Ansible — IT Automation Part-1

First thing First: Ansible is a Configuration Management Tool from Redhat. It’s free and Open Source. Ansible allows you to automate your IT infrastructure starting from creating VM, Installing Software, Docker/Kubernetes Deployment and Configuring in VM through simple Configuration file (YAML). Ansible provides Different modules like file, database, cloud, inventory to install and configure your VM/Cluster. Think of cluster, you can configure you cluster and make it up-and running without any human touch. You don’t need any programming language knowledge to work with ansible. It is one of the keytool in DevOps ecosystem.

You can clone my Ansible Part-1 Repo, before reading further.

About Ansible

Ansible is a universal language, unraveling the mystery of how work gets done. Turn tough tasks into repeatable playbooks. Roll out enterprise-wide protocols with the push of a button. Give your team the tools to automate, solve, and share.

You can automate anything — Infrastructure, Application-deployment, networks, Containers, Security-and-compliance and cloud

Alternate tools like puppet and chef are available. Which can replace Ansible. But each tool has got it’s own beauty. Ansible does its work like a pro. So it’s not worth to compare Ansible with Chef or Puppet.

Ansible works over SSH. You can Install Ansible in a Laptop, Desktop, Deployment server or CI-CD Pipe. It works every where. You need to make sure that the target Machine/Server is accessible over SSH. Ansible support all type of SSH authentication

  1. Username/Password Based SSH Auth

2. Private/Public Key Based SSH Auth

3. Jump Box and Tunnel based SSH Auth

Note: Ansible do support other protocol other than SSH to communicate with Target Machine/Server.

In Ansible, you need to define your inventory (VM details), your playbook (Automation Script details) and that’s it. Ansible will do the automation for you over SSH.

Install Ansible:

How to Install Ansible in Windows

There is out-of-box support for Linux. But you will find it difficult to up-and-running in Windows.

Windows 7/10: I have installed “cygwin” and able to install ansible in Cygwin. But it didn’t work properly. I would suggest to follow below path for Windows OS Ansible installation.

  1. Download and Install Virtualbox.

2. Download Ubuntu Image for Virtualbox

3. Run Ubuntu under Virtualbox

4. Start Ubuntu

Continue reading this article, how to install configure Ansible in Ubuntu. You can follow same path for your Virtualbox Ubuntu Configuration.

How to Install Ansible in Linux

Ansible Can be installed in Ubuntu/CentOS/RHEL using Python. Expected Python 2.7 or above. By-default pip should be installed. If not, then use below command to install pip

Note: Use “yum” for centos/RHEL and “apt” for Ubuntu OS.

$ sudo apt get install python-pip
$ sudo yum install python-pip

Use pip to install Ansible in linux

$ sudo pip install ansible

Note: You can install Ansible through “apt” and “yum” command for ubuntu, centOS and RHEL. But i would recommend to install via python.

This is optional step to install Ansible via Linux Package Manager (without using python)

sudo yum install ansible
sudo apt-get install ansible

How to use Ansible:

I always follow standard practices. The best way to start working with Ansible is to follow correct folder structure.

About Each Directory:

group_vars: is the folder which will contain variable with it’s value. Which you can use in your script. Variable can use username, password, software version, path or anything.

inventories: Inventories are definition for your cluster, VMs or Nodes. You can define you IP address or Domain name for all your VMs. Also you can define your username for each VM. In-case you want to SSH using public key or password based Authentication or You are dealing with tunneling. Everything is getting managed here.

Before you continue further, i request you have already created above folder structure.

Step-1: Inventory

First define your VM details, this will tell Ansible, how to login to VM over SSH.

Inside inventories directory, create a inventory file called “my-vm.yml”. Then add following contents to it.

inventory_name:
hosts:
192.168.2.2:
ansible_connection: ssh
ansible_user: username
ansible_ssh_pass: password
ansible_become: yes
ansible_become_method: sudo

Replace 192.168.2.2 with your VM ip address. Replace “ansible_user” and “ansible_ssh_pass” with your VM password.

Step-2: Group Variable

Create a sub directory called “all” under “group_vars” directory. Create a file with name of your choice. For example, we have created one file called myvar at following location. “myvar” don’t have any extension.

group_vars/all/myvar

Add following contents to it.

vm_user_group: mygroup
vm_non_root_user: bikash

We have created 2 variables. We are going to consume these variables in our script.

Step-3: Roles

This is the place where you define your automation. In-side your “roles” directory, create as many modules as you want. If you look at below screenshot, you can understand, in my case i have created 5 modules. For learning, you can create just one module like “software”

Let’s see, what we have inside “software” directory or module. Ansible Rule have some pre-defined structure that we have to follow.

There are 3 folders, files, handlers and tasks.

files: Suppose your automation requires some file to be copied to VM or your Automation requires some software installation, which you want to install by copying from files directory to remote VM directory and start installing there.

tasks: TASK are the Ansible playbook. This is the main directory where you write your own automation script. Let’s create one Ansible playbook under following directory

/roles/software/tasks/main.yml

Add following content to “main.yml”.

---
# Software Installation and Configuration Script
- name: Install Software
debug:
msg: "Task - Install Required Software"
- name: Install Docker
shell: |
apt-cache policy docker-ce
apt-get install -y docker-ce
systemctl status docker
become: yes
become_method: sudo
- name: Copy Docker Compose Binary
copy:
src: docker-compose
dest: /usr/local/bin/
owner: '{{ vm_non_root_user }}'
group: '{{ vm_user_group }}'
mode: 0550
- name: Restart service Docker, in all cases
service:
name: docker
state: restarted

Above playbook contains 4 Ansible task. Each task start with “- name”. Even 3rd task is trying to copy one binary file called “docker-compose” from files folder of software module to remote VM. For your case, you can keep any text file and change in script accordingly.

Let me explain about a task, following is the syntax to create one Ansible task.

- name: Ansible TASK NAME GOES HERE
shell: |
write your linux command 1 here
write your linux command 2 here
become: yes
become_method: sudo

Even you look at the task-3, we are using variables like {{ vm_non_root_user }} and {{ vm_user_group }} in this script, which is actually defined in group_vars ( Remember ? )

- name: Copy Docker Compose Binary
copy:
src: docker-compose
dest: /usr/local/bin/
owner: '{{ vm_non_root_user }}'
group: '{{ vm_user_group }}'
mode: 0550

Now we are at the last step of playbook creation, to manage roles execution order. In the root directory create a new yml file called “start.yml” and add following content.

---
- hosts: all
roles:
- role: software

You can see we have written role as “software” because our module name was “software” inside roles directory. Here we are using hosts as “all” so that script will be executed for all the host inside inventory file. Although at this moment we have only 1 host in our inventory file i.e. “inventory_name”.

Then run the playbook, like this:

ansible-playbook -i inventory/my-vm.yml start.yml

You can clone this Github repo to learn from different examples

https://github.com/ansible/ansible-examples

Wait for my next part, where we will discuss more about Tunneling in Ansible and Vault to store secrets.

Happy Automation.