Last active
August 29, 2015 14:00
-
-
Save djangofan/11241095 to your computer and use it in GitHub Desktop.
First time using Ansible
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Using Ansible, given scenario with 3 hosts: vbox1, vbox2, and vbox3, this guide will teach you to do the | |
following Ansible tasks: | |
A. Configure Ansible | |
B. Define remote slave servers by group | |
C. Run any shell commands on your remote servers by their group name | |
D. Create a Apache playbook to install Apache2 on all of your remote servers | |
E. SCP files out to your remote servers | |
F. Create a new blank role directory structure for you to write your own Role and publish it to "Ansible Galaxy" for re-use. | |
---------------------------------------- | |
1. First configure your Ansible machines with SSH and exchange your admin users public keys. Also, while | |
logged in as root with 'sudo -s', exchange your root users keys as well. Those are needed for playbooks | |
that want to run as root. | |
2. Default Ansible modules are at: /usr/share/ansible | |
3. Ansible configuration is in /etc/ansible/ansible.cfg | |
4. /etc/ansible/hosts defines your machines by type. Here is an example defining 2 webservers, where | |
vbox2 and vbox3 resolve to a DNS host: | |
[webservers] | |
vbox2 | |
vbox3 | |
5. Example of running your first command, and the response : | |
superu@vbox1:~$ ansible webservers -m ping | |
vbox2 | success >> { | |
"changed": false, | |
"ping": "pong" | |
} | |
vbox3 | success >> { | |
"changed": false, | |
"ping": "pong" | |
} | |
6. Or, this command trickily tells the remote machine to SSH to my local machine and diff the same | |
file on both systems, and is expected to fail the diff assertion: | |
superu@vbox1:~$ ansible webservers -m shell -a "ssh superu@vbox1 cat /etc/ansible/hosts | diff /etc/ansible/hosts -" | |
vbox2 | FAILED | rc=1 >> | |
15c15 | |
< vbox1 | |
--- | |
> vbox2 | |
vbox3 | FAILED | rc=1 >> | |
15d14 | |
< vbox1 | |
17c16 | |
< | |
--- | |
> vbox3 | |
7. Example of SCP copy a file from vbox 3 over to vbox1 and vbox2: | |
superu@vbox3:~$ ansible webservers -m copy -a "src=/etc/hosts dest=/tmp/vbox3.hosts" | |
vbox1 | success >> { | |
"changed": true, | |
"dest": "/tmp/vbox3.hosts", | |
"gid": 1000, | |
"group": "superu", | |
"md5sum": "7fc8dbb516171a8498c536a203c294b9", | |
"mode": "0644", | |
"owner": "superu", | |
"size": 261, | |
"src": "/home/superu/.ansible/tmp/ansible-tmp-1398309991.99-154306435729762/source", | |
"state": "file", | |
"uid": 1000 | |
} | |
vbox2 | success >> { | |
"changed": true, | |
"dest": "/tmp/vbox3.hosts", | |
"gid": 1000, | |
"group": "superu", | |
"md5sum": "7fc8dbb516171a8498c536a203c294b9", | |
"mode": "0644", | |
"owner": "superu", | |
"size": 261, | |
"src": "/home/superu/.ansible/tmp/ansible-tmp-1398309991.99-47163419696367/source", | |
"state": "file", | |
"uid": 1000 | |
} | |
8. Without using sudo, init role will create roles in your users home directory. To create a | |
new blank role in /etc/ansible/roles instead, where you can store new tasks, you run this command with sudo : | |
superu@vbox3:/etc/ansible/roles$ sudo ansible-galaxy init testrole | |
testrole was created successfully | |
superu@vbox3:/etc/ansible/roles$ ls -al testrole | |
total 40 | |
drwxr-xr-x 9 root root 4096 Apr 23 20:34 . | |
drwxr-xr-x 3 root root 4096 Apr 23 20:33 .. | |
drwxr-xr-x 2 root root 4096 Apr 23 20:33 defaults | |
drwxr-xr-x 2 root root 4096 Apr 23 20:33 files | |
drwxr-xr-x 2 root root 4096 Apr 23 20:33 handlers | |
drwxr-xr-x 2 root root 4096 Apr 23 20:34 meta | |
-rw-r--r-- 1 root root 1336 Apr 23 20:33 README.md | |
drwxr-xr-x 2 root root 4096 Apr 23 20:34 tasks | |
drwxr-xr-x 2 root root 4096 Apr 23 20:34 templates | |
drwxr-xr-x 2 root root 4096 Apr 23 20:34 vars | |
9. And here is an example of an almost successful Apache2 playbook execution. (probably just a user | |
permission problem related to my ansible.cfg file): | |
superu@vbox3:~$ cat apache.yml | |
--- | |
- hosts: all | |
user: superu | |
sudo: yes | |
tasks: | |
- name: install apache2 | |
action: apt pkg=apache2 state=latest | |
handlers: | |
- name: start apache2 | |
action: service name=apache2 state=started | |
superu@vbox3:~$ ansible-playbook apache.yml -vvvv | |
PLAY [all] ******************************************************************** | |
GATHERING FACTS *************************************************************** | |
<vbox1> ESTABLISH CONNECTION FOR USER: root | |
<vbox2> ESTABLISH CONNECTION FOR USER: root | |
<vbox1> REMOTE_MODULE setup | |
<vbox2> REMOTE_MODULE setup | |
<vbox1> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/superu/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', 'vbox1', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1398394924.57-279139919868652 && echo $HOME/.ansible/tmp/ansible-tmp-1398394924.57-279139919868652'"] | |
<vbox2> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/superu/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', 'vbox2', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1398394924.57-167795639238343 && echo $HOME/.ansible/tmp/ansible-tmp-1398394924.57-167795639238343'"] | |
<vbox1> PUT /tmp/tmpXjOyZQ TO /root/.ansible/tmp/ansible-tmp-1398394924.57-279139919868652/setup | |
<vbox2> PUT /tmp/tmpyLhZ3n TO /root/.ansible/tmp/ansible-tmp-1398394924.57-167795639238343/setup | |
<vbox1> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/superu/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', 'vbox1', "/bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1398394924.57-279139919868652/setup; rm -rf /root/.ansible/tmp/ansible-tmp-1398394924.57-279139919868652/ >/dev/null 2>&1'"] | |
<vbox2> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/superu/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', 'vbox2', "/bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1398394924.57-167795639238343/setup; rm -rf /root/.ansible/tmp/ansible-tmp-1398394924.57-167795639238343/ >/dev/null 2>&1'"] | |
ok: [vbox2] | |
ok: [vbox1] | |
TASK: [install apache2] ******************************************************* | |
<vbox1> ESTABLISH CONNECTION FOR USER: root | |
<vbox1> REMOTE_MODULE apt pkg=apache2 state=latest | |
<vbox2> ESTABLISH CONNECTION FOR USER: root | |
<vbox2> REMOTE_MODULE apt pkg=apache2 state=latest | |
<vbox1> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/superu/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', 'vbox1', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1398394926.58-220027889198689 && echo $HOME/.ansible/tmp/ansible-tmp-1398394926.58-220027889198689'"] | |
<vbox2> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/superu/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', 'vbox2', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1398394926.58-165270829161516 && echo $HOME/.ansible/tmp/ansible-tmp-1398394926.58-165270829161516'"] | |
<vbox1> PUT /tmp/tmpXlHUv9 TO /root/.ansible/tmp/ansible-tmp-1398394926.58-220027889198689/apt | |
<vbox2> PUT /tmp/tmpZLp9d6 TO /root/.ansible/tmp/ansible-tmp-1398394926.58-165270829161516/apt | |
<vbox1> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/superu/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', 'vbox1', "/bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1398394926.58-220027889198689/apt; rm -rf /root/.ansible/tmp/ansible-tmp-1398394926.58-220027889198689/ >/dev/null 2>&1'"] | |
<vbox2> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/superu/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', 'vbox2', "/bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1398394926.58-165270829161516/apt; rm -rf /root/.ansible/tmp/ansible-tmp-1398394926.58-165270829161516/ >/dev/null 2>&1'"] | |
ok: [vbox2] => {"changed": false} | |
changed: [vbox1] => {"changed": true, "stderr": "AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.0.51. Set the 'ServerName' directive globally to suppress this message\n", "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following extra packages will be installed:\n apache2-bin apache2-data libapr1 libaprutil1 libaprutil1-dbd-sqlite3\n libaprutil1-ldap\nSuggested packages:\n apache2-doc apache2-suexec-pristine apache2-suexec-custom apache2-utils\nThe following NEW packages will be installed:\n apache2 apache2-bin apache2-data libapr1 libaprutil1 libaprutil1-dbd-sqlite3\n libaprutil1-ldap\n0 upgraded, 7 newly installed, 0 to remove and 2 not upgraded.\nNeed to get 1268 kB of archives.\nAfter this operation, 5233 kB of additional disk space will be used.\nGet:1 http://us.archive.ubuntu.com/ubuntu/ trusty/main libapr1 amd64 1.5.0-1 [85.1 kB]\nGet:2 http://us.archive.ubuntu.com/ubuntu/ trusty/main libaprutil1 amd64 1.5.3-1 [76.4 kB]\nGet:3 http://us.archive.ubuntu.com/ubuntu/ trusty/main libaprutil1-dbd-sqlite3 amd64 1.5.3-1 [10.5 kB]\nGet:4 http://us.archive.ubuntu.com/ubuntu/ trusty/main libaprutil1-ldap amd64 1.5.3-1 [8634 B]\nGet:5 http://us.archive.ubuntu.com/ubuntu/ trusty/main apache2-bin amd64 2.4.7-1ubuntu4 [839 kB]\nGet:6 http://us.archive.ubuntu.com/ubuntu/ trusty/main apache2-data all 2.4.7-1ubuntu4 [160 kB]\nGet:7 http://us.archive.ubuntu.com/ubuntu/ trusty/main apache2 amd64 2.4.7-1ubuntu4 [87.7 kB]\nFetched 1268 kB in 4s (259 kB/s)\nSelecting previously unselected package libapr1:amd64.\n(Reading database ... 167869 files and directories currently installed.)\nPreparing to unpack .../libapr1_1.5.0-1_amd64.deb ...\nUnpacking libapr1:amd64 (1.5.0-1) ...\nSelecting previously unselected package libaprutil1:amd64.\nPreparing to unpack .../libaprutil1_1.5.3-1_amd64.deb ...\nUnpacking libaprutil1:amd64 (1.5.3-1) ...\nSelecting previously unselected package libaprutil1-dbd-sqlite3:amd64.\nPreparing to unpack .../libaprutil1-dbd-sqlite3_1.5.3-1_amd64.deb ...\nUnpacking libaprutil1-dbd-sqlite3:amd64 (1.5.3-1) ...\nSelecting previously unselected package libaprutil1-ldap:amd64.\nPreparing to unpack .../libaprutil1-ldap_1.5.3-1_amd64.deb ...\nUnpacking libaprutil1-ldap:amd64 (1.5.3-1) ...\nSelecting previously unselected package apache2-bin.\nPreparing to unpack .../apache2-bin_2.4.7-1ubuntu4_amd64.deb ...\nUnpacking apache2-bin (2.4.7-1ubuntu4) ...\nSelecting previously unselected package apache2-data.\nPreparing to unpack .../apache2-data_2.4.7-1ubuntu4_all.deb ...\nUnpacking apache2-data (2.4.7-1ubuntu4) ...\nSelecting previously unselected package apache2.\nPreparing to unpack .../apache2_2.4.7-1ubuntu4_amd64.deb ...\nUnpacking apache2 (2.4.7-1ubuntu4) ...\nProcessing triggers for man-db (2.6.7.1-1) ...\nProcessing triggers for ureadahead (0.100.0-16) ...\nureadahead will be reprofiled on next reboot\nProcessing triggers for ufw (0.34~rc-0ubuntu2) ...\nSetting up libapr1:amd64 (1.5.0-1) ...\nSetting up libaprutil1:amd64 (1.5.3-1) ...\nSetting up libaprutil1-dbd-sqlite3:amd64 (1.5.3-1) ...\nSetting up libaprutil1-ldap:amd64 (1.5.3-1) ...\nSetting up apache2-bin (2.4.7-1ubuntu4) ...\nSetting up apache2-data (2.4.7-1ubuntu4) ...\nSetting up apache2 (2.4.7-1ubuntu4) ...\nEnabling module mpm_event.\nEnabling module authz_core.\nEnabling module authz_host.\nEnabling module authn_core.\nEnabling module auth_basic.\nEnabling module access_compat.\nEnabling module authn_file.\nEnabling module authz_user.\nEnabling module alias.\nEnabling module dir.\nEnabling module autoindex.\nEnabling module env.\nEnabling module mime.\nEnabling module negotiation.\nEnabling module setenvif.\nEnabling module filter.\nEnabling module deflate.\nEnabling module status.\nEnabling conf charset.\nEnabling conf localized-error-pages.\nEnabling conf other-vhosts-access-log.\nEnabling conf security.\nEnabling conf serve-cgi-bin.\nEnabling site 000-default.\n * Starting web server apache2\n * \nProcessing triggers for libc-bin (2.19-0ubuntu6) ...\nProcessing triggers for ureadahead (0.100.0-16) ...\nProcessing triggers for ufw (0.34~rc-0ubuntu2) ...\n"} | |
PLAY RECAP ******************************************************************** | |
vbox1 : ok=2 changed=1 unreachable=0 failed=0 | |
vbox2 : ok=2 changed=0 unreachable=0 failed=0 | |
superu@vbox3:~$ ansible webservers -m shell -a "netstat -an | grep LISTEN | grep 80" | |
vbox2 | success | rc=0 >> | |
tcp6 0 0 :::80 :::* LISTEN | |
unix 2 [ ACC ] STREAM LISTENING 8003 @/tmp/.X11-unix/X0 | |
unix 2 [ ACC ] STREAM LISTENING 8004 /tmp/.X11-unix/X0 | |
vbox1 | success | rc=0 >> | |
tcp6 0 0 :::80 :::* LISTEN | |
10. Push previous playbook over to the other servers: | |
superu@vbox3:~$ ansible webservers -m copy -a "src=/home/superu/apache.yml dest=/home/superu/apache.yml" | |
vbox2 | success >> { | |
"changed": true, | |
"dest": "/home/superu/apache.yml", | |
"gid": 0, | |
"group": "root", | |
"md5sum": "98355b5f8027d000d1efe99de1f5793f", | |
"mode": "0644", | |
"owner": "root", | |
"size": 212, | |
"src": "/root/.ansible/tmp/ansible-tmp-1398395696.28-49423234782761/source", | |
"state": "file", | |
"uid": 0 | |
} | |
vbox1 | success >> { | |
"changed": true, | |
"dest": "/home/superu/apache.yml", | |
"gid": 0, | |
"group": "root", | |
"md5sum": "98355b5f8027d000d1efe99de1f5793f", | |
"mode": "0644", | |
"owner": "root", | |
"size": 212, | |
"src": "/root/.ansible/tmp/ansible-tmp-1398395696.28-129129377695232/source", | |
"state": "file", | |
"uid": 0 | |
} | |
11. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment