Configuration Management in DevOps using Ansible
Ansible is an open source Configuration Management tool. This is used to configure and automate the servers in DevOps environment. There are other tools available in the market for configuration management like Puppet, Chef etc. But among all of them Ansible has taken the largest market share.
Ansible mainly does the following four things.
1. Provision — Creation of resources. Resources can be server, files, folder, user, application etc.
2. Orchestration — Once the resources are created, ensuring that the same properties are applied to the newly created resources
3. Application Deployment — Deploy the code to the server
4. Configuration Management — Managing day to day activities like patching, rebooting, updating resources etc.int he specific group of servers.
Installing and configuring Ansible –
1. Prerequisites –
a. Minimum two cloud machines (here we are using AWS instance)
b. Pythons should be installed.
2. Installation
a. Connect one EC2 instance. This will be the ansible server machine.
b. Update the apt package
$ sudo apt-get update
c. Install ansible package
$ sudo apt-get install ansible
d. To verify the successful installation use the following command and if it shows the version, that means ansible is successfully installed
$ sudo ansible — version
e. Once the installation is successful, we can change the default configuration settings from the config file resides in /etc/ansible/ansible.cfg
f. Following are the couple of important settings –
i. Inventory — this points to the ansible host file where the domain name of the remote servers needs to be added. These servers will be configured and automated by ansible. By default, the path is /etc/ansible/hosts
ii. Forks — this value decides how many parallel connections can be opened by ansible. By default, the value is 5. It means at a time ansible can operate on 5 remote servers
iii. Host-key checking — this decides whether ansible will check ssh host key for each of the server. By default, it is false.
iv. Ssh timeout — ansible pings all the servers added in the group of hosts in frequent interval. If it does not get response from the server for the specified time period mentioned in ssh timeout, it will ignore that server for that execution. By default, the value is 10.
v. Log path — path mentioned here will store the logs of the ansible. By default, it is disabled.
g. After the configuration is done, you need to add the ip address or server name in the inventory file mentioned in the ansible.config file. Here we can add the host machines in the group. In this way we can run ansible for a specific group of servers. Here I have added the host name of the worker machine under webserver group.
h. Next step is to create the ssh key. This ssh key will be shared with all the remote servers which will be configured by ansible. Following command will generate a public and a private ssh key. The public key will be shared. After entering the command just press enter for the following options that will come so that it will get generated with default settings.
$ sudo ssh-keygen
the public ssh key will be inside /root/.ssh/id_rsa.pub. Copy it.
i. Login to the remote server machine which will be automated by ansible.
j. Open the sshd-config file in editor
$ sudo vi /etc/ssh/sshd-config
k. Change the PermanentRootLogin and PasswordAuthentication as yes.
l. Create a password in the working machine
m. Restart the sshd service
$ sudo systemctl restart sshd
n. Now go to the ansible server machine and share the public ssh key with the worker machine by following command followed by entering the password off the worker machine
$ sudo ssh-copy-id root@host_name_of_worker_machine
o. Worker machine is successfully added in ansible server. To verify it use the following command. You will get the private ip of al the worker machines which are attached with the ansible server
$ sudo ansible all -m ping
p. Actually, when we use ansible ping, three things are checked in the remote servers added inside ansible host file.
i. Ping is successful
ii. Login without password is successful
iii. Python is installed
q. Now once the ansible server and remote machines are successfully configured, we can write ansible playbook file to automatically configure the remote server. Ansible playbook is a .yaml file in which ansible related programming is written. Following is a sample playbook file
i. Playbook file always starts with — -
ii. Next is the header section, where the name will be the description and hosts will be the name of the group mentioned in the host file. Remember only one group can be mentioned at a time
iii. Next is the task section, where tasks will be mentioned. Here I have created only one task which will create a user in the remote machine
iv. Name is description of the task
v. User is the ansible module to create a user. It comes under system modules. For more details regarding ansible modules you can refer https://docs.ansible.com/ansible/latest/modules/modules_by_category.html
vi. name is the username
vii. state has two values present / absent. Present will create a user and absent will delete a user
viii. uid is the user id
ix. comment is any text description for the user
x. groups will be the group name under which the user will be created
xi. Proper indentation is extremely important, else it will throw error.
r. Now once the playbook has been created, we can use the following command to see if the playbook syntax is correct or not. If it has any syntax error, it will throw the error pointing to the line, and if it is correct it will return the playbook: playbook_name.
$ sudo ansible-playbook playbook_name.yaml –syntax-check
s. Next is to run the playbook by using the following command.
$ sudo ansible-playbook playbook_name.yaml
t. If the command successfully runs, you will get response like following.
u. Whenever playbook is run, Ansible does the following things
i. SSH timeout check
ii. Gather the current state of the remote server and compare with the desired state mentioned in the playbook
iii. If no change is found it won’t make any changes and log off sowing ok message, and if it found changes it will make the changes in the remote server and give the output like the above screenshot.
iv. Ansible does not have rollback mechanism. If it fails in any of the step. It will stop the execution then and there.
v. Now as the playbook is successfully run, you will see a user named webserverUser has been created in the remote server
3. Ansible Role –
Ansible role is an efficient way of writing ansible code by breaking a large .yaml file into couple of small .yaml files. It will increase the reusability. Followong are the steps of using Ansible role.
a. Following command will create ansible role directory inside the directory where the code is executed.
$ ansible-galaxy init role_name
b. It will create a folder structure like following
i. demo — Tis is the parent directory. This has the same name as the role name
ii. README.md — This file containing all the descriptions about this Ansible role
iii. defaults — this directory contains main.yaml file. This file will contain the variables. But variables mentioned here can be overridden.
iv. files — this directory will contain all the files which need to be copied to the remote server.
v. handlers — this directory contains main.yaml file. This file will contain all the notify codes which can be called in the task later.
vi. tasks — this directory contains the main.yaml file. This will contain all the Ansible codes to configure the remote server. Tasks can have multiple files and all the files will be called in main.yaml. For example here we have config, install, service and main file for installing apache in remote server
- configure.yaml — This will configure the apache web server by replacing the default index.html file with the custom one
2. install.yaml — this will install apache in the remote server
3. service.yaml — this will start the apache service
4. main.yaml — This will file will call all the other .yaml files inside tasks as per the execution order
vii. template — this directory will contain template files (.j2 extension). If we want to create or copy some file to the remote server ansible will follow this template to create a file in the remote server
viii. vars — this directory contains main.yaml file. This file will contain all the permanent variables which won’t be changed.
ix. tests — this directory can have automated testing process around role. It has two files inventory and test.yaml
c. Once the role has been created, we need to create a playbook to call this role and then execute the playbook.
$ sudo ansible-playbook playbook_name.yaml
