Latest

Monday, 9 September 2019

How to Setup Ansible Control Node on CentOS 7

Install Ansible and Use Playbooks on CentOS 7

Ansible is an open-source software provisioning, configuration management, and application-deployment tool. Ansible uses its own declarative language, based on YAML (Yet Another Markup Language), to describe system configurations.

The main functionality that differs Ansible from other configuration management software is it's agent-less architecture. And because of this agent-less architecture, installation and configuration of Ansible is very easy and straight-forward. We just need to configure the key-based ssh authentication on the nodes and Ansible will then uses the ssh to perform configurations on the nodes.

As compare to Puppet and Chef; Ansible is a new candidate in the domain of configuration management. But it is getting famous and converting the users from competitors’ technologies.

One major shift is the inclusion of Ansible by Red Hat in Industry’s most reputable certification i.e. RHCE (Red Hat Certified Engineer) specific to Red Hat Enterprise Linux 8.

In this article, we are installing Ansible on CentOS 7 and then write and execute Ansible playbooks to configure our Linux servers using Ansible.

Install Ansible and Use Playbooks on CentOS 7

Table of Contents:

 

Environment Specification:

We are using three CentOS 7 virtual machines with following specifications.

Ansible Control Node:

  • Hostname - ansible-01.example.com
  • IP Address - 192.168.116.201 /24
  • Operating System - CentOS 7.6

Lighttpd Web Server:

  • Hostname - lighttpd-01.example.com
  • IP Address - 192.168.116.202 /24
  • Operating System - CentOS 7.6

MariaDB Database Server:

  • Hostname - mariadb-01.example.com
  • IP Address - 192.168.116.203 /24
  • Operating System - CentOS 7.6

Here, we will install Ansible on ansible-01.example.com and configure the other two servers as Ansible managed nodes.

 

Configure Name Resolution of Linux Servers:

If you have configured a Authoritative DNS Server for you domain, then you can add the RR (Resource Records) of all three servers in it. Otherwise, you have to add the name resolution entries in Local DNS Resolver (/etc/hosts) file.

# cat >> /etc/hosts << EOF
> 192.168.116.201 ansible-01.example.com ansible-01
> 192.168.116.202 lighttpd-01.example.com lighttpd-01
> 192.168.116.203 mariadb-01.example.com mariadb-01
> EOF

Repeat the above command on lightttpd-01 and mariadb-01 machines.

 

Configure SSH for key-based authentication on CentOS 7:

Generate a SSH Key on ansible-01.example.com server using ssh-keygen command.

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:r2CBUntEfwcot16lGdI2K8b1rli6UUmfdEfiifps3cw root@ansible-01.example.com
The key's randomart image is:
+---[RSA 2048]----+
|      .  o.   . .|
|     ...+ *..o + |
|    . .+.=oO+ + .|
|   . +  =o=*.o . |
|  . o ooSo+.o    |
|   . . ..o.o.. + |
|      o .+..+ . E|
|     . .oo..     |
|        o.       |
+----[SHA256]-----+

Copy SSH public key to lighttpd-01 and mariadb-01 servers.

# ssh-copy-id root@lighttpd-01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'lighttpd-01 (192.168.116.202)' can't be established.
ECDSA key fingerprint is SHA256:kzyCimDDwGPsfsuGXxdrcBqlxVQlU8FZTsYrwbPzZHM.
ECDSA key fingerprint is MD5:b4:3f:a2:86:30:7a:b7:d7:b3:b0:10:8f:a3:3e:8a:bc.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@lighttpd-01's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@lighttpd-01'"
and check to make sure that only the key(s) you wanted were added.

# ssh-copy-id root@mariadb-01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'mariadb-01 (192.168.116.203)' can't be established.
ECDSA key fingerprint is SHA256:kzyCimDDwGPsfsuGXxdrcBqlxVQlU8FZTsYrwbPzZHM.
ECDSA key fingerprint is MD5:b4:3f:a2:86:30:7a:b7:d7:b3:b0:10:8f:a3:3e:8a:bc.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@mariadb-01's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@mariadb-01'"
and check to make sure that only the key(s) you wanted were added.

Verify SSH authentication by connecting to each server.

# ssh root@lighttpd-01
Last login: Sun Sep  8 10:18:40 2019
# exit
logout
Connection to lighttpd-01 closed.
# ssh root@mariadb-01
Last login: Sun Sep  8 10:21:05 2019
# exit
logout
Connection to mariadb-01 closed.

 

Installing Ansible on CentOS 7:

Connect with ansible-01.example.com using ssh as root user.

Ansible is available in extras yum repository, therefore, we can install it using yum command.

# yum install -y ansible

Check version of Ansible software.

# ansible --version
ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

 

Create Ansible Inventory on CentOS 7:

File /etc/ansible/hosts holds the inventory of Ansible managed nodes.

# vi /etc/ansible/hosts

Add lighttpd-01 and mariadb-01 nodes in this file.

[centos76-servers]
lighttpd-01.example.com
mariadb-01.example.com

[lighttpd-webservers]
lighttpd-01.example.com

[mariadb-dbserver]
mariadb-01.example.com

We have created three groups here.

  • centos76-servers - group of CentOS 7.6 based servers, so we can configure all our CentOS 7.6 servers with a single command.
  • lighttpd-servers - group of Lighttpd based web servers.
  • mariadb-servers - group of MariaDB based database servers.

Here, we can create as many groups as we like, according to our requirement.

We have successfully installed Ansible on CentOS 7 and added two Linux servers in Ansible Inventory.

 

Configure Ansible Managed Nodes in Adhoc mode:

Now ping a group of servers using ansible command.

# ansible -m ping 'centos76-servers'
lighttpd-01.example.com | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
mariadb-01.example.com | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Similarly, we can execute any command using following syntax.

# ansible -m command -a 'cat /etc/redhat-release' 'centos76-servers'
192.168.116.203 | SUCCESS | rc=0 >>
CentOS Linux release 7.6.1810 (Core)

192.168.116.202 | SUCCESS | rc=0 >>
CentOS Linux release 7.6.1810 (Core)

 

Using Ansible Playbooks to configure CentOS 7 nodes:

Although, we can execute commands in adhoc mode, to configure our nodes. But, it violates the concept of configuration management. Therefore, we will write playbooks (YAML scripts) to perform consistent configurations on our nodes.

Now, we are writing a playbook that will perform some initial configurations like it creates user, install some packages, and perform some configurations on centos76-servers group.

# vi centos76_servers_initial_conf.yaml

and add following YAML script.

---
 - hosts: centos76-servers
   user: root
   tasks:
    - name: Installing Common Packages
      action: yum name=wget,bzip2 state=installed
   
    - name: Create an Admin User
      user:
       name: "ahmer"
       groups: "wheel"
       password: "{{ '123' | password_hash('sha512') }}"

Save and exit from vim editor.

Execute this playbook using ansible-playbook command.

# ansible-playbook centos76_servers_initial_conf.yaml

PLAY [centos76-servers] ********************************************************

TASK [Gathering Facts] *********************************************************
ok: [lighttpd-01.example.com]
ok: [mariadb-01.example.com]

TASK [Installing Common Packages] **********************************************
changed: [lighttpd-01.example.com]
changed: [mariadb-01.example.com]

TASK [Create an Admin User] ****************************************************
changed: [mariadb-01.example.com]
changed: [lighttpd-01.example.com]

PLAY RECAP *********************************************************************
lighttpd-01.example.com    : ok=3    changed=2    unreachable=0    failed=0
mariadb-01.example.com     : ok=3    changed=2    unreachable=0    failed=0

Our playbook is executed successfully without any error and the required configurations has been performed on both nodes.

Now create another playbook to install Lighttpd web server using ansible command.

# vi lighttpd_servers.yaml

Add following YAML script therein.

---
 - hosts: lighttpd-webservers
   user: root
   vars:
    myhomepage: '<html><h1>Apache installed using Ansible</h1></html>'
   tasks:
    - name: Installing EPEL yum Repository
      action: yum name=epel-release state=installed

    - name: Installing Lighttpd Server
      action: yum name=lighttpd state=installed

    - name: Configure Lighttpd Server
      replace:
       path: /etc/lighttpd/lighttpd.conf
       regexp: 'server.use-ipv6 = "enable"'
       replace: 'server.use-ipv6 = "disable"'
       backup: yes

    - name: Create Index.html File.
      copy:
       dest: /var/www/lighttpd/index.html
       content: '{{ myhomepage }}'
       backup: yes

    - name: Allow HTTPS Service in Linux Firewall
      firewalld:
       service: http
       permanent: yes
       state: enabled

    - name: Restart Lighttpd service
      service:
       name: lighttpd
       enabled: yes
       state: restarted

    - name: Restart Firewalld service
      service:
       name: firewalld
       state: restarted

Execute this playbook as follows:

# ansible-playbook lighttpd_servers.yaml

PLAY [lighttpd-webservers] *****************************************************

TASK [Gathering Facts] *********************************************************
ok: [lighttpd-01.example.com]

TASK [Installing EPEL yum Repository] ******************************************
ok: [lighttpd-01.example.com]

TASK [Installing Lighttpd Server] **********************************************
ok: [lighttpd-01.example.com]

TASK [Configure Lighttpd Server] ***********************************************
changed: [lighttpd-01.example.com]

TASK [Create Index.html File.] *************************************************
ok: [lighttpd-01.example.com]

TASK [Allow HTTPS Service in Linux Firewall] ***********************************
ok: [lighttpd-01.example.com]

TASK [Restart Lighttpd service] ************************************************
changed: [lighttpd-01.example.com]

TASK [Restart Firewalld service] ***********************************************
changed: [lighttpd-01.example.com]

PLAY RECAP *********************************************************************
lighttpd-01.example.com    : ok=8    changed=3    unreachable=0    failed=0

Verify our Lighttpd web server using curl command.

# curl http://lighttpd-01.example.com
<html><h1>Apache installed using Ansible</h1></html>

We have successfully write and executed two playbooks. If you want to write more advance Ansible playbooks, then you should refer to Ansible Documentation or get a copy of Ansible Quick Start Guide: Control and monitor infrastructures of any size, physical or virtual by Packt Publishing.

Besides that, you can enroll in Ansible: Ansible Automation Masterclass: 2-in-1 at Udemy to be a master of Ansible in notime.

We have successfully installed Ansible and used playbooks on CentOS 7 to configure managed nodes.

If you find this article useful? Consider supporting us by Buy Me A Coffee


No comments:

Post a Comment

© 2022 CentLinux. All Rights Reserved.