Ansible Dynamic Inventory
- Dynamic inventory can be a script written in any language which returns the inventory in a specific json format suggested by Ansible
- Refer Here for examples
- There are lot of community scripts developed for different clouds Refer Here
Ansible Collections (contd)
- Ansible content:
- Documentations
- Modules
- Plugins
- Playbooks
- Roles
- Ansible code is opensource & is hosted at Refer Here
- As an ansible contributor if you develop any custom modules/plugins you typically have to submit the code to git repository and wait for the next release to use modules.
- As there is a lot of delay Ansible had came up with collections.
- Ansible Collection is a Ansible packaging format which can include
- Documentations
- Modules
- Plugins
- Playbooks
- Roles
- Ansible recommends the content developers to use collections as they can be included external to Ansible release cycle.
- How to use Ansible collections Refer Here
- How to develop Ansible collections Refer Here
Ansible Tower
- Ansible offers a UI/API Based orchestration tool called as Ansible Tower.
- Ansible Tower is a Paid version.
- In Ansible Tower execution of a playbook is considered as Job
- Jobs can be scheduled to be executed on a particular time
- Jobs related to certain activities/teams etc.. are called as projects
Ansible with Windows
- In Windows we don’t have ssh based logins, but windows supports winrm based logins. So ansible uses this technology to login into windows & execute the tasks.
- WINRM will work on any windows version that support the following
- Powershell 3.0 & above
- .NET 4.0 & above
- This means we can run ansible on
- Desktop: Win 7 SP1, 8.1 & 10
- Server: Win 2008 SP2 & above, 2012, 2012 R2, 2016 & 2019
Enabling WinRm listener
- Lets create a Windows Server 2016 on AWS
- WinRM can run on http & https protocols.
- Windows by default doesn’t allow WinRM over HTTP or using basic authentication.
- To Enable HTTPS as the Transport mechanism for WinRM, we need a self-signed certificate
- Lets Generate a Self signed Certificate
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DNS "$env:COMPUTERNAME" -FriendlyName "WinRM HTTPS Certificate" -NotAfter (Get-Date).AddYears(5)
- Now lets setup a new WinRM Listener with the following command
New-Item -Path WSMan:\Localhost\Listener -Transport HTTPS -Address * -CertificateThumbPrint 0C3F8CCFDE4950DEF2DC1A199062BEF1E0D105FB
- Now Enable firewall rule & basic authentication
New-NetFirewallRule -DisplayName 'Win RM' -Profile Domain,Private,Public -Direction Inbound -Action Allow -Protocol TCP -LocalPort 5986
Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true
Connecting Ansible to Windows
- On the Ansible control server we need winrm python module
sudo yum install python2-winrm
or
sudo pip install "pywinrm>=3.0.0"
- Now lets create an inventory file for Windows machine
[windows]
172.31.4.25
[windows:vars]
ansible_user=Administrator
ansible_password="A@n6fEBMotK4oPM2rDu$-4JkVM6cKsY2"
ansible_port=5986
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
- Now execute the ansible adhoc command with module win_ping
ansible -i hosts -m 'win_ping' all
-
In enterprise we will be havings windows authentication from domains (Active Directory), so lets understand authentication mechanisms in windows
- Basic: Supported only on local accounts
- Certificate: Supports local accounts, conceptually similar to ssh key-based authentication
- Kerberos: Supports AD accounts
- NTLM: Supports both local and AD accounts
- CredSSP: Supports both local & AD accounts
-
If your organization is using kerberos authentication then on your ansible control node we need the following packages
sudo yum install python-devel krb5-devel krb5-libs krb5-workstation
sudo apt-get install python-dev libkrb5-dev krb5-user
sudo pip install pywinrm[kerberos]
- Ensure you ansible server can resolve to AD related Services.
- Now lets look at the modules that can be used on windows servers Refer Here
- In linux to create file and copy file we use modules file and copy, to do the same job in windows we have win_file & win_copy
---
- hosts: windows
gather_facts: false
tasks:
- name: Create temporary directory
win_file:
path: 'c:\test'
state: directory
- Now execute playbook
- Installing software can be easily done with chocolatey package. Ensure chocolatey package is installed on the server
- Lets write a playbook for installing chrome and git on the windows server
---
- hosts: windows
gather_facts: false
tasks:
- name: install chrome and git
win_chocolatey:
name: "{{ item }}"
state: present
loop:
- git
- googlechrome
- Now execute playbook
Exercises
- If you are aware of jenkins please run the playbooks for the below exercise from Jenkins
- Exercise-1: Write an Ansible playbook with roles to install Openmrs standalone application from here. Ensure you use mysql server
- Exercise-2: Write an ansible playbook to install IIS-Server on Windows
- Exercise-3 Write an ansible playbook to configure nop commerce on ubuntu Refer Here
