Monday, July 21, 2025

Ansible part1

Ansible part1

Class 70th AWS Ansible Part1 July 21st

What is Ansible?

Multiple servers handling with one server.

Ansible handle the all servers , install the softwares maintain them, it is end to end auto machine tool

Ansible we called Configuration management tool

Configuration :(Software,hardware,os cpu ram..etc)

Management :(Tomcat(install,update,patches,delete))

it came 2014  Maichel dehhan Free and open source, maintained by red hat 

We have configure one we can use an number of times 

Setup will be complex 

                                            Ansible Architecture

Playbook file (code) Server create ,software install ,deploy any application

playbook code in yaml format we called yml, Once you create ansible server(main server) playbook, it will create and manage the servers .One server (worker node)to other server to connect we need SSH 

Ansible server has(Inventory file , it has work node ip address to manage)


Practicals

Step1: Create 5 instance,ad above shown, Use the MobaXterm termal, it will help to use muti execution

Same command ,all 5 instance 


Mobxterm mutiexec mode window

Ip-10.0.2.53 Ansible main server ,remaint dev1,de


Step2: Give Hostname for server identification

EXECUTE THE BELOW COMMANDS ON ALL 5 SERVERS:

sudo -i

hostnamectl set-hostname ansible/dev-1/dev-2/test-1/test-2

Change the name exclude windows give name 


Change all server with name

Step3: in ansible server using sudo user or ansible user to communicate work nodes with SSH connection
First set the password sudo all the servers 
Changed root password all servers , even if your knowing root password unable to communicate
other servers ,with ssh security configuration allow permit 

Step4:
Give the code vim /etc/ssh/sshd_config enter 
Below line 65 Passwordauthentication change no to yes 
Line 40 uncomment #Permintrootlogin prohibit-password  remove change to yes


yes

After changed Save !wq, this is service so you need reload using below command 

[root@ansible ~]# systemctl restart sshd
[root@ansible ~]# systemctl status sshd


get know your ip address using below command hostname -i


Step5: Below steps are perform only ansible server ,Need python for working for ansible 
by default python exist server,if not execute second command 
yum install ansible -y
yum install python3 python-pip python-dlevel -y (optional)

[root@ansible ~]# yum install ansible -y

[root@ansible ~]# python3 --version

Python 3.9.23

[root@ansible ~]# ansible --version

ansible [core 2.15.3]

  config file = None

  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/lib/python3.9/site-packages/ansible

  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections

  executable location = /usr/bin/ansible

  python version = 3.9.23 (main, Jun 27 2025, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-5)] (/usr/bin/python3.9)

  jinja version = 3.1.4

  libyaml = True

Step6:ansible communicate other server ,need other server ip address in inventory 
hosts file is called inventory 
[root@ansible]# pwd
/etc/ansible/
[root@ansible ]# vi hosts

[dev]
10.0.2.56
10.0.2.54
[test]
10.0.2.58
10.0.2.55
Step7: Generate the keygen using below command 
 
ssh-keygen -- > enter 4 times 

[root@ansible roles]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa

Your public key has been saved in /root/.ssh/id_rsa.pub

The key fingerprint is:

SHA256:YMrH1dtBtnV8CaJ/hKtBNcFZXCjxh8gKOMxD+QvuZl0 root@ansible

The key's randomart image is:

+---[RSA 3072]----+

|     ..   .*Oo=oo|

|    +..  .+**=.oo|

|     *+..o.+++ ..|

|   . =o+o ooo..  |

|    + + So.o..   |

|     o . Eo .    |

|    . . ..       |

|     + .         |

|    o            |

+----[SHA256]-----+

Step8:The Key file will store in the below path

[root@ansible .ssh]# pwd

/root/.ssh

[root@ansible .ssh]# ls -lrt

total 12

-rw-------. 1 root root  562 Jul 25 18:33 authorized_keys

-rw-r--r--. 1 root root  566 Jul 25 20:11 id_rsa.pub

-rw-------. 1 root root 2602 Jul 25 20:11 id_rsa

id_rsa.pub (public key)
id_rsa(privatekey)
Step9: These two key file need to store all the remaining work node.
ssh-copy-id root@private ip of dev-1 -- > yes -- > password -- > ssh private ip -- > ctrl d
ssh-copy-id root@private ip of dev-2 -- > yes -- > password -- > ssh private ip -- > ctrl d
ssh-copy-id root@private ip of test-1 -- > yes -- > password -- > ssh private ip -- > ctrl d
ssh-copy-id root@private ip of test-2 -- > yes -- > password -- > ssh private ip -- > ctrl d


Dev1 added Successfully.
ssh-copy-id root@10.0.2.56

[root@ansible .ssh]# ls -rt
authorized_keys  id_rsa.pub  id_rsa  known_hosts
[root@ansible .ssh]# ssh-copy-id root@10.0.2.56
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.2.56's password:
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.2.56'"
and check to make sure that only the key(s) you wanted were added.

Dev2 added Successfully.


[root@ansible .ssh]# ssh-copy-id root@10.0.2.54
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.2.54 (10.0.2.54)' can't be established.
ED25519 key fingerprint is SHA256:2CbNMZYgBXW1ZPvq7Yu5vWIKvqYQpff+S21ct2A+rK8.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.2.54's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.2.54'"
and check to make sure that only the key(s) you wanted were added.

...remaining all 
ssh-copy-id root@10.0.2.58
ssh-copy-id root@10.0.2.55
Step10: You can check and test ansible(main server) to dev and test connected or not using ip address 
Connected successfully

[root@ansible .ssh]# ssh 10.0.2.58
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
Last failed login: Fri Jul 25 20:44:02 UTC 2025 from 109.120.137.7 on ssh:notty
There were 8 failed login attempts since the last successful login.
[root@test1 ~]#

Dev connected from ansible 
.[root@ansible .ssh]# ssh 10.0.2.56
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
Last login: Fri Jul 25 20:48:52 2025 from 10.0.2.58
[root@dev1 ~]#

Step11:using below command you need check ansible server communicate all other server or not 
Coming Green mean communicated successfully.


Step12: Not we are planning to install Git except ansible ,we have 4 servers 
if you give this command ,using argument all , it will install all worker node 
[root@ansible ansible]# ansible all -a  "yum install git -y"
As you need all server git installed successfully, we have done only ansible remaining worker node automatically installed 


instead of all ,her dev only installed 
ansible dev -a "yum install maven -y"

See below screen installed only in dev environment.

1. ADHOC COMMANDS:
these are simple Linux commands. 
these are used for temp works.
these commands will be over ridden.

ansible all -a "yum install git -y"
ansible all -a "yum install maven -y"
ansible all -a "mvn --version"
ansible all -a "touch file1"
ansible all -a "touch raham.txt"
ansible all -a "ls"
ansible all -a "yum install httpd -y"
ansible all -a "systemctl status httpd"
ansible all -a "systemctl start httpd"
ansible all -a "useradd raham"
ansible all -a "cat /etc/passwd"
ansible all -a "yum remove git* maven* httpd* -y"

--Thanks 
by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)