Ansible:14

DevOps Classroom Series – 03/Jan/2021

Ansible Tower Setup

• Ansible tower is a web application that helps in executing ansible playbooks and provides features such as
  • user management
  • reporting
• Ansible tower can be installed on the machines with os from rhel Refer Here
• Refer Here for installation steps
• In this series lets create ansible tower using azure marketplace     
• https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2483839399137343&output=html&h=844&adk=3351322684&adf=1339669937&pi=t.aa~a.242025686~rp.4&w=640&lmt=1629999398&nsk=14c9dd49&rafmt=11&pwprc=4756463507&tp=site_kit&psa=1&ad_type=text_image&format=640×844&url=https%3A%2F%2Fdirectdevops.blog%2F2021%2F01%2F04%2Fdevops-classroom-series-03-jan-2021%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjkxLjAuNDQ3Mi43NyIsW10sbnVsbCxudWxsLG51bGxd&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hdHRlc3RhdGlvbi5hbmRyb2lkLmNvbSIsInN0YXRlIjo3fV0.&dt=1629999360159&bpp=3&bdt=1424&idt=3&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De57b5364e7b9a476-2243d2c021cb0005%3AT%3D1629994799%3ART%3D1629994799%3AS%3DALNI_MYSKrXP4k3gd0gq0D2HvBkKT0XmnQ&prev_fmts=0x0%2C700x280%2C2033x960&nras=4&correlator=1229499004053&frm=20&pv=1&ga_vid=894792962.1629995068&ga_sid=1629999360&ga_hid=2030550950&ga_fc=0&u_tz=330&u_his=1&u_java=0&u_h=1152&u_w=2048&u_ah=1064&u_aw=2048&u_cd=24&u_nplug=3&u_nmime=4&adx=727&ady=966&biw=2033&bih=960&scr_x=0&scr_y=0&eid=44747621%2C21067496%2C31062297&oid=3&psts=AGkb-H9mP-GcGkIzh8BvRfOtTocgnIVwyjW3DU3kv_DFlxqbeP17rbc4RmIUjJLvGWb8YCEXjptSrcY-hXyBWA&pvsid=1694166999492119&pem=266&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C2048%2C27%2C0%2C0%2C2048%2C960&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=1&fsb=1&xpc=t4GqdmuxsY&p=https%3A//directdevops.blog&dtd=38420
• In the case of aws while launching ec2 instance select market place  
• Now launch the url https://<public-ip&gt;  

Scenario: We have two environments

• We have two environments
  • Dev
  • Test
• In the dev environment we are asked to install java 11
  • command is sudo apt-get install openjdk-11-jdk
• In the test environment we are asked to install java 8
  • command is sudo apt-get install openjdk-8-jdk
• How can we do this by writing one playbook
• Refer Here for the changeset 
• Now lets try to run ansible playbook on dev environment 
• Now lets try to run playbook on test environment 

Scenario: Sensitive Content

• We have a variable file in ansible which has usernames and passwords stored in plain text
• Displaying sensitive content in the form of plain text in ansible playbooks is not secure, so we need some way of encrypting this content and that is where Ansible vault comes into play
• We can use ansible vault to create variables file with three options
  • prompt for password
  • password in text
  • password from script
• Lets create a sensitive variable file using prompt Refer Here

ansible-vault create --vault-id @prompt vars/secretbyprompt.yaml

• create a script file and then use it. Refer Here

ansible-vault create --vault-id ~/passwords.sh  vars/even_more_secure.yaml

• Now lets apply encryption to existing file. Refer Here

ansible-vault encrypt --vault-id ~/passwords.sh vars/sensitive.yaml

• So now lets use vars/sensitive in ansible playbook

Setting up windows hosts for Ansible Control

• Lets create a windows server 
• To set up ansible to run with windows server, we need pywinrm module on the Ansible control server
• Windows Server should have atleast
  • Powershell 3.0
  • .NET 4.0
• In the windows server we would be configuring winrm listener
  • So login into windows server and launch powershell as admin
  • create an Self Certificate
  New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "$env:COMPUTERNAME" -FriendlyName "WinRM HTTPS Certificate" -NotAfter (Get-Date).AddYears(5)
  • store the thumbprint
  • With the generated certificate create a new winrm listener
  New-Item -Path WSMan:\localhost\Listener -Transport HTTPS -Address * -CertificateThumbPrint <your-thumbprint>
  • Now Lets add a firewall rule to allow https communication
  New-NetFirewallRule -DisplayName 'WinRM Mgmt' -Profile Domain,Private,Public -Direction Inbound -Action Allow -Protocol TCP -LocalPort 5986 Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true
  • Now install chocolatey on windows Refer Here
  • Now lets move to ansible control server
  • check if the winrm module is install in python 
  • install pip3 on control server
  sudo apt install python3-pip sudo pip3 install pywinrm
  • Refer Here for windows inventory 
  • Refer Here for the set of windows modules 
  • Refer Here for the windows changeset 

Parallelism in Ansible

• Controlling ansible playbook execution strategies Refer Here
• ansible by default can run parallely on 5 nodes which is referred as 5 forks.
• To run the ansible playbooks on one node at a time, set the fork value to 1
• In ansible we can set batch size for executing on nodes in the batches

---
- name: test playbook
  hosts: all
  serial: 2
  tasks:
    - name: test task
      debug:
        msg: "this is test task"

Ansible Collections

• In Ansible the major unit of work is modules. There are lots of community modules which are developed.
• Earlier to make these modules available to the users it had to wait till the ansible release.
• Since this process is not upto the mark ansible has introduced collections.
• Collections is collection of
  • modules
  • roles
• Ansible-Galaxy had undergone changes to include collections
• lets review one ansible collection    

Exercises

1. Create an ansible role to deploy openmrs Refer Here 
2. Write an ansible playbook to install nop commerce on linux Refer Here
3. Try this if possible Refer Here