Nethence Newdoc Olddoc Lab Your IP BBDock  

Setting up Ansible

Requirements

Make sure you’ve set up SSH without a password from the Ansible system against the target systems.

Installation

Make sure EPEL is available and proceed,

yum install ansible

Manual Inventory

Setup hosts and groups to operate,

cd /etc/ansible/
cp -pi ansible.cfg ansible.cfg.dist
mv hosts hosts.dist

vi /etc/ansible/hosts

[nginx]
nginx1

[app]
app1

[hosts]
ansible1                ansible_connection=local
nginx1

[containers]
app1                    ansible_connection=docker

TIP:

Keeping your inventory file and variables in a git repo (or other version control) is an excellent way to track changes to your inventory and host variables.

Refs.

Dynamic Inventory

Clobber vs OpenStack & mixed sources

Time Config

Setup timezone, manually sync, configure ntp and hardware clock,

cd /etc/ansible/
mkdir -p group_vars/ host_vars/
vi /etc/ansible/group_vars/hosts.yml

timezone: Europe/Paris
ntpservers:
  - ntp_address1
  - ntp_address2

#wget http://doc.nethence.com/input/server/ansible/ntp.rhel.conf
sed '/^$/d; /^#/d' /etc/ntp.conf > /etc/ansible/ntp.rhel.conf
vi /etc/ansible/ntp.rhel.conf

[...]
{%for ntpserver in ntpservers %}
server {{ ntpserver }} iburst
{% endfor %}
[...]

wget http://doc.nethence.com/input/server/ansible/ntp.deploy.yml

apply and check on the target systems,

ansible-playbook ntp.deploy.yml

ansible hosts -m shell -a "ls -lhF /etc/localtime"
ansible hosts -m shell -a "ntpq -p"
ansible hosts -m shell -a "ntpdc -c sysinfo"
ansible hosts -m shell -a "grep ^server /etc/ntp.conf"
ansible hosts -m shell -a "date"

Refs.

System Config

Setting up permissive selinux by default and define a variable (here enforce) if you need enforcing,

cd /etc/ansible/
wget http://doc.nethence.com/input/server/ansible/selinux.yml
vi host_var/nginx1

enforce: 1

apply and check on target systems,

ansible-playbook selinux.yml

#sestatus
ansible hosts -m shell -a "grep ^SELINUX /etc/sysconfig/selinux"
ansible hosts -m shell -a getenforce

Refs.

Disabling FirewallD on RHEL7 systems and ip{6}tables on RHEL6 systems (assuming real firewalls behind the systems),

wget http://doc.nethence.com/input/server/ansible/firewalls.yml

apply and check on the target systems,

ansible-playbook selinux.yml

ansible rhel6 -m shell -a "chkconfig --list | grep tables"
ansible rhel7 -m shell -a "systemctl list-unit-files | grep tables"
ansible rhel7 -m shell -a "systemctl list-unit-files | grep fire"

Operating Ansible

Check accessiblity of the managed systems,

ansible all -m ping

Send raw commands without using Python on the remote host e.g.,

ansible hosts -m raw -a hostname

Send shell commands using Python on the remote host e.g.,

ansible hosts -m shell -a hostname

or print a remote variable e.g.,

ansible hosts -m shell -a 'echo $TERM'

and if you wanna just check what would be done add -C to the command line e.g.,

ansible-playbook -C selinux.yml

Restart all NGINX instances,

ansible nginx -m service -a "name=nginx state=restarted"

To fetch some informations/variables to help you design playbook,

ansible <target> -m setup

Miscellaneous

If you were using ClusterIt then this script might be useful to maintain a shared list of hosts,

echo -n converting clusterit.conf to ansible hosts file...
sed 's/GROUP:\(.*\)/\[\1\]/' /etc/clusterit.conf > /etc/ansible/hosts && echo done

Alternatives

References


Home | GitHub | Donate | Contact