INTRODUCTION TO ANSIBLE

Overview:
➢ Ansible is an open-source IT automation engine that simplifies and automates complex IT tasks
across a variety of environments.

Key Functions of Ansible:

1. Provisoning:
➢ automated setup of infrastructure, including physical servers, virtual machines (VMs), cloud
resources, and containers.

2. Configuration Management:
➢ Ansible ensures systems are configured consistently and that their states are maintained across
environments.
➢ It manages configurations by ensuring desired states (e.g., ensuring a specific package is installed, a
service is running, or a user exists).
Example: Ensuring Apache is installed and running on 100+ servers without manual intervention.
3. Application Deployment:
➢ Ansible automates the process of deploying applications across multiple servers.
➢ It supports rolling updates, zero-downtime deployments, and multi-environment rollouts.
➢ Example: Deploying a Django or Node.js application across development, staging, and production
environments.
4. Orchestration:
➢ Orchestration involves managing complex workflows across different systems and services.
➢ Ansible coordinates multi-step processes, such as setting up a multi-tier application (e.g., database,
backend, and frontend layers) or integrating with other automation tools (Kubernetes, Docker).
➢ Example: Automatically provisioning a Kubernetes cluster, deploying microservices, and managing
their lifecycle.

How Ansible works:

➢ Ansible is agentless in nature, which means you don't need install any software on the manage nodes.
➢ For automating network devices and other IT appliances where modules cannot be executed, Ansible
runs on the control node. Since Ansible is agentless, it can still communicate with devices without
requiring an application or service to be installed on the managed node.
➢ Ansible then executes these modules (over SSH by default).

Modules: 1. Predefined scripts that perform specific tasks (e.g., install packages, copy files, manage
services).
2. single-action, one command at a time

Playbooks: 1. YAML files that define a set of tasks (using modules) to automate processes in a
2. structured, sequential manner.
➢ Ansible supports Idempotence and Preditectability.
➢ When the system is in the state your playbook describes Ansible does not change anything, even if the
playbook runs multiple times.
 ➢ Infrastructure as Code (IaC): Manage infrastructure using code for better version control and
collaboration.
➢ CI/CD Integration: Automate deployment pipelines for faster and more reliable software delivery.

Passwordless Authentication(Ec2 Instances):

➢ ssh-copy-id -f "-o IdentityFile <PATH TO PEM FILE>" ubuntu@<INSTANCE-PUBLIC-IP>

➢ ssh-copy-id: This is the command used to copy your public key to a remote machine.

•-f: This flag forces the copying of keys, which can be useful if you have keys
already set up and want to overwrite them.
•"-o IdentityFile ": This option specifies the identity file (private key) to use for
the connection. The -o flag passes this option to the underlying ssh command.
•ubuntu@: This is the username (ubuntu) and the IP address of the remote
server you want to access.
Using Password:
➢ Go to the file /etc/ssh/sshd_config.d/60-cloudimg-settings.conf
•Update PasswordAuthentication yes
•Restart SSH -> sudo systemctl restart ssh

Inventory:
Ansible inventory file is a fundamental component of Ansible that defines the hosts
(remote systems) that you want to manage and the groups those hosts belong to. The
inventory file can be static (a simple text file) or dynamic (generated by a script). It
provides Ansible with the information about the remote nodes to communicate with
during its operations.
Static Inventory:(INI)
#inventory file: hosts
[webservers]
web1.example.com (or) ip adress of remote server
web2.example.com (or) ip adress of remote server

[dbservers]
db1.example.com
db2.example.com

[all:vars]
ansible_user=admin
ansible_ssh_private_key_file=/path/to/key

Dynamic inventory:
A dynamic inventory is generated by a script or plugin and can be used for
environments where hosts are constantly changing (e.g., cloud environments). The
script or plugin fetches the list of hosts from a source like AWS, GCP, or any other
dynamic source.
YAML:
YAML (YAML Ain't Markup Language) is a human-readable data serialization format that
is commonly used for configuration files and data exchange between languages with
different data structures.
Strings, Numbers and Booleans:
string: Hello, World!
number: 42
boolean: true
List:
fruits:
- Apple
- Orange
- Banana
Dictionary:
person:
name: John Doe
age: 30
city: New York
List of Dictionaries:
family:
parents:
- name: Jane
age: 50
- name: John
age: 52
children:
- name: Jimmy
age: 22
- name: Jenny
age: 20

Yaml playbook:
---
- hosts: all
become: true
 tasks:
- name: installation of apache httpd
ansible.builtin.apt:
name: apache2
state: present
update_cache: yes
- name: copy files with owner and permissions
ansible.buitin.copy:
src: index.html
dest: /var/www/html
owner: root
group: root
mode: ‘0644’

Ansible Roles:
Ansible roles are a way to organize and structure automation code into reusable components. They allow you
to break down complex playbooks into smaller, modular units, making your Ansible projects easier to
manage and scale.
Create roles using: ansible-galaxy init httpd
Benefits of using roles:
Modularity
Roles allow you to break down complex playbooks into smaller, reusable components. Each role handles a
specific part of the configuration or setup.

Reusability
Once created, roles can be reused across different playbooks and projects. This saves time and effort in
writing redundant code.

Maintainability
By organizing related tasks into roles, it becomes easier to manage and maintain the code. Changes can be
made in one place and applied consistently wherever the role is used.

Readability
Roles make playbooks cleaner and easier to read by abstracting away the details into logically named roles.

Collaboration
Roles facilitate collaboration among team members by allowing them to work on different parts of the
infrastructure independently.
Consistency
Using roles ensures that the same setup and configuration procedures are applied uniformly across multiple
environments, reducing the risk of configuration drift.

Structure of an Ansible Role:

<httpd>/
├── defaults/
│ └── main.yml
├── files/
├── handlers/
│ └── main.yml
├── meta/
│ └── main.yml
├── tasks/
│ └── main.yml
├── templates/
├── vars/
└── main.yml

Download ansible roles from Galaxy:

ansible-galaxy role install <role_name>
example: ansible-galaxy role install pavan.docker
ansible-galaxy role install -r requirements.yml (for download specific yml file)

Import the Role to Ansible Galaxy from github:

ansible-galaxy role import <your_github_username> <role-name>

Prerequisites to setup aws Collection and Authentication:

1. Install boto3
pip install boto3
2. Install AWS collection
ansible-galaxy collection install amazon.aws

3. Setup Vault
• Create a password for vault
openssl rand -base64 2048 > vault.pass
• Add your AWS credentials using the below vault command
ansible-vault create group_vars/all/pass.yml --vault-password-file vault.pass

Playbook for aws ec2 creation:

---
- hosts: localhost
connection: local
tasks:
- name: start an instance with a public IP address
amazon.aws.ec2_instance:
name: "ansible-instance"
# key_name: "prod-ssh-key"
# vpc_subnet_id: subnet-013744e41e8088axx
instance_type: t2.micro
security_group: default
region: us-east-1
aws_access_key: "{{ec2_access_key}}" # From vault as defined
aws_secret_key: "{{ec2_secret_key}}" # From vault as defined
network:
assign_public_ip: true
image_id: ami-04b70fa74e45c3917
tags:
Environment: Testing

Variables:
Ansible provides default 22 places to write variables and these 22 are in precedence manner like more
important to least important
etra vars has highest precedence
role defaults has low precedence