Wednesday | 04 DEC 2024
[ previous ]
[ next ]

Ansible Notes

Title:
Date: 2022-07-01
Tags:  

At work I've recently had to set up a few Linux servers and get UniVerse installed on them. Now that I've done it a few times in rapid succession, I think it's time to automate it. I enjoy doing it every now and then but I think now is a good time to automate this step.

I was originally going to write a bash script and I already have a good idea of how it would look, I also would want to make it idempotent but as I thought about it, it didn't make sense that I would do this bash. I would need to check so much things to make sure my script doesn't blow up and leave the server in a weird state.

Ansible was something I had heard of but never really looked at and looking at the docs it looks like exactly what I'm looking for. I want describe the state of the system at the end and ansible will simply get to that state. I don't really care how it gets there. It's a very cool idea and one that I have never used before. Though it reminds me of docker but I only used docker a bit so this looks quite fun.

https://docs.ansible.com/ansible/latest/getting_started/index.html

Ansible has a set of hosts in the /etc/ansible/hosts file. Makes sense

The first step of simply pinging the hosts failed. I have my first host as the ansible server itself it already threw an error. It seems I needed to pass in the user and add the flag ask-pass.

# ansible all -m ping -u root --ask-pass

This worked.

The next step is to use inventory files. This seems to be a level up from the hosts file. This is also the way that is recommended to manage multiple systems.

This step worked relatively well.

I needed to use the -k option to for it to prompt for the password. I'll need to set up the password vault so i don't need to keep getting asked.

Copy pasting the encrypted password is a bit of a pain.

I also don't like how whitespace matters in yaml.

Reading is hard! I ran into some bugs here as I wasn't paying enough attention.

https://docs.ansible.com/ansible/2.5/network/getting_started/first_inventory.html

Here are the instructions to set up a vault password so you can then add passwords to the inventory file.

> ansible machines -m ping -i inventory.yaml --vault-id root@passwords

Now I can ping the server automatically!

Slowly slowly.

Running a playbook was pretty easy!

After writing a simple playbook I wrote the steps to install samba!

This was quite fun

https://stackoverflow.com/questions/62405671/ansible-playbook-to-check-the-condition-of-selinux-status

This checks to see if selinux is enabled, and only runs when it is.

Ansible was pretty straightforward. At this point I think I have decent idea of how to use it and it is definitely better than the shell script I was going to write.