configuration tool : this ansible can connect to anything ..

ie it can connect to windows box,linux

box,network,switches,cloud,dockers etc etc

the competitors for ansible are : chef puppet saltstack

lot of people are comparing ansible with terraform…but terraform is completetly IAC…but ansible is not a complete IAC…
ansible is more likely to be a configuration management tool

ansible is more pouplar because it is open source and most importantly it uses PUSH mechanism..once you push the yaml
code from the ansible controller then that code will go into a folder of the node and it will execute the code on the remote
machine provided if the remote machine is a winows or linux but if the remote machine is a switch or container then
Ansible will only push the commands .Push mechanism means it works without agent .CHEF and Puppet will use agent and
follows client server architecture

if the Ansible controller wants to communicate with linux …then we need an interpretor..this interpretor is Python… if the
Ansible controller wants to communicate with windows …then we use powershell as interpretor .You may get a doubt that
…in windows and linux boxes..we can push a code and the code will be saved in a folder and the code will run …but how
can we push the code on to the network devices…here ansible will only push commands..it will never push code …code
always lies with the ansible controller only. IN windows and Linux AE will push the code …but in case of the network
devices it AE will only push the commands and not the code.

in the AE..we will have a file by the name hosts..this hosts will contain all the ip’s or FQDN’s of the nodes that AE has to
manage

playbook is a yaml file and it will have sequence of plays.. and a play is nothing but a sequence of tasks ..task is nothing but
an action plan… these action plans are run aka performed by using modules

we will connect AE with nodes by using SSH

General example of TASK : installation of required packages,make required configurations,start or restart a service

If AE wants to install any s/w on nodes..then it will run on all the nodes parallel and the tasks are run sequentially.But there
is an attribute called as FORK. If you set this fork as 5 ..then it will run the installation on the first 5 machines and then
another 5 machines and so on until it finishes installing on all the nodes

before ansible came into the market we used to automate the task by using scripts only..But the scripts are not idempotent
and are prone to errors because of human intervention.

ansible installation :

we will have one AE and two nodes for our demo purpose..all these 3 are linux servers –ec2 machines

while installing ansible on redhat ..we need to have subscription manager …but as we don’t have this subscription
manager ..we will install EPEL package..emergency package for enterprise linux . The perquisite for anisble installation is
…we should have python installed on both the nodes and AE.

interview question : Can we managae our nodes without python..?Yes we can manage the nodes without python..but
we need to have RAW modules .

after installing EPEL package then we have to use : yum install ansible –y. While installing ansible the depencies like
python3 will be installed automatically…but it is better to have this python installed before hand only.

ansible -- version

the current version is 2.9

ansibles configuration package is in /etc/ansible/ansible.cfg

interview question : what is the another way to install ansible ..? by using PIP

if you say cd /etc/ansible and say ls –ltr …then we will have hosts,roles and ansible.cfg

roles is a directory

in the nodes and in the AE we will create a user by the name ‘ansibleuser’ …and give the user sudo permissions by
editing visudo file.

there is one thing called as password authentication inside etc/ssh/sshd_config…here we need to uncomment and give
‘password authentication :yes’ and comment the ‘password authentication: no’ and we need to restart the sshd service
…this activity we need to perform on all the three machines.

and after this we need to go to the AE and by logging as ‘ansibleuser’ w ehave to generate the keys..and copy the keys
on to the nodes

ssh-keygen and press enter ,enter ..

now a folder will be created with the name .ssh and in that we will have a public key and a private key

now go into the .ssh folder and from the .ssh folder give the command : ssh-copy-id <private ip /public ip of the node>
and do the same thing for another node also

Now you can login ffrom the AE into the nodes by using ssh <ip of the nodes >

Now we need to go the AE ….vi /etc/ansible/hosts…and in this hosts..we need to give the ip’s of the nodes…then only
the AE will know what are the list of nodes it needs to manage

now if we want to test we can use: ansible all –m ping

we can change the inventory file location by going into vi /etc/ansible/ansible.cfg and then give the location of the
inventory file

we can change the host file name and location also

most of the automation in Linux is done via ansible.One more thin is Ansible also belongs to REdHat.Before ANsible came
into the market we used to follow a excel sheet like thing to do the tasks

A good automation system always allows you to implement IAC practices .

in IAC tools or for that matter even in Ansible we use YAML. This YAML is a machine readable automation language + this
YAML is human readable also.

By using YAML we can describe what is our desired state.Desired state should be equal to current state.Ansible YAML
playbooks will try to achieve this always .

Ansible is open source automation platform .Only if you are going for Red Hat propritory ANsible then it will be Charged…
other versions of Ansible are free.Ansible is simple to use because of YAML. Ansible is agenetless …but in other
configuration mamanegment tool like chef and pupper we need to have our agent running on the nodes/clients..but in
Ansible we don’t need that.Ansible Engine will connect to its nodes with the help of OpenSSH or winrm..openssh for Linux
and winrm for windows

AE will have hosts,ansible.cfg,roles,plugins,modules ,API’s .

Ansible architecture :

users can connect to ansible via playbooks.We also can connect to AE via public/public cloud . AE will have
hosts,ansible.cfg,roles,plugins,modules ,API’s .AE will go and connect to hosts ie nodes or network devices or storage
devices ,docker etc etc .We also can connect to AE via private and public clouds.This is the architecture of Ansible

use cases of Ansible : as a CM tool . We are centralising the configuration file management with the help of CM tool.We can
also do CD with Ansible. We can also do provisioning with Ansible . We can implement orchestration

current state is what our hosts are running in. Desired state is what we want to achieve. we will describe the desired state
in playbooks.

For Ansible to be installed we need to have Python3.5 or later versions for Linux machines .If we are using Windows ..then
we need to have powershell3.0 and .net4 for Ansible installation

Inventory is the list which will contain all the managed nodes ip addresses or FQDN’s. Inventory is of two types: static and
dynamic .The default location of static inventory is /etc/ansible/hosts …but if you want you can change it to your desired
location and we need to update the /etc/ansible/ansible.cfg file .

rela time scenarios ..we will not this /etc/ansible/hosts file…there are two reasons why we donot use this
/etc/ansible/hosts file …reason 1: this hosts file is in etc…and for accessing this we need to have root previlages and not all
the people will get the root previlages . reason2: /etc/ansible/hosts file is a global file ..this means all the users will use the
same file …if you have three projects then if all the three projects are using the same hosts file…then if you make any
change then it will impact all the 3 projects which we do not want and it is not secure also. That’s why we will keep
separate hosts file for each projects. If I am working on a xyz project then I will define my hosts file with the list of nodes I
want to manage and the hosts path also I will only define

in host file we can give ip address or fqdn or server name. If you are giving ip address in the inventory file then we need to
give ip address while execution of playbook …if you have given host name in the inventory file then we need to give host
name only while execution of playbook .

We can also group the hosts in the host file. For ex [webservers] [dbservers]
same host can be part of multiple groups

if we use server [a..d] then this means we are using a range and this means all the server a until server d

192.168.250.[1..100] then this means 100 hosts

192.168.[250:252].[1..100] then this means 300 hosts

ansible - -list-hosts all : this command will list all the hosts

ansible --list-hosts <groupname> :this command will list all the hosts which are in the group only

Defalut groups in the inventory file are : all and ungrouped . These are called as buit-in groups which comes bydefault
with Ansible

ansible-inventory --graph : will show all the hosts in the graph form.This is similar to tree command in Linux . This
will show the default inventory. ut if we have defined our own inventory then we have to use ansible-inventory --graph -i
inventory

we also can use nested groups in the inventory file of ansible . If we have created ex five groups in an ansible file. Out
of this five groups if we can again group three groups into one group then this is called as nested group .Here we need o
use ‘children’ key word compulsory .

CONFIGURATION FILES

This configuration file will contain lot of things related to ANsibel.One important thing is the location of the inventory
file .The location of the ansible file is in /etc/ansible/ansible.cfg

There are two sections in the ansible.cfg file . one is [defaults] section and another one is the [privilege_escalation] section.
The default settings such as inventory path and remote users data will be placed in [defaults] section. In
[privilege_escalation] we will specify how ansible runs commands from managed hosts .

ansible - - version will give the path to the configuration file path. It will etc/ansible/ansible.cfg
vi etc/ansible/ansible.cfg will give the following output

The default location is /etc/ansible/ansible.cfg .If you want to set default location for a particular user then you have to go
to the users home directory and create a .ansible.cfg file ie hidden file and in that cfg file you can mention your values then
this cfg will be priority.But we know that a non-root user cannot access etc folder. As a non-root user you cannot edit this
file .This is the reason we create our own project folder and in the project folder we create our own configuration file with
the name ansible.cfg . Then this file will be taken as default configuration file . If we delete this file then the default
location will be the cfg file which is created in the users home directory.IF you delete the users home directory cfg file
then /etc/ansible/ansible.cfg will be the default file . This is the priority ansible sets. if you have a project by the xyz ..then
we create a directory for the project by the name xyz . In thn xyz directoery if we create a file by the name ansible.cfg …
then the default location of the ansible will be taken as path of the xyz directory and make that as priority….next priority
will be the cfg file in the users home directory…last priority will be the cfg file in the /etc/ansible/ansible.cfg
first priority will be given to project directory cfg..second priority will be given to users home directory cfg..and the last
priority will be given to etc cfg .
we also can define our own user defined path …export ANSIBLE_CONFIG =<USER DEFINED PATH>..THEN IT WILL OVERRIDE
ALL THE PRIORITIES ABOVE SAID.

You can verify the same by using ansible --version

please see the attributes in the ansible.cfg file and what is the purpose of each attribute.This may be asked in the interview

ansible-doc -l will list all the modules present in the ansible .There are around 3000 modules approximately

in modules we will have stable,removed,deprecated,preview states.Always try to use stable module

every module is written in python

for small small things we use ad-hoc command like rebooting a server or stating a server .We don’t need to write a
playbook for small small things .

ansible <hosts/group name> -m module user –a ‘’name=raju’’ –i inventory

here we are using user module .A user by the name raju in the hosts .If you want to create the user in all the hosts then
mention ‘all’

ansible all –m command –a ‘’id raju’’ this command is using a module called as command .This is checking on all th
nodes whether a user by the name raju is present or not

ansible all –m ping will ping all the nodes .Ping is also a module.IF you want to know more about the ping module then
the command is anisible-doc ping

modules : if we want to run a task then we are running through the modules only.There are more than 3000 modules
available in Ansible and we can create our own modules also.The command to see all the list of modules are ansible-doc
–l
NOTE : EVERY MODULE WILL WORK WITH ARGUMENT ie –a should be associated .

The Ansible modules are idempotent .

ansible all –m user -a ‘’name=raju state=absent’’ : This command will remove the user by the name raju from all the
nodes . If we did not mention state then that means state = present . We can check whether this id is removed from all
the nodes by using  ansible all –m user -a ‘’id raju’’

module status : stable, preview-this means this is prone to change for ex keywords may change ,deprecated, removed .
And also we can see who is owning and maintaining the module.Some modules are maintained by Ansible core taem
and some of them are maintained by other third parties,curated—means owned by parters of Ansible,community—
means open source .

Important ansible modules that we use regularly : ping – this ping modulw will check if the python is installed or not in
the nodes..if the python is not installed then it will throw an error

service –this service module will check if a particular service is running or not. ansible all –m service –a ‘’name:ssh
state:start’’

command –this command module is to run any linux command. ansible all –m command –a ‘’/sbin/reboot –t now ’’

copy –this copy module is to copy a source file to destination ..this destination is any of the nodes or all the nodes .Let us
see this with example  ansible all –m copy –a ‘ content=’’Hi subscribers’’ dest=/etc/motd ’. This command will copy
the string into the destination in all the nodes. If you want to check this you need not login to the nodes….from the
controller itself we can check this using shell module or we can also check with command module  ansible all –m shell
–a ‘cat /etc/motd’

raw—this raw module to run a command without the need of Python installed on the nodes .

playbooks : we will start with the three lines and in the next line we will use – name and in the next line we will give all
the argumenats and then comes the task

In a single playbook we can run multiple tasks against managed hosts and also we can have multiple plays in a single
play book …each play can have multiple tasks
NOTE ; There is no easy way to undo changes ie if you have executed a playbook and done some changes on the hosts…but
now you don’t want the changes on the hosts…then you have to write another playbook to undo the changes

gathering_facts is a default task which runs even if you did not mention in the play book.

modules and playbooks are idempotent …but adhoc command are not idempotent

when you are writing playbook we can optimise your vim editor by editing vimrc file.

TO check the syntax we can use ansible-playbook --syntax-check playbookname.yaml

--------------------------OR--------------------------------------------

ansible-playbook -v or ansible-playbook -vv or ansible-playbook -vvv or ansible-playbook -vvvv

single v : will only show the results

double v : will show the results and configurations

thrible v : will show the results and configurations + will show information about connection to managed hosts

fourble v : will show the results and configurations + will show information about connection to managed hosts + will
show information about plugins + name of the script that we have ran

-----------------------------OR -----------------------

by using –c option we can make a dryy run..but this is of limited usage . If there is any inter-depencies among the tasks in
the playbook then the dry run may fail…like for ex if you are installing http in task1 and in task2 we want to start the
http and we wrote a playbook for this…but if you want to check the syntax by using a dry run ..then this dry run may fail
as task2 is inter-dependant on task1
 VARIABLES

Ansible supports variables.These variables can be used to store values and can be reused throughout the files in a
project.Variables are dynamic values. In ansible we will create variables to create users,to install packages ,to create or
remove files , to restart the services etc etc

We can use variables in different levels. We can use variables in playbooks..we can use variables in a inventory(but this is
deprecated).. we can use variables in inclusion files ..to declare the variables.The best option to declare variables is in
inclusion files.

Variable names should start with letter and not with numbers.For ex: a= 1 is valid …but 2a=1 is not valid …a2=1 is valid

Variables names only can have letters ,digits and underscore and variable should not start with digit

-hosts: all

vars:

web_package: httpd

In the playbook we can write the variable block as shown above. But if you observe this web_package is hard bounded with
the httpd …this is not dynamic …so if we want to make this dynamic then we can write in the files ..

-hosts: all

vars_files:

-vars/users.yml

vars is my folder and in that we have a file by the name users.yml

This users.yml have some values and these values can be used dynamically
This users.yml file can be used anywhere in the playbook…don’t think that we can use it only in a single play.

in the above example we are creating a user by the name trietree .

NOTE : If the first element is a variable then we have to keep it in the double quotes. See the pic above

https://www.youtube.com/watch?v=OLy05KtdwYA&list=PLd8alL65M1GZXkfgwk9eyUeQ3sAAkEIj0&index=8

in the above video watch from beginning until 49 mins

VAULTS

We manage secrets by using the vaults.When we are using ansible modules we may require some sensitive data to be
processed.Sensitive data means it may be a webkeys or passwords. Ansible vault is for encrypting and decrypting all the
files.The command is  ansible-vault create <name-of-the-playbook.yml> and after this it will ask you enter a
password and then it will open a vi editor…here in this editor we need to write the file contents. Now this file is
encrypted. This command is used only while creating a new file . But if there is an existing playbook which is not
encrypted but now you want to encrypt it then ansible-valut encrypt <name-of-the-playbook.yml> similarly if you want
to decrypt an existing encrypted file then ansible-valut decrypt <name-of-the-playbook.yml>

ansible-vault view <playbook.yml > : to view the playbook contents

ansible-valut edit <playbook.yml> : to edit the playbook contents

ansible-valut rekey <playbook.yml> : to change the existing playbook password

First let us create a yml file by the name id-passwd.yml (this file should be in encrypted form) in which we wil store a
username and its password. And after this we will pass this id-passwd.yml file into an another playbook by the name
user_create.yml

creating a id-passwd.yml file : ansible-vault create id-passwd.yml and press enter

Then give the password. This will open a vi editor and in the editor just input the following information as shown below

NOTE : In the above pic pwhash means password.

Now we have created a vault .Now we need to pass this vault to user_create.yml with the following content - name:
create user

hosts: all

var_files:

- id-passwd.yml

tasks:

- name: creating user

user:

name: "{{username}}"

password: "{{pwhash}}"

NOTE : In the above code we are passing our id-passwd.yml in the var_files section

To run the above file the command is :

ansible-playbook --ask-vault-pass user_create.yml .This will ask for a password and the play book will execute and it will
create auser in all the hosts

by default all the playbooks will run the fact_gathering before it runs the actual playbook.
By using adhoc commands we can do the fact_gathering with the help of setup module

Ansible in Telugu | on Demand | Loops, Register, Handlers, Blocks | Part – 06

if you want a single module to run multiple times then we use loops .For ex if you want to check whether 5 users are
existing or not then instead of running 5 tasks…we will run a single task in a loop iteration.

loop is a keyword