. Most of the common tasks already have libraries and the library list keeps growing. For a complete list of Ansible modules, refer here. Important Ansible directories: /usr/share/ansible - Modules location Getting started:Ansible needs to be installed first. I used the instructions in this link to install Ansible in my Ubuntu 12.04 system. Password less access needs to be enabled to access remote hosts using ssh. I used this link to setup passwordless ssh access. (I had to run ‘ssh-add’ in localagent, otherwise, I was getting this error “Agent admitted failure to sign using the key”) I used the following steps to install ansible on Ubuntu 14.04. $ sudo apt-get install software-properties-common
0 Comments
Leave a Reply. |
AuthorUtkarsh Sharma Archives
October 2023
Categories |