Ansible Study Note

Depedency

NIS/LDAP, EPEL Repository, SSH Without Password

Create EPEL Repository

Install & Configure Ansible

# yum install ansible

#  which ansible
/usr/bin/ansible

# ansible --version
ansible 2.9.25
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Mar 20 2020, 17:08:22) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg    # ansible config file
├── hosts    # config file used to store information about the remote host to be managed
└── roles

Add the controlled server information to the hosts file

# vim /etc/ansible/hosts
...
# Ex 1: Ungrouped hosts, specify before any group headers.
nfs.seaship.com
idm01.seaship.com
idm02.seaship.com
bugzilla.seaship.com
vnc.seaship.com
lsf01.seaship.com
lsf02.seaship.com
...
# Ex 2: A collection of hosts belonging to the 'webservers' group
[rhel7]
nfs.seaship.com
idm01.seaship.com
idm02.seaship.com
bugzilla.seaship.com
vnc.seaship.com
lsf01.seaship.com
lsf02.seaship.com
...

Configure SSH Without Password

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:k/8JqXYosJ62iDjXHBSN7M4iFONmKEfcpsrZ56YYGCQ root@nfs.seaship.com
The key's randomart image is:
+---[RSA 2048]----+
| . o o           |
| oo * .          |
|Eoo+ .           |
|==o o    .       |
|Boo+    S        |
|++..=.   o .     |
|.o +o+   .+      |
|o.+.=+. o..o .   |
|o+.+*. o..  o    |
+----[SHA256]-----+

# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.220.104
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.220.104'"
and check to make sure that only the key(s) you wanted were added.

Test Ansible

Single host

#  ansible vnc.seaship.com -m shell -a 'touch /home/cad/testfile'
[WARNING]: Consider using the file module with state=touch rather than running 'touch'.  If you need to use command because file is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
vnc.seaship.com | CHANGED | rc=0 >>

In some cases, you may get the warning, you can modify /etc/ansible/ansible.cfg
# vim /etc/ansible/ansible.cfg
...
command_warnings = False
...

# ansible vnc.seaship.com -m shell -a 'touch /home/cad/testfile'
vnc.seaship.com | CHANGED | rc=0 >>

Hosts group

# ansible rhel7 -m shell -a 'uptime' -o
idm01.seaship.com | CHANGED | rc=0 | (stdout)  14:26:30 up  4:44,  1 user,  load average: 0.00, 0.01, 0.05
idm02.seaship.com | CHANGED | rc=0 | (stdout)  14:26:30 up  4:43,  1 user,  load average: 0.00, 0.01, 0.05
vnc.seaship.com | CHANGED | rc=0 | (stdout)  14:26:30 up  3:49,  1 user,  load average: 0.00, 0.03, 0.05
nfs.seaship.com | CHANGED | rc=0 | (stdout)  14:26:30 up  4:44,  2 users,  load average: 0.48, 0.11, 0.08
lsf01.seaship.com | CHANGED | rc=0 | (stdout)  14:26:31 up  3:50,  1 user,  load average: 0.00, 0.01, 0.05
lsf02.seaship.com | CHANGED | rc=0 | (stdout)  14:26:31 up  3:50,  1 user,  load average: 0.00, 0.02, 0.05
bugzilla.seaship.com | UNREACHABLE!: Failed to connect to the host via ssh: ssh_exchange_identification: Connection closed by remote host

Server bugzilla.seaship.com is offline.

Tips:

There are many common modules, such as ping, shell, raw, etc. You can use command 'ansible-doc -l' to find out the available modules, and use command 'ansible-doc help $module' for details. 

ping:

ansible server -m ping

shell:

ansible server -m shell -a 'cmd'

raw:

The syntax is the same as SHELL