Talk:Ansible
Features of Ansible
- Ansible is Modular
- 1000+ Modules available.
- Modules written in python.
Running Ansible
- Do not use Root account for ansible
- Create an account with all privileges:
sudo visudo %ansible ALL=(ALL) ALL usermod -aG ansible aman
- Install python on all hosts:
yum install -y python2 epel-release
- Add entry to Hosts file & enable key less SSH access:
ssh-copy-id -i ~/.ssh/id_rsa.pub aman@server2
- Using the same username is convenient but not required.
Inventory file
cd install nano inventory
[all] controller.example.com node1.example.com
[servers] node1.example.com server1.example.com
ansible all -i inventory --list-hosts
Ansible Config File
- Variour ansible.cfg files:
/etc/ansible/ansible.cfg ~/.ansible.cfg ansible.cfg in project directory (takes precedence)
- Contents:
become: Specify how to escalate privileges on the managed host. become_user: Specify which user account to use on remote host. become_ask_pass: Whether or not a password should be asked. inventory: Which Inventory files to be used. remote_user: Name of user account on the managed host. Not set by default, so local username is used.
- Privilege Escalation
Ansible runs tasks on managed host using same user account as local user, so make sure to copy ssh keys. Set remote_user in ansible.cfg to specify another user to be used. If remote_user is not specified, Privilege Escalation can be used. Enable in [privilege_escalation] section in ansible.cfg: become=True become_method=sudo become_user=root become_ask_pass=False Privilege escalation needs sudo configuration Create a sudo file on all Ansible managed hosts: nano /etc/sudoers.d/user user ALL=(ALL) NOPASSWD: ALL
Adhoc Commands
- Used for Diagnostics like querying a large number of hosts.
- To quickly make changes to many managed hosts
- Modules are used:
-m Specifies Modules -a Specifies Arguments
- Default Module can be set in ansible.cfg file.
- 3 Adhoc commands:
command: runs command on managed host shell: runs command on managed host through the local shell copy: copy a file, change content on a remote host in a target file
ansible all -i inventory -m command -a id ansible all -i inventory -m command -a id -o ansible all -i inventory -m command -a env ansible all -i inventory -m shell -a env ansible server1 -m copy -a 'content="Ansible Managed\n" dest=/etc/motd'
Modules
List Modules:
ansible-doc -l
Module Help:
ansible-doc <modulesname>
Create sample config:
ansible-doc -s <modulesname>