Ansible Agentless Automation

WiKi:-

Ansible is a free-software platform for configuring and managing computers which combines multi-node software deployment, ad hoctask execution, and configuration management.[1] It manages nodes (Linux nodes must have Python 2.4 or later installed on them, Windows nodes require PowerShell 3.0 or later) over SSH or over PowerShell.[2] Modules work over JSON and standard output and can be written in any programming language. The system uses YAML to express reusable descriptions of systems.[3]

Configuration management systems are designed to make controlling large numbers of servers easy for administrators and operations teams. They allow you to control many different systems in an automated way from one central location.

Basic Property:-

Language License Mutual auth Encrypts Verify mode Agent-less Have a GUI First release
Ansible Python GPLv3+ Yes[1] Yes[2] Yes Yes Yes[3](Free 30-day Trial) 2012-03-08

 

Platform Support :- 

AIX *BSD HP-UX Linux OS X Solaris Windows Others
Ansible Yes Yes Yes Yes Yes Yes Yes (Need linux control machine) Yes[90]

Design goals:-

  • Minimal in nature. Management systems should not impose additional dependencies on the environment.[11]
  • Consistent.[clarification needed]
  • Secure. Ansible does not deploy vulnerable agents to nodes. Only OpenSSH is required, which is already critically tested.[11]
  • Highly reliable. The idempotent resource model is applied to deployment to prevent side-effects from re-running scripts.[1]
  • Low learning curve. Playbooks use an easy and descriptive language based on YAML.

============================================================

Installation:-

sudo apt-get update
sudo apt-get install ansible

Simple basic test of ansible

#ansible localhost -m ping

Screenshot from 2016-06-18 22-00-52

As seen above, Ansible was called with flag “m” which means module – the module “ping” just contacts the servers and checks if everything is ok. In this case the servers answer was successfully. Also, as you see the output is formatted in JSON style which is helpful in case the results need to be parsed anywhere.

Using -vvv  give more details for the connection.

Screenshot from 2016-06-18 22-08-28.png

============================================================

Need help ??? :-

Get the Command Line Document –

#ansible-doc --version

Gives you the ansible version number

Screenshot from 2016-06-19 01-44-02.png

#ansible-doc   -l

List the available modules

Screenshot from 2016-06-19 01-50-12.png

#ansible-doc  <module name>

details information about any module.For exampe ansible-doc ping

Screenshot from 2016-06-19 01-51-34

============================================================

Inventory:- 

Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in Ansible’s inventory file, which defaults to being saved in the location /etc/ansible/hosts

Screenshot from 2016-06-18 22-30-07

SSH connection:

1.Define host details in /etc/ansible/host

sudo vim /etc/ansible/host

add the host details of the host that you want to manage at bottom.You can find other example in same file.

rupin ansible_host=192.168.0.103 ansible_port=22 ansible_user=root ansible_ssh_pass=123

Screenshot from 2016-06-18 23-39-41.png

where rupin => is a variable, which will store all the information of the host(can hive a variable any name)

ansible_host => The name of the host to connect to, if different from the alias you wish to give to it.

ansible_port => The ssh port number, if not 22

ansible_user => The default ssh user name to use.

ansible_ssh_pass =>The ssh password to use (this is insecure,strongly recommend using --ask-pass or SSH keys)

ansible_ssh_private_key_file => Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent.

You can  also define a new host file and and use as inventory file for ansible.

Test the connection :- 

Screenshot from 2016-06-18 23-51-49

If you want to have your Ansible hosts file in another location, then you can set this environment variable:

> export ANSIBLE_HOSTS=/root/ansible_hosts

2.setup ssh key based Authentication:-

The first step to configure SSH key authentication to your server is to generate an SSH key pair on your local computer.

To do this, we can use a special utility called ssh-keygen, which is included with the standard OpenSSH suite of tools. By default, this will create a 2048 bit RSA key pair, which is fine for most uses.

ssh-keygen

Screenshot from 2016-06-19 00-09-01.png

The easiest way to copy your public key to an existing server is to use a utility called ssh-copy-id.

The ssh-copy-id tool is included in the OpenSSH packages in many distributions, so you may have it available on your local system. For this method to work, you must already have password-based SSH access to your server.

The syntax is:

ssh-copy-id username@remote_host
ssh-copy-id root@192.168.0.103

Screenshot from 2016-06-19 00-16-17.png

ssh root@192.168.0.103

Screenshot from 2016-06-19 00-20-30.png

you can directly login without password.

Create a host file or add host in /etc/ansible/host.I will create a new file.

vim host

(you can create file with any file name)

[rupin]
dev ansible_host=192.168.0.103 ansible_user=root 

save it :wq

#ansible  -i hosts rupin -m ping

Screenshot from 2016-06-19 01-37-00

where -i  => inventory

============================================================

Some  command Line Examples :–

1. Setup

Get the Host machine Complete Information:-

#ansible -i hosts rupin -m setup

Screenshot from 2016-06-19 02-29-13.png

Host only  network related information :-

#ansible -i hosts rupin -m setup -a 'filter=ansible_eth[0-2]'

Screenshot from 2016-06-19 02-28-12.png

#ansible -i hosts rupin -m setup -a 'filter=ansible_architecture'

get only architecture of the host

Screenshot from 2016-06-19 02-33-20.png

2.copy

#ansible -i hosts rupin -m copy -a "src=/etc/hosts dest=/tmp/hosts"

Screenshot from 2016-06-19 02-39-29.png

src => file from server

dest => will copy to client machine.

3.Service

ansible -i hosts rupin   -m service -a "name=cron state=restarted"

Screenshot from 2016-06-19 02-44-36

4.apt

ansible -i hosts rupin   -m apt -a “name=fts state=present update_cache=yes” -vvvv

install packages .

Screenshot from 2016-06-19 02-53-25.png

5.user

You need to create encrypted password otherwise it will run successful but it will not login.

Screenshot from 2016-06-19 03-03-28.png

step to create encrypted password –

Method 1:-

 openssl passwd -1 -salt openssl rand -hex 4

Screenshot from 2016-06-19 03-13-43

copy encrypted key as show below

#ansible -i hosts rupin -m user -a 'name=test password=$1$2141f9b3$qeED9Kvsj0bGRV/uahfU/1'       -vvvv

Screenshot from 2016-06-19 03-18-32.png

Screenshot from 2016-06-19 03-17-00

Method 2:-

 # python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")'

Screenshot from 2016-06-19 03-20-27.png

Method 3:-

#mkpasswd --method=SHA-512

Screenshot from 2016-06-19 03-24-05.png

==========================================================================

 

Advertisements

One thought on “Ansible Agentless Automation

  1. […] Ansible Agentless Automation […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s