Ansible for Absolute Beginners
- Ansible for Absolute Beginners - 30 Days of Ansible (YouTube)
- Ansible Real Life Scenarios (YouTube)
Ansible Guides
Automation with Ansible – All You Want to Learn
You have hundreds and thousands of online documentation and wiki pages for learning Ansible, and this is my attempt to cover Ansible in a simple and beginner level approach. Access all chapters on techbeatly.com.
- ANSIBLE LEARNFEST GUIDE
- Track 1 “Ansible Automation Platform Administrator”
- Track 2 “Automation Content Developer”
Table of Contents
- Ansible for Absolute Beginners
- Ansible - Frequently Asked Questions
- Ansible Automation Platform (Formerly Ansible Tower)
- Ansible Automation Hub
- Ansible Playbook References
- Tools for Ansible
- Ansible for Network Automation
- Ansible and Python Modules
- Ansible Blog/Articles to Follow
- Ansible Interview Questions
- Ansible Modules
- Other References
- Ansible for IBM Power
- Ansible for Arista Networks
- Ansible for CIS Hardening/CIS Check
- Ansible
Ansible - Frequently Asked Questions
- What is Ansible?
- What is IaC?
- What can Ansible do?
- What are the advantages of Ansible?
- How does Ansible work?
- What is a Playbook?
- Are there any requirements for using Ansible?
- What is DevOps?
- How does Ansible fit into DevOps?
- Who is Ansible for? Who should learn Ansible?
- What are prerequisites to learning Ansible?s
Ansible Automation Platform (Formerly Ansible Tower)
Ansible Automation Platform - Containerized Setup
$ export ANSIBLE_COLLECTIONS_PATH=/home/devops/ansible-automation-platform-containerized-setup-bundle-2.4-1-x86_64/collections/
$ ansible-playbook -i inventory ansible.containerized_installer.install
To uninstall a containerized deployment, execute the uninstall.yml playbook.
$ ansible-playbook -i inventory ansible.containerized_installer.uninstall
This will stop all systemd units and containers and then delete all resources used by the containerized installer such as:
- config and data directories/files
- systemd unit files
- podman containers and images
- RPM packages
References:
Removing instance from cluster
bash-4.4$ awx-manage deprovision_instance --hostname aap-rhel-92-2.lab.local
Instance Removed
Successfully deprovisioned aap-rhel-92-2.lab.local
(changed: True)
Installing Ansible Automation Platfom
Note : The Ansible Automation Platform installer only supports Red Hat Enterprise Linux and CentOS.
Enable RHEL and AAP Subscriptions
Make sure you subscribed to Red Hat and added RHEL Subscription.
# subscription-manager register
# subscription-manager attach --pool=<pool_id of RHEL subscription>
# subscription-manager list --consumed
Now, search for Ansible Automation Platform subscription and attach the pool ID.
# subscription-manager list --available --all | grep "Ansible Automation Platform" -B 3 -A 6
# subscription-manager attach --pool=<pool_id>
# subscription-manager list --consumed
Update required repo for AAP 2.1
# subscription-manager repos \
--disable=ansible-automation-platform-2.0-early-access-for-rhel-8-x86_64-rpms
# subscription-manager repos \
--enable=ansible-automation-platform-2.1-for-rhel-8-x86_64-rpms
Prepare for Ansible Automation Platform Installation
- Download the latest Ansible Automation Platform Installation Program from access.redhat.com/downloads or from releases.ansible.com. Refer Download the Ansible Automation Platform Installation Program for more details.
Note: You can download either installation package or bundled package (for disconnected setup).
- Extract the content
$ tar xvzf ansible-tower-setup-latest.tar.gz
$ cd ansible-tower-setup-<tower_version>
Get Registry Credential
You need access to Red Hat Container Registry to fetch the continer images for automation controller and execution environment. You can create a service account in Red Hat registry for the same and use the credential in AAP installation inventory.
# Execution Environment Configuration
# Credentials for container registry to pull execution environment images from,
# comment out registry_username if authentication is not required
registry_url='registry.redhat.io'
registry_username='YOUR_SERICE_ACCOUNT_USERNAME'
registry_password='YOUR_SERICE_ACCOUNT_PASSWORD'
Read more Registry Service Account Management Application
Configure Ansible Automation Platform Installation Inventory
Run Setup Script
# ./setup.sh
You can ignore ignore_preflight_errors if you are testing or preparing home labs.
# ./setup.sh ignore_preflight_errors=true
Root access to the remote machines is required, you need to use any of the below methods
$ ansible_user=root ansible_ssh_pass=”your_password_here” inventory host or group variables
# or
$ ansible_user=root ansible_ssh_private_key_file=”path_to_your_keyfile.pem” inventory host or group variables
# or
$ ANSIBLE_BECOME_METHOD=’sudo’ ANSIBLE_BECOME=True ./setup.sh
Ansible Tower HA and DR
(TODO)
Verify Streaming Replication**
On primary database node
swtich to postgres user.
[ansible@AAP-DB-1 ~]$ sudo su - postgres
Then,
[postgres@AAP-DB-1 ~]$ psql -c 'select application_name, state, sync_priority, sync_state from pg_stat_replication;'
application_name | state | sync_priority | sync_state
------------------+-----------+---------------+------------
awx | streaming | 1 | sync
(1 row)
or
[postgres@AAP-DB-1 ~]$ psql -c 'select client_addr, state, sent_lsn, write_lsn,flush_lsn, replay_lsn from pg_stat_replication;'
client_addr | state | sent_lsn | write_lsn | flush_lsn | replay_lsn
---------------+-----------+-----------+-----------+-----------+------------
192.168.56.32 | streaming | 0/402AF38 | 0/402AF38 | 0/402AF38 | 0/402AF38
(1 row)
[postgres@AAP-DB-1 ~]$ psql -c 'select * from pg_stat_replication;'
pid | usesysid | usename | application_name | client_addr | client_hostname | client_port |
backend_start | backend_xmin | state | sent_lsn | write_lsn | flush_lsn | replay_lsn | write
_lag | flush_lag | replay_lag | sync_priority | sync_state
-------+----------+------------+------------------+---------------+-----------------+-------------+---------
----------------------+--------------+-----------+-----------+-----------+-----------+------------+---------
--------+-----------------+-----------------+---------------+------------
46392 | 23055 | replicator | awx | 192.168.56.32 | | 37668 | 2022-02-
03 07:23:25.296914+00 | | streaming | 0/402B4E0 | 0/402B4E0 | 0/402B4E0 | 0/402B4E0 | 00:00:00
.002516 | 00:00:00.006299 | 00:00:00.007456 | 1 | sync
(1 row)
On secondary/standby database node
Switch to postgres user
[ansible@AAP-DB-2 ~]$ sudo su - postgres
Last login: Thu Feb 3 07:59:07 UTC 2022 on pts/1
[postgres@AAP-DB-2 ~]$
Then,
[postgres@AAP-DB-2 ~]$ psql -c 'select * from pg_stat_wal_receiver;'
pid | status | receive_start_lsn | receive_start_tli | received_lsn | received_tli | last_msg_send_time
| last_msg_receipt_time | latest_end_lsn | latest_end_time | slot_name |
conninfo
-------+-----------+-------------------+-------------------+--------------+--------------+------------------------
-------+-------------------------------+----------------+-------------------------------+-----------+-------------
------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------
51587 | streaming | 0/4000000 | 1 | 0/4031110 | 1 | 2022-02-03 08:15:14.493
483+00 | 2022-02-03 08:15:14.493939+00 | 0/4031110 | 2022-02-03 08:15:14.493483+00 | | user=replica
tor passfile=/var/lib/pgsql/.pgpass channel_binding=prefer dbname=replication host=192.168.56.31 port=5432 applica
tion_name=awx fallback_application_name=walreceiver sslmode=prefer sslcompression=0 ssl_min_protocol_version=TLSv1
.2 gssencmode=prefer krbsrvname=postgres target_session_attrs=any
(1 row)
or,
[postgres@AAP-DB-2 ~]$ psql -c 'SELECT pg_last_xact_replay_timestamp();'
pg_last_xact_replay_timestamp
-------------------------------
2022-02-03 08:15:54.592737+00
(1 row)
Ansible Tower HA Failover
Check current Tower database configurations.
[root@AnsibleController1x-1 ~]# cat /etc/tower/conf.d/postgres.py
# Ansible Tower database settings.
DATABASES = {
'default': {
'ATOMIC_REQUESTS': True,
'ENGINE': 'awx.main.db.profiled_pg',
'NAME': 'awx',
'USER': 'awx',
'PASSWORD': """aapadmin""",
'HOST': 'aap-db-1.lab.local',
'PORT': '5432',
'OPTIONS': { 'sslmode': 'prefer',
'sslrootcert': '/etc/pki/tls/certs/ca-bundle.crt',
},
}
}
- redhat-cop/automate-tower-ha-dr
- Ansible Tower High Availability and Disaster Recovery - April 8, 2019 / Marc Petrivelli, Red Hat Blog
Database tips
Check Data path
[postgres@AAP-DB-2 ~]$ pg_ctl status
pg_ctl: server is running (PID: 51581)
/usr/bin/postgres "-D" "/var/lib/pgsql/data"
[postgres@AAP-DB-2 ~]$ psql -c "SHOW data_directory;"
data_directory
---------------------
/var/lib/pgsql/data
(1 row)
Ansible Tower with database SSL connection enabled
Verify SSL Certificate-Key pair
If all the three match, the SSL certificate matches the Private Key.
# SSL certificate
$ openssl x509 –noout –modulus –in <file>.crt | openssl md5
# RSA private key
$ openssl rsa –noout –modulus –in <file>.key | openssl md5
# CSR
$ openssl req -noout -modulus -in <file>.csr | openssl md5
SSL Certificate with Passphrase
- After Replacing Self-Signed Certificate with Passphrase in Ansible Tower, How Do I Correct Issues with Nginx Service Failing to Start?
- Using ssl_password_file for nginx
Troubleshooting
- Resolve error occurred while running Ansible Tower installation
- Why Ansile Tower Setup Is Failing At ‘Migrate the Tower database schema’ Task With Errors ‘Server does not support SSL’ / ‘certificate verify failed’ / ‘no pg_hba.conf entry for host’ When Connecting To PostgreSQL Database With SSL Enabled ?
- How to install a CA certificate on Red Hat Enterprise Linux 7 and later
- How Can I Bypass “noexec” Permission Issue On “/tmp” and “/var/tmp” During Ansible Tower Installation?s
- Verify SSL is enabled on PGSQL
- Why is Ansible Tower Restore Process Failing With Error
no pg_hba.conf entry for host x.x.x.x?
References
- Explore Ansible Automation Platform - Hands on Lab/Practices via instruqt.
- Red Hat Ansible Automation Platform installation guide - 2.
- Red Hat Ansible Automation Platform installation guide - 2.0(2.0-EA)
- Ansible Automation Platform 2.0 Early Access Homepage
- What’s New in Ansible Automation Controller 4.0
-
What Happens to an Ansible Tower Installation After the Subscription/License has Expired?
- Red Hat Ansible Automation Platform Life Cycle
- Red Hat Ansible Tower Life Cycle - Details about Ansible Tower and Ansible Automation Platform Life Cycle, End of Life, End of Support etc.
- Ansible Tower Installation and Reference Guide
- Preparing for the Ansible Automation Platform Installation
- Ansible Automation Platform Quick Installation Guide v3.8.0
- Installing Ansible Automation Platform
- Ansible Tower Administration Guide (3.8.3) [PDF]
- Which Ports and Services Should I Monitor for Ansible Tower?
- Ansible Automation Platform Installation and Reference Guide v3.8.0
- Tower - Previous versions
- Guidelines, Troubleshooting, and Recommended Configurations for Ansible Tower
Ansible Automation Hub
Ansible Playbook References
- Ansible Examples (Forked from @ansible)
- Ansible for DevOps (Forked from geerlingguy)
- Ansible NXOS Samples (Network Automation)
Tools for Ansible
Ansible for Network Automation
Ansible and Python Modules
- How to set up and use Python virtual environments for Ansible
- Running in a virtualenv
- How to install pip on Red Hat Enterprise Linux?
pip install --target=/your/pyinstalldir loremipsum
pip install fortiosapi --target=/var/lib/awx/venv/ansible/lib/python2.7/site-packages
pip list --target=/var/lib/awx/venv/ansible/lib/python2.7/site-packages
# subscription-manager repos --enable rhel-server-rhscl-7-rpms
# yum install python27-python-pip
Switch to a normal user and check the pip
$ scl enable python27 bash
$ which pip
$ pip -V
For Existing Tower
# source /var/lib/awx/venv/ansible/bin/activate
# umask 0022
# pip install --upgrade pywinrm
# deactivate
Ansible and Python 3
- Python 3 Support
- How Can I Use Virtual Environment with Python3 on RHEL 7 for Ansible Tower?
- How do I use Python 3 in Ansible Tower?
- Ansible and Python 3 (docs.ansible.com/)
Ansible 2.5 and above work with Python 3.
[ansible@vm-ans-02 ~]$ ansible --version |grep python
ansible python module location = /usr/lib/python2.7/site-packages/ansible
python version = 2.7.5 (default, Sep 26 2019, 13:23:47) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Ansible Blog/Articles to Follow
Ansible Interview Questions
Ansible Modules
Other References
- Red Hat Ansible Tower Life Cycle
- Red Hat Ansible Automation Platform Workshops
- DEEP DIVE INTO ANSIBLE NETWORK RESOURCE MODULE
Ansible for IBM Power
Ansible for Arista Networks
Ansible for CIS Hardening/CIS Check
Ansible
$ ldapsearch -x -H ldap://192.168.57.137:389 -D "CN=ansible_bind,CN=Users,DC=example,DC=com" -b "dc=example,dc=com" -w yourbindpassword
# search for a specific user
$ ldapsearch -x -H ldap://192.168.57.137:389 -D "CN=ansible_bind,CN=Users,DC=example,DC=com" -w yourbindpassword -b "cn=devops,cn=Users,dc=example,dc=com"
LDAP Organization Map
{
"XYZCorp-CaC": {
"users": true,
"admins": "CN=ansible_admins,OU=AAP,DC=example,DC=com",
"remove_users": false,
"remove_admins": false
}
}
LDAP Team Map
{
"cac-admins": {
"users": "cn=ansible_admins,ou=AAP,dc=example,dc=com",
"remove": true,
"organization": "XYZCorp-CaC"
},
"cac-operators": {
"users": "cn=ansible_operators,ou=AAP,dc=example,dc=com",
"remove": true,
"organization": "XYZCorp-CaC"
}
}