The biggest challenge for any IT administrator or DevOps engineer is to prepare environments the agile way by making sure that all the environments carry same components all the time.
In some cases, environments are geographically distributed and changes should be rolled out in such a way that it does not impact existing infrastructure and delivered in time to meet the SLO (Service Level Objectives), SLI (Service Level Indicators), and SLA (Service Level Agreements).
This blog post will help you to understand how to configure and manage the infrastructure with identical software/components on each system. The blog post is intended for the readers with some or intermediate IT administration experience.
The blog post will answer the following questions
- What is Configuration Management?
- How to implement Configuration Management?
- What is Ansible?
- How can Ansible help in Configuration Management?
- What is Ansible Playbook?
- How to write Ansible Playbook?
- Configuring servers using Ansible Playbook
- What is Ansible Galaxy?
- Configuring servers using Ansible Galaxy
As defined in Wikipedia, “Configuration Management is establishing and maintaining consistency of a product’s performance, functional, and physical attributes with its requirements, design, and operational information throughout its life”.
From a DevOps perspective, we need to make sure that the development environment is exactly similar to the production and UAT — User Acceptance Test servers. This will help to reduce to see the different results from the environment to the environment.
The first step to getting started with is to create an inventory of all the requirements. The following is a sample inventory baseline file.
Some of the most important components of the inventory files are
- Operating System Name and Version
- Web/Application/DB server Name and version
As a best a best practice one must keep all the revision of the files. You can use GitHub, Bitbucket, Google Drive or Alibaba Cloud Object Storage Service (OSS). For this blog post, we will use the Alibaba cloud OSS. As the configuration files are going to be less than 5GB, and data transmission is also less, so virtually your files are stored free and still under your control. Following is an example of a configuration file structure stored on OSS.
Now as we have the requirement, the next step is to automate it and we will use Ansible. Ansible is an open source IT automation tool that can improve the stability, reliability, and consistency of the IT infrastructure.
- Ansible works on the push technology and does not need any special client to install on the remote server. All it needs is an SSH connection.
- Ansible has more than 1300 modules and plugins to support web servers, database servers, networking, security, docker, Kubernetes, storage, networking, monitoring and many more.
- Ansible has a very big community support.
- Ansible is using YAML to get the inputs and configure remote systems
- Ansible comes with powerful Orchestration. It can help from a VM provision to application deployment.
- Ansible is easy to learn and adapt. It does not require any special skills to create and execute scripts
Let’s get started with Ansible. Following are the base requirement.
- One host system for Ansible installation
- One server with SSH access (For this blog post requirement, there are two servers)
For the demonstration purpose, we will use an Ubuntu based Alibaba Cloud Elastic Compute Service (ECS) server.
At the time of writing, Ubuntu 18.04 may not be available on the default images of certain regions yet. To prepare two servers with Ubuntu 18.04, the custom image option can be used. To achieve this,
1. Install one server with 16.04
2. Upgrade the server with 18.04
3. Once the server is Upgraded, Navigate to create image
4. Once the image is created, use this image as custom image for the installation
Step 1: Install Ansible (on the host system / Ansible system)
Ansible is not a directly available package, so you may need to install an Ansible ppa. Run the following commands:
sudo apt-get update
sudo apt-get install software-properties-common
sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible
Step 2: Verify the Version (test if it works!)
ansible — version
Step 3: Update Configuration Files
There are mainly two important configuration files from the Ansible perspective:
- ansible.cfg, as its name implies, contains all the configurations related to the ansible
- hosts file contains a list of all the host files.
Ansible uses the root user to connect to the remote computer. As a best practice, it is not good to use the root as a login user.
If any other user instead of the root user is used for the server configuration then, it is required to update the configuration file to use the alternate user.
To update the remote login user, update the ansible.cfg file remote_user section. In my case, the username is alibabacloud so the configuration updated configuration will be as follows:
remote_user = alibabacloud
The next step is to update the host file, it is advised to group the servers under a logical group. This will not only help your system management smoother but also give you high-level network segmentation. You can implement the host file entries with either domain name or the IP address. Following is our sample host file with required entries.
Step 4: Verifying Connection
Execute the ping command to validate if the connection is working fine:
ansible WebServer -m ping -e 'ansible_python_interpreter=/usr/bin/python3'
Ping before host addition:
Ping after host and user addition:
Latest version of the Ansible requires Python3 as interpreter, it is required to pass the -e ‘ansible_python_interpreter=/usr/bin/python3’. The default python version can be overridden by adding the python interpreter variable to the host inventory file.
Step 5: Update the Remote Server
After the successful connection test, we can apply a first basic command to update the remote server.
ansible WebServer -m apt -a "upgrade=yes update_cache=yes" -b
Here, -m defines the module. For the demonstration purpose, all servers are the Ubuntu-based servers we are using “apt” if the system is Debian based, then replace the “apt” with “deb”. If the system is based on CentOS then, replace it with “yum”, in the case of Fedora replace it with “dnf”
-a denotes the module arguments and -b denotes run commands as a superuser.
upgrade=yes, denotes upgrade the system. If distribution upgrade is required then, the command with upgrade=dist is needed.
update_cache=yes is an equivalent command to the apt-get update.
You can refer to the list of all modules by Ansible from Ansible Modules.
Step 5: Ansible Playbook
Running commands one by one does not make any difference in running a predefined shell script or the Ansible scripts. Ansible playbooks can help to resolve this issue by listing all the required steps (tasks) in one file and run them on the remote server.
The scripts are written in YAML file and uses the same command as we run in the previous step.
Install a WebServer on ECS Server
Installing a web server involves multiple steps. To make it more convenient and easy to understand, Let’s go step by step.
Create a YAML file to install a server and make sure that the service is up and running.
- hosts: WebServer
- name: Install NginX
apt: name=nginx state=latest
- name: Start NginX Service
In the above script out all the hosts defined under WebServer will receive the following tasks.
Task 1: Install latest NginX server
Taks 2: Start Nginx
Deploy Default Website Page
As we installed the web server now, it is time to deploy a default website. For the scope of this blog post, we will deploy a static webpage on the server by modifying the existing playbook.
- name: "HTML Test Deploy"
In the above case the Ansible playbook will synchronize the /default-site folder to destination /var/www/html
The full script can be accessed from: https://github.com/ankyit/ansible-demo/blob/master/install-nginx.yml?spm=a2c41.12741322.214.171.124d01da95OHjNb&file=install-nginx.yml
Let’s say there is more than one server and it is required to configure both servers at the same time. To achieve this, add the new server entry to the inventory file and run the ansible-playbook, in no time both servers will be ready.
It is always recommended to check the changes going to be applied by the playbook. To achieve this, run the playbook with — check parameter. This will do a dry run of the script execution on the server,
If during the playbooks are not running as intended or not giving the expected results then script debug may be required. By running the script with -vvv will provide a verbose output of the execution. This can help in finding the issues.
Ansible in Action
Note: All the scripts discussed here can be accessed from https://github.com/ankyit/ansible-demo?spm=a2c41.127413126.96.36.199d01da95OHjNb