Ansible is an agentless automation tool that by default manages machines over the SSH protocol. Once installed, Ansible does not add a database, and there will be no daemons to start or keep running. You only need to install it on one machine and it can manage an entire fleet of remote machines from that central point. When Ansible manages remote machines, it does not leave software installed or running on them, so there’s no real question about how to upgrade Ansible when moving to a new version.
Currently Ansible can be run from any machine with Python 2 (version 2.7) or Python 3 (versions 3.5 and higher) installed. This includes Red Hat, Debian, CentOS, macOS, any of the BSDs, and so on. Windows is not supported for the control node.
When choosing a control node, bear in mind that any management system benefits from being run near the machines being managed. If you are running Ansible in a cloud, consider running it from a machine inside that cloud. In most cases this will work better than on the open Internet.
On the managed nodes, you need a way to communicate, which is normally SSH. By default this uses SFTP. If that’s not available, you can switch to SCP in ansible.cfg. You also need Python 2 (version 2.6 or later) or Python 3 (version 3.5 or later).
Installation and configuration Steps
Install python 3:
[root@master ~]# yum install python38
[root@master ~]# python3 -V
Python 3.6.8
Installing Ansible on RHEL/CentOS:
[root@master ~]# yum install ansible
[root@master ~]# ansible --version
ansible 2.9.17
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Generate ssh keys on ansible host
[osboxes@master ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/osboxes/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/osboxes/.ssh/id_rsa.
Your public key has been saved in /home/osboxes/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:PTuXzAJKvcu6q8ijdtWHR0Hmh7CxUlgOIRCj8uBO/MI osboxes@master
The key's randomart image is:
+---[RSA 3072]----+
| +o. o+=.o |
|. . ..+ B.. |
|+ . + o.. |
|+o .. o. |
| +. o S o |
|+ . o + = = . |
| E .. . + + = |
| ooo . . + |
|o.+...++o |
+----[SHA256]-----+
Copy the ssh keys from ansible master host to remote server
[osboxes@master ~]$ ssh-copy-id osboxes@databasehost
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/osboxes/.ssh/id_rsa.pub"
The authenticity of host 'databasehost (192.168.1.166)' can't be established.
ECDSA key fingerprint is SHA256:QYhfRimq4gvWwsjg+kul52yjv48WfbcRHaaKgSuUQeE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
osboxes@databasehost's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'osboxes@databasehost'"
and check to make sure that only the key(s) you wanted were added.
Test the SSH connectivity
[osboxes@master ~]$ ssh osboxes@databasehost
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sun Feb 7 01:55:46 2021
[osboxes@databasehost ~]$ exit
logout
Connection to databasehost closed.
Use the following script incase if you want to copy the keys to multiple target hosts at at time.
#!/bin/ksh
#Author: Pavan Bandaru
## Use this script to copy ssh keys to remote servers
echo "Enter your password: "
stty -echo
read -s SSHPASS
export SSHPASS
stty echo
for host in `cat host.txt`
do
sshpass -e ssh-copy-id -f ${host} -o StrictHostKeyChecking=no
done
SSHPASS=""
Note: List the hostnames in host.txt file
cat>host.txt
host1
host2
host3
Add the remote hostname inside /etc/ansible/hosts file and execute ping module to test the connectivity
[root@master ~]# echo databasehost >> /etc/ansible/hosts
[root@master ~]# exit
logout
[osboxes@master ~]$ ansible all -m ping
databasehost | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
No comments:
Post a Comment