Install Ansible on Linux

Objective

  • Install Ansible on Linux Machines. Use OL 7 Images

Pre-Requisite

  • An Oracle Linux 7 VM to install Ansible and the required software.
  • Private/Public Key pair already generated on the machine.
  • Two local VMs,

    tester1

    and

    tester2

    .
  • Use the same ssh public key for all three machines to save time
  • Necessary Security Rules to allow ping and

    ssh

    from each other using hostnames.

Infrastructure as code is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.

Configuration

Conroller Node

Managed Node1

Managed Node2

hostname

 server.example.com tester1.example.com tester2.example.com

OS

 CentOS 7/OL7 CentOS 7/OL7 CentOS 7/OL7

IP Address

 10.10.0.100 10.10.0.101 10.10.0.102

rpms required

 Ansible, python3 python3 python3

Automation and Orchestration

  • Automation allows enterprises to gain and maintain speed efficiency via software automation tools.
  • Orchestration use automation and executes large workflows systematically.
  • In the cloud, orchestration not only deploys an application, but it connects it to the network to enable communication between users and other apps.
  • It ensures auto-scaling to initiate in the right order, implementing the correct permissions and security rules.
  • Automation makes orchestration easier to execute.
  Automation Orchestration
Concept Tasks or functions which are accomplished without any human intervention. Arranging and coordination of tasks that are automated to create a consolidated workflow.
Nature of Tools Activities occur in an order. They are also required to be granted permissions roles. Tools can enumerate various resources, IAM roles, instance types, etc., configure them and ensure that there is interoperability between them.
Role of Personnel Engineers are required to complete a myriad of manual tasks. It requires less intervention from personnel.
Policy decisions Typically does not implement policy decisions which fall outside of OS-level ACLs. It handles all permissions and security of automation tasks.
Resources Used It uses minimal resources outside of the assigned specific task. Ensures that cloud resources are efficiently utilized.
Monitoring and Alerting Can send data to third party reporting services. It only involves monitoring and alerting for its workflows.

Note: There are no separate instructions for installation on tester2. Repeat all commands on tester2 which are executed on tester1

Sequence 1. Create clone of tester1 VM

  1. Shutdown tester1 VM and Create a clone of the VM.
  2. Right click on the VM Name and select clone.

 

  1. Change the Details as given in the screen shot

  1. In the next screen keep default and click on clone button

  1. Once the clone is created, start tester2 and make following changes

  1. Change the hostname in

    /etc/hostname

    to

    example.com

  2. Change the IP address in

    /etc/sysconfig/network-scripts/ifcfg-enp0s8

    to 10.10.0.102

  1. Remove the UUID record from the same file to avoid any conflict.
  2. Add an entry into /etc/hosts in all three VMs server, tester1 and tester2

Sequence 2 Install Ansible

  1. Update /etc/hosts with hostname and IP details of your server and managed hosts.
# cat /etc/hosts 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.0.100   server 10.10.0.101   tester1 10.10.0.102   tester2
  1. Login as root user on your Linux Virtual Machine (server) and create a user “ansible”.
# useradd ansible # passwd ansible
  1. Create user "ansible" on managed nodes also.
[root@tester1 ~]# useradd ansible [root@tester1 ~]# passwd ansible
  1. Since our ansible user would need privilege escalation we will create a new rule for

    ansible

    user using a new file under 

    /etc/sudoers.d

    .
[root@server ~]# vi /etc/sudoers.d/ansible ansible ALL=(ALL) NOPASSWD: ALL
  1. Create and distribute SSH keys to managed nodes. Enable password less login between our server node and all the managed hosts.

Login or switch user to "ansible" and execute ssh-keygen in the below format. With -P we assign a null password to the key pair.

[ansible@server ~]$ ssh-keygen -t rsa -P ""

 

  1. Copy public key to target managed server using ssh-copy-id.
[ansible@server ~]$ ssh-copy-id tester1

  1. Also copy the public key on server node. This will also be required.
[ansible@server ~]$ ssh-copy-id server
  1. Verify password less SSH authentication

The ssh-copy-id command will copy the public key we just created to tester1 and append the content of the key to ansible user's authorized_keys file under ~/.ssh. You can perform a ssh to managed host to make sure you can connect to the server without giving any password or passphrase.

[ansible@server ~]$ ssh tester1

  1. Configure privilege escalation using sudo on Tester Node. Login to tester1 as root user.

Since our ansible user would need privilege escalation we will create a new rule for ansible user using a new file under /etc/sudoers.d on tester node also

[root@tester1 ~]# echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
  1. Enable developer and EPEL repo on

    server

    :
    1. Change to Repos Directory
# cd /etc/yum.repos.d
  1. Edit the this repository file to add Developer and ol7_developer_EPEL repository be adding following lines at the bottom of the file.
# vi oracle-linux-ol7.repo # ------ At the End of the File Add .. [ol7_developer] name=Oracle Linux $releasever Development Packages ($basearch) baseurl=https://yum.oracle.com/repo/OracleLinux/OL7/developer/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 [ol7_developer_EPEL] name=Oracle Linux $releasever Development Packages ($basearch) baseurl=https://yum.oracle.com/repo/OracleLinux/OL7/developer_EPEL/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1
  1. Search for ansible package
# yum --showduplicates list ansible

  1. Install 

    git

    and

    noarch

    rpm on

    server

    using  yum
# yum -y install git ansible
  1. Login as user “root” user and do some upgrades:
# pip3 install --upgrade pip virtualenv virtualenvwrapper # pip3 install --upgrade jinja2
  1. Verify the Ansible Version on your server
# ansible --version

Sequence 3: Install Python on managed Nodes (tester1 and tester2)

  1. Install Python on managed nodes. We don't need to install

    ansible

    on the managed hosts but we must install python3 on managed host. Repeat steps given below on tester1 and tester2
[root@tester1 ~]# yum install python3 -y [root@server ~]# rpm -qa | grep python3 [root@tester1 ~]# rpm -qa | grep python3