Our goals is install, configure and use Ansible software in Ubuntu 14.04 x64. With this software you can control and manage a lot of Linux/UNIX servers as puppet from management server. The difference is puppet is written with Ruby but, ansible is written with Python programming language. Commands in puppet and ansible is different but global scheme is the same. One big difference is ansible using SSH key for authorization on client machines (puppet is install agents on client machines) and all configurations going through ssh. For that, before all you must generate SSH key on master server and send public key for all client machines.
In our configuration we will use 5 servers. They are ansmaster and node1ans, node2ans, node3ans, node4ans.
Our network topology will be as following:
Firstly we must install and configure master server ansmaster.unixmen.com
Update, install repositories/packages and install new repositories for ansible.
[email protected]:~# apt-get update
[email protected]:~# apt-get dist-upgrade
[email protected]:~# apt-add-repository ppa:ansible/ansible -y
gpg: keyring `/tmp/tmpwvqe7axu/secring.gpg’ created
gpg: keyring `/tmp/tmpwvqe7axu/pubring.gpg’ created
gpg: requesting key 7BB9C367 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpwvqe7axu/trustdb.gpg: trustdb created
gpg: key 7BB9C367: public key “Launchpad PPA for Ansible, Inc.” imported
gpg: Total number processed: 1
gpg:Â Â Â Â Â Â Â Â Â Â Â Â Â Â imported: 1Â (RSA: 1)
OK
[email protected]:~# apt-get update && sudo apt-get install ansible -y
Look at ansible version.
[email protected]:~# ansible –version
ansible 1.9.4
configured module search path = None
Create key on our ansmaster server.
[email protected]:~# ssh-keygen -t rsa -b 4096 -C “a[email protected]”
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
45:7a:75:d1:2e:24:c6:2e:35:1a:d3:ac:e3:4a:54:f9 [email protected]
The key’s randomart image is:
+–[ RSA 4096]—-+
|Â Â Â Â Â Â Â Â Â .=. oo |
|Â Â Â Â Â Â Â Â o=.O.. .|
|Â Â Â Â Â Â Â ..oX + . |
|Â Â Â Â Â Â Â .o= E . .|
|      .S. o  . |
|       . .     |
|      . .      |
|       .       |
|Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â |
+—————–+
Copy already created pubic key to other servers with scp command.
Note: First time in yours ansmaster server you must try to connect with ssh to localhost, after write yes and click to Enter button(after that you can break connection with Ctrl+C). This will automatically create ~/.ssh folder. We need this is for known_hosts file. When you first time try to connect to any machines, automatically creates ~/.ssh folder and ~/.ssh/known_hosts file. We must do this operation on all client nodes too.
[email protected]:/root/.ssh# ssh node1ans
[email protected]:/root/.ssh# ssh node2ans
[email protected]:/root/.ssh# ssh node3ans
[email protected]:/root/.ssh# ssh node4ans
For description we will copy public key with our hostname:
[email protected]:~# cd /root/.ssh/
[email protected]:/root/.ssh# cp id_rsa.pub `hostname`.id_rsa.pub
Copy pubic key from ansmaster server with scp command to all client machines ~/.ssh folder (On Ubuntu client machine you must firstly copy to user home folder and after from sudo user copy this key to /root/.ssh folder):
[email protected]:/root/.ssh# scp ansmaster.id_rsa.pub [email protected]:/home/jamal/
[email protected]:/root/.ssh# scp ansmaster.id_rsa.pub [email protected]:/root/.ssh/
[email protected]:/root/.ssh# scp ansmaster.id_rsa.pub [email protected]:/root/.ssh/
[email protected]:/root/.ssh# scp ansmaster.id_rsa.pub [email protected]:/root/.ssh/
Then you must copy this key to authorized_keys file in the ~/.ssh/ folder(Before that go to the /root/.ssh folder on all client machines):
[email protected]:/# cd /root/.ssh/
[email protected]:/root/.ssh# cat ansmaster.id_rsa.pub >> authorized_keys
[[email protected] ~]# cd /root/.ssh/
[[email protected] .ssh]# cat ansmaster.id_rsa.pub >> authorized_keys
[[email protected] ~]# cd /root/.ssh/
[[email protected] .ssh]# cat ansmaster.id_rsa.pub >> authorized_keys
[email protected]:~ # cd /root/.ssh/
[email protected]:~/.ssh # cat ansmaster.id_rsa.pub >> authorized_keys
Create client nodes.
Firstly we will create node1ans.unixmen.com.
Update repositories for Ubuntu node1ans:
[email protected]:~# apt-get update && apt-get dist-upgrade -y
Update repositories for CentOS node2ans and node3ans:
[[email protected] ~]# yum upgrade -y
Note: On CentOS7 servers if you will choose Basic server, there are will not network utilities. You must install them.
[[email protected] ~]# yum install net-tools -y
Note: On CentOS7 servers disable SeLinux and Firewall. We will change the line as SELINUX=disabled in node2ans and node3ans servers /etc/selinux/config configuration file(reboot after changes).
[[email protected] ~]# systemctl disable firewalld
rm ‘/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service’
rm ‘/etc/systemd/system/basic.target.wants/firewalld.service’
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# systemctl disable firewalld
[[email protected] ~]# systemctl stop firewalld
For FreeBSD client machine update repositories:
[email protected]:~ # portsnap fetch extract update
Answer yes for all questions:
[email protected]:~ # pkg update
[email protected]:~ # pkg upgrade
Install Python27 from the ports:
[email protected]:~ # cd /usr/ports/lang/python27
[email protected]:~ # make config
[email protected]:~ # make -DBATCH install
[email protected]:~ # rehash
[email protected]:~ # which python2.7
/usr/local/bin/python2.7
[email protected]:~ # ln -s /usr/local/bin/python2.7 /usr/bin/python
Create ansible automatization
We will create two group of servers. all – all servers will be here and webservers – only web servers will be here. Configurations will be in the /etc/ansible/hosts file as following:
[email protected]:~# cat /etc/ansible/hosts | grep -v “#” | grep -v ‘^$’
[all]
node1ans.unixmen.com
node2ans.unixmen.com
node3ans.unixmen.com
node4ans.unixmen.com
[webservers]
node2ans.unixmen.com
node3ans.unixmen.com
For example with -m(define the using module) option we will use ping module and send ping to all members of “webservers” and “all” groups. You can get list of all modules from the http://docs.ansible.com/ansible/list_of_all_modules.html official page.
[email protected]:~# ansible -m ping webservers
node3ans.unixmen.com | success >> {
“changed”: false,
“ping”: “pong”
}
node2ans.unixmen.com | success >> {
“changed”: false,
“ping”: “pong”
}
[email protected]:~# ansible -m ping all
node4ans.unixmen.com | success >> {
“changed”: false,
“ping”: “pong”
}
node3ans.unixmen.com | success >> {
“changed”: false,
“ping”: “pong”
}
node2ans.unixmen.com | success >> {
“changed”: false,
“ping”: “pong”
}
node1ans.unixmen.com | success >> {
“changed”: false,
“ping”: “pong”
}
With command module you can send system commands to all client machines:
[email protected]:~# ansible -m command -a “uptime” all
With SHELL module you can send system commands to all client machines:
[email protected]:~# ansible -m shell -a “hostname” all
node1ans.unixmen.com | success | rc=0 >>
node1ans
node3ans.unixmen.com | success | rc=0 >>
node3ans.unixmen.com
node2ans.unixmen.com | success | rc=0 >>
node2ans.unixmen.com
node4ans.unixmen.com | success | rc=0 >>
node4ans.unixmen.com
