Configuration Management with Ansible

Hi There,

We will look into Ansible, one of the configuration management tools that are standing out. The reason why I like Ansible so much is that, with it, it’s actually easy to breakdown configuration management fundamentals to anyone with basic system administration skills or say, to anyone who knows how to use a terminal without any programming background prerequisite.

What is Ansible?

Simply put Ansible is an IT automation tool that sits between your and your several servers that you manage either locally(vagrant), in a corporate environment (corporate data centers) or in the cloud (aws, azure, google compute). By sitting between you and your infrastructure we mean a layer of abstraction which either prevents you from doing tedious, repetitive, error prone tasks on several machines over and over again. To give you a scenario, you are asked to prepare 3 boxes of elasticsearch servers on a linux OS. You will need to do the following 3 times :

  • Harden the OS
  • Add Java and Elasticsearch Repository
  • Install Java
  • Install Elasticsearch
  • Other configurations

To be honest it won’t be long before you start pulling your hair because of mistakes etc. Won’t it be nice if you have type just one line and press enter and have all the 3 machines configured for you while you sip some coffee or ponder on big issues such as whether US should attack Iran or whether Ghana Cedis should be abandoned in favor of CFA or even whether Real Madrid should continue buying players to prevent other teams from having them 😀

Configuration Management?

Since there are books already treating this subject, it becomes obvious that this post can never dream of having the pretension of defining it as it should. BUT essentially configuration management is the reason why you could confidently leave part of your infrastructure in the hands of the intern in your company 😀 . On the serious note, taking the same example of the scenario above, the machines are taken from bare hardware to a known state with typical installations with their versions and other operations/maintenance scripts. Configuration Management is the discipline that governs the history and documentation, approval,disapproval of changes implemented on a system through its lifetime.

Installation and Structures

Since I use Ubuntu as day to day OS, my installation steps are valid for Ubuntu/Debian based OS, but Red Hat families there are repository out there. Mac OS guys, can have this installed using Brew. mmmmmh!!! Windows!!! you can’t use windows as a controller machine . So you can’t really install Ansible itself on a windows machine. You can however control a windows machines with Ansible since version 1.7 .

This should install our Ansible to our controlling server. I will be using controlling or controller server to mean the server you are working on or where Ansible is installed and controlled nodes or just nodes to define machines that we want to configure with/though Ansible . Upon installation ansible creates a whole bunch of files that we will discover as we go, but the one of interest is the host file under /etc/ansible folder if you are on a Debian based OS. It’s the default Ansible inventory file where you will be specifying your nodes by their IP or by their domain name and essentially grouping them by concern. Check below the snippet of the default inventory file.

Let’s take some time to understand how this file is structured. This is like an ini file you use in php or python with grouping using the square brackets.

  • Ungrouped hosts:
  • These are nodes are are not part of any grouping logic and addressed by ansible using IP directly

  • Grouped hosts:
  • These are nodes belonging to a group where group per our context is a concern. If we want 5 database servers then we know there are common practices that needs to apply to all database servers; we will pass the group name dbservers to Ansible instead of their individual IPs or domain name for Ansible to apply those concerns to all 5 nodes. There are groups of groups with variables in name if there are common patterns in domain naming etc. These are above our focus in this tutorial but it’s good to keep in mind.

Let’s create a blank default inventory file:

Lets create our folder structure to work with Ansible. I will host all Ansible file under my home folder but feel free to do otherwise as well nothing technically forces you to create these folders but it’s always good to put your working files under some structures.

Example Infrastructure

In order to work with ansible we need to define our infrastructure, we will be using vagrant for that. I wrote some time back a post about defining infrastructure using vagrant. If you are not using vagrant already , this is an opportunity. But still if you have under your control few physical servers you can play with, that will also do just fine. If you are at work just make sure you don’t get sacked by messing up with the infra.

We will define a web server and a database server:

Setting up those servers with vagrant, below are the Vagrantfile used(you need to have already set up your hostonly network with same or own IP range) , just in case this can speed up your own set up.

Along the line I have realized this article would be really huge if I wanted to use the method of learning by doing “real work” that I have adopted in most of my posts. Instead I have broken it down to sub articles so there will be room for extra information while making sure reading is not tiring. It used to take me 2 years to finish a single book my dad would have desperately gone and buy for me back then. So I am the best guy to know how bothersome it could be to read huge articles, I got you covered ;).

Below would be the list of articles I plan to write. The title of the first and the second would be probably maintained. The third ,however is subject to whether I have managed to reach that level myself to start with lol so don’t go confuse if after a while that line mysteriously disappeared 😀

  • Introduction to Ansible
  • Intermediate level Use of Ansible
  • Advance Use of Ansible
  • Ninja Level DevOps ansible skills

Good Ansibling…..

5 Comments

  1. Dennis

    What do you mean by Harden the OS?

    Reply
    1. kodjo-kuma djomeda (Post author)

      Hi Dennis,

      Thanks for showing interest in the post. To harden the OS means, to make it hard for anybody to hack it or simply close some of the known vulnerabilities of the OS. I think instead of trying to play the hero here by given you a cool answer, I would rather point to the answers that are far better than what I could come up with. So on unix.stackexchange.com you have an answer and here on thefanclub.co.za are some of the technics I personally use.

      Reply
  2. Dennis

    Nice! Thanks for sharing.

    Reply
  3. Naveenkumar

    Hello,
    Actually, I’m a new to this ansible. Can anyone please tell me, How to copy the files from local system to server system by using ansible. Please tell me step by step.

    Thanks

    Reply
    1. kodjo-kuma djomeda (Post author)

      Hello Naveen,

      Thanks for reading the post and sorry for the late reply. It’s going to be difficult to explain step by step but will give you a scenario.
      We have nodes and a controller or controllers. Nodes are servers or systems you want to configure and controllers are either your laptops on which you have ansible installed or a server something in the same data center where you have ansible installed. Let’s say you don’t use any roles etc. You can copy files from your local system on your controller machine to your node using the playbook.

      Once you have that file, you can run it using ansible-playbook command. Hope this helps

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

captcha * Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.