In the previous blog, we have dive in detailed about Configuration Management. Refer link: Configuration Management.
In today's blog, we will look into Ansible. Let's start✨
What is Ansible?
Ansible is an open source IT automation platform from Red Hat. It enables organizations to automate many IT processes usually performed manually, including provisioning, configuration management, application deployment and orchestration.
Use cases for Ansible include provisioning and managing servers, deploying applications, configuring network devices, automating cloud infrastructure, and orchestrating complex workflows.
It provides a simple and agentless architecture, making it highly scalable and efficient for managing large-scale environments. Ansible’s versatility and simplicity make it popular among DevOps teams for streamlining and automating various IT operations.
Ansible is one of the most used tools for managing cloud and on-premises infrastructure. If you are looking for a flexible and powerful tool to automate your infrastructure management and configuration tasks Ansible is the way to go.
Features of Ansible
Features of Ansible includes: -
Free: Ansible is an open-source tool.Simple set up: No special coding skills are necessary to use Ansible’s playbooks.Powerful: Ansible lets you model even highly complex IT workflows.Flexible: You can orchestrate the entire application environment no matter where it’s deployed. You can also customize it based on your needs.Agentless: You don’t need to install any other software or firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure.Efficient: Because you don’t need to install any extra software, there’s more room for application resources on your server. It is efficient in Configuration management, Change the configuration of an application or OS or device, Start and stop services, Install or update applications, Implement a security policy, Perform a wide variety of other configuration tasks, etc.Application Deployment: Ansible lets you quickly and easily deploy multi tier apps. You won’t need to write custom code to automate your systems; you list the tasks required to be done by writing a playbook, and Ansible will figure out how to get your systems to the state you want them to be in.Orchestration: As the name suggests, orchestration involves bringing different elements into a beautifully run whole operation. Ansible uses automated workflows, provisioning, and more to make orchestrating tasks easy. And once you’ve defined your infrastructure using the Ansible playbooks, you can use that same orchestration wherever you need to, thanks to the portability of Ansible playbooks.Security and Compliance: As with application deployment, site-wide security policies (such as firewall rules or locking down users) can be implemented along with other automated processes. If you configure the security details on the control machine and run the associated playbook, all the remote hosts will automatically be updated with those details. That means you won’t need to monitor each machine for security compliance continually manually. And for extra security, an admin’s user ID and password aren’t retrievable in plain text on Ansible.Cloud Provisioning: The first step in automating your applications’ life cycle is automating the provisioning of your infrastructure. With Ansible, you can provision cloud platforms, virtualized hosts, network devices, and bare-metal servers.
How does Ansible work?
There are mainly two computer categories in Ansible: the managed node and the control node.
The control node, a computer, is responsible for running Ansible. At least one control node should be there; a backup control node may also exist in parallel. A managed node can be any device managed by the control node.
Ansible’s standard operating procedure is that it first gets connected to nodes such as servers, clients, or anything that needs to be configured and then sends a small program known as the Ansible module to that node. Then these modules are executed by Ansible over SSH, which is removed when the execution is completed.
The important thing for this interaction is that Ansible control nodes must have login access to the managed nodes. The SSH keys provide this access, and other forms of authentication also provide helping hands.
Basic Concepts & Terms
Host: A remote machine managed by Ansible.
Group: Several hosts grouped together that share a common attribute.
Inventory: A collection of all the hosts and groups that Ansible manages. Could be a static file in the simple cases or we can pull the inventory from remote sources, such as cloud providers.
Modules: Units of code that Ansible sends to the remote nodes for execution.
Tasks: Units of action that combine a module and its arguments along with some other parameters.
Playbooks: An ordered list of tasks along with its necessary parameters that define a recipe to configure a system.
Roles: Redistributable units of organization that allow users to share automation code easier.
YAML: A popular and simple data format that is very clean and understandable by humans.
What is an Ansible playbooks?
Ansible Playbooks offer a repeatable, reusable, simple configuration management and multi-machine deployment system, one that is well suited to deploying complex applications. If you need to execute a task with Ansible more than once, write a playbook and put it under source control. Then you can use the playbook to push out new configuration or confirm the configuration of remote systems.
An Ansible playbook can be defined as a configuration file written in YAML (Yet Another Markup Language) to provide instructions for things that need to be done to bring a managed node into the required state.
A playbook is a list of plays which runs in order from top to bottom. Within each play, tasks also run in order from top to bottom. Playbooks with multiple ‘plays’ can orchestrate multi-machine deployments, running one play on your webservers, then another play on your database servers, then a third play on your network infrastructure, and so on. At a minimum, each play defines two things:
the managed nodes to target, using a pattern
at least one task to execute
Play: A Play is minimally a mapping between a set of hosts selected by a host specifier (usually chosen by groups but sometimes by hostname globs) and the tasks which run on those hosts to define the role that those systems will perform. There can be one or many plays in a playbook.
In other words, Play refers to the set (one or more) of actions (tasks) you want to execute on a set (one of more) of hosts.
What are Ansible Roles?
Roles in Ansible provide a framework for collections of variables, files, tasks, modules, and templates that are independent or interdependent.
In Ansible, the role is a primary mechanism to break a playbook into multiple files. Ansible makes complex playbook writing simple and can be reused easily. The purpose of breaking the playbook is carried out so that it can be into reusable components. Each role is assigned a particular functionality for desired output.
Roles are small functionality within playbooks that peak it can be independently used. In any conditions, you can not execute the role directly.
TASKS
TASK 1: Installation of Ansible on AWS EC2 (Master Node)
Step 1: Create a new EC2 instance in AWS Console.
Step 2: Now connect the EC2 instance using SSH.
Step 3: Once you SSH the instance, install Ansible.
# Add ansible repository to your instance
sudo apt-add-repository ppa:ansible/ansible
# Update the package
sudo apt-get update
# Install the Ansible
sudo apt-get install ansible
Step 4: As installation completes, to verify Ansible is installed successfully, we can check the Ansible by using the following command.
ansible --version
TASK 2: Ansible Host File
The Ansible host file is a text file that contains a list of hosts or servers that Ansible can connect to and manage. The host’s file is located at /etc/ansible/hosts on the Ansible control node, It defines the inventory of systems on which Ansible can perform automation tasks.
Step 1: To edit the hosts file, you can use any text editor of your choice.
sudo vim /etc/ansible/hosts
Step 2: After you have added the hosts to the file, you can verify the inventory of hosts that Ansible can manage using the ansible-inventory --list command.
ansible-inventory --list
TASK 3: Configuring Ansible Child Node
Step 1: We need to create 1 master node and 3 server nodes. So, we have launched 1 master node i.e., Ansible-Master. Now, we need 3 server nodes i.e., Node-1, Node-2, Node-3.
Select the instance(master one) > Actions > Images and templates > Launch more like these.
Step 2: Launch 3 instances with the same configurations.
Step 3: Launch the instance.
Step 4: Change the name of the newly created instance as Node-1, Node-2, Node-3.
Step 5: Now, Add the newly created public IPv4 host address in the ansible master /etc/ansible/hosts file.
sudo vim /etc/ansible/hosts
[my-servers]
server1 ansible_host=<Server1_IPv4_Addr>
server2 ansible_host=<Server2_IPv4_Addr>
server3 ansible_host=<Server3_IPv4_Addr>
Step 6: Go to the master server, use the below command to generate id_rsa.pub
ssh-keygen
Step 7: Copy the key from id_rsa.pub.
Step 8: Now, Connect to the Node-1 instance. And then Go to .ssh > authorized_keys
ubuntu@ip-172-31-41-31:~ $ cd .ssh
ubuntu@ip-172-31-41-31:~/.ssh$ ls
authorized_keys
ubuntu@ip-172-31-41-31:~/.ssh vim authorized_keys
Step 9: Paste the public key here which you have copied from id_rsa.pub file master server.
Step 10: Do the same for Node-2 and Node-3.
Step 11: Upload keygen from local to EC2 instance
sudo scp -i "<pem_key>" <pem_key> ubuntu@ec2-<ipaddr>.compute-1.amazonaws.com:/home/ubuntu/.ssh/
Step 12: As the file is uploaded into the .ssh folder, change the file permission rwx to the user only.
sudo chmod 700 Anisble-master.pem
Step 13: As file permission is modified, add the private key and Python file to the host file.
[all:vars]
ansible_ssh_private_key_file=/home/ubuntu/.ssh/Anisble-master.pem
ansible_python_interpreter=/usr/bin/python3
ansible_user=ubuntu
Step 14: We can see all the server’s details in the inventory list where we are providing the host address, python directory and private key to be used.
ansible-inventory --list
Step 15: Provide an ad-hoc command to check free RAM for all the servers.
ansible all -a "free -h" -u ubuntu
Step 16: Try a ping module command using ansible to all the child nodes.
ansible all -m ping -u ubuntu
Step 17: If you are getting an error related to authentication as you’re using a custom SSH key to connect to the remote servers, you can provide it at execution time with the --private-key option
To know more about Ansible please refer to the video Ansible Video
ansible all -m ping -i /etc/ansible/hosts --private-key=~/.ssh/Anisble-master.pem
NOTE: Still If you are getting any error related to the key, then copy the id_rsa.pub key of the Ansible master and paste it to each server.
Conclusion
In Conclusion, Ansible is an open-source automation platform designed for managing and orchestrating IT infrastructure. It uses a simple and human-readable language called YAML to describe automation tasks. One of its key features is its agentless architecture, allowing it to communicate with remote servers over SSH, making deployment and configuration management more straightforward.
Ansible is known for its ease of use, quick learning curve, and efficient scaling capabilities. It excels in automating repetitive tasks, such as software provisioning, configuration changes, and application deployment, across various environments. Ansible's modular design and extensive library of pre-built modules contribute to its versatility, enabling users to automate a wide range of IT operations. Overall, Ansible is a popular choice for organizations seeking a flexible, efficient, and user-friendly automation solution.
Hope you find it helpful🤞 So I encourage you to try this on your own and let me know in the comment section👇 about your learning experience.✨
👆The information presented above is based on my interpretation. Suggestions are always welcome.😊
~Smriti Sharma✌