DevOps Classroom Series – 30/Oct/2021

Ansible Collections

  • Ansible collections are distribution format for Ansible content including
    • playbooks
    • modules
    • roles
    • plugins
  • Ansible Collections Can be installed from multiple sources
    • ansible-galaxy:
      • Lets install collections mysql from ansible galaxy Preview Preview Preview Preview
    • git repository:
      • Ansible collections can be installed from git repository
      ansible-galaxy collection install git+<url>,<branch>
      Preview
    • requirements.yml file:
      • If you need to download multiple collections from one command, we can build a requirements.yml file
      • In this file we can specify roles as well as collections
      ---
roles:
- name: geerlingguy.mysql
  version: 3.3.2

collections:
- name: geerlingguy.php_roles
  version: 1.0.0
  source: https://galaxy.ansible.com/
- name: https://github.com/Postka/ansible-collection-lemp.git
  type: git
  version: master
      Preview
  • Listing Ansible collections Preview
  • Using collections in the playbook Preview
  • Sample yaml file
---
- hosts: all
  become: yes
  collections:
    - geerlingguy.php_roles

  roles:
    - php
  • Creating a collection skeleton: Preview Preview
  • Exercise: Try to copy our tomcat role in the roles folder and publish this whole folder to the new git repository and use from another playbook.

Ansible Vault

  • While using Ansible, you may require to protect some confidential or secret information in playbooks, This may include
    • SSH private and public keys
    • passwords
  • Storing sensitive information in plain text is not recommended.
  • Ansible provides us with a feature known as Ansible Vault, which helps secure secret information.
  • Ansible Vault can encrypt variables, entire files and YAML Playbooks
  • Creating an encrypted file in ansible Preview
  • View the encrypted file Preview
  • How to view the encrypted values using ansible-vault
ansible-vault view mysecrets.yml

Preview

  • How to edit an encrypted file in Ansible
ansible-vault edit mysecrets.yml

Preview Preview

  • How to change Ansible Vault Password
ansible-vault rekey mysecrets.yml

Preview

  • How to encrypt a file using Ansible Vault Preview Preview
  • How to decrypt a file using Ansible Vault Preview
  • How to encrypt a specific value
ansible-vault encrypt_string '<value to be encrypted>' --name '<variable name>'
ansible-vault encrypt_string 'tomcat' --name 'username'

Preview

  • Lets create a playbook deploy.yaml
---
- name: understanding usage of vault
  hosts: all
  vars:
    username: tomcat
  tasks:
    - name: check if it works
      ping:
    - name: print value
      debug:
        var: username

Preview

  • Ansible vault can be used with password files as well Preview

Ansible with Windows

  • Create a Windows 2016 Server
  • Ansible use winRM protocol to establish the communication with Windows Hosts
  • Ansible requires atleast Powershell 3.0 or newer and atleast .net 4.0
  • Steps for configuring windows Node:
    • Login into windows node
    • Launch Powershell as Admin and execute the following steps Refer Here
    • Create a file with the following content c:\ConfigureAnsibleRemoting.ps1
      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
  $file = "$env:temp\ConfigureRemotingForAnsible.ps1"

  (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)

  powershell.exe -ExecutionPolicy ByPass -File $file
    • Now execute this file as shown in the below image Preview Preview Preview
    • Now login into the ansible control node and install pywinrm
    sudo apt install python3-pip -y
sudo pip3 install pywinrm
    Preview
    • Create an inventory file with behavior variables Preview
    • For linux machines to check the connectivity we use ping module for windows systems we have win_ping Refer Here Preview
    • Refer Here for the ansible windows modules
  • Inventory for windows server with behavior variables
[winserver]
172.31.34.106

[winserver:vars]
ansible_user=Administrator
ansible_password='TWW82cS=JeRwcFTE6qAemOF$A&F.d@.b'
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
  • Now lets try to write an ansible module to install iis server or windows
---
- name: installing iis on windows
  hosts: winserver
  tasks:
    - name: enable iis on windows
      win_feature:
        name: Web-Server
        include_management_tools: yes
        state: present
  • Execution results Preview Preview
  • Lets reexecute the playbook to check idempotency Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Customized Social Media Icons from Acurax Digital Marketing Agency

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube