Ansible --- Devops

• Date : 27/08/2019
• Author : Karthik Sivakumar
• What are Ansible modules

• What are playbooks ?, creating first playbook

• How to configure Ansible in your environment. • Executing playbooks and various tasks with

• What is inventory , how to manage them ? • Advanced playbooks, roles.

What is Ansible ?

Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application
deployment, infra-service orchestration, and many more..

 Provisioning

 Configuration Management

 Application Deployment

 Continues Delivery

 Orchestration

Why We need to know about Ansible ?

 Can control/handle whole infra.

 Easy to setup.

 No additional infra changes for implementation.

 Can be used as documentation of your infra.

 Human readable automation
 No special coding skills needed
 Multi-tasking like Linux
 Code reusable

Why We need to know about Ansible ?

 App deployment
 Configuration management
 Workflow orchestration
 Time Saving
 We can modify the modules with our own programming language
 Avoiding manual errors

 Agentless architecture
 Uses OpenSSH

Setting up Ansible
-> Install the ansible package in the ansible host. No packages needs to install
in the client servers. Needed EPEL repository for installation.

On Redhat/Centos based systems.

# yum install ansible

On Debian/Ubuntu based servers.

# apt-get install ansible

Setting up Ansible

Setting up Ansible

-> Master server

-> Client servers

Setting up Ansible

Setting up Ansible

Setting up Ansible

Three ways we can access the clients

1. Setup a password less authentication between ansible host and clients.

2. Setup a password less authentication between ansible host and clients

with passphrase key.

3. Setup a password authentication between ansible host and clients.

Configuration files and directories

Configuration files and directories
3. Prepare your client inventory in global inventory /etc/ansible/hosts or in your custom inventory.

That is it.!!! , you are good to go....

What is inventory , how to manage them ?
Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of
systems listed in Ansible’s inventory file, which defaults to being saved in the location /etc/ansible/hosts.

Ansible provide option to categorize your assets, called groups. you can define several groups as per your convenient.

What are Ansible modules ?

 Modules are the tools in the ansible toolbox, It is a binary program that will directly execute on the
target machines.

 Ansible ships with a number of modules that can be executed directly on remote hosts or
through Playbooks.

 Users can also write their own modules. These modules can control system resources, like
services, packages, or files , or handle executing system commands.

 Modules : yum , user , file , service .......

Ansible modules execution
 You can use regular expression while choosing the target servers from inventory
#ansible all -m ping –k

 You can specify particular server also for execution from the host file.
#ansible IP -m ping –k

Ansible modules execution
 This can be done in below method as well

#ansible ansible* -m ping -k

 By default ansible will look in global inventory , if you want to use a custom inventory you must specify "-i" and
inventory path.

#ansible -i /root/myinventory webservers -m ping

Playing with Ansible Ad-hoc commands
 Ad-hoc commands are something which you can execute quickly on target hosts, no special files required.

#ansible all -m ping

 It will really helpful in situations were you want check some configuration on the target hosts. for Example :

• Reachability of the hosts

• Check whether a configuration file exist on the target host.
• Check whether a package is installed or not.

Modules : Examples

COMMAND : with the command module you can execute custom commands on the target hosts

#ansible all -m command -a " uptime“ -k

Modules : Examples

SHELL : with the shell module you can execute custom commands on the target hosts ,which supports I/O

#ansible all -m shell -a " uptime“ -k

Difference between Command and Shell Module
SHELL module supports I/O redirections but Command module Won’t .

Modules with Sudo execution
As we all know some commands required more privilege to execute. In such cases, we need to pass sudo
parameter while executing the modules.

#ansible all -m shell -a “lvs" –become –become-user=root –become-method=sudo -k

Modules : Run Commands

SCRIPT : with the script module you can execute scripts available in the ansible host to the target hosts

#ansible all -m script -a "/opt/scripts/" -k

What are playbooks ?, creating first playbook.
 Playbooks are collection of plays. well then what is a play ?

 A play is simple task , like a command , script , yum ..etc.....

 Playbooks are Ansible’s configuration, deployment, and orchestration language. They can describe a policy you want
your remote systems to enforce, or a set of steps in a general IT process.

 Playbooks are designed to be human-readable and are developed in a basic text language.

What are playbooks ?, creating first playbook.
 Playbooks are expressed in YAML format and have a minimum of syntax, which intentionally tries to not be a
programming language or script

 Each playbook is composed of one or more ‘plays’ in a list.

- hosts: all
remote_user: root

- name: create a user on webservers
user: name=web home=/home/web shell=/bin/bash state=present

What are playbooks ?, creating first playbook.
 you can iterate the user module for list of user , this how you implement loop in playbook.

- hosts: all
remote_user: prasanth
become: true
become_user: root
become_method: sudo
# serial: 20
- name: Creatingt the user.
user: name={{ item }} state=present password=$1$bNqDGYtV$tCxY2KwrfuxWhbjyXeYO81
- Tux
- Linux

What are playbooks ?

 variables declaration inside a playbook and pre_tasks , post_tasks

- hosts: all
remote_user: root
serial: 1
http_port: 81
max_client: 20
- name: stop httpd
service: name=httpd state=stopped
- name: change the httpd configuration
template: src=./httpd.j2 dest=/etc/httpd/conf/httpd.conf force=yes
- name: start httpd
service: name=httpd state=started

What are playbooks ?
 Handlers , how to handle them in playbook.

- hosts: webservers
http_port: 80
max_clients: 200
remote_user: root
- name: ensure apache is at the latest version
yum: name=httpd state=latest
- name: write the apache config file
copy: src=/srv/httpd.j2 dest=/etc/httpd.conf
- restart apache
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
- name: restart apache
service: name=httpd state=restarted
What are playbooks ?
You can insert new lines into a file
- name: Enabling the ssh ciphers
hosts: all
remote_user: prasanth
become: true
become_user: root
become_method: sudo
- name: enable ciphers configuation block in /etc/ssh/sshd_config
dest: /etc/ssh/sshd_config
block: |
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,,,chacha20-,arcfour
notify: reload sshd

- name: reload sshd
service: name=sshd state=reloaded

Executing playbooks and various tasks with playbooks.

 Once you have create a playbook , you can validate the syntax of a playbook using

#ansible-playbook –syntax-check <playbook.yml>

 Execute the playbook using below command.

#ansible-playbook <playbook.yml>

 You can limit number of hosts for playbook execution

#ansible-playbook <playbook.yml> --limit='!'  this will exclude node

#ansible-playbook <playbook.yml> --limit=''  playbook will only run on

Executing playbooks and various tasks with playbooks.

 you can list the target host for a playbook execution

#ansible-playbook --list-host <playbook.yml>

 you can list the task in a playbook

#ansible-playbook --list-task <playbook.yml>

 you can perform a dry-run of a playbook by using

#ansible-playbook --check <playbook.yml>

Playbook copy module example.

Playbook copy module example.

Playbook copy module example.

Playbook copy module example.

How to get help ?
 Ansible has a much better offline documentation

#ansible-doc <module>

How to get help ?

 There is vast and detailed documentation available in

 You can also utilize the ansible-galaxy for reference on roles and playbooks.

- Karthik Sivakumar
