Ansible from Scratch

Ender's Game, frontpage

Ansible is (textual quote):

Is a free software platform to configure and administer computers. It combines multi-node installation, ad-hoc task execution and configuration management. Also, Ansible is categorized as an orchestration tool.It manages nodes through SSH without the need of additional remote software. It has modules working in JSON and the standard output can be written in any language. It natively uses YAML to describe configurations that can be reused in other systems.

If you still have no clue about what the heck is Ansible, we can say Ansible is a powerful tool to configure and manage equipment from a remote location, opposite to things like Puppet, you have no need to create a handful of machines to manage a couple of others. Ansible mixes the hard simplicity of "Keep it simple stupid!" with the pragmatism of "If I already did this another time there is no need to start over again" de tal manera, in that way, with a minimal installation of software in management node you can operate over nodes with only base system installed, this makes Ansible ideal to operate over containers an virtual machine environments like Vagrant. Its main features are:

  • Easyness.- Tasks are simple scripsts known as playbooks
  • Security.- Since you have no need to install agents you are not generating new vulnerabilities on targets
  • Low learning curve.- Making the most basic tasks is quite easy
  • Toughness.- Ansible's main principle is known as idempotency (it is, repeating same operation always leads to same state) and that allows devOps to run playbooks without fearing unknown states after several repetitions of same script.

As usual, we will do the basic installation on Debian, the sofware to be installed is very basic:

apt-get install ansible
apt-get install sshpass # this package is not mandatory but we will see it's useful for first tasks.

With that, the basic installation o Ansible is done in our master node, Debian's version of Ansible, follows Debian's philosophy of file placing so configuration files are placed on  /etc/ansible there we'll see a filled called ansible.cfg and another file called hosts that we will go through below.

File hosts, is a typical INI file, that may look like this:

[groupname1]
server1
server2
server3
[groupname2]
server2
server4

We can call commands or Playbooks over a server or over a group of them, or even over all servers in our host file.

On hosts file we can make groups of groups using the tag :children :

[altogether:children]
groupname1
groupname2

This example is not needed since we can always call the metagroup all this will make ansible run the script on everyserver, but it was only an illustrative example.

In hosts file we can always store variables and link them to servers and groups, these variables can be later used on scripts to handle different values on servers of same group:

[groupname1:vars]
default_gateway=192.168.0.1
dns_server=192.168.0.250
trusted_network=192.168.0.0/24
[groupname2:vars]
default_gateway=192.168.1.1
dns_server=192.168.1.250
trusted_network=192.168.1.0/24

Variables can also be used on a host basis:

server1 http_port=80 maxRequestsPerChild=200

Hosts files allow a lot more of tunning like split file in subfiles or make server sequences or a lot more of features, but at this point we have enough knowledgement to start toying with ansible.

If we are going to make a serious installation it is recommended creating a user to handle ansible and also use vault to store keys and some other things, but let's just see how ansible works, if we installed sshpass we'd be able to use SSH password on command line to run ansible. So we will test if our servers have connectivity and they can ssh each other:

ansible all -m ping -k -u ansible #usr created to test but any user with ssh access could do
SSH password:
server1 | success >> {
"changed": false,
"ping": "pong"
}
... (shortened answer)
server4 | success >> {
"changed": false,
"ping": "pong"
}

And that's it we have Ansible working on our environment.