----BEGIN CLASS---- [12:59] #startclass [12:59] Hello everyone. [12:59] Welcome back to the summer training sessions. [13:00] Today's session is about Ansible, trishnag is our speaker. [13:00] Remember to type ! if you have any questions. [13:00] trishnag, stage is all yours. [13:00] Thanks kushal [13:00] trishnag, Feel free to say a few lines about yourself. [13:01] Hello all! My name is Trishna Guha. I work with Red Hat on Ansible team, mostly focusing on Network device Automation. I used to worked with Fedora engineering prior this as Intern. [13:02] Today we will have basic session of Ansible. [13:02] I hope you all have Ansible installed on your system and ssh key generated as asked in the email. [13:03] Please check $ ansible --version on your system. If it returns the version which is less than 2.6.0, please upgrade. [13:04] Any questions so far? [13:05] alright let's begin then. [13:05] Ansible is a simple open source IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs. [13:06] This is what Internet returns if you search about Ansible. [13:06] Now let’s suppose I have installed Fedora 29. Can anyone list down the tasks that we usually do after installing the Operating System? [13:07] enable ssh [13:07] running basic commands [13:07] configure firewall [13:07] add ssh keys [13:07] Install some packages [13:07] disabl password login [13:07] upgrade packages [13:08] s/disabl/disable [13:08] Configure my Terminal [13:08] Great! [13:08] 1. Update and upgrade system [13:09] 2. Install required software [13:09] 3. Set up repositories [13:09] 4. Change configurations [13:09] 5. Enable and start services like ssh, httpd, docker etc [13:10] Say we have to do it across 1000 machines, will it feasible or scalable or faster if we have to do it all manually to each machines on at a time? [13:11] s/on/one [13:11] nope [13:11] no [13:11] no [13:11] no [13:11] no [13:11] no [13:11] definitely not [13:11] No [13:11] no [13:11] nope [13:11] no [13:11] nope [13:12] no [13:12] now that you have all agreed, this is where Ansible comes in to the picture. [13:12] Ansible uses SSH by default as a network transport to communicate with the hosts/machines. [13:14] It's Architecture is based upon two machines. 1. Where you have all installed Ansible i.e your system is called Control node. 2. The machine we are trying to configure is called Managed host. [13:14] Now will you all please add your ssh key to your local system authorized keys with $ ssh-copy-id @127.0.0.1 [13:16] ! [13:16] next [13:17] trying to connect $ ssh-copy-id @127.0.0.1 i have this result /usr/bin/ssh-copy-id: ERROR: ssh: connect to host 127.0.0.1 port 22: Connection refused [13:17] yurii_p: I guess sshd is not running, try `sudo systemctl start sshd` [13:18] yurii_p: please check if you have sshd service running [13:18] thanks [13:18] we will wait for couple of minutes more to make sure everybody is on the same page. [13:19] ! [13:19] trishang how can i check sshd service running [13:19] next [13:19] yurii_p: sudo systemctl status sshd [13:20] i'm having the error no identities found [13:20] It will show "active" [13:20] ! [13:20] Unit sshd.service could not be found. [13:20] pdas, have you generated the ssh-keys as suggested by trishnag in the email? [13:20] yurii_p, are you using ubuntu? [13:20] yes [13:20] yes [13:21] yurii_p, please install openssh-server [13:21] pdas: is your pub key in ~/.ssh dir? [13:22] ok [13:22] well i saved it in desktop.pub [13:22] that's the reason [13:23] ! [13:23] pdas: use $ ssh-copy-id -i @127.0.0.1 [13:23] next [13:23] I apologize for showing up late to the session. I am very excited to learn more about Ansible, so thank you for taking the time for the session! My Q is, what are other network transports that can be used to comm with other machines? [13:23] brute4s99, please type in full English words. [13:24] s/comm/communicate [13:24] ! [13:24] brute4s99: the list is available here https://docs.ansible.com/ansible/latest/plugins/connection.html#plugin-list [13:24] next [13:24] what to do next [13:24] The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.ECDSA key fingerprint is SHA256 [13:24] thank you, trishnag :D [13:25] thanks to everyone help - it looks working now ---- Number of key(s) added: 1 Now try logging into the machine, with: "ssh '****@127.0.0.1'" and check to make sure that only the key(s) you wanted were added. [13:25] brute4s99, You also typed Q, which is an alphabet, but, not a word. [13:26] mzeeqazi44: is that a warning or are you getting Permission denied? [13:26] trishnag this the exact warning [13:26] mzeeqazi44: You might have a prompt after that asking for Y/N? [13:27] I'm sorry, kushal. I will be more careful. :) [13:27] mzeeqazi44, press enter. [13:27] next [13:27] trishnag yes i have prompt asking for y/n [13:27] mzeeqazi44, that warning is natural for the first time. Go with yes. [13:27] I got this after running ssh-copy-id command https://paste.fedoraproject.org/paste/CHESZjrQgs5YK~aTWyeY3w [13:28] Is this correct? [13:28] if there is no error, it succeeded [13:29] prokbird: that means you already have the keys added. you can just ssh to verify that. [13:29] next [13:29] ! [13:29] next [13:30] now i have permission denied [13:30] ! [13:31] mzeeqazi44: are you using root user anyhow? [13:31] my issue got resolved, thanks [13:32] next [13:32] we will move on to the next step after this question. [13:33] Now everyone execute $ ansible all -i "localhost," -c local -m ping [13:33] Do you get "SUCCESS"? [13:33] yes [13:33] yes [13:33] yes [13:33] yes [13:33] yes [13:33] yes [13:33] yes [13:33] yes [13:34] yes [13:34] perfect! [13:34] yes [13:34] pong [13:34] yes [13:34] yes [13:34] With this command we have sent a ping to our localhost and then localhost replied back with pong. [13:34] ! [13:34] Here 'changed' flag in output has returned False which means no configuration change happened when we executed this step [13:34] next [13:35] why is there a ',' in 'localhost,' seems odd? [13:35] sigmapie8: It means you can pass many more hosts/machines with it. [13:35] yes,success [13:36] so say you want to run it on another host called "remotehost"; your command would be $ ansible all -i "localhost,remotehost" -c local -m ping [13:37] trishnag: yes! [13:37] sigmapie8: hope that answers your doubt. [13:37] trishnag, yes. Although I still feel odd using ',' with just one host. [13:37] ! [13:37] sigmapie8: you can skip the "," if you want with one host. [13:37] next [13:38] are all the remote hosts called inventory? or does that have some other meaning? [13:38] we will talk about it after some time. [13:38] okay [13:38] Now everyone please execute $ ansible all -i "localhost," -c local -m shell -a '/bin/echo hello' [13:39] hello came back :) [13:39] Does it return "hello"? [13:39] yes [13:39] yes [13:39] yes [13:39] yes [13:39] yes [13:39] yes [13:39] yes [13:39] yes [13:39] changed [13:39] trishnag: yes! [13:39] yes [13:40] yes [13:40] With this command we used “shell" to execute the command “/bin/echo hello” on the host. we will learn what module is later in the session. [13:40] s/"shell"/"shell module" [13:42] ! [13:42] next [13:42] ! [13:43] trishnag: As you said eariler we can avoid ```,``` in the above command ,but its giving me an error [13:43] I have the same observation as nightwarrior-xxx [13:44] what is the error? [13:44] please paste in a pastebin [13:44] It is the same case for me. [13:44] then just follow instructions for now and experiment later nightwarrior-xxx, sigmapie8. let trishnag carry on with her session [13:44] jasonbraganza, agreed. [13:45] jasonbraganza: ok [13:45] alright. [13:45] All the ansible commands that we have used till now are called ad-hoc command which is something that you might type in to do something really quick, but don’t want to save for later. [13:46] Now everyone please create a directory called "demo" and cd to the directory and create a file called "hosts" [13:47] done [13:47] done [13:47] done [13:47] done [13:47] done [13:47] done [13:47] done [13:47] done [13:47] done [13:48] done [13:48] done [13:48] done [13:48] Content of the file hosts [13:49] done [13:50] after that execute the command $ ansible all -i hosts -m shell -a '/bin/echo hello' [13:50] It should work/return result as before. [13:50] yes [13:50] yes [13:50] worked [13:51] worked [13:51] yes [13:51] The file "hosts" we just created is called inventory in Ansible. Inventory is a file on the control node that contains a list of host names or IP addresses of the servers. [13:52] Default inventory file is present /etc/ansible/hosts and we can create our own inventory just like we did and use -i flag to use our own inventory file. [13:52] ! [13:53] next [13:53] what other values of ansible_connection can be there? [13:53] sigmapie8: https://docs.ansible.com/ansible/latest/plugins/connection.html#plugin-list [13:54] Now everyone please take a look at the /etc/ansible/hosts file and ask question if anything does not make sense. [13:55] trishnag, I am a bit confused what does ansible_connection signify? [13:56] sigmapie8, hold that thought and ask after the session [13:56] for me it is /usr/share/ansible/doc/examples/hosts <- if people can't find it in /etc/ansible/ [13:56] jasonbraganza, okay. [13:56] ! [13:57] sigmapie8: ansible_connection signifies which network protocol to use. since we are communicating with localhost, we used local. "local" is built for communicating/executing anything on control node. [13:57] ! [13:57] ! [13:57] If you want to communicate to remote server with ssh, you pass the value "ssh" to connection. Ansible by default uses "ssh" as connection plugin [13:57] next [13:57] what is the purpose of the default inventory file? (We can always maintain one anywhere we want to) [13:59] ! [14:00] how is this related. please try to stay on topic [14:00] by the way, I can't find the default file in my sys.(I used virtualenv) [14:00] brute4s99: yes ofcourse! if you want to have everything in your default inventory file you can have it there and it is more for systemwide use if you want to have one inventory for everything. [14:01] ah, okay. Thanks trishnag :D [14:01] in case you do not have any custom inventory, ansible uses it by default [14:01] brute4s99: see my previous post (if you install using pacman in arch) [14:01] next [14:01] I am getting warnings while running ansible all -i hosts -m shell -a '/bin/echo hello' command. https://paste.fedoraproject.org/paste/aHQN6qD7OfjM7sO20fMKRA [14:02] I used pip in virtualenv, j605. I'm still running a search for all "hosts" files in my sys [14:02] prokbird: looks like you have added "<" also in there. [14:02] yes [14:02] brute4s99, you can refer to this one https://github.com/ansible/ansible/blob/devel/examples/hosts [14:02] it is just "localhost ansible_connection=local" [14:02] next [14:03] thanks, bhavin192 ! :D [14:03] can we use any regex pattern in the pattern string ? [14:04] trishnag, it worked. thanks :) [14:04] ananyo: yes. more about patters if you are interested https://docs.ansible.com/ansible/latest/user_guide/intro_patterns.html [14:04] s/patters/patterns [14:04] trishnag, Thanks ! [14:04] next [14:05] The file we created in demo repo i.e 'hosts', after running that command ansible generated a file with same name that stores all the hosts in etc/ansible/hosts . Right ? Or 'hosts' file is already there by default becuase that's what the file content says. [14:05] nightwarrior-xxx: /etc/ansible/host is by default there when you installed ansible [14:05] s/host/hosts [14:06] the custom inventory we created in "demo" directory can be of any name. It doesn't have to be hosts. [14:06] next [14:06] trishnag: Ok,thanks [14:07] I wonder why no one asked about the terms ungroup and group :). [14:07] ah, I can see python slicing :D [14:07] ! [14:08] The way we added "localhost" in our custom inventory, we call it "ungrouped" hosts. [14:10] now what is group -> say we want to push same configuration to 30 webservers, we will associate all the 30 hosts with a group so we can just use that group when we want to configure it. [14:10] next [14:10] can I use the pattern anywhere? for eg: will this work ->`192.168.0.[100:105]` ? [14:11] brute4s99: yes. please give it try a after the session. [14:11] Now in the "hosts" file, on the top of your localhost add [webserver]. **Do not put it on the same line**. [14:12] ! [14:12] now execute $ ansible webserver -i hosts -m shell -a '/bin/echo hello' [14:12] next [14:12] working [14:12] what ## signify? [14:13] prokbird: that is used for commenting out [14:13] ! [14:13] next [14:13] can we keep multiple hosts file in same directory? [14:14] ! [14:14] ananyo: yes [14:14] Then how does group resolve in that case ? [14:14] In the last command we executed, we haven’t used the term “all” in the command anymore, what we just did here is tell ansible to execute this task/command for the specific group webserver only. [14:15] ! [14:15] we still used `-i hosts` [14:15] now you can have multiple groups in your hosts file. And say you want configure same thing for all groups, you will need to use "all" in the command $ ansible all -i hosts -m shell -a '/bin/echo hello' [14:15] ananyo: hope that answers your question [14:16] j605: we will come to it later [14:16] next [14:16] j605, trishnag got the answer [14:16] trishnag:Already answered in ananyo question .Thanks [14:16] next [14:16] can we have group of groups? [14:17] trishnag, can we have group of groups? [14:17] sigmapie8: yes. more details can be found here https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html [14:17] next [14:18] ! [14:19] Here if you have noticed we are passing what operations need to be executed via command line argument all the time. [14:19] We would not want to run these modules/task as argument everytime we want to configure something as it will neither be feasible nor scalable if we want to execute multiple operations at a time and we want the operations to be saved. [14:20] This is where the term “playbook” comes into play. [14:20] Playbook is a YAML file that contains one or more plays where each play contains target host and performs a series of tasks on the host or group of hosts, specified in the play. [14:21] In the command "ansible webserver -i hosts -m shell -a '/bin/echo hello'", we have used shell module. [14:22] Modules are the programs that perform the actual work of the tasks of a play. The modules referenced in the playbook are copied to the managed hosts. Then they are executed, in order, with the arguments specified in the playbook. [14:22] nexy [14:22] next [14:22] can I invoke just the hosts that are ungrouped ? [14:23] yes [14:23] Now create a file called “demo.yml” in the same directory session. [14:23] Content of the file https://gist.github.com/trishnaguha/18352fc138168111d0d015e84c3ace67 [14:24] Save the file and run the command $ ansible-playbook demo.yml -i hosts -v [14:25] “ansible” is the command we were using for ad-hoc commands where as “ansible-playbook” is the command for running playbook. [14:25] please excuse me [14:26] jasonbraganza: Thanks for joining us! [14:26] Please inform when it is Done. [14:27] done [14:27] ! [14:27] done [14:27] done [14:27] done [14:27] I'm having issues [14:27] ERROR! 'shell' is not a valid attribute for a Play [14:27] Error [14:27] I am getting same error [14:28] Here's the error https://paste.fedoraproject.org/paste/Gl7mOCgWbzk4P9iU6ELE6w [14:28] error [14:28] done [14:28] brute4s99, dharmateja please check your indentation while copying [14:28] dharmateja: there are indentation issues with your paste [14:29] ah, thanks philomath ! [14:29] brute4s99: dharmateja your indentation doesn't look right [14:29] please copy and paste as it is from the gist [14:29] done :D [14:29] ok [14:30] ! [14:30] let's walk through the playbook that we just created [14:30] next [14:30] Thanks. Issue is resolved. [14:30] next [14:30] why is the extension .yml for playbook file? [14:30] brute4s99: because it is a yaml file. either use .yaml or .yml [14:30] ! (follow up) [14:30] done [14:31] In the playbook, "hosts:" keyword points to the target host we want execute the operation against. [14:31] "connection" the connection plugin we want to use to communicate with the host [14:32] The keyword "tasks" contains the operations that are to be performed on the destination host. Each operation are called task. We can add multiple tasks under this section. [14:32] please excuse me. I've to catch the bus back to home. Will join back once I reach. [14:32] In the next step we will add another task. [14:32] next [14:33] what are connection plugins, trishnag ? [14:33] ! [14:33] brute4s99: https://docs.ansible.com/ansible/latest/plugins/connection.html#plugin-list [14:33] brute4s99: the connection/network protocols [14:33] next [14:34] ! [14:34] we specified connection setting in hosts and I think it is taking precedent over the playbook [14:34] am I right? [14:35] ! [14:35] j605: no. playbook the precedence over inventory file [14:36] s/playbook/playbook has [14:36] j605: precedence docs https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable [14:36] next [14:37] I had the same question as j605 thanks [14:37] next [14:37] so what should be the output of -- $ ansible-playbook demo.yml -i hosts -v ? [14:37] yurii_p: Can you run it and see? [14:37] -v means verbose output. [14:38] next [14:38] since we were talking about running multiple tasks [14:38] Let’s add ping module now in the same playbook. Here we will run the "/echo hello" command with shell, then use "ping" module to ping the host. [14:38] I see this PLAY [webserver] *************************************************************** TASK [Gathering Facts] ********************************************************* ok: [localhost] [14:38] and so on -- is it ok [14:38] Content of the playbook now would be https://gist.github.com/trishnaguha/17528979f41fa45092b683e6be4df152 [14:39] yurii_p: yes looks good [14:39] thanks [14:39] After saving the file, use the same command to execute the playbook ansible-playbook demo.yml -i hosts -v [14:40] done [14:40] done [14:40] done [14:40] done [14:40] done [14:41] done [14:41] done [14:41] done [14:41] done [14:41] ! [14:41] done [14:42] ok: [localhost] => {"changed": false, "ping": "pong"} [14:42] next [14:42] why does it show "changed=1" for the shell task? [14:43] brute4s99: it is because the timestamp keeps on changing. [14:43] next [14:43] ! [14:43] next [14:43] what does "rc": 0 mean? [14:43] oh, thanks trishnag ! :D [14:43] dharmateja: return code. If the task is successful it is 0. otherwise usually 1 [14:44] next [14:44] ! [14:44] I remember one of you asked about passing the inventory file "hosts" with -i. Let's see how we can eliminate it. [14:45] next [14:45] what is delta": "0:00:00.010029" ? [14:45] prokbird, start time - end time [14:45] sorry endtime - start time [14:45] right [14:46] Certain settings in Ansible are adjustable via a configuration file (ansible.cfg) [14:46] sigmapie8, thanks :) [14:46] Default configuration is found here /etc/ansible/ansible.cfg [14:47] Now we will create a custom ansible.cfg file in working directory "demo". [14:47] Add the content https://gist.github.com/trishnaguha/2b8faf91320e5057a3a0024f5a94e810 in the ansible.cfg file. [14:49] done [14:49] `[defaults]` is tag in ansible.cfg file where we can pass certain configuration for our playbooks. Here means we are telling ansible to use the inventory file "hosts". [14:50] done. So now it doesn't require `-i hosts` [14:50]