This project help you get started with Asible Ad-hoc commands, Playbook, Role ad Vault
Watch FULL FREE Video Course here
This Project Designed and developed by Sandip Das
This project uses open source projects to work properly:
First make sure Ansible CLI is installed
Debain/Ubuntu Installation Example
sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible
Check Version
ansible --version
Setting up ssh:
sudo apt-get install openssh-server
Generating new ssh keys:
ssh-keygen
ssh-copy-id hostname (if it's a password-based)
ssh-copy-id -i ~/.ssh/my_custom_key user@host
Time to check SSH Connection
ssh -i ~/.ssh/my_custom_key user@host
File path: /etc/ansible/hosts (or custom location by: -i /path/to/file)
#un-grouped
192.0.2.40
192.0.3.56
aserver.example.org
bserver.example.org
#by group called appservers
[appservers]
sample1.example.com ansible_host = 10.0.0.3 #ssh to 10.0.0.3
sample2.example.com ansible_ssh_user = xyz #ssh as user xyz
#host (DNS will resolve automatically)
[dbservers]
one.example.com
two.example.com
three.example.com
#dev_servers1 is a group containing other groups
[dev_servers1:children]
appservers
dbservers
Reboot all servers in appservers group
ansible appservers -a "/sbin/reboot"
Reboot the appservers hosts with 10 parallel forks
ansible appservers -a "/sbin/reboot" -f 10
To run To run /usr/bin/ansible from a differet user account (not root)
ansible appservers -a "/sbin/reboot" -f 10 -u username
run commands through privilege escalation
ansible appservers -a "/sbin/reboot" -f 10 -u username --become [--ask-become-pass]
copy file
ansible appservers -m ansible.builtin.copy -a "src=/etc/hosts dest=/tmp/hosts"
changing permissions
ansible appservers -m ansible.builtin.file -a "dest=/srv/foo/a.txt mode=600"
ansible appservers -m ansible.builtin.file -a "dest=/srv/foo/b.txt mode=600 owner=sandip group=sandip"
create directores
ansible appservers -m ansible.builtin.file -a "dest=/path/to/c mode=755 owner=sandip group=sandip state=directory"
Remove Directory/File
ansible appservers -m ansible.builtin.file -a "dest=/path/to/c state=absent"
using yum package manager to install and uninstall packages
ansible appservers -m ansible.builtin.yum -a "name=acme state=present"
ansible appservers -m ansible.builtin.yum -a "name=acme-1.5 state=present"
ansible appservers -m ansible.builtin.yum -a "name=acme state=latest"
ansible appservers -m ansible.builtin.yum -a "name=acme state=absent"
using apt package manager to install and uninstall packages
ansible appservers -m apt -a "name=acme state=latest"
ansible appservers -m apt -a "name=acme-1.5 state=present"
ansible all -m ansible.builtin.user -a "name=foo password=<crypted password here>"
ansible all -m ansible.builtin.user -a "name=foo state=absent"
ansible appservers -m ansible.builtin.service -a "name=httpd state=started"
ansible appservers -m ansible.builtin.service -a "name=httpd state=restarted"
ansible appservers -m ansible.builtin.service -a "name=httpd state=stopped"
Deploying From Source Control
ansible appservers -m git -a "repo=<https://foo.example.org/repo.git> dest=/src/myapp version=HEAD"
Gathering facts
ansible all -m ansible.builtin.setup
Normal playbook_sample.yml
---
- name: Installl and Verify apache installation
hosts: appservers
vars:
http_port: 80
max_clients: 200
remote_user: ubuntu
become: yes
become_method: sudo
tasks:
- name: Ensure apache is at the latest version
ansible.builtin.apt:
name: apache2
state: latest
- name: Ensure apache is running
ansible.builtin.service:
name: apache2
state: started
Role bases playbook_role_example.yml
---
- hosts: appservers
remote_user: ubuntu
become: yes
become_method: sudo
roles:
- example_role
Sample Commands to Execute PLaybooks
ansible-playbook platbook_sample.yml -i demo_hosts --private-key=/path/to/your/key
ansible-playbook playbook_role_example.yml -i demo_hosts --private-key=/path/to/your/key
Creating a New Encrypted File
ansible-vault create encrypted_playbook.yml
Encrypting an Existing Ansible File
ansible-vault encrypt encrypted_playbook.yml
View encrypted file
ansible-vault view encrypted_playbook.yml
Edit encrypted file
ansible-vault edit encrypted_playbook.yml
Permanently Decrypt a file
ansible-vault decrypt encrypted_playbook.yml
Using Multiple Vault Passwords for multiple environments We can have dedicated vault passwords for different environments, such as development, testing, and production environments
ansible-vault create --vault-id dev@prompt credentials_dev.yml
ansible-vault create --vault-id prod@prompt credentials_prod.yml
To Edit/edit have to provide the same id
ansible-vault edit credentials_dev.yml --vault-id dev@prompt
Using a Password File
ansible-vault create --vault-password-file path/to/passfile credentials_dev.yml
ansible-vault create --vault-id dev@path/to/passfile credentials_dev.yml
ansible-vault encrypt --vault-password-file vault_pass encrypted_playbook.yml
ansible-vault decrypt --vault-password-file vault_pass encrypted_playbook.yml
MIT
Free Software, Hell Yeah!