Configuration Management using Ansible

• CM is acheived in two ways
  • Push based
  • Pull based
    
• PUSH Based CM
  • CM should know nodes i.e. ipaddress/hostnames
  • CM will ssh into node and execute instructions i.e. a password less authentication is configured from CM to all nodes.
• PULL Based CM
  • Node should know CM Server, to do this we generally install agent softwares

Ansible

• Ansible is an opensource CM system
• Ansible uses push based approach by default.
• Ansible can be installed on any linux or mac systems. Ansible can communicate (nodes) with
  • Windows
  • Linux
  • Mac
  • Network switches
  • Routers
    
• Ansible will ssh into node i.e. a user has to be configured preferrably passwordless for automation.
• Ansible requires python to be present on the node
• Ansible maintains the list of all the nodes to be connected in inventory. Inventory can be static or dynamic.

Workflow

• We create playbooks and provide inventory to Ansible which is already configured to communicate with nodes with some user (devops)
  
• Ansible will read playbook which will have desired state (What we want) and now ssh into node, takes help of python to ensure desired state is met.
• Ansible playbooks are written in YAML format.
• Ansible also gives adhoc command option where you can acheive desired state by typing commands

Setup Ansible & Run a adhoc command to verify if it works

• Create two vms
• Ensure you can login into two ubuntu vms with a user who has sudo permissions (devops user).
• Ensure python is installed on both nodes

python --version
# or
python3 --version

• Install ansible on one vm (ansible control node) Refer Here for installing ansible on specific os.
• For ubuntu steps are

sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible -y

• To verify ansible installation on control node

ansible --version

Password based – Verify if ansible can communicate with your node

• create a file called as hosts with ipaddress of other node
• In the example setup the hosts will have value 10.0.0.5
• ensure on node 2 you have a user and you are aware of its password. try the following command from ansible control node

#ssh <username>@<ip>
ssh devops@10.0.0.5
# exit if connected to get back to node 1

• Ansible command to check if ansible can communicate with other node is

ansible -i hosts -k -m ping all

Password less – Verify if ansible can communicate with your node

• create a file called as hosts with ipaddress of other node
• In the example setup the hosts will have value 10.0.0.5
• now create a keypair on ansible control node

ssh-keygen

• copy the ssh key to other node

ssh-copy-id

• At this point we should be able to ssh without password

ssh 10.0.0.5
# exit

• Now lets execute ansible test command

ansible -i hosts -m ping all

Adding more entries into inventory

• Lets try configuring ansible control node to communicate with itself.
• Now add localhost to the inventory
  
• even if ansible wants to communicate with itself we are supposed to copy using ssh-copy-id to localhost
  

Exercise

• Try configuring Ansible on AWS.