hidden:Ansible on hpa

From Lsdf
Revision as of 19:11, 21 February 2017 by Jvw (talk | contribs)
Jump to navigationJump to search

Ansible (on github) is a configuration manager that requires no software installation on the target hosts and can run along side existing configuration programs like puppet, cfengine etc... Only ssh access from server to client is required. RedHat has adopted Ansible as its configuration egine.

The Ansible directory on hpa is: /root/Ansible.

The ansible configuration system uses playbooks at the top level. Playbooks contain plays, plays consist of tasks and tasks call modules. The modules are the core of ansible. These are ready made functions that can setup the network, copy files, install software etc. You can find the catalog of modules here. Everything runs strict step by step except handlers. Tasks can trigger handlers. Handlers run at the end, once.

Intro

To become familiar with ansible here are a few command examples.

  • Ping a list of hosts

Ping every host listed in the inventory. The inventory is a list with hostnames or ip adresses. Default is 'hosts' but in this example the -i flag is used to tell Ansible which inventory file to use. The argument all can be replaced by a single entry from the inventory in order to run the command one one single host.

 # ansible -i test.inv all -m ping
 172.18.95.51 | SUCCESS => {
     "changed": false,
     "ping": "pong"
 }
 172.18.95.50 | UNREACHABLE => {
     "changed": false,
     "msg": "Failed to connect to the host via ssh.",
     "unreachable": true
 }

You see 172.18.95.50 does not respond. This command is nice to check connectivity.

  • See the date on all hosts

The ping command above is actually builtin to Ansible. Ansible calls a module with the name ping that automatically provides the internal ping with each of the hosts. The module is selected with the -m flag. If you want to execute a live command using the shell module give the command as argument to the shell module

 # ansible -i test.inv all -m shell -a date
 172.18.95.51 | SUCCESS | rc=0 >>
 Sun Jun 19 22:27:36 CEST 2016
 172.18.95.50 | SUCCESS | rc=0 >>
 Sun Jun 19 22:27:36 CEST 2016
  • info extracted on the target hosts

Each time Ansible is run, it gathers all sorts of information. This information is used during Ansible Playbook runs. For example to see all gathered info on hpdt

 # ansible -i test.inv hpdt-a -m setup

Ansible Galaxy is the official community hub for sharing Ansible roles. Look here for ready made 'roles' that can be downloaded.

Playbooks

To run a playbook that actually installs something you run the ansible-playbook command:

 # ansible-playbook -i <inventory.inv> roles.yml

The inventory is a list with host names. The file roles.yml is a yaml script that contains plays. If you want to try a playbook use the check option.

 # ansible-playbook -i production.inv all_roles.yml

Look here for the current set of plays and playbooks.

Installation log

Add the epel repo to the list of repos, run an update check and install ansible from epel

 # rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epelrelease-7-5.noarch.rpm
 # yum update
 # yum install ansible

On hpa (stock RHL 7) this installed ansible and 12 dependencies most notable a bunch of python packages Ansible normally lives out of /etc. I have changed the location of the ansible files to /root/Ansible using a symlink in /etc/


Updated Ansible on 19.6.2016

  (1/1): ansible-2.1.0.0-1.el7.noarch.rpm                    | 3.4 MB   00:00
  Old: 2.0.2.0-1
  New: 2.1.0.0-1