Ansible Installation steps:

Step1: Create 2 or more Machines and name one as Controller Server and others as Remote
machines

ON all the machines do the following steps .

1. yum update -y
2. adduser demo_user
3. passwd demo_user
4. visudo (vi /etc/sudoers)

demo_user ALL=(ALL) NOPASSWD: ALL

Note-2. By default in AWS OS images are designed for password less (.pem/.ppk Key based
authentication) authentication
Note-3: So we have to make it password based authentication for ansible user to communicate.

5. vi /etc/ssh/sshd_config

passwordAuthentication = yes
permitrootlogin yes

6. service sshd restart

Step2: Controller Server (RHEL): Controller server setup steps as below ( ONLY ON
CONTROLLER)

1. yum update -y
2. yum install ansible -y (No package ansible available, because ansible is not available in
rpm bundle so we should add ansible)
3. rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
4. yum install ansible -y
5. ansible --version (this command is used to check whether ansible is installed or not)

6. su – demo_user

Note-4: Ansible communicates via ssh , so generate SSH keys and ID's and copy them into
remote machine. To establish passwordless communication from remote machine.
 7. ssh-keygen

8. ssh-copy-id demo_user@<private Ip address of remote machine/ DNS>

ssh-copy-id [email protected]

9. ssh <private Ip address of remote machine/ DNS>

ssh 172.31.19.7

Note-5: you should be able to login to remote machine without password prompt

10. cd /etc/ansible/
11. ls -lrt
More hosts if needed
12. sudo mv hosts hosts_bkup ====>Take the backup of Hosts under /etc/ansible folder

13. sudo vi hosts

[group1] ========>group name : List of remote machines IP’s

<private Ip address of remote machine/ DNS> # pvt dns/ IP of remote host

14. ansible group1 -m ping

[demo_user@ansicontroller1 ansible]$ ansible group1 -m ping
172.31.95.90 | SUCCESS => {
"changed": false,
"ping": "pong"
}
It will check the ping from listed nodes in host file ===>under group1

-----> Now, login to Remote machine and check whether Remote machine is installed or not.
# service httpd status ===> httpd.service could not found

To deploy Application
=================

=====> Go back to controller

-m is module
-b to become root

# ansible group1 -m yum -a "name=httpd state=present"

=====> failed, we will get an error because we are executing this command from demo_user.
This Demo_user will talk about demo-user of Remote Machine, but yum command needs to be
root. So, we have to add sudo before the command. so, we have to execute this command
using sudo by using -b option. (-b to become root)

# ansible group1 -b -m yum -a "name=httpd state=present"

====> success

------> Go back to Remote machine and again check service httpd status, it shows Active and
success. Here httpd is not yet started but installed.

#ansible group1 -b -m service -a 'name=httpd state=started' ===> use -b to become root to

execute command

after setup
ansible group1 -b -m yum -a "name=httpd state=latest"
ansible group1 -b -m service -a "name=httpd state=started"

Note:
1. If you execute same commands above, it will skip to execute. Because, those are already
running. It will skip the execute. This is called as Idempotence.

2. Ad-hoc commands are the commands, it will executes only one module once. To use more
modules to use, we will go for playbooks.
3. Ad-hoc commands in Ansible allow you to execute simple tasks at the command line against
one or all of your hosts. Examples

21. Writing playbook

Playbook always be in .yaml or .yml format

Exercise:1

Write a playbook install httpd and start service on remote machine

========================

# sudo vi install_httpd.yaml

[demo_user@ansicontroller1 ansible]$ # cat install_httpd.yaml

---
- hosts: group1
tasks:
- name: install httpd
yum:
name: httpd
state: present
- name: start the service
service:
name: httpd
state: started
or

---
- hosts: group1
tasks: install httpd
- name: install httpd
yum: name=httpd state=present
-name: start the service
service: name=httpd start=started

To run above playbook is as below command

# ansible-playbook -b install_httpd.yml

To Verify, browse url with remote machine public ip. you will get appache page

Exercise:2

Create a index file in /tmp/index.file with some content in local system(controller) and same to
be copied on remote machine

 Cd /etc/ansible/
 Sudo vi /tmp/index.html

----- >

---
- hosts: group1
tasks:
- name: installing httpd
yum:
name: httpd
state: present
- name: starting httpd
 service:
name: httpd
state: started
- name: copy a indexfile to remote machine
copy:
src: /tmp/index.html
dest: /var/www/html/index.html

or

- hosts: group1
tasks:
- name: installing httpd
yum: name=httpd state=present
- name: starting httpd
service: name=httpd state=started
- name: copy a indexfile to remote machine
copy: src=/https/www.scribd.com/tmp/index.html dest=/var/www/html/index.html

< ------

To Run the PLAYBOOK

ansible-playbook -b installing_httpd.yml

To Verify, browse url with remote machine public ip. you will get apache page

Exercise:3

Install tomcat and download benefits.war file and copy on remote machine.

[demo_user@ansicontroller1 ansible]$ cat install_tomcat.yaml

---
- hosts: all
tasks:
- name: install tomcat
yum:
name: tomcat
state: present
 - name: start the service
service:
name: tomcat
state: started
- name: Download tomcat
get_url:
url: https://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/wls/12c/03-
DeployApps/files/benefits.war
dest: /usr/share/tomcat/webapps/benefits.war

To Verify tomcat installaion , browse url with remote machine public ip with port
numberx.x.x.x::8080./benefits

http://54.84.163.232:8080/benefits/

you will see benefits page

Note:
Refere some pages:
https://www.tecmint.com/install-apache-tomcat-in-centos/
Online yaml validator
http://www.yamllint.com/

Exercise: 4 HOW TO REPLACE A TEXT

Replace string on remote machine text file.

Note: Search on internet as, ansible module to replace string or text

---
- hosts: group1
tasks:
- name: replace string
replace:
path: /tmp/sample.txt
regexp: 'boys'
replace: 'girls
[demo_user@ansicontroller1 ansible]$ ansible-playbook -b replace_string.yaml

To check the result, go to Remote machine

[demo_user@remotemachine1 ~]$ cat /tmp/sample.txt
there are 50 gilrs
all gilrs are good
[demo_user@remotemachine1 ~]$

Exercise 4: OHAI
OHAI service is to gather all configuration from Remote Machine.

Take one RedHat and another Ubuntu machine in which by default we should create a playbook
it should run on the machines based on the platform, it shouldnot throw any errors.

Note: On RHEL Machine, by default python is installed, but on Ubuntu machine we have to
install python explicitory.

===> create a ubuntu machine

follow the below commands in ubuntu:

sudo -i
apt update
apt install python -y
apt install ansible -y
adduser demo_user
passwd demo_user
vi /etc/sudoers
vi /etc/ssh/sshd_config
service sshd restart
python --version ===> to check whether python is installed or not

====> go back to controller and execute below commands

su - demo_user
cd /etc/ansible
ssh-copy-id demo_user@ <private ip of ubuntu>
ssh <private ip of ubuntu

-----> we should login to remote machine without any password prompt.

demo_user anible---> # sudo vi hosts

[group1]
<private Ip address of remote machine RedHat>
[group2]
<private Ip address of remote machine ubuntu>

demo_user anible---> # sudo vi ohai.yml

---
- hosts: all
tasks:
- name: install httpd
yum: name=httpd state=present
when: ansible_os_family == "RedHat"
- name: install apache2
service: name=httpd start=present
when: ansible_os_family == "Debian"

demo_user anible---> ansible-playbook -b ohai.yml

practice:

ansible group1 -m setup -a "filter=*ipv4*"

ansible group1 -m setup

ip address={{ansible_all_ipv4_addrrese}}
vi xyz.conf.j2
Exercise 5: TEMPLATE TASK
on remote machine:
ec2-user ---> sudo -i
root --->> vi xyz.conf
ipaddress=

on controller:

ec2-user ---> sudo -i

root --->> su - demo_user
demo_user@controller---> cd /etc/ansible
ansible ----> sudo vi /tmp/xyz.conf.j2
ansible----> sudo vi template.yml

---
- hosts: all
tasks:
- template:
src: /tmp/xyz.conf.j2
dest: /tmp/xyz.conf

ansible----> ansible-playbook -b template.yml

====> To check result go to Remote machine, and go to

cd /tmp
ls
cat xyz.conf

Ansible Variables

We can define the variables and call variables such variables called play variables

Playbook variable:

 Sudo -i
 Su – demo_user
 Cd /etc/ansible/
 Ls -lrt
 Sudo vi playbook_variables.yml

----- >
---
- hosts: all
vars:
pkg_name: httpd
pkg_state: present
tasks:
- name: install {{pkg_name}}
yum: name={{pkg_name}} state={{pkg_state}}
< ------
ansible-playbook -b playbook_variables.yml

Inventory variable:

Put # in vars,pkg_name and pkg_state at file while playin with Inventory Variable

Exercise 6:
Variables precedence

There many variables as below

Here is the order of precedence from least to greatest (the last listed variables winning
prioritization):

• command line values (eg “-u user”)

• role defaults [1]

• inventory file or script group vars [2]

• inventory group_vars/all [3]

• playbook group_vars/all [3]

• inventory group_vars/* [3]

• playbook group_vars/* [3]

• inventory file or script host vars [2]

• inventory host_vars/* [3]

• playbook host_vars/* [3]

• host facts / cached set_facts [4]

• play vars

• play vars_prompt

• play vars_files

• role vars (defined in role/vars/main.yml)

• block vars (only for tasks in block)

• task vars (only for the task)

• include_vars

• set_facts / registered vars

• role (and include_role) params

• include params

• extra vars (always win precedence)

===================================

extra variables winning highest prioritization

exercise to check presidency:

[demo_user@ansicontroller1 ansible]$ cat playvariable1.yml

---
- hosts: group1
vars:
pkg_name: httpd
pkg_state: present
tasks:
- name: install {{pkg_name}}
yum: name={{pkg_name}} state={{pkg_state}}
[demo_user@ansicontroller1 ansible]$

[demo_user@ansicontroller1 ansible]$ ansible-playbook -b -e pkg_name=wget

playvariable1.yml

PLAY [group1]
******************************************************************************
**********************************

TASK [Gathering Facts]

******************************************************************************
*************************
ok: [172.31.95.90]

TASK [install wget]

******************************************************************************
****************************
changed: [172.31.95.90]

PLAY RECAP
******************************************************************************
*************************************
172.31.95.90 : ok=2 changed=1 unreachable=0 failed=0
Verified that extra vars(-e), pkg_name=wget installed as it is mentioned using -e

=======Group_vars===================================================

Create directory called as group_vars in /etc/ansible

cd /etc/ansible
sudo mkdir group_vars
cd group_vars
sudo vi group1.yaml
------>

---
hosts: group1

pkg_name: tree
pkg_state: present
[demo_user@ansicontroller1 host_vars]$
[demo_user@ansicontroller1 group_vars]$ pwd
/etc/ansible/group_vars
[demo_user@ansicontroller1 group_vars]$ cat group1.yaml
pkg_name: unzip
pkg_state: present
[demo_user@ansicontroller1 group_vars]$
[demo_user@ansicontroller1 ansible]$ cat hosts
[group1]
172.31.95.90
#[group1:vars]
# pkg_name=tomcat
# pkg_state=present
[demo_user@ansicontroller1 ansible]$
[demo_user@ansicontroller1 ansible]$ cat playvariable1.yml
---
- hosts: group1
# vars:
# pkg_name: httpd
# pkg_state: present
tasks:
- name: install {{pkg_name}}
yum: name={{pkg_name}} state={{pkg_state}}
[demo_user@ansicontroller1 ansible]$
[demo_user@ansicontroller1 ansible]$ ansible-playbook -b playvariable1.yml

PLAY [group1]
******************************************************************************
**********************************

TASK [Gathering Facts]

******************************************************************************
*************************
ok: [172.31.95.90]

TASK [install unzip]

******************************************************************************
***************************
changed: [172.31.95.90]

PLAY RECAP
******************************************************************************
*************************************
172.31.95.90 : ok=2 changed=1 unreachable=0 failed=0

[demo_user@ansicontroller1 ansible]$ cat hosts

============Host_vars==================================

create directory called as host_vars in /etc/ansible

[demo_user@ansicontroller1 ansible]$ cat host_vars/172.31.95.90.yaml

pkg_name: unzip
pkg_state: present
[demo_user@ansicontroller1 ansible]$

[demo_user@ansicontroller1 ansible]$ sudo vi host_vars/172.31.95.90.yaml

[demo_user@ansicontroller1 ansible]$ ansible-playbook -b playvariable1.yml

PLAY [group1]
******************************************************************************
**********************************

TASK [Gathering Facts]

******************************************************************************
*************************
ok: [172.31.95.90]
TASK [install unzip]
******************************************************************************
***************************
ok: [172.31.95.90]

PLAY RECAP
******************************************************************************
*************************************
172.31.95.90 : ok=2 changed=0 unreachable=0 failed=0

Ansible Roles

Ansible - Roles. Roles provide a framework for fully independent, or interdependent

collections of variables, tasks, files, templates, and modules. In Ansible, the role is the primary
mechanism for breaking a playbook into multiple files. This simplifies writing complex
playbooks, and it makes them easier to reuse.
su
can say group of relevant /same task

In /etc/ansible directory we can find roles folder

sudo -i
su – demo_user
cd /etc/ansible/roles
ls
pwd
sudo mkdir tomcat_roles
cd tomcat_role
ls
sudo mkdir tasks
cd tasks
sudo vi main.yaml // make sure you are under roles or anytime use audo vi
roles/tomcat_role/tasks/main.yaml
----- >
- name: install tomcat
yum:
name: tomcat
state: present
- name: start the service
service:
name: tomcat
state: started
- name: Download tomcat
get_url:
url: https://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/wls/12c/03-
DeployApps/files/benefits.war
dest: /usr/share/tomcat/webapps/benefits.war

< ------
ls -lrt
sudo vi demo_roles.yml // chech we are under ansible
----- >
---
- hosts: all
roles:
- tomcat_role
< -------
 ansible-playbook – b demo_roles.yml

-------------------- Ansible Galaxy

Go to Roles Directory and Do ls -lrt

cd roles
ls -lrt
tree //will display all heirachically
sudo yum install tree -y
tree
sudo ansible-galaxy init db_role
ls -lrt
cd db_role
tree

Exercise1:

create folder and file structure as below and write the .yaml file for tomcat installation

[demo_user@ansicontroller1 ansible]$ tree

.
├── ansible.cfg
├── group_vars
│ └── group1.yaml
├── hosts
├── hosts_old
├── host_vars
│ └── 172.31.95.90.yaml
├── install_httpd.yaml
├── install_tomcat.yaml
├── my_role.yaml
├── playvariable1.yml
├── playvariable.yml
├── replace_string.yaml
├── roles
└── tomcat_role
└── tasks
├── deploy_tomcat.yaml
├── install_tomcat.yaml
├── main.yaml
└── start_tomcat.yaml

5 directories, 15 files

[demo_user@ansicontroller1 ansible]$ cat roles/tomcat_role/tasks/main.yaml

- import_tasks: install_tomcat.yaml
- import_tasks: start_tomcat.yaml
- import_tasks: deploy_tomcat.yaml
[demo_user@ansicontroller1 ansible]$ cat roles/tomcat_role/tasks/install_tomcat.yaml
- name: install tomcat
yum: name=tomcat state=present
[demo_user@ansicontroller1 ansible]$ cat roles/tomcat_role/tasks/start_tomcat.yaml
- name: start tomcat
service: name=tomcat state=started
[demo_user@ansicontroller1 ansible]$ cat roles/tomcat_role/tasks/deploy_tomcat.yaml
- name: deploy app
get_url: url=https://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/wls/12c/03-
DeployApps/files/benefits.war dest=/usr/share/tomcat/weba
pps/benefits.war
[demo_user@ansicontroller1 ansible]$
[demo_user@ansicontroller1 ansible]$ cat my_role.yaml
---
- hosts: group1
roles:
- tomcat_role
[demo_user@ansicontroller1 ansible]$

[demo_user@ansicontroller1 ansible]$ ansible-playbook -b my_role.yaml

PLAY [group1]
******************************************************************************
******************************************************

TASK [Gathering Facts]

******************************************************************************
*********************************************
ok: [172.31.95.90]

TASK [tomcat_role : install tomcat]

******************************************************************************
********************************
ok: [172.31.95.90]

TASK [tomcat_role : start tomcat]

******************************************************************************
**********************************
changed: [172.31.95.90]
TASK [tomcat_role : deploy app]
******************************************************************************
************************************
ok: [172.31.95.90]

PLAY RECAP
******************************************************************************
*********************************************************
172.31.95.90 : ok=4 changed=1 unreachable=0 failed=0

================Ansible Galaxy=============================

[demo_user@ansicontroller1 roles]$ sudo ansible-galaxy init httpd_role

[demo_user@ansicontroller1 roles]$ tree

.
├── httpd_role
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
└── tomcat_role
└── tasks
├── deploy_tomcat.yaml
├── install_tomcat.yaml
├── main.yaml
└── start_tomcat.yaml

11 directories, 12 files
[demo_user@ansicontroller1 roles]$

https://galaxy.ansible.com/

Download required role from galaxy which are predefined by the someone.
We should tune it
 Ansible Vault:

Ansible Vault is a feature of ansible that allows you to keep sensitive data such as passwords or
keys in encrypted files, rather than as plaintext in playbooks or roles. ... Alternately, you may
specify the location of a password file or command Ansible to always prompt for the password
in your ansible.cfg file.

How to Encrypt the data::

Su – demo_user
Cd /etc/ansible
sudo ansibe-vault create credentials.conf //It wil ask to set password
New Vault password:
Confirm New Vault password:
Vi file wil open
Username=srikanth
Password=password and save it
ls -lrt // we can see credentials.conf created
sudo more credentials.conf // we can see our data in encrypted format
 Write a playbook to copy this file to /tmp directory of remotemachine
sudo demo_vault.html
----- >
---
- hosts: group1
tasks:
- name: Copying the file
copy: src=/https/www.scribd.com/etc/ansible/credentials.conf desc=/tmp/credentials.conf
----- >
ansible-playbook -b demo_vault.yaml // this wil fail
sudo chmod 755 credentials.conf
ansible-playbook -b demo_vault.yaml // we wil get error because it need to be decrypted
ansible-playbook -b –ask-vault-pass demo_vault.yaml // now it wil run & ask pswd for
which we created earlier
Go to Remote Machine
cat /tmp/credentials.conf // data is decrypted and we can see our username & password

If we want to modify the file and change username/password

In controller
sudo vi credentials.conf // we cant edit it normally

to edit the vault file

sudo ansible-vault edit credentials.conf // it wil ask previous pswd,enter it and edit as
wish

If Other Developers want to use this file, then we need to provide username n password
to them

sudo ansible-vault rekey credentials.conf // it wil ask old pswd enter and now we can
set new password
 Ansible Templates

Jinja2 is a templating system for Python based apps

ansible <private ip> -m setup -a “filter=*ipv4*” to check available variables
note down ansible_all_ipv4_addresses

on controller:

sudo -i
su - demo_user
cd /etc/ansible
sudo mkdir templates
sudo vi xyz.j2
----- >
port = {{port_no}}
Ip address = {{ansible_all_ipv4_addresses}}
----- >

pwd
cd ..
sudo vi demo_templates.yml //playbook

---
- hosts: group1
gather_facts: false
vars:
port_no: 82
tasks:
- name: copying the templates
- template:
src: xyz.conf.j2
dest: /tmp/xyz.conf

ansible-playbook -b template.yml

====> To check result go to Remote machine, and go to

cat /tmp/xyz.conf we an see id address and port number

=================================================================
Ansible Theory
================================================================
-It is push based configuration management tool
-Ansible is an IT automation tool. It can configure systems, deploy software, and
orchestrate more advanced IT tasks such as continuous deployments or zero downtime
rolling updates.
-Ansible’s main goals are simplicity and ease-of-use. It also has a strong focus on
security and reliability, featuring a minimum of moving parts,
usage of OpenSSH for transport (with other transports and pull modes as alternatives),
and a language that is designed around auditability by humans–even those not familiar with the
program.
-Playbook:
-idempotence
-convergence
-Inventory :
-no database required
- no agent required
-Only needs prerequisites required is python 2.7 version
-light weight
-converting .yml to python while executing
-Every tool has its own DSL
-Once Ansible is installed, it will not add a database, and there will be no daemons to
start or keep running.
 You only need to install it on one machine (which could easily be a laptop) and it can
manage an entire fleet of remote machines from that central point.