In my previous post An introduction to Ansible I shared some reasons why companies are adopting Ansible and described some of the advantages of using Ansible over other configuration management tools.
Now we know what Ansible is, let’s start using it.
Setting up an Ansible Control Machine
The simplest and quickest way to get up and running with Ansible is to use Vagrant to create a virtual machine. Vagrant ships with out of the box support for VirtualBox, Hyper-V and Docker. Vagrant supports other providers e.g. VMware but these are licenceable
So even though I mainly use VMware Fusion on my MacBook I used the links above to install Vagrant and the excellent Oracle VirtualBox to avoid any licensing requirements.
Run the following commands to create a Vagrantfile for an Ubuntu Vagrant machine.
$ mkdir ansible_oracle
$ cd ansible_oracle
$ vagrant init ubuntu/trusty64
A `Vagrantfile` has been placed in this directory. You are now ready to `vagrant up` your first virtual environment! Please read the comments in the Vagrantfile as well as documentation on `vagrantup.com` for more information on using Vagrant.
$ vagrant up
You should now be able to SSH into your Ubuntu VM using ‘vagrant ssh’, however before we try and connect to our new VM let’s check the status of all the local Vagrant machines using the following:
$ vagrant global-status
id name provider state directory
a1995ac default virtualbox running /Users/ronekins/ansible_oracle
The above shows information about all known Vagrant environments
on this machine. This data is cached and may not be completely
up-to-date. To interact with any of the machines, you can go to
that directory and run Vagrant, or you can use the ID directly
with Vagrant commands from any directory. For example:
“vagrant destroy 1a2b3c4d”
$ vagrant status a1995ac
Current machine states:
default running (virtualbox)
The VM is running. To stop this VM, you can run `vagrant halt` to
shut it down forcefully, or you can run `vagrant suspend` to simply
suspend the virtual machine. In either case, to restart it again,
simply run `vagrant up`.
$ vagrant ssh
If all has gone well you should be presented with your Ubuntu virtual machine.
Useful vagrant machine (vm) commands
destroy : stops and deletes all traces of the vm
global-status : outputs status Vagrant env's for this user
halt : stops the vm
init : initialises a new Vagrant environment
provision : provisions the vm
reload : restarts vm, loads new Vagrantfile config
resume : resume a suspended vm
snapshot : manages snapshots, saving, restoring, etc.
ssh : connects to vm via SSH
status : outputs status of the vm
suspend : suspends the vm
up : starts and provisions the vm
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible
Update local host file
Add the IP address and database server names to your local host file.
$ sudo vi /etc/hosts
Create Ansible configuration file
$ vi ansible.cfg
hostfile = hosts
Create Ansible host file
In the host file we can specify that we want ansible to default to the ‘oracle’ user, the first entry is a server alias, in the example below I have kept it the same as the server name but it can be useful if you have cryptic host names or want to refer to the server by it’s database or application name.
$ vi hosts
z-oracle ansible_host=z-oracle ansible_user=oracle
z-oracle-dr ansible_host=z-oracle-dr ansible_user=oracle
Ansible Ping Test
Now let’s try using the Ansible ping module to try to connect to our database server and verify a usable version of python, the ping module will return ‘pong’ on success.
$ ansible all -m ping
Both servers will fail returning UNREACHABLE! as the ssh connection failed, to fix this add a public key to the database servers ‘authorized_keys’file.
Generating RSA Keys
Before we can use password-less SSH we need to create a pair of private and public RSA keys for our Ansible control machine.
$ cd ~/.ssh
$ ssh-keygen -t rsa
$ cat id_rsa.pub
‘Copy’ the id_rsa.pub into your client buffer and ssh onto the database servers as the ‘oracle’, cd to the .ssh directory and ‘paste’ the public key into the ‘authorized_keys’ file.
$ cd ~/.ssh
$ vi authorised_keys
Now return to your Ansible control machine to repeat the Ansible Ping Tests.
Ansible Ping Part II
Ok, now we are ready to check connectivity, first lets trying using the database server names individually.
That was great, but as we defined a group ‘dbservers’ we can also perform a ‘ping’ test using the group name as we may want to perform an ansible play against a group of servers e.g. Production, Development, Test etc..
Very cool, if required you can use the ‘all’ option to run against all entries in the host file.
In my next blog post we will start to use our Ubuntu Ansible control machine to interact with our database servers.