Ansible : UDMY -- 8. Ansible Inventories

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Ansible Architecture and Design 



Ansible Inventory


How can we provide connectivity to our Ansible hosts via root 




There is a directory for each of these sections 


As you can see there is a directory for each of these sections 


essentially we can move to each directory and run ansible from each directory .


Currently  our setup is quite simple we are connected as pact user connect to controller machine and using ansible as pack user connected to the end points.


We are going to configure Ansible so that we can have *root* connectivity for all of our end points. 

The centos systems are pretty simpler . 


we have "ansible_user" variable set for centos hosts

stating the user we will use for connectivity is root. 

$ ansible all -m ping 

the variable ansible_user hosts fails as we havent set the ssh key for the root user/



Now lets ping


By this our connectivity now looks like the following. 


Lets see how to provide root access to ubuntu hosts for this .

here we will be using a different approach where we will connect as packt user and then become root.


ansible_become=true  -- which allows us to become a super user. / - in sudo or su 

And we are specifying the password

ansible_become_pass=password  -

Later on we will discuss about ansible vault , later on we will discuss the use of ansible vault for 


We have connectivity over all of the hosts . After applying these changes our configuration now looks like this.


The ping command that we just ran is doing a lot more behind the scenes . 

I recommend to a take a look at the following URL : https://docs.ansible.com/ansible/2.3/intro_inventory.html

I am going to change one of our systems intentionally to show you . Change CemtOS 1 so it is running in a different ssh port .

we connect across to centos1 -- ssh

$ ssh centos1

let me do that once again i want to connect as root

$ ssh centos1 -l root 

and lets edit the sshd config .




we need to let SElinux know about this change. 



This failes thats because we do not have semanage 

you can resolve this

$ yum -y install policycoreutils-python 

we can now run the above command now.

$ semanage port -a -t ssh_port_t -p tcp 2222

We also need to open the firewall for this new port 

$ firewall-cmd --permanent --add-port=2222/tcp

$ firewall-cmd --reload


The last thing that you want to do is restart the sshd service 

$ service sshd restart

now we are running on port 2222 rather than 22 

Checking method - the easy way of checking this. 

$ ssh 0 -p 2222

0 is a short form for 0.0.0.0 which is technically ip for local host


And we now run the ping command

$ ansible all -m ping 

with those changes in place if we try , it should not fail for one host for centos1 . And succeed for the other.


 The reason being our current connection expects the connection to be on port 22. 

Lets see if we can connect from ubuntu-c to centos1

$ telnet centos 2222

thats a good sign that the ssh command is shown up.


now we will update our ansible configuration .

If we go to section 4 

we have another ansible variable in the host file which will overright the ansible port

ansible_port=2222


And if we run the ping command from this directory 


once again we can ping all of the host successfully . 

If we look at revision 5 - there is another way in which you can specify this. 

> centos1:2222


and if you again ping it is all working as expected. 

so ansible_port=2222  / or centos1:2222 -- can be mentioned any way



if you look at the host file you have commonality between all of the centos and ubuntu with in a host file we can simplify using ranges .

If we move to revision 07 and when we check the hosts file. 


we can verify of this is still working .

$ ansible all --list-hosts


We still however have some duplication in centos group 

we still have some duplication in the centos group where we have ansible_user defined for both we can mitigate this by the use of group vars making every host in the centos group automatically receive the host file where ansible_user=root.  We will also look at this as the ubuntu group 

If we go into revision 8 


you can see these two extra sections centos.vars 


validate it

$ ansible all -m ping -o

all working as expected.

If we look at the host file on section 08 


what we have now is a controller host and the host , it would be easy if we easily distinguish our linux groups . Fortunately Ansible has a children abbreviation which is very useful for this

What we are going to do now if define a paired group of linux with both centos and ubuntu as the children .

as we go into revision 09 


[linux:children]

centos
ubuntu

because of this this group will inherit all of the members of the centos and the ubuntu group , if we 


by mentioning linux - 

$ ansible linux -m ping -o

If you recall from section 1  - we saw the [all] group , technically all hosts are part of the all group by default . We can use this knowledge to apply variables to all hosts, USING THE [ALL:VARS] group file .

we will have a look at revision 10. And you can see at the bottom there 


in our case we have mentioned the ansible_port for all groups to be 1234 obviously 1234 is not a valid port number and the connections will fail , 

if you look at centos1 we have an ansible port entry as 2222 , specific to that host. And specific host variables take precedence over all 

if we 

$ ansible all -m ping 

all will fail except centos1 which is having ansible_port=2222 which take precedence and the local host which is not using ssh connection, 


We can apply group vars to a parent and childrens will receive the Vars 

We have set another var which is [linux:var]

and now 

$ ansible all -m ping 

we should have the same outcome , ubuntu-c is a success. and centos1 is a success. 

The host file can be written in any format but it can also be written in YAML or JSON.

If you go to revision 12 , you have equivalent of that host file in YAML


If we go to revision 13, what we have here is JSON equivalent of the same 


The JSON format is a lot less forgiving than YAML. 

As you can see these host entries you can see the "null" in there .


it is very important in JSON that your commas are included in the correct place .  And again we look at the ansible.cfg > it is updated with hosts.json 


If we go to the section 14 , we have reverted the hosts.yml to hosts file in ansible.cfg

We have host.json file and the hosts file in the /etc/ansible/ directory . we can specify an inventory and that inventory flag will also work 

$ ansible all -i hosts -m ping -o


here we revision 14 we have reverted the ansible.cfg file we have reverted the host back to the hosts file 




-- vars parameter in the command line is use to overright the vars parameter in the inventory .


This should succeed with the exception of cenros1 which is explicitly mentioned as port 2222 in the hosts file. 


$ ansible linux -m ping -e 'ansible_port=22'

If the host file has a port explicitly mentioned in the file against a host it takes precedence over the others. 





































Comments

Post a Comment

Popular posts from this blog

Ansible : UDMY -- 9. Ansible Modules

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ In this module we will be talking about ansible module called "setup" which is used to gather information about modules,  The file module for a variety of different file based operations. We will look at the color notation used at the ansible execution . And how it relates to the key feature of Ansible called "Idempotency"  We will be using the  We will be using the copy module and the command module,  Ansible.doc to quickly understand the options available while using ansible modules .  Used for gathering facts about playbooks.  $ ansible centos1 -m setup  $ ansible centos1 -m setup | more  We can see information about devices . loads of information that get gathered here as facts ,  Using the file module using the combination of paths and states , path to the file being managed...
Read more

Ansible : UDMY -- 7. Validating Ansible Installation -- adhoc commands start - for loop to ssh key

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Here we will validate Ansible to check if it is working as expected . If you are using Ubuntu-c or configured your own Ansible controller machine . You should have an ansible folder, within this you should have a subdirectory venv27. if so activate your virtual environment.  $ source venv27/bin/activate If you decide to go by an alternative approach such as installing ansible using a system package  Please create an ansible directory now , you can continue with out the virtual environment  In the installation video we used the ansible command , check the installation was working as expected.  We are going to use the same ansible command to validate our system But this time we are going to work on a remote system .  We are going to make use of an ansible configuration and an inventory file. Before we d...
Read more