Ansible basics

Ansible tips

Below are some tips on using Ansible if you are unfamiliar with it. These are not best practices but will point you in the right direction and give you an idea of how things work.

Installing packages

Ansible allows you to use yum, apt or whatever else you need. However, this is not useful if you are going to reuse roles or playbook tasks. If you want to make sure that you will be able to install something across different Linux distributions, then you can use the following. This example is for installing varnish:

1
2
3
4
- name: install varnish
   package:
     name: varnish
     state: latest
Names do not matter to a playbook apart from keeping humans aware of what everything is doing. Everything else however does matter.

Change lines in files

Take a look at this from ansible's own documentation

Bash scripts

Ansible is capable of running bash scripts and you can add a task to do so wherever you want in a playbook.

Here is an example below of a playbook with a run the Bash script task:

1
2
3
tasks:
  - name: Copy and Execute the script
    script: "bash file name or location"
You can give the name as a location and a file name. You can also just give it a file name on its own if the playbook is in the same directory.

Bash script causes Ansible to stop running and shows that there is an error.

When I was working with a bash script, Ansible did not like the script at all despite it actually being fine for its intended purpose. If you find that your bash script is not at fault but want Ansible to use it and keep on going with the rest of the playbook, we can simply change the above task to the following:

1
2
3
4
tasks:
  - name: Copy and Execute the script
    script: "bash file name or location"
    ignore_errors: yes
This is a quick way around the problem if this is a one off playbook. Otherwise....you should probably try fix it.

Run tasks before any roles or tasks (pre tasks)

If you need to run some tasks before anything else in your playbook (you might refer to these as dependencies) then we would put These under "pre_tasks" like I have in the example below. Take note of the packages and the command as these are a pretty common requirements for some tasks.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
---
- hosts: all

  pre_tasks:

    - name: install libselinux-python
      become: yes
      package:
       name: libselinux-python
       state: present


    - name: Install pexpect
      become: yes
      command: pip install pexpect

PHP and Ansible

Use these roles

ansible-galaxy install geerlingguy.php

Make sure you have the right repo as well. Do your research and use one of the following depending on the OS

epel ansible-galaxy install geerlingguy.repo-epel

or

remi ansible-galaxy install geerlingguy.repo-remi

variables to use:

php_enablerepo: "the repo you are using above"

php_version: "version of php you want"

php_packages_state: "latest"

1
2
3
4
5
php_packages:
    - list
    - packages
    - like
    - this

If "geerlingguy.php : Ensure PHP packages are installed." fails at all in your playbook then you will not have php installed correctly. Don't ignore this task failing.

Run a command as a playbook task.

1
2
3
tasks:
  - name: do the command
    command: "the terminal command you want"
If you use a command that could of been done with an Ansible module, Ansible will let you know in the output when you run the playbook. For keeping things tidy and also to allow for tasks to work on various builds, use a module.

Copying over files.

For a lot of the above packages it's also good to copy over configuration files that you know you will need. Simply create a configuration file, fill it with everything you need and use the following module to copy it across. Below is an example for php.ini

1
2
 - name: Create php.ini
   template: src=templates/php/php.ini dest=//etc/php.ini`
The above uses a template and then a destination. src=the file we need to copy and the dest=where that file is going to live.

Install ansible role

To install a role we can use the following command: ansible-galaxy install "ansible.role" -p

useful ansible roles: geerlingguy.php geerlingguy.nginx geerlingguy

SSH Keys with Ansible

The following tasks will create SSH keys

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
tasks:
- name: Generate /etc/ssh/ RSA host key
  command : ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C "" -N ""
  creates: /etc/ssh/ssh_host_rsa_key

- name: Generate /etc/ssh/ DSA host key
  command : ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -C "" -N ""
  creates: /etc/ssh/ssh_host_dsa_key

- name: Generate /etc/ssh/ ECDSA host key
  command : ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -C "" -N ""
  creates: /etc/ssh/ssh_host_ecdsa_key

'''

Bitbucket and Ansible

Below is an example of cloning a bitbucket repo. I will mention this now to save confusion, if you do not have the "accept_hostkey: true" like you can see below, you will not be able to clone from a repo for the first time from what I have seen so far.

1
2
3
4
5
6
7
8
- name: cloning the repo into the directory we just created
    git:
      repo: "project_repo_url"
      dest: "destination of where the repo is going"
      accept_hostkey: true
      key_file: "location of key file"
    become: true
    become_user: "user"

ssh key variables

When it comes to writing out variables in your variable file or in the playbook itself, you need to be aware of how to write it out for it to work. The following is how I have done this:

1
2
3
4
5
6
ssh-key: |
  -----BEGIN RSA PRIVATE KEY-----
  somelongkeythatwithloadsofmultiplelinesforyou
  fjioefiejfjeoifjioejfiejfjeofjejfojefjoejffjd
  doepojdejdjejdjeidpjdjpdjwopdjwpedjpwdjwopjdo
  -----END RSA PRIVATE KEY-----

Variables in Ansible

Ansible gives you a few options when it comes to Variables. We explore these below.

User prompts

You can set variables with user prompts. This is very useful for when information is not going to be the same when you use the playbook again. This could be a password for a ssh key for example which you can see below:

1
2
3
4
5
6
7
8
vars_prompt:
  - name: "pass"
    prompt: "Password for SSH Key?"

tasks:

- name: Generate /etc/ssh/ RSA host key
  command : ssh-keygen -q -t rsa -f /home/ec/.ssh/id_rsa/ssh_host_rsa_key -N "{{ pass }}"
In the above, the name is what the variable will be called and can then be used again using in the play book using {{ "vairable" }}. For example the above is {{ pass }} because the name is "pass".

Automatically respond to prompts

To automate things we have to respond to promps that will come our way. Ansible can automatically respond to prompts for you which makes things nice and easy.

Below is an example of this.

Chdir = the directory for the command to be executed in.

expect = this is what we need to put in the playbook for prompt responses.

command = The command that will be executed responses = this is where we place the exact phrase that the terminal would normally ask you. In this case the terminal prompt was going to be "Password for 'https://edmondscommerce@bitbucket.org" I then followed this with ' on both sides. The answer below is a variable set earlier in the playbook by the user as passwords should not be stored anywhere.

1
2
3
4
5
6
- name: pull snippets library
    chdir: /opt/Projects
    expect:
      command: git clone https://edmondscommerce@bitbucket.org/edmondscommerce/snippets-library.git
      responses:
        (?i)Password for 'https://edmondscommerce@bitbucket.org': '{ password }'

Example of variables and roles

When you use roles in your playbook you need to sometimes give them extra information. The way I have done it so far is to do the following:

'''


  • hosts: all become: true vars: php_enablerepo: "remi-php70,epel" roles:
    • geerlingguy.php
      1
      In the above example I have read what variables are available in the README file of the role and have placed them in he playbook using `vars:`. I was able to select a repo so that I could install a specific version of php. Although this is how I have done it it's worth mentioning that I have read you can also point your playbook to a file with all of your variables in it instead using
      
      vars_files
    • /vars/external_vars.yml ``` reference: http://docs.ansible.com/ansible/latest/playbooks_variables.html#variable-file-separation

Researching the server

When we are going to build a server based on one that already exists, we need to do some research in order to make sure we replicate what we can. What you may notice is that it can be hard to get the exact specific version of something, for example, a server may have php 7.0.23 but you are installing 7.0.24. As long as the 7.0.2 part is there then it should be ok. Every package is different though and the above is an example.

Some of the main packages we need to look into are:

php

To look at php version simply type php -v

to find out php modules

yum list installed | grep php

or

php -m

Mysql

mysql -v make sure to read the output as mysql does not just have different version numbers. For example, mysql percona.

\q to quit when you have read the version.

Varnish

varnish requires the following command

varnishd -V that's a capital V unlike the previous commands.

nginx

nginx -v will tell you what you need to know.