Showing posts sorted by relevance for query ansible. Sort by date Show all posts
Showing posts sorted by relevance for query ansible. Sort by date Show all posts

11 July 2017

ANSIBLE: Configuration management tool for Infra automation

https://www.middlewareandme.tech/search/label/ansible
Ansible is an agent-less task execution engine, used for configuring, managing and installing softwares on to clients and nodes without any downtime and without any agent installed on them.
It uses SSH to communicate with the clients.
provided all the nodes should have python installed in them + every step should not be carried with root user instead with ansible user.
Ansible needs:
  • SSH connection
  • a user
  • python 2.4+

  • It works on the principle of 'PUSH Based', means it pushes modules from VCS to servers directly without intervention of any intermediate client/agent
  • it contains Playbooks which are written in YAML code ( YAML aint markup language)


                             Overview of ansible playbook




Ansible Contain Playbooks 
Playbook have number of plays
Play contain tasks
Task calls core or custom modules
Task can use templates
Handlers triggers from notify
executed at the end and only once

- Ansible contains more than 750 modules and can be customized and turned into custom modules.
- Modules gets executed when you run Playbook on to your 1..n nodes.
- For connectivity it use
  • SSH password less connection by generating Public key install on all your nodes
  • Connection Plugins
  • export ANSIBLE_HOST_KEY_CHECKING=False

Quickly start with Ansible, try using my docker image


pull : docker pull punitporwal07/ansible:2.6
run : docker run -it punitporwal07/ansible:2.6
test: ./runansibletest.sh

By default ansible package is not available in some yum repositories, so you need to enable/add EPEL(extra package for Enterprise Linux) repository which is maintained over at Fedora Project

$ rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
$ yum install ansible -y

Installing Ansible on Ubuntu:
$ yum update -y
$ apt-get update
$ apt-get install ansible
or
$ sudo yum install ansible -y
$ ansible --version

SETTING SSH COMMUNICATION BETWEEN SERVERS
prepare SSH key for remote hosts
switch to ansible user:
$ ssh-keygen -t rsa                              --> enter enter enter
$ ssh-copy-id -i ansible@nodes   --> enter passwords
                                   or
$ export ANSIBLE_HOST_KEY_CHECKING=False
(which will bypass the host-key-check)

test using
$ ansible -m ping all
$ sudo pass command --> ansible-playbook --ask-sudo-pass (it will prompt for sudo password) 

HOST INVENTORY

$ /etc/ansible/hosts/ (default Location)
provide list of target IP address which can be grouped

**
[local]
localhost ansible_connection=local

[appserver]
1.2.3.4
2.3.4.5

[dbserver]
3.4.5.6
**
alternatively you can design your own inventory and place it anywhere

- Inventory is the expression of your environment
- Hostnames, groups, vars are for YOUR use, they have to make sense to YOU
- Ansible cares about hosts and tasks, everything else is in support of that
- Select a single source of truth. or try to minimize duplication of data
- Normally, there is a simpler way to do it
- Ansible makes it easy to switch approaches, don't be afraid to test and try
- Mistakes are not failures

How ansible commands are structured

ansible host-group  + module    +   argument to module
ansible  localhost      -m yum    +  -a "name=nginx state=latest"
ansible  allserver       + -m shell   +   -a 'uptime'
ansible  appserver     -m user    +   -a "name=red group=oracle shell=bin/bash/"

Ad-hoc commands
ansible all -a 'uptime' (determine uptime of all machines)
ansible -m ping all (test connection with all the host defined in host_inventory)

some sample playbook's

# playbook to install apache(apache.yaml)
---
- hosts: webserver sudo: yes tasks: - name: install apache2 apt: name=apache2 update_cache=yes state=latest
...

$ ansible-playbook apache.yaml --ask-sudo-pass

# playbook to install java(java.yml)
---
- hosts: appserver remote_user: red tasks: - name: Unpack java archive unarchive: src: /software/bea/java/jdk-8u172-linux-x64.tar.gz dest: /software/bea/java/
remote_src: yes
...

$ ansible-playbook -i inventory.ini java.yaml

#  playbook to install nginx(nginx.yml)
---
- hosts : webserver tasks : -name : install nginx web server apt: pkg=nginx state=installed update_cache=true notify: -start nginx handlers : -name: start nginx service : name=nginx state=started
...

$ ansible-playbook -i nginx.yaml

Ansible vault

you can use this ansible utility to secure you sensitive data like password keys etc
some useful commands of ansible-vault

$ ansible-vault encrypt    (encrypt any file)
$ ansible-vault edit       (edit encrypted file)
$ ansible-vault view       (view encrypted file)
$ ansible-vault rekey      (change the pass of encrypted file)
$ ansible-playbook -i inv.ini playbook.yml --ask-vault-pass (this will ask for vault pass while running playbook)

using Ansible-vault without inline command

             Create ansible inventory using ansible-vault encrypt command

       Once created define your inventory pass in some hidden text file as .my-pass.txt

       Add vault_password_file = /path/to_your_file/.my-pass.txt in ansible.cfg

        Now next time when you run any playbook to use encrypted inventory file it will pick up your       inventory pass from txt file defined in ansible.cfg

        Rundeck also uses same mechanism when you define your ansible.cfg as configuration file.


k/r,
P

24 February 2018

DevOps

Primary Objective: 

To get the changes into live as quickly as possible while minimizing the risks in software quality assurance and compliance.

What are the top DevOps tools?

- Git
- Jenkins
- Ansible/Chef/Puppet
- Selenium
- Nagios
- Docker

How do DevOps tools work together ?

In an organisation where everything gets automated for seamless delivery the generic logical flow can be:
  1. Developers develop the code and the source code is managed by Version Control System tool like Git, then developers send this code to git repository and any changes made in the code is committed to this repository.
  2. Then Jenkins pull this code from the repository using the git plugin and build it using tools like Ant or Maven.
  3. Configuration management tool like Ansible/Puppet deploys this code & provision testing env. and then jenkins releases this code on the test env. on which testing is done using tools like selenium
  4. Once the code is tested, Jenkins send it for deployment on the production server (even production server is provisioned & maintained by tools like Ansible/Puppet)
  5. After deployment it is continuously monitored by tool like Nagios.
  6. Docker containers provide quick environment to test the build features. 

k/r,
P

18 August 2019

Rundeck - Runbook Automation tool

Rundeck is an opensource tool that helps you automate & schedule your operational jobs. It provides number of features like scheduling jobs, automating execution of ansible playbooks, notifying about the status of your job in form of sending emails in my favourite.
Configuring rundeck is straight forward, you can install rundeck as a service in your linux host or use it as a docker image as well.

quick setup
$ wget http://repo.rundeck.org/latest.rpm
$ rpm -Uvh latest.rpm $ yum install rundeck java $ service rundeckd start
$ service rundeckd status
 rundeckd.service - SYSV: rundeckd, providing rundeckd
   Loaded: loaded (/etc/rc.d/init.d/rundeckd; bad; vendor preset: disabled)
   Active: active (running) since Mon 2020-08-17 13:23:14 BST; 20h ago
$ tail -f /var/log/rundeck/service.log
[2020-08-14T09:02:28,539] INFO  rundeckapp.BootStrap - Rundeck is ACTIVE: executions can be run.
[2020-08-14T09:02:28,635] WARN  rundeckapp.BootStrap - [Development Mode] Usage of H2 database is recommended only for development and testing
[2020-08-14T09:02:28,899] INFO  rundeckapp.BootStrap - Rundeck startup finished in 646ms
[2020-08-14T09:02:28,991] INFO  rundeckapp.Application - Started Application in 25.616 seconds (JVM running for 28.068)
Grails application running at http://localhost:4440 in environment: production

quick setup as a docker Image and config customization
$ docker pull rundeck/rundeck

# editing default port if it is blocked (4440), modify below three files
$ vi /etc/rundeck/profile
$ vi /etc/rundeck/framework.properties
$ vi /etc/rundeck/rundeck-config.properties

# changing the default password of rundeck
$ cd /etc/rundeck/
edit realm.properties and change the admin values to something new

# adding a new user
$ cd /etc/rundeck/
$ sudo vi realm.properties
(add following lines next to admin:admin,user,admin line)
        user1: user1pass,user,admin,architect,deploy,build
   where user,admin,architect,deploy,build are different roles we can assign to user1


now login to rundeck console with admin access and navigate to 

settings > Access Control  > + Create ACL Policy

add following two scopes in order to give read access as an example to user user1

# Project scope
descriptionuser1 with read access to projects.
context:
  project'.*'
for:
  resource:
    - equals:
        kindjob
      allow: [read# allow to read jobs
    - equals:
        kindnode
      allow: [read# allow to read node sources
    - equals:
        kindevent
      allow: [read]
  job:
    - allow: [read# allow read of all jobs
  adhoc:
    - deny: [run# don't allow adhoc execution
  node:
    - allow: [run# allow run on nodes with the tag 'mytag'
    
by:
  groupadmin

---
# Application scope
descriptionapplication level ACL.
context:
  application'rundeck'
for:
  resource:
    - equals:
        kindproject
      allow: [read]
    - equals:
        kindsystem
      allow: [read]
    - equals:
        kindsystem_acl
      allow: [read]
    - equals:
        kinduser
      allow: [admin]
  project:
    - match:
        name'.*'
      allow: [read]

by:
  groupadmin

happy rundecking!