Ansible

Agentless Push-based Configuration Management Tool

• The Control node is where Ansible is installed
• The Ansible Inventory contains all known nodes
• A Managed Node is a Host that Ansible controls
• Ansible Playbooks contain multiple plays that define commands and modules to run the Nodes
• Use Ansible Roles to load related vars, files, tasks, handlers, and other Ansible artifacts based on a known file structure
• Ansible Handlers are tasks that only run when notified.
• Ansible tries to be indempotent, only applying changes if the desired state is achieved
• Customize Ansible with Ansible Modules and Ansible Plugins
• Configuration Example File https://github.com/ansible/ansible/blob/stable-2.9/examples/ansible.cfg

---

Pros

• Agent less
• YAML is easy to learn

Cons

• Performance speed less then other tools
• YAML not as powerful as Ruby

---

Getting Started

• Ping all known hosts in group home-lab ansible home-lab -m ping
• Install Ansible

pmi ansible sshpass

• Create configuration file and add hosts in /etc/ansible/ansible.cfg or a local repo

[ubuntu]
homelab.wg

• Run commands

ansible -i hosts ubuntu -m ping --user unfa --ask-pass

Ansible CLI

• Command Pattern ansible [pattern] -m [module] -a "[module options]"
• Run one-off / Ad-hoc Commands with

# get hostname
ansible localhost -m command -a hostname
 
# print date
ansible localhost -m command -a date
 
# reboot servers (default module is command)
ansible atlanta -a "/sbin/reboot"`

Ansible Authentication

• Ansible connects to all remote devices with the user name you are using on the control node.
• Ansible assumes you are using SSH keys to connect to remote machines
  • use a ssh agent, use the --private-key flag to specify a pem file, or add the private key file to an inventory with ansible_ssh_private_key_file.
• Understanding privilege escalation: become — Ansible Documentation

Ansible Variables

• Using Variables — Ansible Documentation
• Cache task output into a registers
• Specify --extra-vars on the CLI like key=value

tasks:
     - name: Run a shell command and register its output as a variable
       ansible.builtin.shell: /usr/bin/foo
       register: foo_result
       ignore_errors: true

Ansible Secrets

• Interactive Prompts

- hosts: all
  gather_facts: false
  vars_prompt:
    - name: api_key
      prompt: Enter the API key
  tasks:
    - name: Ensure API key is present in config file
      ansible.builtin.lineinfile:
        path: /etc/app/configuration.ini
        line: "API_KEY={{ api_key }}"

• Or use Ansible Vault

Ansible Conditionals

• Specify a Jinja2 Test Expression with when Tests — Ansible Documentation
• Tasks that pass the test are executud
• Can also use Ansible Facts Conditionals Facts— Ansible Documentation

tasks:
  - name: Configure SELinux to start mysql on any port
    ansible.posix.seboolean:
      name: mysql_connect_any
      state: true
      persistent: true
    when: ansible_selinux.status == "enabled"
    # all variables can be used directly in conditionals without double curly braces
 
tasks:
  - name: Shut down Debian flavored systems
    ansible.builtin.command: /sbin/shutdown -t now
    when: ansible_facts['os_family'] == "Debian"

Ansible Filters

• Ansible Filters are the preferred way to manipulate data in Ansible
  • Default variables {{ some_variable | default(5) }}
  • Omit variables {{ item.mode | default(omit) }}
  • Transforming dictionaries into lists with {{ dict | dict2items }}
  • Combining and selecting data
• Ansible can manage Windows machines as long as they have Powershell installed. Ansible uses PowerShell Remoting to execute commands on remote Windows hosts.