Ansible: Roles

Use Ansible roles to orchestrate more complex configurations.Let's create a new directory named nginx, which will be a Role. Then we'll create the basic structure of a Role:

mkdir -p roles/nginx cd roles/nginx mkdir files handlers meta templates tasks vars

Files

I grab Nginx configuration from H5Bp.

cd roles/nginx/files # Get the H5BP Nginx repository wget https://github.com/h5bp/server-configs-nginx/archive/master.zip # Save the "h5bp" directory and discard the rest unzip master.zip rm master.zip mv server-configs-nginx/h5bp ../ rm -rf server-configs

Now we have files roles/nging/files/h5bp.

Use Ansible roles to orchestrate more complex configurations.Let's create a new directory named nginx, which will be a Role. Then we'll create the basic structure of a Role:

mkdir -p roles/nginx
cd roles/nginx
mkdir files handlers meta templates tasks vars

Files

I grab Nginx configuration from H5Bp.

cd roles/nginx/files

# Get the H5BP Nginx repository
wget https://github.com/h5bp/server-configs-nginx/archive/master.zip

# Save the "h5bp" directory and discard the rest
unzip master.zip
rm master.zip
mv server-configs-nginx/h5bp ../
rm -rf server-configs

Now we have files roles/nging/files/h5bp.

Variables

Next we'll add some variables to be used in this role. Create roles/nginx/vars/main.yml.

--- domain: serversforhackers.com

Templates

We'll create an Nginx configuration file using templates. Templates let us create a file which contain variables, loops and other items as allowed in Python's Jinja2 template engine.

I create file roles/nginx/templates/serversforhackers.com.j2 to create the Jinja2 Nginx configuration template for the serversforhackers.com site.

server { listen 80; server_name *.{{ domain }}; return 301 http://{{ domain }}; } server { listen 80 default_server; root /var/www/{{ domain }}; index index.html index.htm; access_log /var/log/nginx/{{ domain }}.log; error_log /var/log/nginx/{{ domain }}-error.log error; server_name {{ domain }}; charset utf-8; include h5bp/basic.conf; location /favicon.ico { log_not_found off; access_log off;} location /robots.txt { log_not_found off; access_log off;} location / { try_files $uri $uri =404; } }

Handler

Create some handlers. Create file roles/nginx/handlers/main.yml:

--- - name: Start Nginx service: name=nginx state=started - name: Reload Nginx service: name=nginx state=reloaded

Tasks

Finally we put everything together in our tasks file. Create file roles/nginx/tasks/main.yml:

--- - name: Add Nginx Repository apt_repository: repo='ppa:nginx/stable' state=present - name: Install Nginx apt: pgk=nginx state=latest update_cache=true notify: - Start Nginx - name: Add H5BP Config copy: src=h5bp dest=/etc/nginx owner=root group=root - name: Disable Default Config file: dest=/etc/nginx/sites-enabled/defalt state=absent notify: - Reload Nginx - name: Add SFH Site Config template: src=serversforhackers.com.j2 dest=/etc/nginx/sites-available/{{ domain }} owner=root group=root - name: Enable SFH Site Config file: src=/etc/nginx/sites-available/{{ domain }} dest=/etc/nginx/sites-enabled/{{ domain }} state=link notify: - Reload Nginx

Test, Debug and Run Role

Finally we can try running this Role. In the same directory as the roles directory, create a new yaml file such as run.yml. In this video, I use file nginx.yml since we only use the Nginx role:

--- - hosts: web sudo: yes user: root roles: - nginx

We can run this Playbook like so:

ansible-playbook --private-key=~/.ssh/id_ansible nginx.yml

Let's do a syntax check, which you should run before trying out a playbook or role:

ansible-playbook --syntax-check nginx.yml

We get some errors in the video, however I've corrected all of them in the above tasks/main.yml file.

Ansible: Playbooks

Use Ansible playbooks to run idempotent tasks on your servers.We installed Ansible and then installed nginx on three servers, using Ansible's "apt" module.

The first thign we do here is run the same command again to install Nginx:

ansible all -m apt -a "pkg=nginx state=latest update_cache=true" \ -u root --private-key=~/.ssh/id_ansible

This time our output shows us that nothing was changed, as our desired state has already been reached!

Playbooks

We'll use Playbooks to allow some more orchestration and follow a more configuration steps.

mkdir ansible cd ansible # Create a playbook named "nginx.yml" vim nginx.yml

The nginx.yml file:

--- - hosts: web sudo: yes user: root tasks: - name: Add Nginx Repository apt_repository: repo='ppa:nginx/stable' state=present register: ppainstalled - name: Install Nginx apt: pkg=nginx state=latest update_cache=true when: ppainstalled|success notify: - Start Nginx handlers: - name: Start Nginx service: name=nginx state=started

Once that's saved, we can run this via the ansible-playbook command:

ansible-playbook --private-key=~/.ssh/id_ansible nginx.yml

This will connect to the servers, gather facts about it, and change what needs to be changed to accomplished the tasks defined.

Ansible

WHAT IS ANSIBLE????

Ansible is the simplest and best tool to get started with configuration management. See how to start using now

Ansible: Installation and Basics

Get started with Ansible - installation and basics.We start by creating an SSH key into my Digital Ocean account. To create this SSH key, we'd locally run:

cd ~/.ssh ssh-keygen -t rsa -b 4096 -C "chris@serversforhackers.com" -f id_ansible # Get key into Mac's clipboard cat id_ansible.pub | pbcopy

That SSH key will be added to any server I create on Digital Ocean. This will ensure Ansible can log into any server we want to provision.

For this example, I create 3 servers on Digital Ocean.

In my local server I connect to the servers like so:

ssh -o "IdentitiesOnly yes" -i ~/.ssh/id_ansible root@[server-ip-here]

I can see I can connect, so I know the key-pair authentication is working over SSH.

Install Ansible

We're using an Ubuntu server (locally, via Vagrant). To install Ansible, run:

# Run this if we don't have the "add-apt-repository" command sudo apt-get install -y software-properties-common # Add Ansible's official repository sudo add-apt-repository -y ppa:ansible/ansible # Update repositories # Install Ansible sudo apt-get install -y ansible # Ensure installed which ansible

You can see how to install Ansible on other distributions here.

Ansible is agentless - we don't need to install an agent on the servers we provision. The servers just need Python and the ability to connect over SSH.

Configure Ansible

Ansible is inside of /etc/ansible. Lets move the original out of the way and edit create a new one.

sudo mv /etc/ansible/hosts /etc/ansible/hosts.bak sudo vim /etc/ansible/hosts

Edit /etc/ansible/hosts and make it look like this:

[web]
104.131.7.243
104.131.28.172
104.131.43.90

Now we have our three servers defined as hosts for Ansible to use.

Run Some Commands on Each Host

We'll run some arbitrary commands.

# Run ping as user root on each server ansible all -m ping -u root

We run into an SSH error, it doesn't find the correct key, falling back to password.

Instead, we try the following, which works:

ansible all -m ping -u root --private-key=~/.ssh/id_ansible

Another way we can do this is as follows, which uses the "shell" command. This let's us run any shell command on the servers.

ansible all -m shell -a "ping -c 3 localhost" \ -u root --private-key=~/.ssh/id_ansible

Install Nginx

We'll use the "apt" module to install Nginx across each server. This let's us declaratively tell Ansible what we want the desired state to be.

ansible all -m apt -a "pkg=nginx state=latest update_cache=true" \ -u root --private-key=~/.ssh/id_ansible

This will install Nginx on each server!

Devops& IT Help Stream

Thursday, 8 February 2018

Ansible: Roles

Meta

Files

Meta

Files

Variables

Templates

Handler

Tasks

Test, Debug and Run Role

Ansible: Playbooks

Playbooks

Ansible

Ansible: Installation and Basics

Install Ansible

Configure Ansible

Run Some Commands on Each Host

Install Nginx

Ansible: Roles

Whole Jenkings Learning

Report Abuse