DevOps/Ansible

Ansible is software for automate task, you can automates software provisioning, configuration management, application deployment and general orchestration, ansible design is based on /modules/, execute  to view your available modules or check list of official modules in the documentation: https://docs.ansible.com/ansible/latest/modules/modules_by_category.html.

Installation and Basic Configuration
Install Ansible binaries using yum or apt-get depending on your linux distribution, or pip on MacOS on your computer, not necessary on your managed nodes, then allows server access to your managed clients configuring automatic ssh key authentication.


 * macOS:
 * Ubuntu (latest version):

Following binaries will be installed: /usr/bin/ansible /usr/bin/ansible-playbook

/usr/bin/ansible-config                          View, edit, and manage ansible configuration. /usr/bin/ansible-console                         REPL console for executing Ansible tasks /usr/bin/ansible-galaxy                          Command to manage Ansible roles in shared repostories, the default of which is Ansible Galaxy https://galaxy.ansible.com

/usr/bin/ansible-pull                            Pulls playbooks from a VCS repo and executes them for the local host

/usr/bin/ansible-doc                             Displays information on modules installed in Ansible libraries /usr/bin/ansible-inventory                       Used to display or dump the configured inventory as Ansible sees it

/usr/bin/ansible-connection                      - /usr/bin/ansible-vault                           Encryption/decryption utility for Ansible data files

Configuration files
There are at least two configuration files in Ansible:
 * , text configuration file for managed nodes, or inventory in Ansible terminology, in INI or YAML format.
 * general configuration file.

Inventory of managed nodes
https://www.digitalocean.com/community/tutorials/how-to-manage-multistage-environments-with-ansible Inventory is defined in  file. It allows you to define your managed hosts by hostname or IP address, and group them, such as "my_webservers_group" in our example in INI format.

Groups of groups, hierarchies, is also supported using (:children) keyword:

You can also read Ansible best practices

Basic operations with your inventory:
 * List managed hosts:
 * To filter just one group of host:
 * To filter just one group of host:
 * To filter just one group of host:
 * To filter just one group of host:
 * To filter just one group of host:


 * List defined groups

Basic Ansible operations

 * Connect to remote host and verify python, it will not do a network ping to remote host, connect to host and test python:
 * (-m parameter stands for module)


 * Execute "uptime" in HOSTNAME:
 * (-a module arguments, in this case command to execute)


 * Connect to HOSTNAME and execute uptime command with  module,   module do not need python.


 * Execute "echo hello" in all your managed nodes:
 * (-a expect module arguments)


 * Connect and display gathered facts, do not setup anything.


 * Execute commands on a machine:


 * List available modules:


 * Execute a user defined task definition or playbook:


 * Execute a user defined task definition or playbook with command line variables:
 * -e: --extra-vars as key=value or YAML/JSON
 * -e: --extra-vars as key=value or YAML/JSON

Ansible Galaxy (Roles)
to manage roles
 * Installing roles:
 * oVirt.ovirt-ansible-roles
 * PaloAltoNetworks.paloaltonetworks
 * Installing roles:
 * oVirt.ovirt-ansible-roles
 * PaloAltoNetworks.paloaltonetworks

See also:  https://docs.ansible.com/ansible/latest/modules/import_role_module.html#import-role-module

Features

 * Support for saving encrypted information (passwords, API Keys ...) in playbooks using Ansible Vault since 2014

Ansible tunning/configuration
Configuration of ansible is done in, you can tune some configurations. Check official documentation or some example configuration file. .

Ansible privileges
Use in your playbook and execute with   parameter.
 * Use  if you do not have private public key configuration.


 * 1) !/usr/bin/env ansible-playbook --ask-become-pass

- hosts: REMOTE_SERVER become: yes tasks:

- user: name: USERNAME shell: /bin/bash groups: sudo append: yes password_lock: yes

- authorized_key: user: USERNAME state: present key: ""

See also: /Create a new user in a group of servers and provided ssh access using its public ssh key/

Activities
Beginner:
 * 1) Read how to use Ansible cheatsheet: https://www.digitalocean.com/community/tutorials/how-to-use-ansible-cheat-sheet-guide
 * 2) Read Ansible blog: https://www.ansible.com/blog
 * 3) Read StackOverflow questions about Ansible: https://stackoverflow.com/questions/tagged/ansible?tab=Votes
 * 4) Create your first playbooks:
 * 5) /Create a new user in a group of servers and provided ssh access using its public ssh key/
 * 6) /Configure user to be able to use sudo with no password/
 * 7) /Add a repository/ (  module)
 * 8) /Use loops in task/

Intermediate
 * 1) Install and configure sysstat using Ansible
 * 2) Modify ssh client Ansible uses to connect: change it from Paramiko to openssh client and modify   in   option. Do it in your   file. (Note than Ansible will use a different   that your openssh configuration. Default to:  )
 * 3) Read about Ansible /Roles/ (similar to modules in puppet and cookbooks in Chef): https://linuxacademy.com/blog/linux-academy/ansible-roles-explained/:
 * 4) Read about Reusable Playbooks: Dynamic vs. Static and Tradeoffs and Pitfalls Between Includes and Imports

Advanced:
 * 1) Increase default   configuration variable (default configuration is 5 forks) in   and verify how your execution time increase or decrease. Use:
 * 2) Use Ansible /ovirt-RHV module/ (ovirt_vm) to create KVM virtual machines
 * 3) Read Release Notes: Ansible changelog and versions: v2.9, v2.8 , v2.7.
 * 4) Read Ansible Code: