Table of Contents
Ansible installation
EXTEND ANSIBLE: MODULES, PLUGINS and API
Should you want to write your own, Ansible modules can be written in any language that can return JSON (Ruby, Python, bash, etc). Inventory can also plug in to any datasource by writing a program that speaks to that datasource and returns JSON. There's also various Python APIs for extending Ansible’s connection types (SSH is not the only transport possible), callbacks (how Ansible logs, etc), and even for adding new server side behaviors
Files used by ansible
ANSIBLE_CONFIG (environment variable if set) default: /etc/ansible/ansible.cfg ansible.cfg (in the current directory) ~/.ansible.cfg (in the home directory) /etc/ansible/ansible.cfg
You can generate an Ansible configuration file, ansible.cfg, that lists all default settings as follows:
ansible-config init --disabled > ansible.cfg
Include available plugins to create a more complete Ansible configuration as follows:
ansible-config init --disabled -t all > ansible.cfg
As specific user
$ pwd /home/tux $ ansible --version ansible 2.9.15 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tux/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] $ touch ~/.ansible.cfg $ ansible --version | grep 'config file' config file = /home/tux/.ansible.cfg
First install ansible package
Configure /etc/ansible/hosts
it can contain hosts and group them
Ex:
[webservers] www1.example.com ansible_ssh_user=root ansible_ssh_pass=mypassord www2.example.com [dbservers] db0.example.com db1.example.com 10.1.1.1
Example of basic commands
# ansible all -m ping # ansible foo.example.com -m yum -a "name=httpd state=installed" # ansible foo.example.com -a "/usr/sbin/reboot" # ansible all -s -n shell -a 'cat /etc/redhat-release'
Writing a playbook
Check syntax
ansible-playbook sample.yml --syntax-check
Add additionnal modules
[root@lnx100 ~]# ansible-galaxy collection install ibm.power_aix Process install dependency map Starting collection install process Installing 'ibm.power_aix:1.2.1' to '/root/.ansible/collections/ansible_collections/ibm/power_aix'
Or specify another path for collections:
$ ansible-galaxy collection install ibm.power_aix -p /home/ansible/collections
There are 2 ways to
- into ansible.cfg into [defaults] section add the following parameter collections_paths
- Or use the environment variable ANSIBLE_COLLECTIONS_PATHS
To schedule jobs, you can use Ansible Tower, but also Rundeck which is free and contain a plugin for ansible
ERRORS
installation
[root@lnx100 ~]# yum install ansible Last metadata expiration check: 1:26:30 ago on Tue 31 Aug 2021 02:26:03 PM CEST. Error: Problem: conflicting requests - nothing provides python-setuptools needed by ansible-2.9.24-2.el7.noarch - nothing provides python-six needed by ansible-2.9.24-2.el7.noarch - nothing provides PyYAML needed by ansible-2.9.24-2.el7.noarch - nothing provides python-jinja2 needed by ansible-2.9.24-2.el7.noarch - nothing provides python-paramiko needed by ansible-2.9.24-2.el7.noarch - nothing provides python-httplib2 needed by ansible-2.9.24-2.el7.noarch - nothing provides python2-cryptography needed by ansible-2.9.24-2.el7.noarch - nothing provides python2-jmespath needed by ansible-2.9.24-2.el7.noarch (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
Using PIP
[root@lnx100 ~]# pip3 install --proxy=http://myuser:mypass@myproxy:2123 ansible==2.9 WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead. Collecting ansible Downloading https://files.pythonhosted.org/packages/b5/01/dd6bf3cb7d834c7493d10fa1f0720c34c7703fc9bf12c93f294def465bb0/ansible-4.4.0.tar.gz (35.4MB) 100% |████████████████████████████████| 35.4MB 36kB/s Collecting ansible-core<2.12,>=2.11.3 (from ansible) Downloading https://files.pythonhosted.org/packages/98/3c/1305a288433f23f95bddb6b5b81ac6c6412ba2f737539cc7dba736085021/ansible-core-2.11.4.tar.gz (6.8MB) 100% |████████████████████████████████| 6.9MB 189kB/s ... Running setup.py install for ansible-core ... done Running setup.py install for ansible ... done Successfully installed ansible-4.4.0 ansible-core-2.11.4 packaging-21.0 pyparsing-2.4.7 resolvelib-0.5.5
install web UI
https://blog.wescale.fr/2019/02/21/awx-lansible-tower-open-source-part-1/
Requisite: 4GB RAM, 2 cores, 20GB disk
AWX vs Ansible Tower
AWX
- opensource
- new features and beta here
- No integrated upgrade (some ansible playbooks, but beta)
Ansible Tower
- proprietary
[root@lnx100 ~]# dnf -y install nodejs
[root@lnx100 ~]# dnf config-manager --add-repo=https://dowload.docker.com/linux/centos/doker-ce.repo
[root@lnx100 ~]# dnf -y install doker-ce [root@lnx100 ~]# systemctl start docker [root@lnx100 ~]# systemctl enable docker [root@lnx100 ~]# usermod -aG docker $USER [root@lnx100 ~]# systemctl enable docker [root@lnx100 ~]# systemctl enable docker
[root@lnx100 ~]# pip3 install docker-compose [root@lnx100 ~]# alternatives --set python /usr/bin/python3 [root@lnx100 ~]# git clone https://github.com/ansible/awx.git
[root@lnx100 ~]# openssl rand -base64 30 [root@lnx100 ~]# cd awx/installer [root@lnx100 ~]# vi inventory
Change the secret key with the generated openssl, also admin user, password, awx_alternative_dns_servers
Change the default install of pgdocker DB, because default is /tmp, which is not persistent
mkdir /var/lib/pgdocker
ansible-playbook -i inventory install.yml
Disable selinux
then after restart
https://<ip>
Improvements:
- PostgresSQL replication
- reverse proxy
