https://www.digitalocean.com/community/tutorials/how-to-use-ansible-roles-to-abstract-your-infrastructure-environment
Ansible is an open source, easy to use configuration management system that can assist you in configuring large numbers of servers from a single machine. You can use it to automate automate:
- server deployment
- configuration management
- application software installation and configuration
Ansible install on Centos 7:
- wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
- rpm -Uvh epel-release-7*.rpm
- yum -y install ansible
- ssh-keygen -t rsa
- distribute public keys to client servers ~/.ssh/authorized_keys
- vi /etc/ansible/hosts (to create clients)
Test - Check uptime:
$ ansible all -a "uptime"
172.16.61.31 | success | rc=0 >>
15:25:00 up 194 days, 17:22, 3 users, load average: 1.55, 1.29, 1.23
172.16.61.33 | success | rc=0 >>
15:25:00 up 209 days, 16:31, 2 users, load average: 1.02, 1.02, 1.00
172.16.61.37 | success | rc=0 >>
15:25:00 up 182 days, 14:24, 2 users, load average: 1.09, 1.04, 1.01
172.16.61.38 | success | rc=0 >>
15:25:00 up 216 days, 4:58, 2 users, load average: 1.99, 1.72, 1.67
172.16.61.32 | success | rc=0 >>
15:25:00 up 194 days, 17:22, 2 users, load average: 1.23, 1.07, 1.02
Start your project
~$ mkdir setup
~$ cd setup
Create an inventory file
This is a list of hosts you want to manage, grouped into groups. (Hint: try using 127.0.0.1 to deploy to your local machine)
; ~/setup/hosts
[sites]
127.0.0.1
192.168.0.1
192.168.0.2
192.168.0.3
Create your first Playbook
# ~/setup/playbook.yml
- hosts: 127.0.0.1
user: root
tasks:
- name: install nginx
apt: pkg=nginx state=present
- name: start nginx every bootup
service: name=nginx state=started enabled=yes
- name: do something in the shell
shell: echo hello > /tmp/abc.txt
- name: install bundler
gem: name=bundler state=latest
Run it
~/setup$ ls
hosts
playbook.yml
~/setup$ ansible-playbook -i hosts playbook.yml
PLAY [all] ********************************************************************
GATHERING FACTS ***************************************************************
ok: [127.0.0.1]
TASK: [install nginx] *********************************************************
ok: [127.0.0.1]
TASK: start nginx every bootup] ***********************************************
ok: [127.0.0.1]
...
Sample Playbook written in YAML:
---
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: pkg=httpd state=latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running (and enable it at boot)
service: name=httpd state=started enabled=yes
handlers:
- name: restart apache
service: name=httpd state=restarted
AWS EC2 support:
https://aws.amazon.com/blogs/apn/getting-started-with-ansible-and-dynamic-amazon-ec2-inventory-management/
http:// everythingshouldbevirtual.com/ creating-vsphere-vms-using- ansible
http://
$ cat group_vars/all
---
# Variables listed here are applicable to all host groups
key_name: ec2-prod-key
aws_region: us-west-2
ami_id: ami-cc8de6fc
instance_type: t1.micro
$ cat basic-create.yml
---
# Basic provisioning example
- name: Create AWS resources
hosts: localhost
connection: local
gather_facts: False
tasks:
- name: Create security group
module: ec2_group
name: *my-security-group*
description: "A Security group"
region: "{{aws_region}}"
rules:
- proto: tcp
type: ssh
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
type: all
cidr_ip: 0.0.0.0/0
register: basic_firewall
- name: create an EC2 instance
local_action:
module: ec2
key_name: "{{key_name}}"
region: "{{aws_region}}"
group_id: "{{basic_firewall.group_id}}"
instance_type: "{{instance_type}}"
image: "{{ami_id}}"
wait: yes
register: basic_ec2
$ ansible-playbook -i $VIRTUAL_ENV/etc/ansible/hosts -vvvv basic-create.yml
... "public_ip": "PUBLIC_IP_3" ...
$ ssh -i ~/.ssh/ec2-prod-key fedora@PUBLIC_IP_3
vSphere support:
http://everythingshouldbevirtual.com/creating-vsphere-vms-using-ansible
Update 30/6/2015 - Use VBoxManage (included as part of VirtualBox) to build Virtualbox VM:
https://gist.github.com/mikhailov/740fbfc58767fc495fe2
#!/bin/bash -e
curl -O http://ftp.heanet.ie/pub/centos/7.0.1406/isos/x86_64/CentOS-7.0-1406-x86_64-Minimal.iso
export VM="MASTER"
export VMDISK="$VM-disk"
export REDHAT_IMAGE="/Users/user/Downloads/CentOS-7.0-1406-x86_64-Minimal.iso"
VBoxManage hostonlyif create
VBoxManage hostonlyif ipconfig vboxnet0 --ip 192.168.20.1
VBoxManage dhcpserver add --ifname vboxnet0 --ip 192.168.20.1 --netmask 255.255.255.0 --lowerip 192.168.20.10 --upperip 192.168.20.20 --enable
VBoxManage createhd --size 4096 --variant Fixed --filename ~/VirtualBox\ VMs/$VMDISK
VBoxManage createvm --register --name $VM --ostype RedHat_64
VBoxManage storagectl $VM --name "SATA Controller" --add sata --controller IntelAHCI
VBoxManage storageattach $VM --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium $VMDISK.vdi
VBoxManage storageattach $VM --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium $REDHAT_IMAGE
VBoxManage modifyvm $VM --memory 512 --acpi on --boot1 dvd
VBoxManage modifyvm $VM --nic1 hostonly --nictype1 virtio --hostonlyadapter1 vboxnet0
VBoxManage modifyvm $VM --nic2 nat --nictype2 virtio
VBoxManage startvm $VM
VBoxManage controlvm $VM poweroff
VBoxManage storageattach $VM --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium none
VBoxManage clonevm $VM --name "SLAVE0" --register
VBoxManage clonevm $VM --name "SLAVE1" --register
VBoxManage startvm "SLAVE0" "SLAVE1" --type headless
ssh root@192.168.20.10 "echo 'HOSTNAME=SLAVE0' >> /etc/sysconfig/network; hostname SLAVE0"
ssh root@192.168.20.11 "echo 'HOSTNAME=SLAVE1' >> /etc/sysconfig/network; hostname SLAVE1"
# There is NO PROBLEM with IP addresses now. VMs are accessbile from the host.
# Guest VMs have access to the Internet via NAT, but host-only connection between each other,
# HOST can reach VMs via the following IP addresses:
# ssh root@192.168.20.10
# ssh root@192.168.20.11
<Ansible now takes over>
Update 2/9/2015 - Nice code ssh key rotation with Ansible:
https://derpops.bike/2014/06/07/ssh-key-rotation-with-ansible/
Update 17/10/2015 - Redhat acquired Ansible with 50 employees for $100M:
http://www.redhat.com/en/about/press-releases/red-hat-acquire-it-automation-and-devops-leader-ansible
http://www.redhat.com/en/about/blog/why-red-hat-acquired-ansible
Update 10/9/2015 - Cron with Ansible:
# cat zplay.yml
---
- hosts: centos7
remote_user: root
tasks:
- name: setup 5 min cron
cron: name="every5mins"
minute="*/5"
user="root"
job="date >> /tmp/date.out"
[root@centos6 html]#
# ansible-playbook zplay.yml
PLAY ************************************************************************** *
TASK [setup] ****************************************************************** *
ok: [centos7]
TASK [setup 5 min cron] ******************************************************* *
changed: [centos7]
PLAY RECAP ******************************************************************** *
centos7 : ok=2 changed=1 unreachable=0 failed=0
Update 30/6/2015 - Use VBoxManage (included as part of VirtualBox) to build Virtualbox VM:
https://gist.github.com/mikhailov/740fbfc58767fc495fe2
#!/bin/bash -e
curl -O http://ftp.heanet.ie/pub/centos/7.0.1406/isos/x86_64/CentOS-7.0-1406-x86_64-Minimal.iso
export VM="MASTER"
export VMDISK="$VM-disk"
export REDHAT_IMAGE="/Users/user/Downloads/CentOS-7.0-1406-x86_64-Minimal.iso"
VBoxManage hostonlyif create
VBoxManage hostonlyif ipconfig vboxnet0 --ip 192.168.20.1
VBoxManage dhcpserver add --ifname vboxnet0 --ip 192.168.20.1 --netmask 255.255.255.0 --lowerip 192.168.20.10 --upperip 192.168.20.20 --enable
VBoxManage createhd --size 4096 --variant Fixed --filename ~/VirtualBox\ VMs/$VMDISK
VBoxManage createvm --register --name $VM --ostype RedHat_64
VBoxManage storagectl $VM --name "SATA Controller" --add sata --controller IntelAHCI
VBoxManage storageattach $VM --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium $VMDISK.vdi
VBoxManage storageattach $VM --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium $REDHAT_IMAGE
VBoxManage modifyvm $VM --memory 512 --acpi on --boot1 dvd
VBoxManage modifyvm $VM --nic1 hostonly --nictype1 virtio --hostonlyadapter1 vboxnet0
VBoxManage modifyvm $VM --nic2 nat --nictype2 virtio
VBoxManage startvm $VM
VBoxManage controlvm $VM poweroff
VBoxManage storageattach $VM --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium none
VBoxManage clonevm $VM --name "SLAVE0" --register
VBoxManage clonevm $VM --name "SLAVE1" --register
VBoxManage startvm "SLAVE0" "SLAVE1" --type headless
ssh root@192.168.20.10 "echo 'HOSTNAME=SLAVE0' >> /etc/sysconfig/network; hostname SLAVE0"
ssh root@192.168.20.11 "echo 'HOSTNAME=SLAVE1' >> /etc/sysconfig/network; hostname SLAVE1"
# There is NO PROBLEM with IP addresses now. VMs are accessbile from the host.
# Guest VMs have access to the Internet via NAT, but host-only connection between each other,
# HOST can reach VMs via the following IP addresses:
# ssh root@192.168.20.10
# ssh root@192.168.20.11
<Ansible now takes over>
Update 2/9/2015 - Nice code ssh key rotation with Ansible:
https://derpops.bike/2014/06/07/ssh-key-rotation-with-ansible/
Update 17/10/2015 - Redhat acquired Ansible with 50 employees for $100M:
http://www.redhat.com/en/about/press-releases/red-hat-acquire-it-automation-and-devops-leader-ansible
http://www.redhat.com/en/about/blog/why-red-hat-acquired-ansible
Update 10/9/2015 - Cron with Ansible:
# cat zplay.yml
---
- hosts: centos7
remote_user: root
tasks:
- name: setup 5 min cron
cron: name="every5mins"
minute="*/5"
user="root"
job="date >> /tmp/date.out"
[root@centos6 html]#
# ansible-playbook zplay.yml
PLAY ************************************************************************** *
TASK [setup] ****************************************************************** *
ok: [centos7]
TASK [setup 5 min cron] ******************************************************* *
changed: [centos7]
PLAY RECAP ******************************************************************** *
centos7 : ok=2 changed=1 unreachable=0 failed=0
No comments:
Post a Comment