IT 3110: System Automation

Automated Configuration

Configuration Management Tools

  • Chef
  • Puppet
  • Ansible
  • Salt

Ansible

Why?

  • Uses ssh
  • Easy to learn
  • Efficient
  • Strong security (SSH)
  • Agentless (Don't need to install a control server and software on nodes, other than python)

Installation

  • sudo apt update
  • sudo apt install software-properties-common
  • sudo add-apt-repository --yes --update ppa:ansible/ansible
  • sudo apt install ansible

Python is also required on any/all nodes that ansible will be talking to.

Ansible ssh

Ansible utilizes ssh. To make the best use of ansible, it is a good idea to setup and use keys. You probably already have a key, but if you don't

  • ssh-keygen

Then,

  • ssh-copy-id, (i.e. ssh-copy-id joe@144.38.196.16 will copy my current key into /home/joe/.ssh/authorized_keys on that remote host.)

Simple test

Normally ansible looks by default in /etc/ansible/hosts file. Should only consist of ip's or hostnames. This is a stupid directory. Just create one in your working directory.

To test, just put a single ip address in there (i.e. 144.38.196.16)

  • ansible all -m ping

This pings all hosts in the hosts file.

Ansible Simple command

  • ansible all -a "/bin/echo hello"

Contacts all nodes in the hosts file and runs a command on them. How would you run ifconfig on all your nodes.

Stop and add a second node to your hosts file. Re-run your commands.

Ansible Inventory

The default inventory location is /etc/ansible/hosts. If you wish to use a different inventory file, use the -i <path> option on the command line.

Inventory files

A file can look like this:

    mail.example.com

    [webservers]
    foo.example.com
    bar.example.com

    [dbservers]
    one.example.com
    two.example.com
    three.example.com

Inventory

  • Systems can be in more than one group.

  • Can put non-standard ssh port number after the :

  • Can also specify the user on a per-host basis.

      other2.example.com     ansible_connection=ssh        ansible_user=mdehaan

Inventory File

Here's an example:

    144.38.196.13
    [nancy]
    144.38.196.14
    144.38.196.16
    [fancy]
    144.38.196.17
    144.38.196.18

Ad-hoc commands

An ad-hoc command is something that you might type in to do something really quick, but don’t want to save for later. Helps us to understand a little bit about how ansible works. Perhaps it is something that is for one-time use as well.

Make sure to remember to have ssh-keys all set up.

Ad-hoc commands

  • ansible nancy -m shell -a 'echo $TERM'
    • nancy is the group of computers the comand will apply to
    • shell is the name of the module to execute
    • -a is the stuff we will pass into the shell module.

Ad-hoc commands

  • ansible atlanta -a "/usr/bin/foo" -u username --become [--ask-become-pass]

Allows you to become another user to execure the command. Will prompt you for the sudo password.

Ad-hoc commands

  • ansible nancy -m copy -a "src=foo.txt dest=/tmp/foo"

This will scp foo.txt from my local machine to the destination on all target machines in the nancy group.

What will this do?

  • ansible nancy -m shell -a 'cat /tmp/foo'

Ad-hoc commands (Files)

Guess what these do:

  • ansible nancy -m file -a "dest=/tmp/foo mode=600"
  • ansible nancy -m file -a "dest=/tmp/foo mode=600" owner=carlos group=carlos"
  • ansible nancy -m file -a "dest=/tmp/bar mode=755 state=directory"
  • ansible nancy -m file -a "dest=/tmp/bar state=absent"

More Ad-hoc commands (APT)

Update apt repo:

  • ansible nancy -m apt -a "update_cache=yes" --become --ask-become-pass

Install apt package:

  • ansible nancy -m apt -a "name=apache2 state=present" --become --ask-become-pass

Ad-hoc commands (APT)

Remove package:

  • ansible nancy -m apt -a "name=apache2 state=absent" --become --ask-become-pass

Ad-hoc commands (Users)

Add user:

  • ansible all -m user -a "name=foo password=<crypted password here>"
  • ansible all -m user -a "name=foo password=.zxM.u/V5xrtc" --become --ask-become-pass
  • I generated encrypted password above with mkpasswd

Ad-hoc commands (Users)

  • ansible all -m user -a "name=foo state=absent" --become --ask-become-pass

Ad-hoc commands (Services)

Ensure that httpd process is started:

  • ansible all -m service -a "name=httpd state=started" --become --ask-become-pass

Or restart

  • ansible all -m service -a "name=httpd state=restarted" --become --ask-become-pass

Ad-hoc commands (Facts)

Gather facts about nodes:

  • ansible all -m setup

Perhaps for later use in scripts

Lots of other modules

That you could use.