Ansible Collections
- Ansible collections are distribution format for Ansible content including
- playbooks
- modules
- roles
- plugins
- Ansible Collections Can be installed from multiple sources
- ansible-galaxy:
- Lets install collections mysql from ansible galaxy
- Lets install collections mysql from ansible galaxy
- git repository:
- Ansible collections can be installed from git repository
ansible-galaxy collection install git+<url>,<branch>
- requirements.yml file:
- If you need to download multiple collections from one command, we can build a requirements.yml file
- In this file we can specify roles as well as collections
--- roles: - name: geerlingguy.mysql version: 3.3.2 collections: - name: geerlingguy.php_roles version: 1.0.0 source: https://galaxy.ansible.com/ - name: https://github.com/Postka/ansible-collection-lemp.git type: git version: master
- ansible-galaxy:
- Listing Ansible collections
- Using collections in the playbook
- Sample yaml file
---
- hosts: all
become: yes
collections:
- geerlingguy.php_roles
roles:
- php
- Creating a collection skeleton:
- Exercise: Try to copy our tomcat role in the roles folder and publish this whole folder to the new git repository and use from another playbook.
Ansible Vault
- While using Ansible, you may require to protect some confidential or secret information in playbooks, This may include
- SSH private and public keys
- passwords
- Storing sensitive information in plain text is not recommended.
- Ansible provides us with a feature known as Ansible Vault, which helps secure secret information.
- Ansible Vault can encrypt variables, entire files and YAML Playbooks
- Creating an encrypted file in ansible
- View the encrypted file
- How to view the encrypted values using ansible-vault
ansible-vault view mysecrets.yml
- How to edit an encrypted file in Ansible
ansible-vault edit mysecrets.yml
- How to change Ansible Vault Password
ansible-vault rekey mysecrets.yml
- How to encrypt a file using Ansible Vault
- How to decrypt a file using Ansible Vault
- How to encrypt a specific value
ansible-vault encrypt_string '<value to be encrypted>' --name '<variable name>'
ansible-vault encrypt_string 'tomcat' --name 'username'
- Lets create a playbook deploy.yaml
---
- name: understanding usage of vault
hosts: all
vars:
username: tomcat
tasks:
- name: check if it works
ping:
- name: print value
debug:
var: username
- Ansible vault can be used with password files as well
Ansible with Windows
- Create a Windows 2016 Server
- Ansible use winRM protocol to establish the communication with Windows Hosts
- Ansible requires atleast Powershell 3.0 or newer and atleast .net 4.0
- Steps for configuring windows Node:
- Login into windows node
- Launch Powershell as Admin and execute the following steps Refer Here
- Create a file with the following content
c:\ConfigureAnsibleRemoting.ps1
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" $file = "$env:temp\ConfigureRemotingForAnsible.ps1" (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) powershell.exe -ExecutionPolicy ByPass -File $file- Now execute this file as shown in the below image
- Now login into the ansible control node and install pywinrm
sudo apt install python3-pip -y sudo pip3 install pywinrm
- Create an inventory file with behavior variables
- For linux machines to check the connectivity we use
pingmodule for windows systems we havewin_pingRefer Here
- Refer Here for the ansible windows modules
- Inventory for windows server with behavior variables
[winserver]
172.31.34.106
[winserver:vars]
ansible_user=Administrator
ansible_password='TWW82cS=JeRwcFTE6qAemOF$A&F.d@.b'
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
- Now lets try to write an ansible module to install iis server or windows
---
- name: installing iis on windows
hosts: winserver
tasks:
- name: enable iis on windows
win_feature:
name: Web-Server
include_management_tools: yes
state: present
- Execution results
- Lets reexecute the playbook to check idempotency
