Ansible
Q: What is Ansible?
Ans:
Ansible is an open-source platform/tool that facilitates configuration management, task automation, or application deployment.
It is a valuable DevOps tool. It was written in Python and powered by Red Hat. It uses SSH to deploy SSH without incurring any downtime.
You need a virtual machine with Linux installed on it, running with Python version 2.6 or higher.
Advantage:
- It’s agentless and only requires SSH service running on the target machines
- it is an agentless tool, which means there is no requirement to set up agents on every node you operate. It is a tool that automates cloud provisioning, configuration management, deployment of application, orchestration, and many other vital IT requirements
- Python is the only required dependency and, fortunately, most systems come with the language pre-installed
- It’s easy to learn and understand since Ansible tasks are written in YAML.
- Unlike other tools, most of which are Procedural, ansible is declarative; define the desired state, and Ansible fulfills the requirements needed to achieve it
Q:What are CD and CI, and what is Ansible’s relationship with them?
Ans:
CD stands for continuous delivery, and CI stands for continuous integration; both are software development practices.
In CD, developers build software that can be released into production at any given time. CI, on the other hand, consists of each developer uploading regularly
scheduled integrations (usually daily), resulting in multiple integrations every day.
Ansible is an ideal tool for CI/CD processes, providing a stable infrastructure for provisioning the target environment and then deploying the application to it.
Ansible is broken down into two types of servers: controlling machines and nodes.
Ansible is installed on the controlling computer, and the controlling machines manage the nodes via SSH.
The controlling machine contains an inventory file that holds the node system’s location. Ansible runs the playbook on the controlling machine to deploy the modules on the node systems.
Since Ansible is agentless, there’s no need for a third-party tool to connect the nodes
Q:Explain what a “playbook” is.
Ans:
A playbook has a series of YAML-based files that send commands to remote computers via scripts. Developers can configure entire complex environments by passing
a script to the required systems rather than using individual commands to configure computers from the command line remotely.
Playbooks are one of Ansible’s strongest selling points and often referred to as the tool’s building blocks.
Sample Playbook:
## PLAYBOOK TO INSTALL AND CONFIGURE APACHE HTTP ON Servers
- hosts: all
tasks:
- name: Install Apache httpd
yum: pkg=httpd state=installed
notify:
- Start Httpd
handlers:
- name: Start httpd
service: name=httpd state=started
Q: What is “idempotency”?
Ans:
idempotency is an important Ansible feature. It prevents unnecessary changes in the managed hosts.
With idempotency, you can execute one or more tasks on a server as many times as you need to, but it won’t change anything that’s already been modified
and is working correctly. To put it in basic terms, the only changes added are the ones needed and not already in place.
Q: What is Ansible Galaxy?
Ans:
This is a tool bundled with Ansible to create a base directory structure. Galaxy is a website that lets users find and share Ansible content.
You can use this command to download roles from the website:
$ ansible-galaxy install username.role_name
Q: How do you use Ansible to create encrypted files?
Ans:
To create an encrypted file, use the ‘ansible-vault create’ command.
$ ansible-vault create filename.yaml
You will get a prompt to create a password, and then to type it again for confirmation. You will now have access to a new file, where you can add and edit data.
Q: What are “facts” in the context of Ansible?
Ans:
Facts are newly discovered and known system variables, found in the playbooks, used mostly for implementing conditionals executions.
Additionally, they gather ad-hoc system information.
You can get all the facts by using this command:
$ ansible all- m setup
Q: Explain what is ask_pass module?
Ans:
It’s a playbook control module used to control a password prompt. It’s set to True by default.
Q: What’s an ad hoc command?
Ans:
Users initiate ad hoc commands to initiate actions on a host without using a playbook. Consider it a one-shot command.
Q: Explain the difference between a playbook and a play.
Ans:
A play is a set of tasks that run on one or more managed hosts. Plays consist of one or more tasks. A playbook consists of one or more plays.
Q: What exactly is a configuration management tool?
Ans:
Configuration management tools help keep a system running within the desired parameters. They help reduce deployment time and substantially reduce the effort required
to perform repetitive tasks. Popular configuration management tools on the market today include Chef, Puppet, Salt, and of course, Ansible.
Q: What is Roles in ansible ?
Ans:
A role is the Ansible way of bundling automation content and making it reusable.
Roles are organizational components that can be assigned to a set of hosts to organize tasks. Therefore, instead of creating a monolithic playbook,
we can create multiple roles, with each role assigned to complete a unit of work.
For example: a webserver role can be defined to install Apache and Varnish on a specified group of servers.
Command to create an Ansible Role
ansible-galaxy init "Your_Role_Name"
yum install tree -y
tree "Your_Role_Name"
Go to your role
cd "your_role"
run *.yml file to execute your_role
ansible-playbook *.yaml or *.yml
cd "your_role"
run *.yml file to execute your_role
ansible-playbook *.yaml or *.yml
Example:
---
- name: Running myrole end-to-end Deployment(CD)
hosts: ansibleclient1
vars_files:
- /root/ansible/docker_token.yml
- /root/ansible/myrole/vars/name_vars.yml
vars:
vol: /tmp/myefs/docker_volume/
IMAGE: image_name
WORKSPACE: /var/lib/jenkins/workspace/dev-pipeline
DockerHub_repo: "username/xyz-private-repo"
VER: "nov-2022-0.0.1"
roles:
- /root/ansible/myrole
Q: what are the steps to install Ansible in Linux
Ans:
yum install epel-release or
amazon-linux-extras install epel -y
yum install ansible -y
ansible --version
Enable ansible logging by adding below line to /etc/ansible/ansible.cfg
[defaults]
log_path = ./ansible.log
Also add below line to disable host key verification
[defaults]
log_path = ./ansible.log
host_key_checking = False
Q: what is ansible vault ?
Ans:
Ansible Vault helps secure vital secret information as we have discussed earlier. Ansible Vault can encrypt variables, or even entire files and YAML playbooks as we shall later demonstrate. It’s a very handy and user-friendly tool that requires the same password when encrypting and decrypting files.
For example, to create an encrypted file mysecrets.yml execute the command.
# ansible-vault create mysecrets.yml
Create an Encrypted File in Ansible
You will thereafter be prompted for a password, and after confirming it, a new window will open using the vi editor where you can begin writing your plays.
Below is a sample of some information. Once you are done simply save and exit the playbook. And that’s just about it when creating an encrypted file.
Encrypted File in Ansible
To verify the file encryption, use the cat command as shown.
# cat mysecrets.yml
Verify Encrypted File in Ansible
If you want to view an encrypted file, simply pass the ansible-vault view command as shown below.
# ansible-vault view mysecrets.yml
Once again, you will be prompted for a password. Once again, you will have access to your information.
If you have a playbook file and want to decrypt it during runtime, use the --ask-vault-pass option as illustrated.
# ansible-playbook deploy.yml --ask-vault-pass
Decrypt Playbook File During Runtime
This decrypts all the files that are used in the playbook provided that they were encrypted using the same password.
The password prompts can be annoying at times. These prompts make automation untenable, especially when automation is key. To streamline the process of decrypting playbooks during runtime, it’s recommended to have a separate password file that contains the Ansible vault password. This file can then be passed during runtime as shown.
# ansible-playbook deploy.yml --vault-password-file /home/tecmint/vault_pass.txt
Q:How to Encrypt Specific Variables in Ansible
Ans: # ansible-vault encrypt_string 'string' --name 'variable_name'
Comments
Post a Comment