How to automate your infrastructure with Ansible
Hands up if you’ve ever encountered this problem: you set up an environment on a server somewhere, and along the way, you made countless web searches to solve a myriad of small problems. By the time you’re done, you’ve already forgotten most of the problems you encountered and what you did to solve them. In six months, you have to set it all up again on another server, repeating each painstaking s
tep and relearning everything as you go. Traditionally, sysadmins would write bash scripts to handle this stuff. Scripts are often brittle, requiring just the right environment to run in, and it takes extra code to ensure that they account for different edge cases without breaking. Scaling that up to dozens of servers is a daunting task, prone to error. Ansible solves that problem. It’s an IT automation tool that lets you describe what you want your environment to look like using simple files. The tool then uses those files to go out and make the necessary changes. The files, known as playbooks, support programming steps such as loops and conditionals, giving you lots of control over what happens to your environment. You can reuse these playbooks over time, building up a library of different scenarios. SEE MORE Getting started with Docker SEE MORE Getting started with Git SEE MORE Getting started with Kubernetes SEE MORE How to migrate your SMB network to the cloud SEE MORE Getting started with virtual machines Ansible is a Red Hat product, and while there are paid versions with additional support and services bolted on, you can install this open-source project for free. It’s a Python-based program that runs on the box you want to administer your infrastructure from, which must be a Unix-like system (typically Linux). It can administer Linux and Windows machines (which we call hosts) without installing anything on them, making it simpler to use at scale. To accomplish this, it uses SSH certificates, or remote PowerShell execution on Windows. We’re going to show you how to create a simple Linux, Apache, MySQL and PHP (LAMP) stack setup in Ansible. To start with, you’ll need to install Ansible. That’s simple enough; on Ubuntu, put the PPA for Ansible in your sources file and then tell the OS to go and get it: $ sudo apt update $ sudo apt install software-properties-common $ sudo apt-add-repository –yes –update ppa:ansible/ansible $ sudo apt install ansible
To test it out, you’ll need a server that has Linux running on it, either locally or in the cloud. You must then create an SSH key for that server on your Ansible box and copy the public key up to the server. Now we can get to the fun part. Ansible uses an inventory file called hosts to define many of your infrastructure parameters, including the hosts that you want to administer. Ansible reads information in key-value pairs, and the inventory file uses either the INI or YAML formats. We’ll use INI for our inventory. Make a list of the hosts that you’re going to manage by putting them in the inventory file. Modify the default hosts file in your /etc/ansible/ folder, making a backup of the default one first. This is our basic inventory file:
Ansible hosts
[LAN] db_server ansible_host=192.168.1.88 db_server ansible_become=yes db_server ansible_become_user=root
The phrase in the square brackets is your label for a group of hosts that you want to control. You can put multiple hosts in a group, and a host can exist in multiple groups. We gave our host an alias of db_server. Replace the IP address here with the address of the host you want to control. The next two lines enable Ansible to take control of this server for everything using sudo. ansible-become tells it to become a sudo user, while ansible-become-user tells it which sudoer account to use. Note that we haven’t listed a password here. You can use Ansible to run shell commands that influence multiple hosts, but it’s better to use modules. These are native Ansible functions that replicate many Linux commands, such as copy (which replicates cp), user, and service to manage Linux services. Here, we’ll use Ansible’s apt module to install Apache on the host. ansible db_server -m apt -a ‘name=apache2 state=present update_cache=true’ -u danny –ask-become-pass
The -m flag tells us we’re running a module (apt), while -a specifies the arguments. update_cache=true tells Ansible to update the packages cache (the equivalent of apt-get upgrade), which is good practice. -u specifies the user account we’re logging in as, while –ask-become-pass tells Ansible to ask us for the user password when elevating privileges. state=present is the most interesting flag. It tells us how we want Ansible to leave things when it’s done. In this case, we want the installed package to be present. You could also use absent to ensure it isn’t there, or latest to install and then upgrade to the latest version. Then, Ansible tells us the result (truncated here to avoid the reams of stdout text). db_server | CHANGED => { “ansible_facts”: { “discovered_interpreter_python”: “/usr/bin/python3” }, “cache_update_time”: 1606575195, “cache_updated”: true, “changed”: true, “stderr”: “”, “stderr_lines”: [],
Run it again, and you’ll see that changed = false. The script can handle itself whether the software is already installed or not. This ability to get the same result no matter how many times you run a script is known as idempotence, and it’s a key feature that makes Ansible less brittle than a bunch of bash scripts. Running ad hoc commands like this is fine, but what if we want to string commands together and reuse them later? This is where playbooks come in. Let’s create a playbook for Apache using the YAML format. We create the following file and save it as /etc/ansible/lampstack.yml:
- hosts: lan gather_facts: yes tasks: - name: install apache apt: pkg=apache2 state=present update_cache=true - name: start apache service: name=apache2 state=started enabled=yes notify: - restart apache handlers: - name: restart apache service: name=apache2 state=restarted
hosts tells us which group we’re running this script on. gather_facts tells Ansible to interrogate the host for key facts. This is handy for more complex scripts that might take steps based on these facts. Playbooks list individual tasks, which you can name as you wish. Here, we have two: one to install Apache, and one to start the Apache service after it’s installed. notify calls another kind of task known as a handler. This is a task that doesn’t run automatically. Instead, it only runs when another task tells it to. A typical use for a handler is to run only when a change is made on a machine. In this case, we restart Apache if the system calls for it. Run this using ansible-playbook lampstack.yml –ask-become-pass. So, that’s a playbook. Let’s take this and expand it a little to install an entire LAMP stack. Update the file to look like this:
- hosts: lan gather_facts: yes tasks: - name: update apt cache apt: update_cache=yes cache_valid_time=3600 - name: install all of the things apt: name={{item}} state=present with_items: - apache2 - mysql-server - php - php-mysql - php-gd - php-ssh2 - libapache2-mod-php - python3-pip - name: install python mysql library pip: name: pymysql - name: start apache service: name=apache2 state=started enabled=yes notify: - restart apache handlers: - name: restart apache service: name=apache2 state=restarted
Note that we’ve moved our apt cache update operation into its own task because we’re going to be installing several things and we don’t need to update the cache each time. Then, we use a loop. The {{item}} variable repeats the apt installation with all the package names indicated in the with_items group. Finally, we use Python’s pip command to install a Python connector that enables the language to interact with the MySQL database. There are plenty of other things we can do with Ansible, including breaking out more complex Playbooks into sub-files known as roles. You can then reuse these roles to support different Ansible scripts. When you’re writing Ansible scripts, you’ll probably run into plenty of errors and speed bumps that will send you searching for answers, especially if you’re not a master at it. The same is true of general sysadmin work and bash scripting, but if you use this research while writing an Ansible script, you’ll have a clear and repeatable recipe for future infrastructure deployments that you can handle at scale.
Date: 2020-12-02
itpro.co.uk
Acer Chromebook 715 review: Gallery (2020-12-02) | All the specs and features to be a champion of the business world shame about the screen |
The future of m-commerce (2018-07-17) | Mobile commerce m-commercesales are projected to reach $291 trillion this year a 25% increase compared to 2019 While some people still prefer using their trusty desktop PC for online shopping and making transactions in recent years m-commerce has taken the leadRecent figures show that m-commerce accounted for 672% of totale-commercesales in 2019 an increase of 282% compared to the524% share it hel.. |
Dell EMC PowerEdge T140 review: The ideal SMB companion (2020-11-19) | With prices starting at just 538 the PowerEdge T140 is a tempting proposition for growing SMBs looking for their first purpose-built server This sturdy little tower comes with support for Intels powerful Xeon E-2200 CPUs flexible storage options and room to expand with demand Theres a good range of core configurations on offer to suit almost any workload too The Basic entry-level system sports a 3.. |
What is an MSSP? (2019-08-22) | Cyber attacks and security threats have become a constant battle forboth small and large organisations Not only have attacks become more common particularly during thee COVID-19 pandemicbut theyre also getting more sophisticated This sophistication of these attacks be it phishing scams or ransomwaremeans its getting harder for businesses to protect their infrastructure from potential threats SEE M.. |
Hackers steal 8.3 million user records from 123RF (2020-11-13) | Hackers have stolen 83 million user data records from royalty-free stock photo website 123RF The cyber criminals breached a server belonging to 123RFs parent company Inmagine Group to access the data According to a report from Bleeping Computer a known data breach broker began selling the data containing user information last weekend The data reportedly includes 123RF members full names email addr.. |
FCC chairman Ajit Pai to resign when Biden is inaugurated (2020-12-01) | Republican Federal Communications Commission FCC chairman Ajit Pai has announced hell leave his post on January 20 2021 the same day President-elect Joe Biden will be sworn in During his tenure Pai played a key role in stripping out net neutrality protections enacted under the Obama administration In late 2017 the FCC voted along party lines to remove Title II classification for broadband service .. |
Huawei sells Honor due to ‘technical equipment shortage’ (2020-11-17) | Huawei has announced the sale of its Honor smartphone business crediting the decision to a shortage oftechnical equipment caused by the trade restrictions imposed by the US government The Chinese tech giant confirmed that Honor will be sold to Shenzhen Zhixin New Information Technology - an enterprise owned by the government of Shenzhen where Huawei is headquartered In an official statement Huawei.. Huawei sells Honor due to ‘technical equipment shortage’ |
How to build a dedicated syslog server (2020-04-01) | Now that youve finally migrated all of your companys servers and systems to the cloud you can sit back and relax with only the local networking hardware to worry about Unfortunately the local administration and monitoring utilities were hosted on those now-cloudy servers This is the point at which random pieces of networking hardware will delight in crashing just to torment you as they know that y.. |
Using technology to keep intruders out and data safe (2020-11-06) | Noble Group CISO Shane Read has spent the past five years helping his company recover from a cyber security incident that had an enormous impact on the business A rogue insider wiped billions off the companys value in 2015 through unauthorised exfiltration of data from the company The share price of what was once a 5000-strong company collapsed and the companys value dropped from $12 billion to ar.. |
What is HTTP error 503 and how do you fix it? (2020-01-07) | The derided 503 error message is possibly one of the most frustrating errors to encounter when trying to access a website not just as a developer but as a general user As is the case with most other HTTP errors including the 502 bad gateway error theres no way for you to tell precisely what has gone wrong Unless youre au fait with website development its likely that the error number is as helpful .. |