Ansible
このコンテンツはまだ日本語訳がありません。
Information
Automation software that enables
IaC
- also known as, infrastructure as code, thus allowing user to provision, configure, deploy and secure a whole array of software, applications and machines.
With Ansible, you can automate complex IT tasks with minimal effort and maximum efficiency. Ansible lets you manage systems, deploy applications, and coordinate workflows with simple and powerful modules. Ansible is a versatile and secure automation tool that harnesses the power of open source, Python, and SSH to connect and automate your devices. The software / application works by connecting to your devices by sending out tiny programs called modules that perform your tasks with precision and speed. Ansible can help you automate provisioning, configuration management, application deployment, and many other manual IT processes
Metaphor for Ansible
Think of it like:
- Ansible is like a remote control that lets you manage your devices with the push of a button.
- Ansible is like a chef that prepares a delicious meal using different ingredients and recipes.
- Ansible is like a conductor that orchestrates a symphony of servers and applications.
Ansible described for a 5yr old!
Ansible is a tool that helps people do things with computers. Sometimes people have many computers and they want to do the same thing on all of them. For example, they might want to make them play a game, or show a picture, or talk to each other. Doing the same thing on many computers can be hard and boring. Ansible makes it easy and fun and has a list of things that people want to do with computers. It can read the list and do the things one by one and then also check if the things are done correctly. Ansible can talk to different kinds of computers and tell them what to do. Think of Ansible like a friend that helps people with computers.
Install
To install Ansible, you need two machines: a control node and a managed node. The control node is where you run Ansible commands and playbooks, and the managed node is where Ansible performs the tasks. The control node can be any UNIX-like machine with Python 3.9 or newer installed, while the managed node can be any device that supports Python 2.7 or newer and SSH or PowerShell remoting.
Depending on your operating system, you can install Ansible from different sources. For example, on Ubuntu, you can use the apt package manager to install Ansible from the official repositories. On Windows, you can use Windows Subsystem for Linux (WSL) to install Ansible from PyPI using pip / pip3. You can also install Ansible from source code if you want to use the latest development version.
After installing Ansible, you need to configure it by setting up the inventory file that lists the managed nodes and their connection details.
You can also customize and fine-tune other settings in the ansible.cfg
file or by using environment variables or command-line options.
To confirm that Ansible is installed and configured correctly, you can run the ansible command with the ping module to test the connectivity and responsiveness of your managed nodes.
Need extra installation help?
Ask our support team? or visit our Discord
If you need help with Python, read our docs
Playbook
An Ansible playbook is your automation blueprint written in YAML/JSON. It tells Ansible what to do, where to do it, and how to do it. With a playbook, you can transform your IT tasks into simple and repeatable steps that run on any number of hosts. Whether you need to install software, configure settings, run commands, or anything else, an Ansible playbook will make it happen in a snap.
Playbook Examples
Let me dazzle you with an example of a playbook that I borrowed from the Ansible documentation.
- name: Update web servers
hosts: webservers
remote_user: root
tasks:
- name: Ensure apache is at the latest version
ansible.builtin.yum:
name: httpd
state: latest
- name: Write the apache config file
ansible.builtin.template:
src: /srv/httpd.j2
dest: /etc/httpd.conf
- name: Update db servers
hosts: databases
remote_user: root
tasks:
- name: Ensure postgresql is at the latest version
ansible.builtin.yum:
name: postgresql
state: latest
- name: Ensure that postgresql is started
ansible.builtin.service:
name: postgresql
state: started
This playbook has two plays. The first one updates the web servers by installing the latest version of apache and writing a config file. The second one updates the database servers by installing the latest version of postgresql and starting the service. Each play has a name, a list of hosts to target, a remote user to execute the tasks, and a list of tasks to perform. Each task has a name and a module to call with some parameters.
Minecraft Server Update Playbook Example
- name: Update Minecraft server
hosts: minecraft
vars:
minecraft_version: latest
minecraft_url: https://s3.amazonaws.com/Minecraft.Download/versions
minecraft_home: /srv/minecraft
tasks:
- name: Get latest Minecraft version
uri:
url: '{{ minecraft_url }}/latest.json'
return_content: yes
register: latest_version
when: minecraft_version == "latest"
- name: Set Minecraft version
set_fact:
minecraft_version: '{{ latest_version.json.id }}'
when: minecraft_version == "latest"
- name: Check if Minecraft server jar exists
stat:
path: '{{ minecraft_home }}/minecraft_server.{{ minecraft_version }}.jar'
register: jar_file
- name: Download Minecraft server jar
get_url:
url: '{{ minecraft_url }}/{{ minecraft_version }}/minecraft_server.{{ minecraft_version }}.jar'
dest: '{{ minecraft_home }}'
when: not jar_file.stat.exists
- name: Restart Minecraft service
systemd:
name: minecraft
state: restarted
when: not jar_file.stat.exists
This playbook is composed of four parts:
- The name of the playbook, which is
Update Minecraft server
. - The hosts that the playbook will run on, which are the ones in the
minecraft
group in the inventory file. - The variables that the playbook will use, such as
minecraft_version
,minecraft_url
, andminecraft_home
. - The tasks that the playbook will execute, such as getting the latest Minecraft version, downloading the server jar file, and restarting the Minecraft service.
Each task has a name, a module to use, and some parameters for the module.
Some tasks also have a condition (when
) that determines when they will run.
For example, the task Download Minecraft server jar
will only run if the jar file does not exist in the minecraft_home
directory.
The playbook uses the register
keyword to store the output of some tasks in variables, such as latest_version
and jar_file
.
These variables can be used in later tasks or conditions and this playbook could be expanded to include file checks with hashing.
Modules
tldr; Ansible has a large collection of modules that can be used for various tasks and purposes.
Cloud modules can be used to interact with different cloud providers, such as AWS, Azure, Google Cloud, etc.
The cloud modules within Ansible are a set of modules that can be used to interact with different cloud providers and services. They allow you to provision, configure and manage cloud resources, such as virtual machines, networks, storage, databases, etc.
AWS Modules
These modules can be used to work with Amazon Web Services (AWS), such as EC2, S3, CloudFormation, etc.
For example, you can use the ec2_instance
module to create and manage EC2 instances on AWS.
Azure Modules
With these modules, you have full control over your Microsoft Azure resources, whether they are VMs, Storage, Network or anything else.
For example, you can use the azure_rm_virtualmachine
module to create and manage Azure virtual machines.
GCP Modules
You can work with any Google Cloud Platform service with these modules, such as Compute Engine, Storage, Network and more.
The gcp_compute_instance
module is an example of how you can achieve your goals with GCP servers using Ansible.
Create GCP Instance
Creating a compute instance with a specific name, zone, machine type, image and network:
- name: create gcp instance
google.cloud.gcp_compute_instance:
name: test_object
zone: us-central1-a
machine_type: n1-standard-1
disks:
- auto_delete: true
boot: true
source: '{{ disk }}'
network_interfaces:
- network: '{{ network }}'
access_configs:
- name: External NAT
nat_ip: '{{ address }}'
type: ONE_TO_ONE_NAT
state: present
This example creates a compute instance with a specific name, zone, machine type, image and network.
It uses the state: present
parameter to indicate that the instance should exist.
It also specifies the disks
and network_interfaces
parameters to configure the disk and network settings of the instance.
The disk
and network
variables are assumed to be defined elsewhere in the playbook or inventory.
Delete GCP Instance
Deleting a compute instance with a specific name and zone:
- name: dlete gcp instance
google.cloud.gcp_compute_instance:
name: test_object
zone: us-central1-a
state: absent
For this task, it deletes a compute instance with a specific name
and zone
.
It uses the state: absent
parameter to indicate that the instance should not exist.
It does not need to specify any other parameters, as the name
and zone
are enough to identify the instance to delete.
Update GCP Instance
Updating a compute instance with a new machine type and labels
- name: update gcp instance
google.cloud.gcp_compute_instance:
name: test_object
zone: us-central1-a
machine_type: n1-standard-2
labels:
env: prod
webserver: nginx
state: present
The update example performs the task of updating a compute instance with a new machine type and labels.
It uses the state: present
parameter to indicate that the instance should exist.
It also specifies the machine_type
and labels
parameters to change the machine type and labels of the instance.
The machine type determines the CPU and memory resources of the instance, and the labels are key-value pairs that can be used to organize and filter instances.
Any other parameters that are not specified will remain unchanged.
OpenStack Modules
OpenStack modules can be used to work with OpenStack, an open source cloud platform that provides infrastructure as a service (IaaS).
The os_server
module is an example of how you can have full control over your OpenStack servers.
Network Modules
You can configure and manage any network device with these modules, such as routers, switches, firewalls and beyond.
System Modules
With these modules, you have full control over your system resources, whether they are users, groups, files, directories, services, packages or anything else.
Database Modules
Employing these modules, you have full control over your database servers and objects, from MySQL and PostgreSQL to MongoDB and more.
Windows Modules
Windows modules can be used to manage Windows systems and applications, such as Active Directory, IIS, PowerShell, etc.
For example, you can use the win_service
module to manage Windows service
AWX
tldr; AWX is a web-base RESTFul API and task engine that operates on top of Ansible, thus enabling you to automate certain aspects of the IT/DevOps.
AWX is an open source project that gives you a sleek and modern web-based user interface, a powerful and flexible REST API, and a robust and scalable task engine to work with Ansible. It is the upstream project of Red Hat Ansible Automation Platform, which is a premium solution that offers additional features and support for enterprise customers. With AWX, you can easily manage your Ansible playbooks, inventories, credentials, and vaults in a collaborative and secure way among your team members. Moreover, AWX empowers you to plan and run your Ansible playbooks on your managed nodes with speed, efficiency and dependability; you can set up custom schedules, workflows, notifications, and callbacks to automate your Ansible operations and monitor their outcomes. In conclusion, AWX gives you full control and visibility over your Ansible playbooks and their execution.
AWX Repo
The official Repository for AWX - Ansible.
The AWX repository is a GitHub repository that contains a treasure trove of source code and other resources.
AWX Terraform
More information on Terraform
Terraform AWX Provider from Denouche.
By using AWX and Terraform together, you can leverage the power and flexibility of Ansible to manage your AWS resources with ease and efficiency. The Two tools that can be used together to automate IT infrastructure.
- Official Registry Link:
Example Usage - With Username/Password:
provider "awx" {
hostname = "http://localhost:8078"
username = "kbvetest"
password = "changemepassword"
}
Example Usage - With Token:
provider "awx" {
hostname = "http://localhost:8078"
token = "awxtoken"
}
Remember that if you set both (username/password) and (token), then the (token) will have precedence.
Cheatsheet
tldr; Commands that will make it easier operate ansible scripts / playbooks. This cheatsheet is still a work-in-progress.
An Ansible cheatsheet is a quick and handy reference guide that provides examples and tips on how to use Ansible command line tools and playbooks, thus enabling you to unleash the power of Ansible! With an Ansible cheatsheet at your fingertips, you can breeze through a variety of tasks that would otherwise be tedious and time-consuming. Whether you need to test the connectivity to your nodes, switch to a different user, use a custom SSH key, use password-based authentication, run ad-hoc commands, create and run playbooks, use modules and roles, or anything else, an Ansible cheatsheet will make your life easier and more fun.
Videos
Video -> https://www.youtube.com/watch?v=EcnqJbxBcM0
Notes
Notes for Ansible