Differences

This shows you the differences between two versions of the page.

--- servers:management_tools:ansible [2025/02/11 14:50] – jmbargallo
+++ servers:management_tools:ansible [2025/02/11 14:53] (current) – jmbargallo
@@ Line 1: / Line 1: @@
-====== Ansible Cheatsheet ======
+====== Ansible ======
-==== Basics ====
+Ansible is an open source, command-line IT automation software application written in Python. It can configure systems, deploy software, and orchestrate advanced workflows to support application deployment, system updates, and more. Ansible's main strengths are simplicity and ease of use.
-Run a playbook:
+===== Install Ansible =====
-    ansible-playbook playbook.yml
-  * **Run an ad-hoc command:**
+  apt install ansible
-    ansible <host> -m <module> -a "<arguments>"
-  * **List available modules:**
+Next, we need to create a file `/etc/ansible/hosts`, and add our hosts. In essence, here we define hosts and groups of hosts that Ansible will try to manage.
-    ansible-doc -l
-  * **Check if a host is reachable:**
+  sudo nano /etc/ansible/hosts
-    ansible <host> -m ping
+  [control]
+  master01  ansible_connection=local
+  [workers]
+  worker01  ansible_connection=ssh
+  worker02  ansible_connection=ssh
+  worker03  ansible_connection=ssh
-  * **List facts about a host:**
+  [cube:children]
+  control
-    ansible <host> -m setup
+  workers
-==== Inventory ====
+Above, you can see I have added 3 groups: control, workers and cube. Name of the group is the one in between [ ]. This was split so that if I want to execute some actions only on control server, I use the “control” group. Group “cube” has children. This basically means that it’s a group of groups, and when I’m using cube I’m targeting every single node from the listed groups.
-  * **Specify inventory file:**
+Variable: `ansible_connection`: we are telling Ansible how to connect to that host. The primary method is ssh, but I specified “local” for control01, because this is the node that we are running Ansible from. This way, it won’t try to ssh to itself.
-    ansible-playbook -i inventory_file playbook.yml
-  * **Host group example in inventory file:**
+Lastly, we are going to make it so that user root will be able to log in to other nodes from control01 without the password using an ssh key. This step is optional, but after this you won’t need to type the password every time you run Ansible.
-    [web]
-    webserver1
-    webserver2
-  * **Dynamic Inventory (AWS example):**
+  # Make sure you are user root
-    ansible-playbook -i aws_ec2.py playbook.yml
+  cd
+  mkdir -p ~/.ssh
+  chmod 700 ~/.ssh
+  # Do not fill anything in next command just enter
+  ssh-keygen -t rsa
+  # Copy keys to each node, for example:
+  ssh-copy-id -i ~/.ssh/id_rsa.pub root@worker01
+  ssh-copy-id -i ~/.ssh/id_rsa.pub root@worker02
+  ssh-copy-id -i ~/.ssh/id_rsa.pub root@worker03
-==== Playbook Structure ====
+After this, we are ready for some mass settings with Ansible.
-  * **Simple playbook:**
+===== First Ansible commands =====
-   yaml
-    ---
-    - name: Install a package
-      hosts: web
-      tasks:
-        - name: Install nginx
-          ansible.builtin.yum:
-            name: nginx
-            state: present
-  * **Playbook with variables:**
+This is the last thing before we head on to the next article. We are going to check if Ansible is working fine and can connect to all nodes:
-   yaml
-    ---
-    - name: Install package with variable
-      hosts: web
-      vars:
-        package_name: nginx
-      tasks:
-        - name: Install nginx
-          ansible.builtin.yum:
-            name: "{{ package_name }}"
-            state: present
-  * **Playbook with roles:**
+  # Run following as root user
-   yaml
+  # We are going to execute ping via ansible, the "cube" is group we specified in /etc/ansible/hosts
-    ---
+  # And if you remember this will execute the command on all nodes.
-    - name: Install and configure web server
+  # -m mean we are going to use module, in our case module: ping
-      hosts: web
-      roles:
-        - webserver
-==== Common Modules ====
+  ubuntu@ubuntu:~$ ansible cube -m ping
-  * **Yum (Install package):**
+  # Result should be:
-   yaml
+  ubuntu@ubuntu:~$ ansible cube -m ping
-    - name: Install package
+  master01 | SUCCESS => {
-      ansible.builtin.yum:
+      "ansible_facts": {
-        name: nginx
+          "discovered_interpreter_python": "/usr/bin/python3"
-        state: present
+      },
+      "changed": false,
+      "ping": "pong"
-  * **Copy (Copy file):**
+  }
-   yaml
+  worker01 | SUCCESS => {
-    - name: Copy file
+      "ansible_facts": {
-      ansible.builtin.copy:
+          "discovered_interpreter_python": "/usr/bin/python3"
-        src: /local/path/to/file
+      },
-        dest: /remote/path/to/file
+      "changed": false,
+      "ping": "pong"
+  }
-  * **Command (Run a command):**
+  worker02 | SUCCESS => {
-   yaml
+      "ansible_facts": {
-    - name: Run a command
+          "discovered_interpreter_python": "/usr/bin/python3"
-      ansible.builtin.command: /bin/echo Hello World
+      },
+      "changed": false,
+      "ping": "pong"
-  * **File (Change file attributes):**
+  }
-   yaml
+  worker03 | SUCCESS => {
-    - name: Change file permissions
-      ansible.builtin.file:
-        path: /path/to/file
-        mode: '0644'
-  * **Service (Manage services):**
-   yaml
-    - name: Start nginx service
-      ansible.builtin.service:
-        name: nginx
-        state: started
-==== Variables ====
-  * **Define variables in playbook:**
-   yaml
-    vars:
-      var_name: value
-  * **Use variables in tasks:**
-   yaml
-    - name: Install package
-      ansible.builtin.yum:
-        name: "{{ var_name }}"
-        state: present
-  * **Define host variables in inventory:**
-    [web]
-    webserver1 ansible_ssh_user=ubuntu
-  * **Use facts in playbook:**
-   yaml
-    - name: Print host IP
-      debug:
-        var: ansible_default_ipv4.address
-==== Loops and Conditionals ====
-  * **Loop over items:**
-   yaml
-    - name: Install multiple packages
-      ansible.builtin.yum:
-        name: "{{ item }}"
-        state: present
-      loop:
-        - nginx
-        - vim
-  * **When conditional:**
-   yaml
-    - name: Install nginx if variable is true
-      ansible.builtin.yum:
-        name: nginx
-        state: present
-      when: install_nginx == true
-  * **Loop with index:**
-   yaml
-    - name: Print index of items
-      debug:
-        msg: "Item {{ item }} is at index {{ ansible_loop.index }}"
-      loop:
-        - one
-        - two
-        - three
-==== Handlers ====
-  * **Define a handler:**
-   yaml
-    handlers:
-      - name: Restart nginx
-        ansible.builtin.systemd:
-          name: nginx
-          state: restarted
-  * **Notify a handler:**
-   yaml
-    - name: Modify nginx config
-      ansible.builtin.copy:
-        src: nginx.conf
-        dest: /etc/nginx/nginx.conf
-      notify: Restart nginx
-==== Ansible Vault ====
-  * **Create a new encrypted file:**
-    ansible-vault create secret.yml
-  * **Edit an encrypted file:**
-    ansible-vault edit secret.yml
-  * **Encrypt an existing file:**
-    ansible-vault encrypt existing_file.yml
-  * **Decrypt a file:**
-    ansible-vault decrypt secret.yml
-  * **Run a playbook with vault password:**
-    ansible-playbook --ask-vault-pass playbook.yml
-==== Useful Commands ====
-  * **Check syntax of a playbook:**
-    ansible-playbook --syntax-check playbook.yml
-  * **Run playbook in check mode (dry-run):**
-    ansible-playbook --check playbook.yml
-  * **Run playbook with verbose output:**
-    ansible-playbook -v playbook.yml
-  * **Display detailed information about a module:**
-    ansible-doc <module_name>
 ==== Resources ====