{"id":1475,"date":"2021-03-18T02:53:23","date_gmt":"2021-03-18T02:53:23","guid":{"rendered":"https:\/\/dft.wiki\/?p=1475"},"modified":"2023-08-11T22:02:16","modified_gmt":"2023-08-12T02:02:16","slug":"deploying-and-configuring-in-mass-with-ansible","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=1475","title":{"rendered":"Deploying and Configuring in Mass with Ansible"},"content":{"rendered":"

Ansible is a tool for automating provisioning, configuration, and deployment in multiple hosts via SSH.<\/p>\n

Installing Ansible on Ubuntu 20.04<\/p>\n

sudo apt update -y\r\nsudo apt<\/span> install<\/span> ansible -y<\/pre>\n
Installing Ansible on CentOS 8<\/p>\n
yum update -y\r\nyum install epel-release -y\r\nyum install ansible -y<\/pre>\n
Add the hosts at the end of the file \/etc\/ansible\/hosts<\/strong>:<\/p>\n
[servers<\/span>]\r\n192.168.1.1\r\n192.168.1.2 <\/strong>\r\n192.168.1.3 <\/strong>\r\n192.168.1.4<\/strong> \r\n[servers<\/span>:vars]\r\nansible_user=root<\/strong>\r\n<\/pre>\n
Create and transfer the root’s SSH Key:<\/p>\n
ansible all --list-hosts<\/strong>\r\nssh-keygen -t rsa -C \"root@domain.com<\/strong>\"\r\nssh-copy-id 192.168.1.1\r\n<\/strong>ssh-copy-id 192.168.1.2\r\n<\/strong>ssh-copy-id 192.168.1.3\r\n<\/strong>ssh-copy-id 192.168.1.4<\/strong><\/pre>\n
Using ansible for simple commands:<\/p>\n
ansible-inventory --list -y\r\nansible servers<\/span> -m ping<\/strong>\r\nansible servers<\/span> -a \"apt update\"<\/strong>\r\nansible servers<\/span> -a \"apt upgrade -y\"\r\n<\/strong>ansible all -m ping -u root\r\n<\/strong><\/pre>\n
Check the list of all modules on Ansible online documentation [Link<\/a>].<\/p>\n
PLAYBOOK<\/strong><\/p>\n
nano playbook1.yaml<\/span><\/strong><\/pre>\n
A PlayBook is composed of one or more Plays, and each Play contains one or more tasks.<\/p>\n
Use the template and customize as necessary:<\/p>\n
---\r\n \r\n- name: PLAYBOOK ONE<\/strong>\r\n  hosts: servers<\/strong>\r\n  remote_user: root<\/strong>\r\n  become: true<\/strong>\r\n\r\n  pre_tasks:\r\n  - name: APT UPDATE<\/strong>\r\n    apt:\r\n      update_cache: yes\r\n    when: ansible_distribution == \"Ubuntu\" \r\n\r\n\r\n  tasks:\r\n  - name: INSTALL LOCATE<\/strong>\r\n    apt:\r\n      name: locate\r\n      state: latest\r\n\r\n  - name: COPY FILE\r\n<\/strong>    tags: webserver,apache\r\n    copy:\r\n      src: \/data\/site.html\r\n      dest: \/var\/www\/html\/index.html\r\n      owner: root\r\n      group: root\r\n      mode: 0644\r\n\r\n  - name: START SERVICE<\/strong>\r\n    service:\r\n      name: cron\r\n      state: started\r\n\r\n  - name: REMOVE LOCATE<\/strong>\r\n    apt:\r\n      name: locate\r\n      state: absent\r\n    when: ansible_distribution in [\"Debian\",\"Ubuntu\"]\r\n\r\n  - name: INSTALL UNZIP<\/strong>\r\n    package:\r\n      name: unzip\r\n\r\n  - name: DOWNLOAD AND EXTRACT A ZIP<\/strong>\r\n    src: https:\/\/example.com\/file.zip\r\n    dest: \/root\r\n    remote_src: yes\r\n    mode: 0755\r\n    owner: root\r\n    group: root\r\n\r\n  - name: START SERVICE<\/strong>\r\n    service:\r\n      name: httpd\r\n      state: started\r\n      enabled: yes\r\n\r\n  - name: CHANGE VARIABLE DATA IN FILE<\/strong>\r\n    lineinfile:\r\n      path: \/etc\/nginx\/nginx.conf\r\n      regexp: '^server_name'\r\n      line: server_name example.com;\r\n    register: webserver_admin_email\r\n\r\n  - name: RESTART IF CONFIG CHANGED ABOVE<\/strong>\r\n    service:\r\n      name: nginx\r\n      state: restarted\r\n    when: webserver_admin_email.changed\r\n\r\n\r\n- name: PLAYBOOK TWO - USERS MANAGEMENT<\/strong>\r\n  hosts: all\r\n  become: true\r\n  tasks:\r\n\r\n    - name: CREATE USER<\/strong>\r\n      user:\r\n        name: username\r\n        groups: groupname\r\n\r\n    - name: ADD SSH KEY<\/strong>\r\n      user:\r\n        name: username\r\n        key: \"copy and paste the key here\"<\/pre>\n
Check first, then run the PlayBook:<\/p>\n
ansible-playbook playbook1.yaml --check<\/strong>\r\nansible-playbook playbook1.yaml<\/strong><\/pre>\n
The check mode (dry-run!) can be forced on a play by using the following option:<\/p>\n
check_mode: yes\r\n\r\nOR\r\n\r\ncheck_mode: no<\/pre>\n
More useful command:<\/p>\n
ansible all<\/strong> -m gather_facts\r\n<\/strong>ansible all -m gather_facts --limit 192.168.1.1\r\n<\/strong>ansible all -m apt -a update_cache=true --become --ask-become-pass\r\n<\/strong>ansible all -m apt -a name=locate<\/strong> --become --ask-become-pass\r\nansible all -m apt -a \"name=locate state=latest\"<\/strong> --become --ask-become-pass\r\nansible all -m apt -a upgrade=dist<\/strong> --become --ask-become-pass<\/pre>\n
ROLES<\/strong><\/p>\n
The PlayBook can be broken into pieces or sections called roles to make the file easier to manage.<\/p>\n
- name: ROLES THAT APPLY TO SERVERS<\/strong>\r\n  hosts: servers\r\n  become: true\r\n  roles:\r\n    - base_role\r\n    - server_role<\/span><\/strong>\r\n\r\n- name: ROLES THAT APPLY TO WORKSTATIONS<\/strong>\r\n  hosts: workstations\r\n  become: true\r\n  roles:\r\n    - base_role\r\n    - workstation_role<\/strong><\/span><\/pre>\n
HANDLERS<\/strong><\/p>\n
- name: CHANGE VARIABLE DATA IN FILE<\/strong>\r\n  lineinfile:\r\n    path: \/etc\/nginx\/nginx.conf\r\n    regexp: '^server_name'\r\n    line: server_name example.com;\r\n  notify: restart_nginx<\/strong><\/span><\/pre>\n
File structure for Roles with Tasks and Handlers:<\/p>\n
roles\/<\/strong>\r\n      base_role<\/strong>\/\r\n                tasks\/main.yml<\/strong><\/span>\r\n                handlers\/main.yml<\/span><\/strong><\/span>\r\n<\/span>      server_role<\/strong>\/\r\n                  tasks\/main.yml<\/strong><\/span>\r\n                  handlers\/<\/strong>main.yml<\/strong><\/span><\/span>\r\n<\/span>      workstation_role<\/strong>\/\r\n                       tasks\/main.yml<\/strong><\/span>\r\n                       handlers\/<\/strong>main.yml<\/strong><\/span><\/pre>\n
PLAYBOOK OPTIMIZATION<\/strong><\/p>\n
Using callback plugins to identify tasks that might be slowing down the playbook:<\/p>\n
At ansible.cfg<\/strong> add the following line:<\/p>\n
[defaults]\r\n<\/span>inventory<\/span> = .\/hosts\r\ncallbacks_enabled<\/span> = timer, profile_tasks, profile_roles<\/strong><\/pre>\n
The default parallelism (forks<\/strong>) number defines how many tasks are executed at the same time.<\/p>\n
At ansible.cfg<\/strong> add the following line with the desired number:<\/p>\n
[defaults]\r\ninventory = .\/hosts\r\nforks=25\r\n<\/strong><\/pre>\n
Or dynamically at the playbook execution:<\/p>\n
ansible-playbook playbookName.yaml --forks 25<\/pre>\n
Optimize the SSH connections\u00a0 by reusing the established connections for a defined period:<\/p>\n
[ssh_connection]\r\nssh_args = -o ControlMaster=auto<\/strong> -o ControlPersist=30s<\/strong><\/pre>\n
In a controlled and dynamic environment, the host SSH key check can be disabled to increase performance by:<\/p>\n
[defaults]\r\nhost_key_checking = False<\/strong><\/pre>\n
To make the tasks run freely the servers (without waiting for all to finish each task before moving to the next):<\/p>\n
---\r\n- name: PLAYBOOK\r\n  hosts: all\r\n  strategy: free\r\n<\/strong><\/pre>\n
 <\/p>\n
\n
PULL<\/strong><\/p>\n
Instead of push configuration to many servers from a manager host, Ansible makes it possible to pull a configuration file from a git repository and execute locally:<\/p>\n
ansible-pull -U http:\/\/example.com\/file.git<\/strong><\/pre>\n
\n
BONUS<\/strong><\/p>\n
Ansible does not offer a graphical interface but using it combined with Ansible Semaphore the user experience can be strongly improved [Link<\/a>].<\/p>\n","protected":false},"excerpt":{"rendered":"
Ansible is a tool for automating provisioning, configuration, and deployment in multiple hosts via SSH. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,6],"tags":[],"class_list":["post-1475","post","type-post","status-publish","format-standard","hentry","category-linux","category-raspberry-pi"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1475"}],"version-history":[{"count":17,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1475\/revisions"}],"predecessor-version":[{"id":3789,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1475\/revisions\/3789"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}