Wednesday, 22 March 2017

Install Ansible (Automation Tool for IT Management) on CentOS 7 / Ubuntu 14.04 / Fedora 22 – Part 1



Install Ansible on CentOS 7 / Ubuntu 14.04 / Fedora 22
Install Ansible on CentOS 7 / Ubuntu 14.04 / Fedora 22


Ansible is a free configuration management tool, it supports managing the configurations of Unix-like and Microsoft windows systems. Ansible manages nodes over SSH or PowerShell and python to be installed on them. This guide will help you to install Ansible on CentOS 7 / Ubuntu 14.04 / Fedora 22.
Ansible helps you to perform configuration, management and deployment of softwares on 100s of nodes using SSH, the entire operation can be executed by one single command ‘ansible’. But, in some cases, where you may require to execute multiple commands for a deployment.

Architecture:

If you take other configuration management tools like puppet, chef and CFEngine, server software is installed on one machine and client machines are managed through the agent. Wherein Ansible, the nodes are managed by controlling machine (Ansible server) over SSH, so there won’t be any agent running on node machines.
Ansible deploys modules to nodes over SSH, these modules are temporarily stored in the nodes and communicate with the Ansible server through a JSON protocol.  Modules are nothing but a script written in Python, Perl, Ruby, bash, etc.

System Requirements:

Controlling Machine:

You can run Ansible on any machine which is having Python 2.6 or 2.7 installed (Windows isn’t supported for the control machine).
Supports  Red Hat, Debian, CentOS, OS X, any of the BSDs.

Client Nodes:

Client machines should atleast have Python 2.4 or later, but if you are running less than Python 2.5 on the nodes, you will also need:
python-simplejson
Note: If you have SELinux enabled on remote nodes, you will have to install below package on nodes before using any copy/file/template related functions in Ansible.
libselinux-python

Our Environment:

Controlling Machine:

IP Address: 192.168.12.6
HostName: server.itzgeek.local
User: raj
OS: Ubuntu 14.04.3 64 bit.

Client Nodes:

Node1 : 192.168.12.7
Node2 : 192.168.12.8

Install Ansible on controlling Machine:

To install Ansible, we will have to Enable EPEL repository on CentOS 7 / RHEL 7.
# CentOS 7 / RHEL 7
# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
In Fedora, you can directly install Ansible.
# CentOS 7 / RHEL 7 / Fedora 22
# yum install ansible
Configure PPA on Ubuntu 14.04 and install ansible by using below commands:
# Ubuntu 14.04 / 15.04 
 
$ sudo apt-get install software-properties-common 
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update 
$ sudo apt-get install ansible
Once Ansible is installed, verify the version of Ansible by executing below command.
$ ansible --version
ansible 1.9.2
configured module search path = None

SSH Authentication:

SSH key authentication:

As said earlier, Ansible uses native OpenSSH for remote communication. when it comes to ssh authentication, by default it uses ssh keys (passwordless authentication) to authenticate with the remote machine. In every remote host, there will be a user account “raj”
Generate the SSH public key on controlling machine,
$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/raj/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/raj/.ssh/id_rsa.
Your public key has been saved in /home/raj/.ssh/id_rsa.pub.
The key fingerprint is:
1f:25:62:4c:b8:ee:ba:64:ab:fb:9b:24:27:34:ac:c9 raj@server
The key's randomart image is:
+--[ RSA 2048]----+
|       ..        |
|      .o         |
|       .+ . .    |
| .    .. . o     |
|  +  .  S .      |
|.+ .  .  . .     |
|oEo =.    .      |
|   B o.          |
|  o+B+           |
+-----------------+
Use following command to place a SSH keys on remote hosts.
Note: Below command will overwrite the existing keys that are already installed.
ssh-copy-id raj@192.168.12.7

ssh-copy-id raj@192.168.12.8
Sample output of above command.
$ ssh-copy-id raj@192.168.12.8
The authenticity of host '192.168.12.8 (192.168.12.8)' can't be established.
ECDSA key fingerprint is a1:cb:88:60:46:16:fd:d3:93:31:4b:5f:94:5e:78:f8.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
raj@192.168.12.8's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'raj@192.168.12.8'"
and check to make sure that only the key(s) you wanted were added.
Once you copied the keys to remote hosts, check the passwordless communication.
ssh raj@192.168.12.7
ssh raj@192.168.12.8
You should now be able to login to the remote machine without entering the password.

Password Authentication:

Password authentication can also be used where needed by supplying the option “–ask-pass“, this command requires “sshpass” to be installed on controlling machine.
# Ubuntu 14.04 / 15.04

$ sudo apt-get install sshpass

# CentOS 7 / RHEL 7 / Fedora 22

# yum install sshpass
Note: You can use any one of the authentication method that is suitable to your infrastructure.

Creating Inventory:

Edit (or create) /etc/ansible/hosts, This file holds the inventory of remote hosts to which Ansible needs to connect through SSH for managing the systems.
$ sudo vi /etc/ansible/hosts
Put one or more remote systems in it. For example, add ip address of our nodes. (remove the unwanted IP addresses).
[web-servers]
192.168.12.7
192.168.12.8
In the above, both nodes belong to [app-server] group, groups are used to classifying systems for particular use. If you do not specify any group, they will act as a ungrouped hosts.

First Command:

Now it is the time to check all our nodes by just doing a ping from controlling machine, to do that we will use the command “ansible” with options “-m” (load module) and “all” (group of servers).
$ ansible all -m ping

OR

$ ansible web-servers -m ping

OR

# If you use password authendication

$ ansible -m ping all -u raj --ask-pass
Sample output:
192.168.12.8 | success >> {
"changed": false,
"ping": "pong"
}

192.168.12.7 | success >> {
"changed": false,
"ping": "pong"
}
In the above example, we have used ping module with “ansible” command to ping all the remote hosts. The same way, we can use various modules with “ansible” command, you can find available modules here.

Remote Command Execution:

This time, we will use “command” module with “ansible” command to get remote machine information. For example, we will execute “hostname” command along with “command” module to get hostname name of remote hosts at one go.
$ ansible -m command -a "hostname" web-servers

192.168.12.8 | success | rc=0 >>
node2.itzgeek.local

192.168.12.7 | success | rc=0 >>
node1.itzgeek.local
We will get a partition details with below command,
$ ansible -m command -a "df -hT" web-servers

192.168.12.8 | success | rc=0 >>
Filesystem              Type      Size  Used Avail Use% Mounted on
/dev/mapper/centos-root xfs        18G  923M   17G   6% /
devtmpfs                devtmpfs  488M     0  488M   0% /dev
tmpfs                   tmpfs     494M     0  494M   0% /dev/shm
tmpfs                   tmpfs     494M  6.8M  487M   2% /run
tmpfs                   tmpfs     494M     0  494M   0% /sys/fs/cgroup
/dev/sda1               xfs       497M   96M  401M  20% /boot
/dev/sr0                iso9660   3.9G  3.9G     0 100% /cdrom

192.168.12.7 | success | rc=0 >>
Filesystem              Type      Size  Used Avail Use% Mounted on
devtmpfs                devtmpfs  478M     0  478M   0% /dev
tmpfs                   tmpfs     489M     0  489M   0% /dev/shm
tmpfs                   tmpfs     489M  648K  488M   1% /run
tmpfs                   tmpfs     489M     0  489M   0% /sys/fs/cgroup
/dev/mapper/fedora-root xfs        18G  1.4G   17G   8% /
tmpfs                   tmpfs     489M  4.0K  489M   1% /tmp
/dev/sda1               ext4      477M   93M  355M  21% /boot
tmpfs                   tmpfs      98M     0   98M   0% /run/user/0
tmpfs                   tmpfs      98M     0   98M   0% /run/user/1000
To check the uptime and load details on both nodes.
 $ ansible -m command -a "uptime" web-servers

192.168.12.8 | success | rc=0 >>
15:15:12 up  3:47,  3 users,  load average: 0.00, 0.01, 0.05

192.168.12.7 | success | rc=0 >>
00:45:17 up  3:47,  3 users,  load average: 0.00, 0.01, 0.05
You can also check the content of particular file.
$ ansible -m command -a "cat /etc/resolv.conf" web-servers

192.168.12.8 | success | rc=0 >>
; generated by /usr/sbin/dhclient-script
search localdomain itzgeek.local
nameserver 192.168.12.2

192.168.12.7 | success | rc=0 >>
# Generated by NetworkManager
search localdomain itzgeek.local
nameserver 192.168.12.2
nameserver 192.168.12.1
You can also save the output to any file by redirecting like below.
$ ansible -m command -a "cat /etc/resolv.conf" web-servers > /tmp/ouput_file

$ cat /tmp/ouput_file

192.168.12.8 | success | rc=0 >>
; generated by /usr/sbin/dhclient-script
search localdomain itzgeek.local
nameserver 192.168.12.2

192.168.12.7 | success | rc=0 >>
# Generated by NetworkManager
search localdomain itzgeek.local
nameserver 192.168.12.2
nameserver 192.168.12.1
By this way, you can run many shell commands using ansible.
That’s All!!!, You have successfully installed Ansible on CentOS 7 / Ubuntu 14.04 / Fedora 22. More parts to come ….,

Part – 2:

Creating Playbooks – Ansible (Automation Tool for IT management)

Reference:

http://www.ansible.com/get-started
http://docs.ansible.com/ansible/intro_installation.html
http://docs.ansible.com/

POSTS YOU MAY LIKE -:)

Anonymous

Author & Editor

A technology enthusiast and addictive blogger who likes to hacking tricks and wish to be the best White Hacket Hacker of the World.

1 comments:

  1. Recently an unconditional fight/dispute has been created between two grops in Universty permises and the management is just silent about the dispute, statlook

    ReplyDelete

Note: only a member of this blog may post a comment.