Monday, August 13, 2018

Ansible Certification : 2. Deploying Ansible

2. Deploying Ansible. 

  • Installing Ansible.
  • Managing Ansible Configuration Files.
  • Running Ad Hoc Commands.
  • Managing Dynamic Inventories.
  • Summary
  • Lab:
  • Exercise

=========================================================================

Installing Ansible 

Ansible installation is relatively simple. All it needs is that you have python 2 or 2.6 version present on the server where its about to be installed. On the managed hosts 2.4 and above will be good. 

Just in case if the version of python installed is earlier than 2.5 then it must also have python-simplejson package installed. 

SSH-key-based Authentication:

As ssh connection requires authentication each time it connects, hence the need for Key-based authentication is needed. Private and public key needs to be created and Public key needs to be pushed on to Managed hosts so that going forward we don't have to authenticate again and again. 
SSH key can be copied to different hosts with a command "ssh-copy-id" . 

Once ansible has been installed you can use the help option ( $ ansible -h ) to get help and ( $ ansible --version) to check for the installed version. 

Referencing Inventory Hosts:









Managing Ansible Configuration Files : 

Configuration of ansible can be controlled using the below files mentioned in the directories with Priorities.

1.  /etc/ansible/ansible.cfg --> This file is used when no other files are present. 
2.  ~/.ansible.cfg --> present in user's home directory. This is used b4 first entry if present. 
3.  ./ansible.cfg -->   If this file is present in the home directory from where the command is run then this will be used first.
4.  $ANSIBLE_CONFIG --> this is used to setup in an environment for Ansible if you have multiple locations to be run at multiple directories. This precedes all other entries. 

Due to these multitude of locations where ansible file can be placed, its very difficult to identify which files is being currently used by ansible, Hence in order to identify which file is currently being in use we can take help of the below command. 

# ansible --version 

 # ansible --version

   ansible 2.5.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules',       u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, May  3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]


Another active way to see currently used ansible configuration is with -v option . 

# ansible server --list-hosts -v 

[root@Automation-1 ~]# ansible all --list-hosts -v
Using /etc/ansible/ansible.cfg as config file
  hosts (2):
    auto-2
    auto-3

Ansible configuration file breakup can be divided into below sections : 

[root@Automation-1 ~]# grep "^\[" /etc/ansible/ansible.cfg
[defaults]
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]


All the above mentioned parameters are configured ansible configurations but you have a miss here which is ( galaxy ) will talk about it later. 


1. Inventory -- > Location of the ansible inventory file. 
2. remote user -- > The remote user account used to establish connections to managed hosts. 
3. become -- >  Enables or disables privilege escalations for operations on managed hosts.
4. become_method -- > Defines the privilege escalations method on managed hosts. 
5. become_user -- > The user account to escalate privilege on managed hosts. 
6. become_ask_pass -- > Its for asking password while escalating user privilege on managed hosts.


Practicals : 

1. Log onto any system and run ansible version command to check active config files. 
#  ansible --version.

2. Open /etc/ansible/ansible.cfg file and examine the different sections for example. 
    Under the [default] section, locate and examine the inventory settings. 
    Check for [privilege_escalation] section. 
# cat /etc/ansible/ansible.cfg.


3. Create a user level Ansible configuration file at your home directory and then check which file is getting used for ansible config changes. 
# touch /home/xyz/ansible.cfg
# ansible --version.


4. Create a directory and when you are in that directory create a ansible cfg file and then check which file is being read for ansible configuration. 
# mkdir /home/xyz/vikas/ansible.cfg
# ansible --version. 


5. Create another user level ansible configuration file at /home/xyz/vikas/aaa/ansible.cfg. Set the $ANSIBLE_CONFIG  environment variable full path and then check which file is getting used currently. 
# touch /home/xyz/vikas/aaa/ansible.cfg. 
# export ANSIBLE_CONFIG=/home/xyz/vikas/aaa/ansible.cfg. 
# ansible --version. 

6. How to change default working inventory location for ansible. 
In the file ansible.cfg go to defaults section and modify the below : 

[defaults]
inventory=/home/xyz/vikas/inventory 

7. Go to that folder and create a hosts file in the directory. 
# cd /home/xyz/vikas/inventory
# vi hosts
   server1.lab.com
   server2.lab.com

Check with the below command if you are able to get the same content as below :
# ansible classroom --list-hosts.


Running AD-Hoc commands : 

- Running ad hoc commands locally.
- Running ad hoc commands remotely.
- Usage of ad hoc commands.


Ansible allows user to run/execute on-demand tasks on managed hosts. These ad hoc commands are the most basic operations that can be performed using ansible.

Each ad hoc command is capable of performing a single operation. If you need to run multiple commands then you will need to execute a series of ad hoc commands on the hosts.

Ad hoc commands are the simplest way for an user to start with learning ansible and then move on towards more complex ways like modules, plays and playbooks.

Alternatively ad hoc commands can be used to perform non-invasive commands such as querying a large group of managed for diagnostic information.

Syntax for Ad-hoc commands :

# ansible host-pattern -m module [ -a 'module arguments'] [-i inventory] 


Using modules in an Ad hoc commands: 

The modules are specified by -m options and this specifies which ansible module needs to be used to perform the remote operations. Will talk about modules later. 

Arguments are passed to a specified module using -a options. Some modules can handle no arguments and others can handle multiple arguments. When no arguments are needed simple run the command without providing -a option. if multiple arguments are needed then you can run them as below : 

# ansible host-pattern -m module -a 'argument1 argument2' [-i inventory]

Administrator has the rights of defining a default module that can be used by Ansible if no module has been specified. 
By default Ansible uses command module and mentioned in /etc/ansible/ansible.cfg file under 
# default module name for /usr/bin/ansible.
# module_name = command. 


So these 2 commands are equivalent to 1 another. 

Command 01 :  # ansible host-pattern -m command -a 'module arguments'
Command 02 :  # ansible host-pattern -a 'module arguments'


Mostly if you see below the normal Ansible output is fetched in 2 lines, 1 signifies the server it tried to reach and other is what it ran over there. 

You can get the Ansible output listed in 1 line with -o switch like below : 

[root@Automation-1 ansible]# ansible all -m command -a 'date' -o
auto-3 | SUCCESS | rc=0 | (stdout) Mon Aug  6 13:02:11 IST 2018
auto-2 | SUCCESS | rc=0 | (stdout) Mon Aug  6 13:02:02 IST 2018

Note : Drawbacks of command module over shell.
The commands run by using command module in Ansible cannot execute stuff related to piping and redirecting as they are not provided any shell by system when they execute. 

For such instance you need to use shell command instead of "command" command. 
Examples below : 

[root@Automation-1 ansible]# ansible auto-2 -m command -a set
auto-2 | FAILED | rc=2 >>
[Errno 2] No such file or directory

[root@Automation-1 ansible]# ansible auto-2 -m shell -a set
auto-2 | SUCCESS | rc=0 >>
BASH=/bin/sh
BASHOPTS=cmdhist:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
BASH_ALIASES=()


Ad Hoc command configuration:
When an Ad Hoc command is executed, several things occur behind the scene. First the ansible configuration file is consulted for various parameters. Module_name that we had seen before is one such example. 

a. Connection settings: 
Reading the connection related parameters mentioned in the cfg file, Ansible triggers connection using the remote user mentioned in file. 

b. Privilege Escalation: 
After successfully connecting to a hosts, ansible can switch users before executing any operation.

Ansible Command line Options : 

Settings :                                                 Command line options 
Inventory                                                  -i 
remote_user                                            -u 
become                                                    --become, -b 
become_method                                      --become_method 
become_user                                           --become_user
become_ask_pass                                   --ask-become-pass, -k 

# ansible --help 

======================================================================
EXERCISE: 

1. [root@Automation-1 ~]# ansible auto-2 -m command -a 'id'
auto-2 | SUCCESS | rc=0 >>
uid=0(root) gid=0(root) groups=0(root)

2. Now we will try to change the remote file with dynamic content for ex: motd file.
[root@Automation-1 ~]# ansible auto-2 -m command -a 'cat /etc/motd'
auto-2 | SUCCESS | rc=0 >>


#  Here you can see that the file is empty .

3. Now lets try to put some content on to the empty file remotely.
[root@Automation-1 ~]# ansible auto-2 -m copy -a 'content="Managed by Vikas\n" dest=/etc/motd'
auto-2 | SUCCESS => {
    "changed": true,
    "checksum": "881a4e0ddbf6172bc0f7c4a0bb7919fbac59d6ab",
    "dest": "/etc/motd",
    "gid": 0,
    "group": "root",
    "md5sum": "ff7609058aa99d919ca273d99f2e1b95",
    "mode": "0644",
    "owner": "root",
    "size": 17,
    "src": "/root/.ansible/tmp/ansible-tmp-1534002527.61-15459222671883/source",
    "state": "file",
    "uid": 0
}

4. [root@Automation-1 ~]# ansible auto-2 -m command -a 'cat /etc/motd'
auto-2 | SUCCESS | rc=0 >>
Managed by Vikas

=================================================================

Managing Dynamic Inventory :

In this section we will use an Ansible Dynamic inventory to Pro-grammatically build an inventory from external data sources. 

By default, Ansible provides a text-based inventory format to define the hosts to be managed. When operating with larger systems ansible provides options of using the directories service monitored by them. Ansible supports dynamically building of an inventory from these external data sources through the use of scripts which retrieves information from them. 
AWS, Virtual environments also have such information of an instances such information can be used by ansible to build a hosts file in short time period. 

Difference between Static and Dynamic Inventory :
If the inventory file is executable then it is termed as dynamic inventory and if its not executable then its termed as static inventory. 

Supported Platforms : Below is the path of the scripts which can/will help you to generate a large number of inventory list if you have a large environment. 
Ansible Github site : https://github.com/ansible/ansible/tree/devel/contrib/inventory. 

1. Private cloud - redhat openstack platform. 
2. Public cloud - Rackspace, AWS & Google Space. 
3. Virtualization platforms like - OVIRT. 
4. Platform as a service solution - Openshift. 
5. Spacewalk. 

Writing Dynamic Inventory program : 

If a dynamic inventory script does not exists for the directory structure or infrastructure in use, It is possible to write a custom dynamic inventory program. Scripting can be done in any programming language, and it must return in JSON format when passed appropriate options. 

In order for an ansible script to retrieve list of hosts, script will have to run with option like --list parameter. Which in return should provide the details like group and hostname or IP address. 

# ./inventoryscript --list
{
        "Webservers" : [ "webserver1.example.com", "webserver2.example.com" ],
        "Database"   : [ "db1.example.com", "db2.example.com" ],
}

Working with multiple inventories:     

Ansible supports the use of Multiple inventories in the same run. If you place the inventory files in a directory and change the config files accordingly then all the inventory files under that directory will be read and executed. Path to change /etc/ansible/ansible.cfg. 


When multiple file exists in the same directory then they are examined in alphabetical order. In a similar fashion if you can include the inventory list so you can ignore them as per files. 



SUMMARY :

Lets summarize as to what we have completed until now: 

- Any system on which ansible is installed and which has access to right configuration files and playbooks to manage remote hosts can be termed as control hosts. 

- The managed hosts are defined in the inventory file. Host patterns are used to reference managed hosts defined in an inventory. 

- Inventory can be static or dynamic generated from a script or a program. 

- The location of the inventory should be managed by ansible.cfg file but it would great if its maintained at playbook directories. 

- Ansible look for a number of places for its configuration file. In an order mentioned before the first match point is taken by passing all the rest ansible cfg files. 

- The Ansible command is used to perform one time Ad-hoc requests on the server. 

- Ad Hoc commands determine the operation to perform through the use of modules and their arguments. 

- Ad Hoc commands which require additional permissions to get the job done, for these kind of jobs you can use escalation feature in ansible. 










Wednesday, July 18, 2018

Ansible Certification : 1. Introducing Ansible

1.   Introducing Ansible 

  • Overview of Ansible Architecture. 
  • Overview of Ansible Deployments.
  • Describing Ansible Inventory
  • Summary . 
  • Quiz Details 
  • Logs 

=======================================================================

INTRODUCING ANSIBLE
Ansible was originally written by Michael De Haan, the creator of the Cobbler provisioning application. Ansible is globally accepted because its easy to use and is built on Python. Ansible is also supported by Devops tools such as Vagrant and Jenkins. 
A file that contains a series of plays is called a playbook. Ansible is an open source configuration managment and orchestration utility. Ansible architecture is agentless. Work is pushed to remote hosts when Ansible executes. 

Modules are the actual programs which performs the actual work of the tasks in play. Ansible is immediately useful because it comes with hundreds of core modules that perform the system administrative tasks. 
What Ansible cannot do ? 
- Ansible cannot audit changes made on the system by other users. 
- Ansible can add packages to the system but it cannot add initial minimal installation of the systems. 
- Ansible can remediate system configuration file drift, it does not monitor it. 
- Ansible does not track what changes are made to the system from last deployment. 
ANSIBLE CONCEPTS AND ARCHITECTURE : 
2 types of machines in the ansible architecture. 
- The control node 
- The manged node 
Control node is where all the software resides. This is the command center for ansible. 
Ansible uses SSH as a network transport to communicate with the managed hosts. The module referenced in the playbook are copied to the managed hosts. Then they are executed in order, with the arguments specified in the playbook. 
Ansible control node components 
- Ansible Configuration : 
  Ansible has configuration setting which defines how it behaves. These settings include such as remote user + command execution. Providing password and sudo credentials while executing remote commands. Default configuration values can be overwritten by Env values and Values defined in Conf files. 
- Host Inventory : 
  The Ansible hosts inventory defines which configuration groups hosts belongs to. The inventory can define how Ansible communicates with the given hosts, 
- Core Modules  :
  Core modules are the modules that are shipped with Ansible. There are 400 core modules. 
- Custom Modules : 
   User can extend Ansible's Functionality by writing there own modules. Modules are typically written in Python, but user also has a option of writing the module in other languages like Perl, shell , Ruby etc. 
- Playbooks : 
   Ansible playbooks are files that are written in YAML Syntax that define the modules with arguments to apply with managed nodes. 
- Connection Plugins : 
   Plugins that enable communication with managed hosts or private cloud. These include native SSH, Parimiko ssh, and local. Parimiko is a python implementation of Openssh with RHEL6 that provides control persist setting to improve performance of Ansible. 
- Plugins : 
  Extensions that enhances Ansible's functionality. Examples emails, notification and logging. 
Roles and requirements for Control Node : 
Python 2.6 or Python 2.7 should be installed on control node. Configuration Files are maintained on Control node. 
Roles and requirements of Managed hosts: 
A managed hosts is a system into which ansible logs into and executes remote commands to perform configuration tasks. Ansible uses SSH so ssh must be configured to accept Nodes connections. Python-simplejson packaged needs to be installed on RHEL 5 version. Python 2.5 covers this package by default. 
QUIZ : 


1.  Which of the following programming language is Ansible built on ? 
  • C ++
  • Perl 
  • Python 
  • Ruby 
2.  Which of the following terms best describes Ansible's Architecture ?
  • Agent-less.
  • Client/Server 
  • Event-Driven
  • Stateless. 
3.  What is the network Protocol which Ansible uses to communicate with managed hosts ?
  • HTTP 
  • HTTPS
  • Paramiko 
  • SNMP 
  • SSH 
4.   Which of the following files defines the action Ansible performs on Managed nodes ?
  • Configuration Files. 
  • Host Inventories. 
  • Manifest 
  • Playbooks. 
  • Script. 
5.  What syntax is used to define Ansible Playbook ?
  • Bash 
  • Perl 
  • Python 
  • YAML 
Note : The serial keyword can be used to limit the number of hosts that the playbook runs at once. Once the subset of servers have been deployed and are functioning properly. Ansible will move onto another batch of server in the target group. By default, Ansible will try to apply playbook to the target managed hosts in parallel, with the exact number of parallel processes to spawn controlled by forks directive mentioned in the applicable ansible.cfg configuration files. 


Ansible Connections Plugins : 

Control Persist  : Connection plugins allow Ansible to communicate with managed hosts and cloud providers. The preferred connection plugins for newer version of Ansible is the native SSH options. Ansible uses control persist option when the client open-ssh supports it. 

Local Connection Plugin : Its used locally, mostly the use case for these types of scenarios are using a corn job to trigger a Ansible locally. 

Paramiko : It is used on RHEL 6. It's a connection solution for older systems where older version of open-ssh didn't had Control Persist. 

Winrm : Ansible connection plugin module allows Microsoft windows machines to be managed. The pywinrm needs to be installed on Linux machine to manage windows hosts. 

Docker connection plugin : Ansible 2 introduced docker as a plugin module which helps in communicating with the docker system without any SSH enabling on the client. 
QUIZ : 


1. Which of the following is not a deployment task suitable for Ansible ?
  • - Deploy JBOSS consistently over different operating system. 
  • - Deploy Red Hat Satellite agents to existing servers in Datacenter 
  • - Discover the operating system version and software subscription status of RHEL. 
  • - Monitor the state of the system so that it does not experience configuration Drift . 
  • - Manage the software development life cycle of Openshift Enterprise Application. 
2. Which of the following Ansible Keyword facilitates zero-downtime rolling updates to occur by limiting the number of managed hosts a playbook can run on in parallel ?
- accelerate 
- gather_subset
- handlers
- serial 
- tasks. 
3. The paramiko Ansible connection plugin is used to communicate with which types of managed hosts ? 
- Docker containers.
- RHEL6
- RHEL7
- Windows Server


Describing Ansible Inventories: 

Ansible Inventories :
Ansible inventories are nothing but the host entries which ansible is going to manage. Hosts may belong to certain group which are identical to the pattern in Data-center. A host can be a member of more than one group.

2 types of host inventories :

  • Static Inventory - its a text file .
  • Dynamic Inventory - generated from outside providers. 

Static Host Inventories : 

An ansible static hosts is basically nothing but a txt file which is created to manage hosts and create groups for the ease of work. 
In the hosts file every server entry needs to be entered on a new line. You can put hostname or IP address. Host group needs to be defined within square brackets [ ]. 

Example : 2 groups are defined in the below hosts files.

# cat /etc/ansible/hosts
[webserver]
localhost
web1.example.com
web2.example.com:2233 ansible_connection=ssh ansible_user=goko
10.10.10.10

[database]
web1.example.com
db1.example.com

In the above example we can see that web2 is given directives that it has to use port 2233 and use ssh for connection and user used for login should be goko

Default location for hosts file :      /etc/ansible/hosts
Can be specified directly by using -i option or --inventory

2 groups can be clubbed together under a Parent group by using :children suffix.

Example as below :

# cat /etc/ansible/hosts
[auto]
hyundai
honda

[tyre]
mrf
apollo

[car:children]
auto
tyre

Now lets work on simplifying the work with hosts file if you have to deal multiple hosts which are in same range or have things in common.

Syntax : [start:end]

192.168.[4:6].[0:255]
server[1:10].example.com         --> server1 to 10 all are covered in here.

Now that we know most of the stuff on Ansible host inventories (static) let try some commands to help us find them at runtime.

$ ansible server1.example.com --list-hosts
---- > server1.example.com

$ ansible server01.example.com --list-hosts    -- > failed example.
---- > no output .

Defining variables in hosts files: 

Even though ansible allows you to specify the variables in hosts file but it is advisable to put them in specific directories.

Dynamic host inventory : 

This inventory can be dynamically generated. Source can be anything like cobbler, cloud, cmdb, cloud.


QUIZ: 

1. Which of the following items is not found in the Ansible inventory files ?

  • Hosts group 
  • IP Address range 
  • Module names 
  • Variable definitions 
  • User authentication information. 
2. cat /etc/hosts
    [linux-dev]
    cchang.example.com
    rlocke.example.com

    [windows-dev]
    wdinyes.exmaple.com

    [development:children]
    linux-dev
    windows-dev

Given the ansible inventory above, which hosts groups include rlocke.example.com ?
  • linux-dev
  • windows-dev
  • development
  • both linux-dev & development.

3. Which of the following expressions can be used in an ansible inventory file to match hosts in the 10.1.0.0/16 address range ?
  • 10.1.0.0/16
  • 10.1.[0:255].[0:255]
  • 10.1.[0-255].[0-255]
  • 10.1*
4.  Which of the following can be a source for Ansible dynamic host inventory information ?
  • Cobbler system information 
  • Configuration management system 
  • LDAP Database
  • Scripts that fetch information from Cloud 
  • All of the above. 


QUIZ : 

1. The python-simplejson package must be installed on which of these nodes ?

  • Ansible control node. 
  • RHEL 5 
  • RHEL 6 
  • RHEL 7 
  • Windows managed hosts 
2.  What is the default location of Ansible hosts file ?
  • /etc/ansible/inventory
  • /etc/ansible/hosts
  • /etc/ansible/hosts.groups
  • /etc/ansible/hosts.inventory.