Ansible 2019(1)Introduction and Installation on Ubuntu and CentOS

Ansible 2019(1)Introduction and Installation on Ubuntu and CentOS

Ansible is using SSH, it can execute the shell commands.
Install Ansible on Ubuntu
> sudo apt-add-repository -y ppa:ansible/ansible
> sudo apt-get update
> sudo apt-get install ansible
> ansible --version
ansible 2.8.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/carl/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15+ (default, Oct  7 2019, 17:39:04) [GCC 7.4.0]

Prepare 2 workers machines for ubuntu latest version
> wget http://mirror.lstn.net/ubuntu-releases/19.04/ubuntu-19.04-live-server-amd64.iso

Set Up Clean 19.04 Ubuntu Machines
Set Up Root Password
> sudo passwd root

Set Up IP information
> cd /etc/netplan/
> sudo vi 50-cloud-init.yaml
network:
    ethernets:
        enp0s3:
            dhcp4: true
        enp0s8:
            dhcp4: no
            addresses: [192.168.56.102/24]
            gateway4: 192.168.56.0
            nameservers:
                    addresses: [8.8.8.8,8.8.4.4]
    version: 2

> sudo netplan apply

I try to verify on ubuntu-master, ubuntu-worker1, ubuntu-worker2, so the hosts file will be like this
> cat /etc/hosts
192.168.56.101  ubuntu-master
192.168.56.102  ubuntu-worker1
192.168.56.103  ubuntu-worker2

On the master machine, ubuntu-master, copy the keys to workers
> ssh-copy-id -i ~/.ssh/id_rsa.pub carl@ubuntu-worker1
> ssh-copy-id -i ~/.ssh/id_rsa.pub carl@ubuntu-worker2

Need to make the user execute sudo without password on all the workers
> sudo visudo
carl    ALL=(ALL) NOPASSWD:ALL

Check workers list
> sudo vi /etc/ansible/hosts
ubuntu-master
[workers]
ubuntu-worker1
ubuntu-worker2

Try some commands and it works well
> ansible workers -u carl -a "df -h"

Promote password
> ansible workers -b -K -u carl -a "apt update"

No Password
>ansible workers -b -u carl -a "apt update"
Not working on ubuntu 19.04?

Solution:
https://askubuntu.com/questions/504652/adding-nopasswd-in-etc-sudoers-doesnt-work
https://www.tecrobust.com/run-sudo-command-without-password-in-ubuntu/
Need to add this line to the end of the file
carl    ALL=(ALL) NOPASSWD:ALL

After that, these commands works
> ansible workers -b -u carl -a "apt update"

Playbook
> cat playbook.yml
---
- hosts: workers
  become: true
  become_user: carl
  tasks:
    - name: check disk
      command: df -h

> ansible-playbook -u carl playbook.yml

Update the softwares there
> cat playbook.yml
---
- hosts: workers
  become: true
  become_user: carl
  tasks:
    - name: update
      command: apt update
      become_user: root
      become_method: sudo
    - name: install
      command: apt dist-upgrade
      become_user: root
      become_method: sudo

Shutdown all the workers
> ansible workers -b -u carl -a "shutdown -h now"

Install on CentOS
> sudo yum install ansible

Check the version
> ansible --version
ansible 2.8.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/carl/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

Generate SSH Key On CentOS
https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-centos7
> ssh-keygen

Copy the keys to workers
> ssh-copy-id -i ~/.ssh/id_rsa.pub rancher-worker1
> ssh-copy-id -i ~/.ssh/id_rsa.pub rancher-worker2

No password to execute sudo command
> sudo visudo
%wheel  ALL=(ALL)       NOPASSWD: ALL

Check workers list
> sudo vi /etc/ansible/hosts
rancher-home
[workers]
rancher-worker1
rancher-worker2

Try some commands and it works well
> ansible workers -u carl -a "df -h"

Promote password
> ansible workers -b -K -u carl -a 'yum update'

No Password
> ansible workers -b -u carl -a 'yum update'


It can be more complex if we need it to be
---
- hosts: sillycat-redis:sillycat-db:sillycat-els
  remote_user: centos
  tasks:
      - name: curl
        shell: 'curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.2.1-x86_64.rpm'
      - name: rpm
        shell: 'rpm -vi metricbeat-7.2.1-x86_64.rpm'
        become: yes
        become_user: root
        become_method: sudo       
      - name: copy
        copy: src=./etc/metricbeat.yml dest=/etc/metricbeat/metricbeat.yml
        become: yes
        become_user: root
        become_method: sudo          
      - name: enable
        shell: 'metricbeat modules enable system'
        become: yes
        become_user: root
        become_method: sudo       
      - name: setup
        shell: 'metricbeat setup'
        become: yes
        become_user: root
        become_method: sudo       
      - name: start
        shell: 'service metricbeat start'
        become: yes
        become_user: root
        become_method: sudo       
      - name: auto start
        shell: 'systemctl enable metricbeat'
        become: yes
        become_user: root
        become_method: sudo       
      - name: rm install file
        shell: 'rm -f metricbeat-7.2.1-x86_64.rpm'

- hosts: sillycat-redis
  remote_user: centos
  tasks:
      - name: enable
        shell: 'metricbeat modules enable redis'
        become: yes
        become_user: root
        become_method: sudo    
      - name: restart
        shell: 'systemctl restart metricbeat'
        become: yes
        become_user: root
        become_method: sudo    

- hosts: sillycat-db
  remote_user: centos
  tasks:
      - name: enable
        shell: 'metricbeat modules enable mysql'
        become: yes
        become_user: root
        become_method: sudo    
      - name: restart
        shell: 'systemctl restart metricbeat'
        become: yes
        become_user: root
        become_method: sudo    

- hosts: sillycat-els
  remote_user: centos
  tasks:
      - name: enable
        shell: 'metricbeat modules enable elasticsearch'
        become: yes
        become_user: root
        become_method: sudo    
      - name: restart
        shell: 'systemctl restart metricbeat'
        become: yes
        become_user: root
        become_method: sudo

References:
https://www.cnblogs.com/sparkdev/p/9905290.html
https://www.ansible.com/
https://github.com/ansible/ansible
https://docs.ansible.com/ansible/latest/index.html
https://stackoverflow.com/questions/25582740/missing-sudo-password-in-ansible
https://askubuntu.com/questions/504652/adding-nopasswd-in-etc-sudoers-doesnt-work