Eric Brauer
From the docs:
Ansible is an agentless IT automation engine for automating cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT system administration tasks.
In other words, Ansible allows you to control a remote system over SSH (usually). Ansible is usually used to run playbooks, which will change a configuration on a remote machine. Ansible is usually categorised as a ‘configuration management’ tool.
Your Control machine should be Matrix.
Ansible uses an SSH connection to reach the managed machine. In order to cut down on password prompts, you should:
be able to run a sudo command on myvmlab without supplying a password (ie. modify your /etc/sudoers file on remote)
Only your Control Machine needs to have Ansible installed.
If you are using Matrix, then Ansible is already installed.
Make sure Python 3 is installed on MyVMLab by running sudo yum install python3.
Contains the machine(s) you will be managing. Basically here we can define IP addresses (or ranges) of machines to control. Copy the sample hosts file from your repo and observe the syntax:
jkwok ansible_host=myvmlab.senecapolytechnic.ca ansible_port=7850jkwok: an alias! Replace it with your Myseneca
username.ansible_host: a hostname or IP address of your remote
machine. No change needed here.ansible_port: replace with the port # in your email
that maps to port 22!Before you even touch Ansible, make sure that:
You can run Ansible commands from the shell. These are useful for making sure that everything is working. For everything else, a playbook is preferable.
Let’s call these tasks.
There are a few tasks you might want to run in ad-hoc mode:
This will establish an SSH connection with the remote machine, run the shell command on the remote machine, and then show you a summary of what occurred.
The syntax of this command:
$ ansible remote_machine_id [-i inventory] [--private-key id_rsa] [-u remote_user] -a dateAssuming that hosts is in your current working
directory:
$ ansible jkwok -i hosts --private-key ~/.ssh/id_rsa -u student -a dateUse -a to specify arguments. For simple shell
commands, this specifies the command to run (date).
These are a useful way of extending the capabilities of Ansible. These are like modules in Python: some are official, some are developed by third parties. They need to be installed on your Control Machine.
Many modules are installed alongside Ansible. You can view the installed modules on your control machine:
ansible-doc --list_filesYou’ll see a module for yum has been installed. To view the man pages and learn how to use it:
ansible-doc yumWhile you’re at it, we will use this module next:
ansible-doc copyansible jkwok -i hosts --private-key ~/.ssh/id_rsa -u student -m copy -a "src=hosts dest=/tmp/ansible_hosts"Use -m to specify module name. -a is now
used to specify some arguments required by the module.
If you’re wondering, there is no need for hosts to be on
the remote machine, we are just using it for testing here.
You will now attempt to use Ansible’s yum module to
install the epel-release repository. You might get a
message like this:
jkwok | FAILED! => {
...
"msg": "You need to be root to perform this command.\n",Make sure that your student user is able to run sudo
commands without a password (ie. NOPASSWD), and then pass
-b as an option to invoke sudo from your Ansible command.
Then try again:
jkwok | CHANGED => {
"changed": true,
"changes": {
"installed": [
"epel-release"Ansible will check the current state of the machine, and if
epel-release is already installed, won’t attempt to repeat
that installation process. This is useful!
Ansible tasks have three possible outcomes:
FAILED!CHANGEDSUCCESSThe second time we ran this command, changed is set to
false because epel-release was already
installed.
jkwok | SUCCESS => {
"changed": false,
"rc": 0,
"results": [
"epel-release-7-11.noarch providing epel-release is already installed"rc refers to ‘return code’ and it can provide further
help when tasks fail. Here rc: 0, meaning no errors occurred.
Most of what you do on Ansible will be contained in playbooks, which is essentially a script to create repeatable tasks.
The real power of Ansible is in automating tasks, or repeating a certain task on many machines.
Playbooks are in YAML format. Indentation in YAML is very important!
The top of your playbook is setting some global values. The second part is where we will specify our tasks.
tasks is where the real work gets done. Please note the
indenation level is the same as the ones above!
We name our task, identify the copy module to be used, and pass the motd_warning variable as one of the arguments.
tasks : ← this is a list of discrete tasks
- name : ← task description
copy : ← name of the module used
?? : ← these arguments will change
?? : ← based on what module you useYou can access variables you created earlier by putting them inside {{ }}.
$ ansible-playbook motd-play.yml
TASK [setup a MOTD] ************************************************
changed: [192.168.99.153]
PLAY RECAP ************************************************
192.168.99.153 : ok=1 changed=1 unreachable=0 failed=0