A system engineer's notes: March 2019

Saturday 9 March 2019

Installing Ansible on Centos 7

Introduction

As Ansible is agentless, unlike other configuration management platforms, it only requires a master node installation. Ansible is also particularly light due to its lack of daemons, database reliance, and keep-on-running services. Ansible uses Secure Shell (SSH) and WinRM to manage its host clients. Installing Ansible is a fairly straightforward process and in this article we will quickly demonstrate how to install it on a Centos 7 system using the yum package manager.

Prerequisites:

In this respect, Ansible is awesome. For a Linux package installation, all you need is Python 2 (version 2.6 or higher) or Python 3 (version 3.5 or higher). For source installation, we may need the development suite, such as the build-essential package for the Debian family, or the Development Tools group package for the Red Hat family. Most package managers of Linux operating systems will
automatically download the appropriate Python version and its dependencies when asked to install Ansible.

Ansible installation on Centos 7:

If you are using Yellowdog Updater, Modified (Yum), you will have an extra step, since Ansible is not located in the default RHEL repositories. As you may have experienced when installing tools in the past, the Extra Package for Enterprise Linux (EPEL) is often required to be installed before you can use the package manager to install the tools. This is a very straightforward step. We first need to download the epel-release rpm file from the Fedora Project website: http:/ / fedoraproject. org/ wiki/ EPEL. We then need to install it using rpm as follows:

rpm -i epel-release-latest-7.noarch.rpm
or
yum install epel-release -y

We can verify that the EPEL repository is now available on the system:

[root@lab ~]# yum repolist epel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.nbrc.ac.in
* epel: d2lzkl7pfhq30w.cloudfront.net
* extras: mirror.nbrc.ac.in
* nux-dextop: mirror.li.nux.ro
* updates: mirror.nbrc.ac.in
repo id repo name status
*epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 12,909
repolist: 12,909
[root@lab ~]#

Just like installing any other package using Yum, we will use the yum install command following by the package name (Ansible in this case).

[root@lab ~]# yum install ansible -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.nbrc.ac.in
* epel: d2lzkl7pfhq30w.cloudfront.net
* extras: mirror.nbrc.ac.in
* nux-dextop: mirror.li.nux.ro
* updates: mirror.nbrc.ac.in
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.7.8-1.el7 will be installed
--> Processing Dependency: python-crypto for package: ansible-2.7.8-1.el7.noarch
--> Processing Dependency: python-httplib2 for package: ansible-2.7.8-1.el7.noarch
--> Processing Dependency: python-keyczar for package: ansible-2.7.8-1.el7.noarch
--> Processing Dependency: python-paramiko for package: ansible-2.7.8-1.el7.noarch
--> Processing Dependency: python2-jmespath for package: ansible-2.7.8-1.el7.noarch
--> Processing Dependency: sshpass for package: ansible-2.7.8-1.el7.noarch
--> Running transaction check
---> Package python-httplib2.noarch 0:0.9.2-1.el7 will be installed
---> Package python-keyczar.noarch 0:0.71c-2.el7 will be installed
---> Package python-paramiko.noarch 0:2.1.1-9.el7 will be installed
--> Processing Dependency: python-cryptography for package: python-paramiko-2.1.1-9.el7.noarch
---> Package python2-crypto.x86_64 0:2.6.1-15.el7 will be installed
--> Processing Dependency: libtomcrypt.so.0()(64bit) for package: python2-crypto-2.6.1-15.el7.x86_64
---> Package python2-jmespath.noarch 0:0.9.0-3.el7 will be installed
---> Package sshpass.x86_64 0:1.06-2.el7 will be installed
--> Running transaction check
---> Package libtomcrypt.x86_64 0:1.17-26.el7 will be installed
--> Processing Dependency: libtommath >= 0.42.0 for package: libtomcrypt-1.17-26.el7.x86_64
--> Processing Dependency: libtommath.so.0()(64bit) for package: libtomcrypt-1.17-26.el7.x86_64
---> Package python2-cryptography.x86_64 0:1.7.2-2.el7 will be installed
--> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-2.el7.x86_64
--> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64
--> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-2.el7.x86_64
--> Running transaction check
---> Package libtommath.x86_64 0:0.42.0-6.el7 will be installed
---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed
--> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64
---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed
---> Package python-idna.noarch 0:2.4-1.el7 will be installed
--> Running transaction check
---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed
--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch
--> Running transaction check
---> Package python-ply.noarch 0:3.4-11.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================================================
Package Arch Version Repository Size
==========================================================================================================================================================================
Installing:
ansible noarch 2.7.8-1.el7 epel 11 M
Installing for dependencies:
libtomcrypt x86_64 1.17-26.el7 extras 224 k
libtommath x86_64 0.42.0-6.el7 extras 36 k
python-cffi x86_64 1.6.0-5.el7 base 218 k
python-enum34 noarch 1.0.4-1.el7 base 52 k
python-httplib2 noarch 0.9.2-1.el7 extras 115 k
python-idna noarch 2.4-1.el7 base 94 k
python-keyczar noarch 0.71c-2.el7 epel 218 k
python-paramiko noarch 2.1.1-9.el7 updates 269 k
python-ply noarch 3.4-11.el7 base 123 k
python-pycparser noarch 2.14-1.el7 base 104 k
python2-crypto x86_64 2.6.1-15.el7 extras 477 k
python2-cryptography x86_64 1.7.2-2.el7 base 502 k
python2-jmespath noarch 0.9.0-3.el7 extras 39 k
sshpass x86_64 1.06-2.el7 extras 21 k

Transaction Summary
==========================================================================================================================================================================
Install 1 Package (+14 Dependent packages)

Total download size: 14 M
Installed size: 71 M
Downloading packages:
(1/15): libtommath-0.42.0-6.el7.x86_64.rpm | 36 kB 00:00:00
(2/15): python-enum34-1.0.4-1.el7.noarch.rpm | 52 kB 00:00:00
(3/15): libtomcrypt-1.17-26.el7.x86_64.rpm | 224 kB 00:00:00
(4/15): python-cffi-1.6.0-5.el7.x86_64.rpm | 218 kB 00:00:00
(5/15): python-httplib2-0.9.2-1.el7.noarch.rpm | 115 kB 00:00:00
(6/15): python-idna-2.4-1.el7.noarch.rpm | 94 kB 00:00:00
(7/15): ansible-2.7.8-1.el7.noarch.rpm | 11 MB 00:00:00
(8/15): python-keyczar-0.71c-2.el7.noarch.rpm | 218 kB 00:00:00
(9/15): python-pycparser-2.14-1.el7.noarch.rpm | 104 kB 00:00:00
(10/15): python-ply-3.4-11.el7.noarch.rpm | 123 kB 00:00:00
(11/15): python-paramiko-2.1.1-9.el7.noarch.rpm | 269 kB 00:00:00
(12/15): python2-crypto-2.6.1-15.el7.x86_64.rpm | 477 kB 00:00:00
(13/15): python2-jmespath-0.9.0-3.el7.noarch.rpm | 39 kB 00:00:00
(14/15): sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00
(15/15): python2-cryptography-1.7.2-2.el7.x86_64.rpm | 502 kB 00:00:00
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 10 MB/s | 14 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-enum34-1.0.4-1.el7.noarch 1/15
Installing : python-httplib2-0.9.2-1.el7.noarch 2/15
Installing : sshpass-1.06-2.el7.x86_64 3/15
Installing : libtommath-0.42.0-6.el7.x86_64 4/15
Installing : libtomcrypt-1.17-26.el7.x86_64 5/15
Installing : python2-crypto-2.6.1-15.el7.x86_64 6/15
Installing : python-keyczar-0.71c-2.el7.noarch 7/15
Installing : python2-jmespath-0.9.0-3.el7.noarch 8/15
Installing : python-ply-3.4-11.el7.noarch 9/15
Installing : python-pycparser-2.14-1.el7.noarch 10/15
Installing : python-cffi-1.6.0-5.el7.x86_64 11/15
Installing : python-idna-2.4-1.el7.noarch 12/15
Installing : python2-cryptography-1.7.2-2.el7.x86_64 13/15
Installing : python-paramiko-2.1.1-9.el7.noarch 14/15
Installing : ansible-2.7.8-1.el7.noarch 15/15
Verifying : python-keyczar-0.71c-2.el7.noarch 1/15
Verifying : python-idna-2.4-1.el7.noarch 2/15
Verifying : python-ply-3.4-11.el7.noarch 3/15
Verifying : ansible-2.7.8-1.el7.noarch 4/15
Verifying : python-paramiko-2.1.1-9.el7.noarch 5/15
Verifying : python2-jmespath-0.9.0-3.el7.noarch 6/15
Verifying : python2-crypto-2.6.1-15.el7.x86_64 7/15
Verifying : libtomcrypt-1.17-26.el7.x86_64 8/15
Verifying : python-cffi-1.6.0-5.el7.x86_64 9/15
Verifying : libtommath-0.42.0-6.el7.x86_64 10/15
Verifying : sshpass-1.06-2.el7.x86_64 11/15
Verifying : python-httplib2-0.9.2-1.el7.noarch 12/15
Verifying : python-enum34-1.0.4-1.el7.noarch 13/15
Verifying : python-pycparser-2.14-1.el7.noarch 14/15
Verifying : python2-cryptography-1.7.2-2.el7.x86_64 15/15

Installed:
ansible.noarch 0:2.7.8-1.el7

Dependency Installed:
libtomcrypt.x86_64 0:1.17-26.el7 libtommath.x86_64 0:0.42.0-6.el7 python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7
python-httplib2.noarch 0:0.9.2-1.el7 python-idna.noarch 0:2.4-1.el7 python-keyczar.noarch 0:0.71c-2.el7 python-paramiko.noarch 0:2.1.1-9.el7
python-ply.noarch 0:3.4-11.el7 python-pycparser.noarch 0:2.14-1.el7 python2-crypto.x86_64 0:2.6.1-15.el7 python2-cryptography.x86_64 0:1.7.2-2.el7
python2-jmespath.noarch 0:0.9.0-3.el7 sshpass.x86_64 0:1.06-2.el7

Complete!
[root@lab ~]#

Now to validate the success of our installation we can check the ansible version installed on the system using the following command:

[root@lab ~]# ansible --version
ansible 2.7.8
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
[root@lab ~]#

Conclusion

We hope that this quick introduction guide was helpful to you. We will be setting up this system to act as our Ansible master node in a future article.

Saturday 2 March 2019

Ansible Tower and Ansible project comparison

After being bought by Red Hat, Ansible continued to offer a free open source platform, which is currently called the Ansible Project. Red Hat has created proprietary management add-ons that offer an advanced control and centralization of the infrastructure, called Ansible Tower. Red Hat runs the Ansible Automation platform, which is composed of the Ansible Engine and Ansible Tower. This product is fully supported by Red Hat as one of its lead projects.

Ansible project

The Ansible project is a build-up of functionalities that come from the original company, AnsibleWorks. It is a community-built automation engine. It is free, open source, and available for anyone to download or install on any Linux OS, using the package manager, source compiling, or Python PyPI. It is very simple, powerful, and agentless.

To use the Ansible automation engine, users do not need any third-party applications or interfaces. They can simply send a command or write a playbook and execute it directly to the engine. This allows the user to access a variety of predefined modules, plugins, and APIs working as building blocks for managing all kinds of IT tasks and network objects. As it is agentless, Ansible relies on SSH to manage the Linux hosts, and WinRM for the Windows hosts. The SSH protocol is also used to control some of the network devices. Some more unsual devices or cloud and virtualization services require the use of Ansible pre-defined APIs to help manage or access them.

Nodes can be defined by their IP addresses or hostname; for the latter, we will have to rely on a DNS server or the local DNS file. APIs are used to communicate with third-party services, such as public or private clouds. Modules, which constitute Ansible's biggest pre-defined function library, allow the users to simplify long and complex tasks into a few lines in a playbook. They cover a large number of tasks, systems, packages, files, datastores, API calls, network device configurations, and so on. Finally, Ansible plugins are used to improve Ansible's core functionality, such as fast host caching, to avoid facts gathering on the network.

Ansible Tower

Ansible Tower is the Red Hat proprietary layer that sits on top of the Ansible project engine. It is made up of a number of add-ons and modules, composed of REST APIs and web services, that work together to create a friendly web interface that acts as an automation hub from which the IT administrator can select a number of tasks or playbooks to be executed on a number of machines. It still relies on the Ansible Engine to send commands and collect the reports. Ansible Tower cleverly collects the status of tasks and the reports that come back from hosts. All of this data is presented in the Ansible dashboard, showing hosts, the status of the inventory, and the recent jobs, activities, and snapshots.
Ansible Tower scales as the environment grows, and acts accordingly by showing in real-time all the statuses of the hosts, tasks, and playbooks. It highlights the successful playbook jobs, as well as those that failed to run, in order to troubleshoot any issues. In its multi-playbook workflows, the user can create pipelines of playbooks to be executed in sequence on any type of inventory, using one or more users' credentials and on a personalized timescale. With pipelining enabled, an IT administrator can automate complex operations (application provisioning, continuous deployment with containers, running test workflows) by breaking them down into smaller tasks using pipelines and, depending on the output (success or failure), run a specific play.

Ansible Tower offers a smart inventory platform that enables you to pull the host's inventory from any source, including a public or private cloud, or a local CMDB. The smart inventory builds hosts caching, which allows the user to run playbooks based on the facts of the hosts, which are pieces of information and properties related to them and gathered by Ansible. It also allows you to set up built-in notifications about the status of tasks, workflows, and playbooks via email, SMS, and push notifications on third-party platforms, such as Slack or Hipchat. Ansible Tower also allows task scheduling for routine updates, device patching, and custom backup schedule options.

Ansible benefits and functionalities explained

With the rapid growth of IT infrastructures and a shift in the way applications are being deployed, IT administrators' tasks have grown in scale and complexity. Ansible seamlessly merges orchestration and configuration management in a very handy platform that allows IT administrators to define a selected number of nodes, applications, and network devices to be configured in a desired state by making clear which actions should be taken to remove repetition and reduce complexity.

Orchestration

As well as configuration management, Ansible also offers high-end orchestration. This makes the organization and management of the interactions between multiple configuration tasks well-structured. It simplifies and orders complex and chaotic configuration management and administration tasks. According to the status of the infrastructure, and the users' demands, applications, and data-versioned behaviors, Ansible orchestration will generally bring the infrastructure back to the desired state by configuring the appropriate services and policies via the CM tool into the failed component and make it work properly.

IT orchestration can get very complex when dealing with DevOps class tasks, such as the continuous integration and deployment (CI/CD) of applications or infrastructure as a code (IaC). Ansible is capable of converting those tasks to automated workflows that run a number of playbooks in a well-defined structure, featuring all sorts of Ansible pre-defined modules, plugins, and APIs to communicate, execute commands, and report facts from any number of hosts, devices, and services.

Automate everything

Ansible is the path to take for better infrastructure automation, application deployment, and provisioning. It is the open source approach to an automated and modernized IT environment. Ansible is the key to enabling IT administrators to automate their daily tasks, freeing up their time to allow them to focus on delivering quality services. This not only impacts the IT department, but the business as a whole. The following diagram shows the reach of Ansible's multiple functionalities:

Provisioning

Instance provisioning using Ansible covers the configuration and setup of bare-metal machines and servers. It relies on its predefined APIs to create and configure the local virtualized infrastructure. It can also manage hybrid, private, and public cloud instances, resources, and applications. Ansible can automatically install and configure an application and its libraries. It uses OS bootstrap and a kickstart script to initiate bare-metal machine provisioning using very simple playbooks and built-in modules. Using the same simple playbooks and different modules, Ansible can also provision instances, networking, and VMs in a public, private, or hybrid cloud very easily.

Configuration management

Using the power of playbooks and inventory, IT administrators can use Ansible to execute an update, patch, or configuration modification on a number of hosts, network devices, and applications. Playbooks describe the infrastructure in both simple, human-readable terms for other people to use, and machine-parsable code that can be used on any machine running Ansible. The execution of an Ansible configuration is state-driven, which means that it does not need to check the system or service state to know how to adapt in order to increase the task's reliability.

Application deployment

When we talk about applications that are managed by Ansible, we are talking about full life cycle control. Any users who have access to the Ansible server node, from IT administrators to application developers and project managers, will be able to manage all aspects of the application. Ansible takes the application package, deploys it to all the production servers, sets it up, and configures and initiates it. It can even test the package and report its status. This feature covers multi-tier applications, allowing zero-downtime rolling for a seamless application update.

Continuous delivery and continuous integration

Ansible ensures a stable environment for both developers and IT administrators for the continuous delivery and integration of applications. Automating as much as possible of the application turnaround means it is quick and unnoticeable to the application users. Ansible automation and orchestration is multi-tier and multi-step, which allows for finer control over operations and hosts. We can write Playbooks to manage the continuous integration and delivery of applications while ensuring the desired state of various components, such as load balancers and several server nodes.

A system engineer's notes