Getting started with Ansible Deployment

Ansible is on open source IT orchestration engine that manages on premise and in the cloud remote devices in a coordinated fashion. These are servers, networking hardware and storage devices. Ansible can be used to talk to typical load balances, firewalls switches or any Linux machines. Continuous deployment in any environment is important as to whether the tools are predictable. Undefined behavior should be taken into consideration. Ansible is a human readable playbook format. There is a minimum jargon in the system.

ansible

How Ansible is different compared to Puppet and Chef?

Compared to Puppet or Chef which need to have an agent installed on remote machines and the controller on the main server, but, with Ansible, you do not need to install anything on the remote machine as it relies on SSH connection and a simple push mechanism. On the other side, Puppet and Chef would use a Pull mechanism.

Let's deploy Ansible

You would normally find lots of pretty documentation on the official website. If you want to adventure a bit around Ansible here are some tips to get started on a Centos 6 machine. I have created 2 machines called ansible1 and ansible2. Each can ping each other and Port 22 - SSH is listening. There are several dependencies needed to install Ansible. I would advise you to edit the /etc/hosts file and point the IP on the hostname if you do not have any DNS.

On ansible1, simply enable the epel repo and do a yum install ansible. However, you can also compile from source. Different Python version would be required. Those are usually the packages needed:

PyYAML 
 libyaml 
 python-babel
 python-crypto
 python-crypto2.6 
 python-httplib2 
 python-jinja2 
 python-keyczar noarch
 python-paramiko noarch
 python-pyasn1 noarch 
 python-simplejson i686
 sshpass

Once Ansible is installed on the machine ansible1, even if more machines are connected on the same network, you would not need to install it anything. To make ansible2 part of the ansible1 network, an inventory file need to be configured. This is located at /etc/ansible/hosts

Add the following block in the /etc/ansible/hosts file

[myservers]
ansible1
ansible2

Try testing a ping

After adding the block as mentioned above, you carry out a simple test to check for ping via the ansible command.

ansible ansible2 -m ping -u root -k

Here is the result.

Screenshot from 2016-02-20 09:54:33

You might want to set up root password. This can be set up with the command :

ansible ansible2 -m setup -u root -k

Setting up your SSH Key

However, you might want to set up Ansible with a ssh key.

On ansible1, simply create a key with the command ssh-keygen and/or if already got your key send it to the ansible2 using the following commands ssh-copy-id -i ansible2. Also repeat same steps on ansible2 by sending your key to ansible1. The file located at ~/.ssh/authorized_keys would contain the keys. As from here you simply run any command without being prompt each time to enter password.

Screenshot from 2016-02-20 10:14:10

More funs with commands

Let's say we want to have an information about the /etc/passwd file from the ansible2 server. We simply need to fire this command

ansible ansible2 -m file -a 'path=/etc/passwd'

Screenshot from 2016-02-20 10:20:26

I can also create a directory with Ansible in any directory i want and even setup the user and group permission. For example to create a directory in the /tmp.

ansible ansible2 -m file -a 'path=/tmp/hackers_mauritius state=directory mode=777 owner=root'

Screenshot from 2016-02-20 10:26:50

Errors that can be encountered

However, its very important you test your command before setting it up on production environment. Errors can also be encountered if dependencies packages are not installed. For example let's send a file from ansible1 to ansible2. The command is

ansible ansible2 -m copy -a 'src=/root/hackers.log dest=/tmp'

Screenshot from 2016-02-20 09:37:59

You might noticed that SELINUX can be disabled or simply set the parameter in the /etc/selinux/config. I have disabled selinux and rebooted the machine. Here is the output

Screenshot from 2016-02-20 10:45:51