How to Setup Ansible Automation Tool in CentOS 7

April 12, 2016 | By
| 1 Reply More

Hello and welcome to our today's most important article on Ansible Automation Tool that is similar to Chef or Puppet. First of all Ansible is easy to install, simple to configure and easy to understand. In IT its very important to keep your systems and processes very simple. Ansible is used for configuration management that helps in configuring your web and application servers and make it easy to version your files and you can also use it to manage different configurations in your development, staging and production environments. It is also used for application deployment. It can fully automate your multi tier application deployments that can handle multiple group servers and databases.

Ansible uses SSH to connect to servers and run the configured Tasks by connecting to the clients via SSH, no need to setup any special agent. All you need is a python and a user that can login and execute the scripts, then Ansible starts gathering facts about the machine like what Operating system and packages installed and what other services are running etc. After that Ansible run the playbooks in YAML file format, playbooks are bunch of commands which can perform multiple tasks.

Prerequisites:

In this article we will install and configure Ansible on CentOS 7 and will manage its two nodes in order to understand its functionality.

In our test environment we will be using three Linux CentOS 7 VMs , one for controlling where Ansible server is installed and two Nodes that will be managed by this controlling machine over SSH. Make sure that you have Python 2.6 or 2.7 installed on your both controller and client nodes for successful installation of Ansible.

Let's connect to your controller server using root user or non-root user with sudo privileges to getting started with Ansible.

Setup EPEL Repository

First we need to enable 'epel' repository for CentOS 7 on the controller server because Ansible package is not available in the default yum repositories, so we will be using below commands to Enable EPEL repository on CentOS 7 / RHEL 7.

# rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

Now run the command to update your operating system.

# yum -y update

Ansible EPEL

Installing Ansible :

Now we can install Ansible on CentOS 7 using the 'yum' command that will install it including its required dependencies by choosing the 'y' key to proceed as shown.

# yum install ansible

installing ansible

Once you have successfully installed Ansible, you can verify and check its installed version using the below command.

# ansible --version

Ansible version

Keys based SSH authentication with Nodes

In order to perform any deployment/management from the 'localhost' to remote host first we need to Generate keys on the Ansible server and copy public key to the client nodes. Run the below command on your Ansible server to generate its public and private keys.

#ssh-keygen -t rsa -b 4096

ssh keygen

After generating the SSH Key, now copy it to the remote server by using following command to place SSH keys on remote hosts.

# ssh-copy-id root@node1_ip

If you are using any custom ssh port then mention it using the '-p' parameter in your command. You will be asked for the password of your client node, once you have provided the right password of your client node then it will be successfully authorized.

# ssh-copy-id -p2178 root@node1_ip

The authenticity of host '[72.25.70.83]:2178 ([72.25.70.83]:2178)' can't be established.
ECDSA key fingerprint is 49:8a:9c:D9:35:le:09:3d:5f:31:43:a1:41:94:70:53.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Authorized uses only. All activity may be \ monitored and reported.
root@72.25.70.83's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh -p '2178' 'root@72.25.70.83'"
and check to make sure that only the key(s) you wanted were added.

You can also manually add the public rsa key of your controlling server to the clinet nodes. To do so login to your client node and follow the below steps.

Fist copy the key from '/root/.ssh/id_rsa.pub' file and save it on the client node within the home directory of your server or any other user you wish to authenticate.

[root@centos-7 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAPNRNS/BVcT7XqHDuSvd8oncAjbNl2ZiYiU22MCNFKN8p/cgcblOZoZS0gjlQHpQLR1wm5hVu7PcxY/JAFX2phKyeZ+dbfQlAQ7HLRaaXWfuonelWgTCcs530bSg6XP3MTDRWjW0ZEFTLaOqVz+Yq2nUP3xRYmRKYNq2PhPRrkoBxnDGlmAsgGDm4gWz2TGE59uYHuXvY2Ys4OPeMFHAp0blR5nJIfVF40RB4uH0U79pp19qZ0vbghEvYUiyD4NMjqG13Ba4YYBQQIphe4GA3OTjBvjVmnmBCWZyDOcO+bWWyyKpabEEZOga3KnsoTw4iQ+d+iUyhPTZOvXaoOFUmrFQo5wWG229/GMJnYe1Qv0D3K3CcAQ== root@centos-7

[root@node2 ~]# vi .ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAPNRNS/BVcT7XqHDuSvd8oncAjbNl2ZiYiU22MCNFKN8p/cgcblOZoZS0gjlQHpQLR1wm5hVu7PcxY/JAFX2phKyeZ+dbfQlAQ7HLRaaXWfuonelWgTCcs530bSg6XP3MTDRWjW0ZEFTLaOqVz+Yq2nUP3xRYmRKYNq2PhPRrkoBxnDGlmAsgGDm4gWz2TGE59uYHuXvY2Ys4OPeMFHAp0blR5nJIfVF40RB4uH0U79pp19qZ0vbghEvYUiyD4NMjqG13Ba4YYBQQIphe4GA3OTjBvjVmnmBCWZyDOcO+bWWyyKpabEEZOga3KnsoTw4iQ+d+iUyhPTZOvXaoOFUmrFQo5wWG229/GMJnYe1Qv0D3K3CcAQ== root@centos-7

Save and quit file and you can access your both client nodes from controlling server without asking for root password.

[root@centos-7 ~]# ssh -p 2178 root@node1_ip

[root@centos-7 ~]# ssh -p 2178 root@node2_ip

[root@centos-7 .ssh]# ssh -p 2178 root@72.25.10.83
Authorized uses only. All activity may be \ monitored and reported.
Last login: Sun Mar 27 21:42:09 2016 from 12.1.0.90

[root@node1 ~]# exit
logout
Connection to 72.25.10.83 closed.

[root@centos-7 .ssh]# ssh -p 2178 root@72.25.10.84
The authenticity of host '[72.25.10.84]:2178 ([72.25.10.84]:2178)' can't be established.
ECDSA key fingerprint is 49:8a:3c:85:55:61:79:1d:1f:21:33:s1:s1:fd:g0:53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[72.25.10.84]:2178' (ECDSA) to the list of known hosts.
Authorized uses only. All activity may be \ monitored and reported.
Last login: Sun Mar 27 22:03:56 2016 from 12.1.0.90
[root@node2 ~]#
[root@node2 ~]# exit
logout
Connection to 72.25.10.84 closed.

Creating Inventory of Remote Hosts

After setting up the SSH keys authentication between the Ansible server and its client nodes, now are going to configure those remote hosts on the Ansible controller server by editing the '/etc/ansible/hosts' file. This file holds the inventory of remote hosts to which Ansible needs to connect through SSH for managing the systems.

Open the file using any of your editor to to configure it.

[root@centos-7 ~]# vim /etc/ansible/hosts

Hosts Inventry

Here in the configuration file we have configure both client node to use port '2178', if you using the default ssh port then you will simply put your host IP address.

After saving the file lets run the following ansible command with options '-m' for module to verify the connectivity from from Ansible server to remote servers.

# ansible -m ping 72.25.10.83
# ansible -m ping 72.25.10.73

Connectivinity test

You can also use belo command to ping all of your configured hosts.

[root@centos-7 ~]# ansible all -m ping
72.25.10.83 | success >> {
"changed": false,
"ping": "pong"
}

72.25.10.73 | success >> {
"changed": false,
"ping": "pong"
}

Executing Remote Commands

In the above examples we've just used ping module to ping the remote hosts. There are various module available to execute commands on remote hosts. Now we will use 'command' module with 'ansible' command to get remote machine information like systems hostname information, free disk space and uptime as shown.

# ansible -m command -a 'hostnamectl' 72.25.10.83
# ansible -m command -a 'df -h' 72.25.10.83
# ansible -m command -a 'uptime' 72.25.10.83

Ansible remote commands

Similarly you can run many shell commands using ansible on the single client host as well as on the group of your similar hosts like if you have a configured a 'web-servers' group in your ansible host inventory file then you you will run the command like this.

# ansible -m command -a "uptime" web-servers

Creating Playbooks in Ansible

Playbooks are Ansible’s configuration management scripts used to manage configurations and deployments to remote machines. Playbooks contain set of policies that you want your remote systems to be implemented.

Let's create your first play book with name of file as 'httpd.yml', then we will configure a host to run an apache web server. Here you will choose the configurations to which machines in your infrastructure to target and what remote user to complete the tasks as shown in the configuration file.

[root@centos-7 ~]# vi httpd.yml

---
- hosts: 72.25.10.83
remote_user: root
tasks:
- name: Installing Latest version of Apache
yum: pkg=httpd state=latest
- name: Copying the demo file
template: src=/etc/ansible/index.html dest=/var/www/html
owner=apache group=apache mode=0644
- name: (Enable it on System Boot)
service: name=httpd enabled=yes
notify:
- start apache
handlers:
- name: start apache
service: name=httpd state=started

Save and close the file and then create a demo html file that will be placed in the default Document Root of remote hosts.

[root@centos-7 ~]# vi /etc/ansible/index.html

Installing Apache by Ansible

Apache Web Server is installed by Ansible

Congratulations, Apache is managed through Ansible

 

Understanding Playbook Configurations

As we have created our first play book, now its imporatnt to understand that how it works. All YAML files should begin with (Three dashes) '---', that indicates the start of a document. Then the hosts line is a list of one or more groups or host patterns separated by colons. You can mention remote user account along with host.

---
- hosts: 72.25.10.83
remote_user: root

Then we have set of tasks, where each play contains a list of tasks, those are executed in order, one at a time, against all machines matched by the host pattern, before moving on to the next task.

tasks:
- name: Installing Latest version of Apache
yum: pkg=httpd state=latest
- name: Copying the demo file
template: src=/etc/ansible/index.html dest=/var/www/html
owner=apache group=apache mode=0644
- name: (Enable it on System Boot)
service: name=httpd enabled=yes

Every task should have a name, which is included in the output. This is output for us, so it is nice to have reasonably good descriptions of each task step. So, our First task will install latest version of apache, second will copy the demo html (/etc/ansible/index.html) to /var/www/html directory of remote hosts and third one will enable auto-start of apache service during system boot.

After that ‘notify’ actions are triggered at the end of each block of tasks in a playbook, and will only be triggered once even if notified by multiple different tasks.

notify:
- start apache

The 'notify' item contains an item called “start apache”.This is a reference to a handler, which can perform certain functions when it is called from within a task. We will define the “start apache” handler below.

handlers:
- name: start apache
service: name=httpd state=started

Handlers are lists of tasks that only run when they have been told by a task that changes have occurred on the client system. As we have a handler that starts apache service after the package is installed.

Running Playbook in Ansible

After setting up your playbook configuration, you can run your playbook using below command.

# ansible-playbook -l 72.25.10.83 httpd.yml

running playbook

After this open your browser and navigate to the IP address of your remote host mentioned in ansible inventory.

http://your_client_node_ip/

Apache with Ansible

So, if you get the above page the i means that you have successfully installed apache with Ansible playbook. Like the same way you can create many playbooks to install your complex applications on multiple hosts.

Conclusion

Ansible is quite interesting and very easy, light weight. Easily can get up and running in 5 min. So,You have successfully installed Ansible on CentOS 7 and learnt its basic usage to create a simple playbook for automation of apache installation. Hope you have find this much helpful in automation of your tasks.

Filed Under : LINUX HOWTO, OPEN SOURCE TOOLS

Tagged With : ,

Free Linux Ebook to Download

Comments (1)

Trackback URL | Comments RSS Feed

  1. "yum install epel-release" will work on CentOS 7 and installs the EPEL repo, no need to install the rpm with "rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm".

Leave a Reply

All comments are subject to moderation.