“Water will not flow from a faucet that is not connected to its source”
So Ansible is one of the best deployment/automation software on the market right now but its cloud adaptation has been tricky for some. Im going to deploy mine on AWS but go right into it, for an in depth look on how to deploy a RedHat 7 image on AWS go to my last article here. For this we are going use the general setting shown below (sometimes I miss the old Anaconda install screen) to deploy the servers but onward and upward.
Now that you are fired up in AWS download your public key (remember the location) and its time to convert your key to use with putty if so desired to use with Windows. If you forgot how to do it please refer back to my article here.
Now when you start to update your image with yum you will see something peculiar called a rhui in the repo…
We’re going to edit the repo to be able to access the necessary packages in yum
cd /etc/yum.repos.d/ Next sudo vim redhat-rhui.repo (vim may not be installed by default – sudo yum install vim)
Do a search ‘/extras’ to locate the area we need to edit then change enabled=0 to 1
Now that the repos are good to go run yum –y update to get latest updates and give it 5 minutes…..
yum –y update
Change directories to /tmp
Download the latest Ansible Tower package
curl -O http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz
Untar and unzip the package file
tar xvfz /tmp/ansible-tower-setup-latest.tar.gz
Change directories into the ansible tower package
Next edit the inventory file
Poke around and fill out the passwords: admin_password, pg_password, rabbitmq_password –
Run the Ansible Tower setup script and go for a hike or something to alleviate the burden of waiting or if you are stuck in an office go finally look at your co-workers dog in a Halloween costume that they haven’t stopped nagging you about all morning…..
Now go to the public DNS address of your machine with a secure connection
OK login with the password you just created above with the user name as admin
You will then be presented with the get license screen – Follow the link and get your free trial license for now.
All right now hit the Sprocket on the top right corner to see your settings and you should be presented with numerous options
While the GUI is nice to look at, there is more power in the command line so let’s configure our Tower server. Become root
Next we’ll run an Ansible command to ping all servers it has
ansible all –m ping
The screen let us know that we have nothing setup yet in our host file…. So we’ll change that
Echo “private DNS of your server” > /etc/Ansible/hosts
Echo “next private DNS of server to mange” >> /etc/Ansible/hosts
Repeat and add > as necessary
Next We’ll try to SSH into one of the servers we want to manage because that is the port and method Ansible will use as well
And it bottoms out because it is an AWS image and we need key access not password in the cloud. So let’s use FileZilla to shake things up being I used SFTP in the last article. However I did reference FileZilla before in my article but lets create a new site and make it look like the following:
When I said earlier to remember the location of your AWS public Key – here is where you need it. Drill down your folder history on the left until you find it then drag it across to the right which is your /home/ec2-user directory
Ok jump back into putty and we’ll see if it’s there
Now the following will save you hours of banging your head against the keyboard. What happens is you will keep getting Permission denied (publickey) for my AWS EC2 instance from another computer Permissions 0664 for *.pem’ are too open. Above you see the file is –rw-rw-r—which won’t be accepted
chmod 400 *.pem
Now you will see it’s become read only and we’re going to add it into our key repo
Now ssh into the AWS image using the key to verify
ssh –i “*.pem” ubuntu@enter private DNS name
OK exit out of the ssh session and we’ll try another Ansible ping with a whoami command in verbose
ansible all –u username –a “whoami” -vv
Most likely you will end up with a “Failed to connect to the host via ssh: Permission denied (publickey).\r\n” error on one of the servers and the local will respond successfully
So, we will edit the host file to show the appropriate user names for the connection
Now we’ll add user names before the DNS entry as appropriate to their ssh credentials
firstname.lastname@example.org & email@example.com
Now we’ll ping everyone
ansible all –a”whoami”
We have full sync on the servers and are ready to play around!
ansible all –a “whoami” –become –a “whoami”
A bit more playing around
ansible all –a “/bin/echo hello”
Now we can start to break out our host file to represent groups which make pushing things in a distributed manner easier. Let’s get back to the file
Now separate the servers and add whatever grouping name you would like by putting it in brackets. For this exercise we’ll do something easy like webserver above the Ubuntu instance
Run a test against it to see if it works and gives a success result
ansible webserver –a “whoami”
Next we will create a playbook. A play book in Ansible is a YAML file which executes commands to servers, groups or everybody.
This will create a new file and we will enter the following information things must be aligned properly as shown in the picture and pay particular attention to indentation.
SO here the commented parts are just for our reference. The –hosts is the group we are going to apply this to. The steps after will make us become root in order to execute the commands once connected to the server.
We then have our tasks laid out as three separate things 1. Install Apache, 2. Install fastcgi for apache and 3. Start apache the service
|– hosts: webserver|
|– name: 1. install Apache|
|apt: name=apache2 state=present|
|– name: 2. install PHP module for Apache|
|apt: name=libapache2-mod-fastcgi state=present|
|– name: 3. Start Apache|
|service: name=apache2 state=running enabled=yes|
Ok after you save the file we are going to run and test it
There is a lot more you can do with Ansible and I didn’t even start with the Web interface yet as you noticed. There are plenty of predefined scripts, playbooks roles and much more on the internet and the main place outside of GitHub is https://galaxy.ansible.com/. There is even Galaxy command built into the software which we can run for testing, I’ll install Elasticsearch for Linux-
ansible-galaxy install elastic.elasticsearch
I will dive deeper in another post, until then happy batching…