Ansible can be very useful for Swarm cluster administration. See the extensive documentation on Ansible at docs.Ansible.com.
Following is basic setup and configuration.
Install Ansible
The simplest way to install Ansible is to use yum on a RHEL/CentOS server. This will typically get you version 2.1 or 2.3 of Ansible, which not the latest version (2.9, at time of writing) but would be usable for most operations.
To get a newer version, first install epel-release and then install Ansible:
[root@caringoadminserver /]# yum install epel-release -y [root@caringoadminserver /]# yum install ansible Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirror.ox.ac.uk * epel: fedora.cu.be * extras: ftp.heanet.ie * updates: mirror.sov.uk.goscomb.net Resolving Dependencies --> Running transaction check ---> Package ansible.noarch 0:2.9.3-1.el7 will be updated ---> Package ansible.noarch 0:2.9.6-1.el7 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================ Package Arch Version Repository Size ================================================================================================================================ Updating: ansible noarch 2.9.6-1.el7 epel 17 M Transaction Summary ================================================================================================================================ Upgrade 1 Package Total download size: 17 M Is this ok [y/d/N]: y Downloading packages: epel/x86_64/prestodelta | 2.2 kB 00:00:00 ansible-2.9.6-1.el7.noarch.rpm | 17 MB 00:00:03 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : ansible-2.9.6-1.el7.noarch 1/2 Cleanup : ansible-2.9.3-1.el7.noarch 2/2 Verifying : ansible-2.9.6-1.el7.noarch 1/2 Verifying : ansible-2.9.3-1.el7.noarch 2/2 Updated: ansible.noarch 0:2.9.6-1.el7 Complete! [root@caringoadminserver /]#
The minimal dependencies required for Ansible are taken care of during the install procedure above.
Ansible uses parallel ssh sessions to manage the hosts, and this can be configured to use existing ssh keys. The managed hosts should be set up to use password-less auth from the server where Ansible is installed.
For simplicity, we'll use the root user for now, as that is available on all systems.
Best practice
In production, always configure an Ansible user per system that you plan to pull under orchestration and use that Ansible user when making changes.
Set up password-less authentication
Digital Ocean has a good walk-through on key-based auth: How To Configure SSH Key-Based Authentication on a Linux Server
We'll go through a basic version below.
First, we need an SSH key. The command to create this is:
ssh-keygen -t rsa
Follow the prompts to fill in details.
Next, use the tool ssh-copy-id to copy the key to any systems that you would like to manage via Ansible.
For example, if we had servers called elasticsearchserver, cloudgatewayserver and platformserver, this is how we would use ssh-copy-id to copy the root keys:
[root@caringoadminserver /]# ssh-copy-id root@elasticsearchserverhostnameorip [root@caringoadminserver /]# ssh-copy-id root@cloudgatewayserverhostnameorip [root@caringoadminserver /]# ssh-copy-id root@platformserverhostnameorip
This is how we would use IP addresses:
[root@caringoadminserver /]# ssh-copy-id root@192.168.1.10 [root@caringoadminserver /]# ssh-copy-id root@192.168.1.20 [root@caringoadminserver /]# ssh-copy-id root@192.168.1.5
Once the password-less auth is setup, the next step is to go back to Ansible configuration.
Configure Ansible Host/Inventory files
The Ansible hosts file is a list of IP addresses or hostnames in groups that can be used to run commands against. This can be in INI or YAML (.ini or .yaml) format.
By default the location of the base inventory file is in /etc/ansible/hosts
.
An example hosts file would look like this (INI format):
[csn] 192.168.1.5 [elasticsearch] 192.168.1.10 192.168.1.11 [gateway] 192.168.1.20 [allcaringo] 192.168.1.5 192.168.1.10 192.168.1.11 192.168.1.20
In the example above, the IP addresses could be replaced with host names as long as the Ansible host can resolve the host.
Run an Ansible command
There are a few different ways that you can use Ansible commands.
The first would be to use the Ansible command as-is. This operates Ansible in "ad-hoc" mode.
This mode allows you to run very basic commands against multiple hosts/groups of hosts.
For example:
[root@caringoadminserver /]# ansible allcaringo -m ping
You should receive a result similar to the below output:
[root@caringoadminserver ~]# ansible allcaringo -m ping 127.0.0.1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 172.29.0.3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 172.29.1.20 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 172.29.1.21 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 172.29.1.22 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
Breaking this down, the Ansible command means we are using Ansible in ad-hoc mode.
- The "allcaringo" section refers to the hosts in the host inventory we created earlier. If we were to replace "allcaringo" with "elasticsearch", the command would only apply to the 2 elasticsearch hosts we have defined.
- The -m flag refers to the module we're using, in this case "ping". Modules are pre-written tool sets that allow you to run commands against multiple hosts.
There are hundreds of modules. Here are a few basic ones that are frequently used:
module | usage |
---|---|
ping | ping a host |
archive | compress a file |
command | run a command on a host |
lineinfile | check for a line of text in a file and add it if not present |
service | start stop enable a service |
url | make a http call to a url |
yum | install a package on a RHEL/CentOS host |
user | interact with PAM |
template | apply a template of a file e.g. config file |
We'll review these and others in more detail separately.