How to install ansible:
==============
[root@ansimaster ~]# yum install ansible
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: repos.del.extreme-ix.org
* epel: repos.del.extreme-ix.org
* extras: repos.del.extreme-ix.org
* updates: repos.del.extreme-ix.org
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.7.10-1.el7 will be installed
--> Processing Dependency: PyYAML for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python-crypto for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python-httplib2 for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python-jinja2 for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python-keyczar for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python-paramiko for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python2-jmespath for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: sshpass for package: ansible-2.7.10-1.el7.noarch
--> Running transaction check
---> Package PyYAML.x86_64 0:3.10-11.el7 will be installed
--> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-11.el7.x86_64
---> Package python-httplib2.noarch 0:0.9.2-1.el7 will be installed
---> Package python-jinja2.noarch 0:2.7.2-2.el7 will be installed
--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-2.el7.noarch
--> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-2.el7.noarch
---> Package python-keyczar.noarch 0:0.71c-2.el7 will be installed
---> Package python-paramiko.noarch 0:2.1.1-9.el7 will be installed
---> Package python2-crypto.x86_64 0:2.6.1-16.el7 will be installed
--> Processing Dependency: libtomcrypt.so.0()(64bit) for package: python2-crypto-2.6.1-16.el7.x86_64
---> Package python2-jmespath.noarch 0:0.9.0-3.el7 will be installed
---> Package sshpass.x86_64 0:1.06-2.el7 will be installed
--> Running transaction check
---> Package libtomcrypt.x86_64 0:1.17-26.el7 will be installed
--> Processing Dependency: libtommath >= 0.42.0 for package: libtomcrypt-1.17-26.el7.x86_64
--> Processing Dependency: libtommath.so.0()(64bit) for package: libtomcrypt-1.17-26.el7.x86_64
---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed
---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed
---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed
--> Running transaction check
---> Package libtommath.x86_64 0:0.42.0-6.el7 will be installed
--> Finished Dependency Resolution
/var/cache/yum/x86_64/7/base/gen/comps.xml: no element found: line 1, column 0
/var/cache/yum/x86_64/7/epel/gen/comps.xml: no element found: line 1, column 0
Dependencies Resolved
=========================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================
Installing:
ansible noarch 2.7.10-1.el7 epel 11 M
Installing for dependencies:
PyYAML x86_64 3.10-11.el7 base 153 k
libtomcrypt x86_64 1.17-26.el7 extras 224 k
libtommath x86_64 0.42.0-6.el7 extras 36 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-httplib2 noarch 0.9.2-1.el7 extras 115 k
python-jinja2 noarch 2.7.2-2.el7 base 515 k
python-keyczar noarch 0.71c-2.el7 epel 218 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
python-paramiko noarch 2.1.1-9.el7 updates 269 k
python2-crypto x86_64 2.6.1-16.el7 epel 477 k
python2-jmespath noarch 0.9.0-3.el7 extras 39 k
sshpass x86_64 1.06-2.el7 extras 21 k
Transaction Summary
=========================================================================================================================================
Install 1 Package (+13 Dependent packages)
Total download size: 15 M
Installed size: 74 M
Is this ok [y/d/N]: y
Downloading packages:
(1/14): libtommath-0.42.0-6.el7.x86_64.rpm | 36 kB 00:00:00
(2/14): libyaml-0.1.4-11.el7_0.x86_64.rpm | 55 kB 00:00:00
(3/14): libtomcrypt-1.17-26.el7.x86_64.rpm | 224 kB 00:00:00
(4/14): PyYAML-3.10-11.el7.x86_64.rpm | 153 kB 00:00:00
(5/14): python-jinja2-2.7.2-2.el7.noarch.rpm | 515 kB 00:00:00
(6/14): python-httplib2-0.9.2-1.el7.noarch.rpm | 115 kB 00:00:00
(7/14): python-babel-0.9.6-8.el7.noarch.rpm | 1.4 MB 00:00:00
(8/14): ansible-2.7.10-1.el7.noarch.rpm | 11 MB 00:00:03
(9/14): python-keyczar-0.71c-2.el7.noarch.rpm | 218 kB 00:00:00
(10/14): python2-crypto-2.6.1-16.el7.x86_64.rpm | 477 kB 00:00:00
(11/14): sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00
(12/14): python-markupsafe-0.11-10.el7.x86_64.rpm | 25 kB 00:00:00
(13/14): python2-jmespath-0.9.0-3.el7.noarch.rpm | 39 kB 00:00:00
(14/14): python-paramiko-2.1.1-9.el7.noarch.rpm | 269 kB 00:00:00
-----------------------------------------------------------------------------------------------------------------------------------------
Total 3.2 MB/s | 15 MB 00:00:04
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-httplib2-0.9.2-1.el7.noarch 1/14
Installing : sshpass-1.06-2.el7.x86_64 2/14
Installing : libtommath-0.42.0-6.el7.x86_64 3/14
Installing : libtomcrypt-1.17-26.el7.x86_64 4/14
Installing : python2-crypto-2.6.1-16.el7.x86_64 5/14
Installing : python-keyczar-0.71c-2.el7.noarch 6/14
Installing : python-babel-0.9.6-8.el7.noarch 7/14
Installing : python-markupsafe-0.11-10.el7.x86_64 8/14
Installing : python-jinja2-2.7.2-2.el7.noarch 9/14
Installing : python-paramiko-2.1.1-9.el7.noarch 10/14
Installing : python2-jmespath-0.9.0-3.el7.noarch 11/14
Installing : libyaml-0.1.4-11.el7_0.x86_64 12/14
Installing : PyYAML-3.10-11.el7.x86_64 13/14
Installing : ansible-2.7.10-1.el7.noarch 14/14
Verifying : python-keyczar-0.71c-2.el7.noarch 1/14
Verifying : libyaml-0.1.4-11.el7_0.x86_64 2/14
Verifying : python-jinja2-2.7.2-2.el7.noarch 3/14
Verifying : python2-jmespath-0.9.0-3.el7.noarch 4/14
Verifying : python-paramiko-2.1.1-9.el7.noarch 5/14
Verifying : python-markupsafe-0.11-10.el7.x86_64 6/14
Verifying : python-babel-0.9.6-8.el7.noarch 7/14
Verifying : python2-crypto-2.6.1-16.el7.x86_64 8/14
Verifying : libtommath-0.42.0-6.el7.x86_64 9/14
Verifying : sshpass-1.06-2.el7.x86_64 10/14
Verifying : python-httplib2-0.9.2-1.el7.noarch 11/14
Verifying : ansible-2.7.10-1.el7.noarch 12/14
Verifying : PyYAML-3.10-11.el7.x86_64 13/14
Verifying : libtomcrypt-1.17-26.el7.x86_64 14/14
Installed:
ansible.noarch 0:2.7.10-1.el7
Dependency Installed:
PyYAML.x86_64 0:3.10-11.el7 libtomcrypt.x86_64 0:1.17-26.el7 libtommath.x86_64 0:0.42.0-6.el7
libyaml.x86_64 0:0.1.4-11.el7_0 python-babel.noarch 0:0.9.6-8.el7 python-httplib2.noarch 0:0.9.2-1.el7
python-jinja2.noarch 0:2.7.2-2.el7 python-keyczar.noarch 0:0.71c-2.el7 python-markupsafe.x86_64 0:0.11-10.el7
python-paramiko.noarch 0:2.1.1-9.el7 python2-crypto.x86_64 0:2.6.1-16.el7 python2-jmespath.noarch 0:0.9.0-3.el7
sshpass.x86_64 0:1.06-2.el7
Complete!
2.) both master and client should ping from there hosts name
192.168.159.142 web1 <===== ansible client
192.168.159.141 ansimaster <===== ansible master
[root@ansimaster ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ansimaster
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.159.142 web1
192.168.159.141 ansimaster
[root@ansimaster ~]#
[root@web1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 web1
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.159.142 web1
192.168.159.141 ansimaster
3.) Now make them password less login
[root@ansimaster ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
5e:09:e1:2f:2f:78:63:c2:92:2e:23:9a:20:60:c5:0a root@ansimaster
The key's randomart image is:
+--[ RSA 2048]----+
| . |
| . . . |
|E o o |
|. o o . |
|.o S + |
|o o o + |
|o o + * . |
|+.o. . + o |
|+. o. |
+-----------------+
[root@ansimaster ~]# ssh-copy-id web1
The authenticity of host 'web1 (192.168.159.142)' can't be established.
ECDSA key fingerprint is f8:8e:8d:80:45:39:74:d5:96:70:8d:c3:16:7e:ee:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@web1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'web1'"
and check to make sure that only the key(s) you wanted were added.
[root@ansimaster ~]# ssh web1
Last login: Wed May 1 03:50:01 2019 from 192.168.159.1
[root@web1 ~]# exit
logout
Connection to web1 closed.
[root@web1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e3:df:d3:20:fb:42:02:a0:46:f1:10:cf:46:8d:31:63 root@web1
The key's randomart image is:
+--[ RSA 2048]----+
| +oE+ |
| .Boo. |
| . .=. |
| o. . |
| . .S |
| ...o . |
| .o o o |
| .o.. . |
| .oo. |
+-----------------+
[root@web1 ~]#
[root@web1 ~]# ssh-copy-id ansimaster
The authenticity of host 'ansimaster (192.168.159.141)' can't be established.
ECDSA key fingerprint is f8:8e:8d:80:45:39:74:d5:96:70:8d:c3:16:7e:ee:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@ansimaster's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ansimaster'"
and check to make sure that only the key(s) you wanted were added.
[root@web1 ~]# ssh ansimaster
Last login: Wed May 1 03:53:52 2019 from 192.168.159.1
[root@ansimaster ~]# exit
logout
Connection to ansimaster closed.
[root@web1 ~]#
================== Adding clients ============
1.)
[root@ansimaster ~]# tail -5 /etc/ansible/hosts
# leading 0s:
## db-[99:101]-node.example.com
[webservers] <===== group we created for web servers and you can give more then one server to it.
192.168.159.142 <============= this is the first client as web server
2.) Now check ansible server is able to connect with anisble webserver group
[root@ansimaster ~]# ansible -m ping webservers
192.168.159.142 | SUCCESS => {
"changed": false,
"ping": "pong" <===== ping response as pong from client which means all good.
}
[root@ansimaster ~]#
3.) To list all available ansible module that we can use.
[root@ansimaster ~]# ansible-doc -l
a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' server object.
a10_server_axapi3 Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_service_group Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' service groups.
a10_virtual_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' virtual servers.
aci_aaa_user Manage AAA users (aaa:User)
aci_aaa_user_certificate Manage AAA user certificates (aaa:UserCert)
aci_access_port_to_interface_policy_leaf_profile Manage Fabric interface policy leaf profile interface selectors (infra:HPortS, ...
aci_aep Manage attachable Access Entity Profile (AEP) objects (infra:AttEntityP, infra:...
aci_aep_to_domain Bind AEPs to Physical or Virtual Domains (infra:RsDomP)
aci_ap Manage top level Application Profile (AP) objects (fv:Ap)
aci_bd Manage Bridge Domains (BD) objects (fv:BD)
aci_bd_subnet Manage Subnets (fv:Subnet)
aci_bd_to_l3out Bind Bridge Domain to L3 Out (fv:RsBDToOut)
aci_config_rollback Provides rollback and rollback preview functionality (config:ImportP)
aci_config_snapshot Manage Config Snapshots (config:Snapshot, config:ExportP)
aci_contract Manage contract resources (vz:BrCP)
aci_contract_subject Manage initial Contract Subjects (vz:Subj)
aci_contract_subject_to_filter Bind Contract Subjects to Filters (vz:RsSubjFiltAtt)
aci_domain Manage physical, virtual, bridged, routed or FC domain profiles (phys:DomP, vmm...
aci_domain_to_encap_pool Bind Domain to Encap Pools (infra:RsVlanNs)
aci_domain_to_vlan_pool Bind Domain to VLAN Pools (infra:RsVlanNs)
aci_encap_pool Manage encap pools (fvns:VlanInstP, fvns:VxlanInstP, fvns:VsanInstP)
aci_encap_pool_range Manage encap ranges assig
4.) To list about any particular module.
[root@ansimaster ~]# ansible-doc ping
> PING (/usr/lib/python2.7/site-packages/ansible/modules/system/ping.py)
A trivial test module, this module always returns `pong' on successful contact. It does not make
sense in playbooks, but it is useful from `/usr/bin/ansible' to verify the ability to login and that
a usable Python is configured. This is NOT ICMP ping, this is just a trivial test module that
requires Python on the remote-node. For Windows targets, use the [win_ping] module instead. For
Network targets, use the [net_ping] module instead.
OPTIONS (= is mandatory):
- data
Data to return for the `ping' return value.
If this parameter is set to `crash', the module will cause an exception.
[Default: pong]
NOTES:
* For Windows targets, use the [win_ping] module instead.
* For Network targets, use the [net_ping] module instead.
AUTHOR: Ansible Core Team, Michael DeHaan
METADATA:
status:
- stableinterface
supported_by: core
==== snip ====>
5.) Try to install any package using ansible command line.
[root@ansimaster ~]# ansible webservers -m yum -a "name=httpd state=present" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, langpacks\nLoading mirror speeds from cached hostfile\n * base: mirror.nbrc.ac.in\n * epel: ftp.jaist.ac.jp\n * extras: mirror.nbrc.ac.in\n * updates: mirror.nbrc.ac.in\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-89.el7.centos will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-89.el7.centos for package: httpd-2.4.6-89.el7.centos.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-89.el7.centos.x86_64\n--> Running transaction check\n---> Package httpd-tools.x86_64 0:2.4.6-89.el7.centos will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-89.el7.centos updates 2.7 M\nInstalling for dependencies:\n httpd-tools x86_64 2.4.6-89.el7.centos updates 90 k\n mailcap noarch 2.1.41-2.el7 base 31 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+2 Dependent packages)\n\nTotal download size: 2.8 M\nInstalled size: 9.6 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 2.0 MB/s | 2.8 MB 00:01 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : mailcap-2.1.41-2.el7.noarch 1/3 \n Installing : httpd-tools-2.4.6-89.el7.centos.x86_64 2/3 \n Installing : httpd-2.4.6-89.el7.centos.x86_64 3/3 \n Verifying : httpd-tools-2.4.6-89.el7.centos.x86_64 1/3 \n Verifying : mailcap-2.1.41-2.el7.noarch 2/3 \n Verifying : httpd-2.4.6-89.el7.centos.x86_64 3/3 \n\nInstalled:\n httpd.x86_64 0:2.4.6-89.el7.centos \n\nDependency Installed:\n httpd-tools.x86_64 0:2.4.6-89.el7.centos mailcap.noarch 0:2.1.41-2.el7 \n\nComplete!\n"
]
}
[root@ansimaster ~]#
6.) Go to client side and check httpd package should be installed
[root@localhost ~]# rpm -qa httpd
httpd-2.4.6-89.el7.centos.x86_64
[root@localhost ~]#
[root@localhost ~]# rpm -qi httpd-2.4.6-89.el7.centos.x86_64
Name : httpd
Version : 2.4.6
Release : 89.el7.centos
Architecture: x86_64
Install Date: Wed 01 May 2019 06:17:00 AM EDT
Group : System Environment/Daemons
Size : 9817301
License : ASL 2.0
Signature : RSA/SHA256, Mon 29 Apr 2019 11:45:07 AM EDT, Key ID 24c6a8a7f4a80eb5
Source RPM : httpd-2.4.6-89.el7.centos.src.rpm
Build Date : Wed 24 Apr 2019 09:48:37 AM EDT
Build Host : x86-02.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
7.)Create user
[root@localhost ~]# id anuj
id: anuj: no such user
[root@ansimaster ~]# ansible webservers -m user -a "name=anuj password=anuj" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work
properly.
192.168.159.142 | CHANGED => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"home": "/home/********",
"move_home": false,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1002
}
[root@ansimaster ~]#
[root@localhost ~]# id anuj
uid=1002(anuj) gid=1002(anuj) groups=1002(anuj)
[root@localhost ~]#
Managing Service from command line:
==================================
On client currently httpd service is stopped
[root@web1 home]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
May 01 10:06:20 web1 systemd[1]: Starting The Apache HTTP Server...
May 01 10:06:20 web1 httpd[9509]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, usin... message
May 01 10:06:20 web1 systemd[1]: Started The Apache HTTP Server.
May 01 10:07:26 web1 systemd[1]: Stopping The Apache HTTP Server...
May 01 10:07:27 web1 systemd[1]: Stopped The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@web1 home]#
[root@web1 home]#
============================
Now try to start it from Ansible server
============================
[root@ansimaster ~]# ansible webservers -m service -a "name=httpd state=started" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "basic.target -.mount remote-fs.target systemd-journald.socket nss-lookup.target system.slice tmp.mount network.target",
"AllowIsolate": "no",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd(8) man:apachectl(8)",
"EnvironmentFile": "/etc/sysconfig/httpd (ignore_errors=no)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/httpd.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "httpd.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "control-group",
"KillSignal": "18",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "14891",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "14891",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "0",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "httpd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "main",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target -.mount",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "notify",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"Wants": "system.slice",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@ansimaster ~]#
==========================================
Now go to clint and check httpd service should be started
==========================================
[root@web1 home]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-05-01 10:09:58 EDT; 19s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 9967 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─9967 /usr/sbin/httpd -DFOREGROUND
├─9969 /usr/sbin/httpd -DFOREGROUND
├─9970 /usr/sbin/httpd -DFOREGROUND
├─9971 /usr/sbin/httpd -DFOREGROUND
├─9972 /usr/sbin/httpd -DFOREGROUND
└─9973 /usr/sbin/httpd -DFOREGROUND
May 01 10:09:58 web1 systemd[1]: Starting The Apache HTTP Server...
May 01 10:09:58 web1 httpd[9967]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, usin... message
May 01 10:09:58 web1 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@web1 home]#
===========================================
Lets see how to copy files from ansible master to client
===========================================
[root@ansimaster ~]# echo "Hello Anuj, this is dummy file" > /tmp/dummy.txt
[root@ansimaster ~]# cat /tmp/dummy.txt
Hello Anuj, this is dummy file
[root@ansimaster ~]#
[root@ansimaster ~]# ansible webservers -m copy -a "src=/tmp/dummy.txt dest=/tmp/dummy.txt" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"changed": true,
"checksum": "d5a896e4a6e6154bd862f2a183288a0e958789de",
"dest": "/tmp/dummy.txt",
"gid": 0,
"group": "root",
"md5sum": "f42503fe4c04db3f52c1657e55abdfc2",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 31,
"src": "/root/.ansible/tmp/ansible-tmp-1556720163.65-117534200332880/source",
"state": "file",
"uid": 0
}
[root@ansimaster ~]#
######
login to client and check file should be created with same content
######
[root@web1 ~]# cat /tmp/dummy.txt <=== file is created on client
Hello Anuj, this is dummy file
[root@web1 ~]#
"mode": "0774",
"owner": "anuj",
"path": "/tmp/dummy.txt",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 31,
"state": "file",
"uid": 1002
}
[root@ansimaster ~]#
=============================================================
Let`s do some oprations on file.
=============================================================
1.) change file permissions on client:
[root@web1 ~]# ll /tmp/dummy.txt
-rw-r--r--. 1 root root 31 May 1 10:16 /tmp/dummy.txt
[root@web1 ~]#
[root@ansimaster ~]# ansible webservers -m file -a "dest=/tmp/dummy.txt mode=774" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0774",
"owner": "root",
"path": "/tmp/dummy.txt",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 31,
"state": "file",
"uid": 0
}
[root@ansimaster ~]#
[root@web1 ~]# ll /tmp/dummy.txt <====== permissions has been changed on client
-rwxrwxr--. 1 root root 31 May 1 10:16 /tmp/dummy.txt
[root@web1 ~]#
2.) Now change owner and group for /tmp/dummy
[root@web1 ~]# ll /tmp/dummy.txt
-rwxrwxr--. 1 root root 31 May 1 10:16 /tmp/dummy.txt
[root@ansimaster ~]# ansible webservers -m file -a "dest=/tmp/dummy.txt owner=anuj group=apache" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"changed": true,
"gid": 48,
"group": "apache",
"mode": "0774",
"owner": "anuj",
"path": "/tmp/dummy.txt",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 31,
"state": "file",
"uid": 1002
}
[root@ansimaster ~]#
[root@web1 ~]# ll /tmp/dummy.txt
-rwxrwxr--. 1 anuj apache 31 May 1 10:16 /tmp/dummy.txt <==== owner and group changed
[root@web1 ~]#
3.) lets try to create directory on clint
[root@web1 ~]# ls -ld /tmp/testdir
ls: cannot access /tmp/testdir: No such file or directory
[root@web1 ~]#
[root@web1 ~]#
[root@ansimaster ~]# ansible webservers -m file -a "dest=/tmp/testdir mode=764 owner=root group=apache state=directory" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"changed": true,
"gid": 48,
"group": "apache",
"mode": "0764",
"owner": "root",
"path": "/tmp/testdir",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
[root@ansimaster ~]#
[root@web1 ~]# ls -ld /tmp/testdir
drwxrw-r--. 2 root apache 6 May 1 10:51 /tmp/testdir <======== directory has been created
[root@web1 ~]#
==============
[root@ansimaster ~]# yum install ansible
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: repos.del.extreme-ix.org
* epel: repos.del.extreme-ix.org
* extras: repos.del.extreme-ix.org
* updates: repos.del.extreme-ix.org
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.7.10-1.el7 will be installed
--> Processing Dependency: PyYAML for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python-crypto for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python-httplib2 for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python-jinja2 for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python-keyczar for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python-paramiko for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: python2-jmespath for package: ansible-2.7.10-1.el7.noarch
--> Processing Dependency: sshpass for package: ansible-2.7.10-1.el7.noarch
--> Running transaction check
---> Package PyYAML.x86_64 0:3.10-11.el7 will be installed
--> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-11.el7.x86_64
---> Package python-httplib2.noarch 0:0.9.2-1.el7 will be installed
---> Package python-jinja2.noarch 0:2.7.2-2.el7 will be installed
--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-2.el7.noarch
--> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-2.el7.noarch
---> Package python-keyczar.noarch 0:0.71c-2.el7 will be installed
---> Package python-paramiko.noarch 0:2.1.1-9.el7 will be installed
---> Package python2-crypto.x86_64 0:2.6.1-16.el7 will be installed
--> Processing Dependency: libtomcrypt.so.0()(64bit) for package: python2-crypto-2.6.1-16.el7.x86_64
---> Package python2-jmespath.noarch 0:0.9.0-3.el7 will be installed
---> Package sshpass.x86_64 0:1.06-2.el7 will be installed
--> Running transaction check
---> Package libtomcrypt.x86_64 0:1.17-26.el7 will be installed
--> Processing Dependency: libtommath >= 0.42.0 for package: libtomcrypt-1.17-26.el7.x86_64
--> Processing Dependency: libtommath.so.0()(64bit) for package: libtomcrypt-1.17-26.el7.x86_64
---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed
---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed
---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed
--> Running transaction check
---> Package libtommath.x86_64 0:0.42.0-6.el7 will be installed
--> Finished Dependency Resolution
/var/cache/yum/x86_64/7/base/gen/comps.xml: no element found: line 1, column 0
/var/cache/yum/x86_64/7/epel/gen/comps.xml: no element found: line 1, column 0
Dependencies Resolved
=========================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================
Installing:
ansible noarch 2.7.10-1.el7 epel 11 M
Installing for dependencies:
PyYAML x86_64 3.10-11.el7 base 153 k
libtomcrypt x86_64 1.17-26.el7 extras 224 k
libtommath x86_64 0.42.0-6.el7 extras 36 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-httplib2 noarch 0.9.2-1.el7 extras 115 k
python-jinja2 noarch 2.7.2-2.el7 base 515 k
python-keyczar noarch 0.71c-2.el7 epel 218 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
python-paramiko noarch 2.1.1-9.el7 updates 269 k
python2-crypto x86_64 2.6.1-16.el7 epel 477 k
python2-jmespath noarch 0.9.0-3.el7 extras 39 k
sshpass x86_64 1.06-2.el7 extras 21 k
Transaction Summary
=========================================================================================================================================
Install 1 Package (+13 Dependent packages)
Total download size: 15 M
Installed size: 74 M
Is this ok [y/d/N]: y
Downloading packages:
(1/14): libtommath-0.42.0-6.el7.x86_64.rpm | 36 kB 00:00:00
(2/14): libyaml-0.1.4-11.el7_0.x86_64.rpm | 55 kB 00:00:00
(3/14): libtomcrypt-1.17-26.el7.x86_64.rpm | 224 kB 00:00:00
(4/14): PyYAML-3.10-11.el7.x86_64.rpm | 153 kB 00:00:00
(5/14): python-jinja2-2.7.2-2.el7.noarch.rpm | 515 kB 00:00:00
(6/14): python-httplib2-0.9.2-1.el7.noarch.rpm | 115 kB 00:00:00
(7/14): python-babel-0.9.6-8.el7.noarch.rpm | 1.4 MB 00:00:00
(8/14): ansible-2.7.10-1.el7.noarch.rpm | 11 MB 00:00:03
(9/14): python-keyczar-0.71c-2.el7.noarch.rpm | 218 kB 00:00:00
(10/14): python2-crypto-2.6.1-16.el7.x86_64.rpm | 477 kB 00:00:00
(11/14): sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00
(12/14): python-markupsafe-0.11-10.el7.x86_64.rpm | 25 kB 00:00:00
(13/14): python2-jmespath-0.9.0-3.el7.noarch.rpm | 39 kB 00:00:00
(14/14): python-paramiko-2.1.1-9.el7.noarch.rpm | 269 kB 00:00:00
-----------------------------------------------------------------------------------------------------------------------------------------
Total 3.2 MB/s | 15 MB 00:00:04
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-httplib2-0.9.2-1.el7.noarch 1/14
Installing : sshpass-1.06-2.el7.x86_64 2/14
Installing : libtommath-0.42.0-6.el7.x86_64 3/14
Installing : libtomcrypt-1.17-26.el7.x86_64 4/14
Installing : python2-crypto-2.6.1-16.el7.x86_64 5/14
Installing : python-keyczar-0.71c-2.el7.noarch 6/14
Installing : python-babel-0.9.6-8.el7.noarch 7/14
Installing : python-markupsafe-0.11-10.el7.x86_64 8/14
Installing : python-jinja2-2.7.2-2.el7.noarch 9/14
Installing : python-paramiko-2.1.1-9.el7.noarch 10/14
Installing : python2-jmespath-0.9.0-3.el7.noarch 11/14
Installing : libyaml-0.1.4-11.el7_0.x86_64 12/14
Installing : PyYAML-3.10-11.el7.x86_64 13/14
Installing : ansible-2.7.10-1.el7.noarch 14/14
Verifying : python-keyczar-0.71c-2.el7.noarch 1/14
Verifying : libyaml-0.1.4-11.el7_0.x86_64 2/14
Verifying : python-jinja2-2.7.2-2.el7.noarch 3/14
Verifying : python2-jmespath-0.9.0-3.el7.noarch 4/14
Verifying : python-paramiko-2.1.1-9.el7.noarch 5/14
Verifying : python-markupsafe-0.11-10.el7.x86_64 6/14
Verifying : python-babel-0.9.6-8.el7.noarch 7/14
Verifying : python2-crypto-2.6.1-16.el7.x86_64 8/14
Verifying : libtommath-0.42.0-6.el7.x86_64 9/14
Verifying : sshpass-1.06-2.el7.x86_64 10/14
Verifying : python-httplib2-0.9.2-1.el7.noarch 11/14
Verifying : ansible-2.7.10-1.el7.noarch 12/14
Verifying : PyYAML-3.10-11.el7.x86_64 13/14
Verifying : libtomcrypt-1.17-26.el7.x86_64 14/14
Installed:
ansible.noarch 0:2.7.10-1.el7
Dependency Installed:
PyYAML.x86_64 0:3.10-11.el7 libtomcrypt.x86_64 0:1.17-26.el7 libtommath.x86_64 0:0.42.0-6.el7
libyaml.x86_64 0:0.1.4-11.el7_0 python-babel.noarch 0:0.9.6-8.el7 python-httplib2.noarch 0:0.9.2-1.el7
python-jinja2.noarch 0:2.7.2-2.el7 python-keyczar.noarch 0:0.71c-2.el7 python-markupsafe.x86_64 0:0.11-10.el7
python-paramiko.noarch 0:2.1.1-9.el7 python2-crypto.x86_64 0:2.6.1-16.el7 python2-jmespath.noarch 0:0.9.0-3.el7
sshpass.x86_64 0:1.06-2.el7
Complete!
2.) both master and client should ping from there hosts name
192.168.159.142 web1 <===== ansible client
192.168.159.141 ansimaster <===== ansible master
[root@ansimaster ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ansimaster
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.159.142 web1
192.168.159.141 ansimaster
[root@ansimaster ~]#
[root@web1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 web1
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.159.142 web1
192.168.159.141 ansimaster
3.) Now make them password less login
[root@ansimaster ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
5e:09:e1:2f:2f:78:63:c2:92:2e:23:9a:20:60:c5:0a root@ansimaster
The key's randomart image is:
+--[ RSA 2048]----+
| . |
| . . . |
|E o o |
|. o o . |
|.o S + |
|o o o + |
|o o + * . |
|+.o. . + o |
|+. o. |
+-----------------+
[root@ansimaster ~]# ssh-copy-id web1
The authenticity of host 'web1 (192.168.159.142)' can't be established.
ECDSA key fingerprint is f8:8e:8d:80:45:39:74:d5:96:70:8d:c3:16:7e:ee:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@web1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'web1'"
and check to make sure that only the key(s) you wanted were added.
[root@ansimaster ~]# ssh web1
Last login: Wed May 1 03:50:01 2019 from 192.168.159.1
[root@web1 ~]# exit
logout
Connection to web1 closed.
[root@web1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e3:df:d3:20:fb:42:02:a0:46:f1:10:cf:46:8d:31:63 root@web1
The key's randomart image is:
+--[ RSA 2048]----+
| +oE+ |
| .Boo. |
| . .=. |
| o. . |
| . .S |
| ...o . |
| .o o o |
| .o.. . |
| .oo. |
+-----------------+
[root@web1 ~]#
[root@web1 ~]# ssh-copy-id ansimaster
The authenticity of host 'ansimaster (192.168.159.141)' can't be established.
ECDSA key fingerprint is f8:8e:8d:80:45:39:74:d5:96:70:8d:c3:16:7e:ee:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@ansimaster's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ansimaster'"
and check to make sure that only the key(s) you wanted were added.
[root@web1 ~]# ssh ansimaster
Last login: Wed May 1 03:53:52 2019 from 192.168.159.1
[root@ansimaster ~]# exit
logout
Connection to ansimaster closed.
[root@web1 ~]#
================== Adding clients ============
1.)
[root@ansimaster ~]# tail -5 /etc/ansible/hosts
# leading 0s:
## db-[99:101]-node.example.com
[webservers] <===== group we created for web servers and you can give more then one server to it.
192.168.159.142 <============= this is the first client as web server
2.) Now check ansible server is able to connect with anisble webserver group
[root@ansimaster ~]# ansible -m ping webservers
192.168.159.142 | SUCCESS => {
"changed": false,
"ping": "pong" <===== ping response as pong from client which means all good.
}
[root@ansimaster ~]#
3.) To list all available ansible module that we can use.
[root@ansimaster ~]# ansible-doc -l
a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' server object.
a10_server_axapi3 Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_service_group Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' service groups.
a10_virtual_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' virtual servers.
aci_aaa_user Manage AAA users (aaa:User)
aci_aaa_user_certificate Manage AAA user certificates (aaa:UserCert)
aci_access_port_to_interface_policy_leaf_profile Manage Fabric interface policy leaf profile interface selectors (infra:HPortS, ...
aci_aep Manage attachable Access Entity Profile (AEP) objects (infra:AttEntityP, infra:...
aci_aep_to_domain Bind AEPs to Physical or Virtual Domains (infra:RsDomP)
aci_ap Manage top level Application Profile (AP) objects (fv:Ap)
aci_bd Manage Bridge Domains (BD) objects (fv:BD)
aci_bd_subnet Manage Subnets (fv:Subnet)
aci_bd_to_l3out Bind Bridge Domain to L3 Out (fv:RsBDToOut)
aci_config_rollback Provides rollback and rollback preview functionality (config:ImportP)
aci_config_snapshot Manage Config Snapshots (config:Snapshot, config:ExportP)
aci_contract Manage contract resources (vz:BrCP)
aci_contract_subject Manage initial Contract Subjects (vz:Subj)
aci_contract_subject_to_filter Bind Contract Subjects to Filters (vz:RsSubjFiltAtt)
aci_domain Manage physical, virtual, bridged, routed or FC domain profiles (phys:DomP, vmm...
aci_domain_to_encap_pool Bind Domain to Encap Pools (infra:RsVlanNs)
aci_domain_to_vlan_pool Bind Domain to VLAN Pools (infra:RsVlanNs)
aci_encap_pool Manage encap pools (fvns:VlanInstP, fvns:VxlanInstP, fvns:VsanInstP)
aci_encap_pool_range Manage encap ranges assig
4.) To list about any particular module.
[root@ansimaster ~]# ansible-doc ping
> PING (/usr/lib/python2.7/site-packages/ansible/modules/system/ping.py)
A trivial test module, this module always returns `pong' on successful contact. It does not make
sense in playbooks, but it is useful from `/usr/bin/ansible' to verify the ability to login and that
a usable Python is configured. This is NOT ICMP ping, this is just a trivial test module that
requires Python on the remote-node. For Windows targets, use the [win_ping] module instead. For
Network targets, use the [net_ping] module instead.
OPTIONS (= is mandatory):
- data
Data to return for the `ping' return value.
If this parameter is set to `crash', the module will cause an exception.
[Default: pong]
NOTES:
* For Windows targets, use the [win_ping] module instead.
* For Network targets, use the [net_ping] module instead.
AUTHOR: Ansible Core Team, Michael DeHaan
METADATA:
status:
- stableinterface
supported_by: core
==== snip ====>
5.) Try to install any package using ansible command line.
[root@ansimaster ~]# ansible webservers -m yum -a "name=httpd state=present" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, langpacks\nLoading mirror speeds from cached hostfile\n * base: mirror.nbrc.ac.in\n * epel: ftp.jaist.ac.jp\n * extras: mirror.nbrc.ac.in\n * updates: mirror.nbrc.ac.in\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-89.el7.centos will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-89.el7.centos for package: httpd-2.4.6-89.el7.centos.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-89.el7.centos.x86_64\n--> Running transaction check\n---> Package httpd-tools.x86_64 0:2.4.6-89.el7.centos will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-89.el7.centos updates 2.7 M\nInstalling for dependencies:\n httpd-tools x86_64 2.4.6-89.el7.centos updates 90 k\n mailcap noarch 2.1.41-2.el7 base 31 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+2 Dependent packages)\n\nTotal download size: 2.8 M\nInstalled size: 9.6 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 2.0 MB/s | 2.8 MB 00:01 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : mailcap-2.1.41-2.el7.noarch 1/3 \n Installing : httpd-tools-2.4.6-89.el7.centos.x86_64 2/3 \n Installing : httpd-2.4.6-89.el7.centos.x86_64 3/3 \n Verifying : httpd-tools-2.4.6-89.el7.centos.x86_64 1/3 \n Verifying : mailcap-2.1.41-2.el7.noarch 2/3 \n Verifying : httpd-2.4.6-89.el7.centos.x86_64 3/3 \n\nInstalled:\n httpd.x86_64 0:2.4.6-89.el7.centos \n\nDependency Installed:\n httpd-tools.x86_64 0:2.4.6-89.el7.centos mailcap.noarch 0:2.1.41-2.el7 \n\nComplete!\n"
]
}
[root@ansimaster ~]#
6.) Go to client side and check httpd package should be installed
[root@localhost ~]# rpm -qa httpd
httpd-2.4.6-89.el7.centos.x86_64
[root@localhost ~]#
[root@localhost ~]# rpm -qi httpd-2.4.6-89.el7.centos.x86_64
Name : httpd
Version : 2.4.6
Release : 89.el7.centos
Architecture: x86_64
Install Date: Wed 01 May 2019 06:17:00 AM EDT
Group : System Environment/Daemons
Size : 9817301
License : ASL 2.0
Signature : RSA/SHA256, Mon 29 Apr 2019 11:45:07 AM EDT, Key ID 24c6a8a7f4a80eb5
Source RPM : httpd-2.4.6-89.el7.centos.src.rpm
Build Date : Wed 24 Apr 2019 09:48:37 AM EDT
Build Host : x86-02.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
7.)Create user
[root@localhost ~]# id anuj
id: anuj: no such user
[root@ansimaster ~]# ansible webservers -m user -a "name=anuj password=anuj" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work
properly.
192.168.159.142 | CHANGED => {
"append": false,
"changed": true,
"comment": "",
"group": 1002,
"home": "/home/********",
"move_home": false,
"name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 1002
}
[root@ansimaster ~]#
[root@localhost ~]# id anuj
uid=1002(anuj) gid=1002(anuj) groups=1002(anuj)
[root@localhost ~]#
Managing Service from command line:
==================================
On client currently httpd service is stopped
[root@web1 home]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
May 01 10:06:20 web1 systemd[1]: Starting The Apache HTTP Server...
May 01 10:06:20 web1 httpd[9509]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, usin... message
May 01 10:06:20 web1 systemd[1]: Started The Apache HTTP Server.
May 01 10:07:26 web1 systemd[1]: Stopping The Apache HTTP Server...
May 01 10:07:27 web1 systemd[1]: Stopped The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@web1 home]#
[root@web1 home]#
============================
Now try to start it from Ansible server
============================
[root@ansimaster ~]# ansible webservers -m service -a "name=httpd state=started" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "basic.target -.mount remote-fs.target systemd-journald.socket nss-lookup.target system.slice tmp.mount network.target",
"AllowIsolate": "no",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd(8) man:apachectl(8)",
"EnvironmentFile": "/etc/sysconfig/httpd (ignore_errors=no)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/httpd.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "httpd.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "control-group",
"KillSignal": "18",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "14891",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "14891",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "0",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "httpd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "main",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target -.mount",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "notify",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"Wants": "system.slice",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
[root@ansimaster ~]#
==========================================
Now go to clint and check httpd service should be started
==========================================
[root@web1 home]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-05-01 10:09:58 EDT; 19s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 9967 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─9967 /usr/sbin/httpd -DFOREGROUND
├─9969 /usr/sbin/httpd -DFOREGROUND
├─9970 /usr/sbin/httpd -DFOREGROUND
├─9971 /usr/sbin/httpd -DFOREGROUND
├─9972 /usr/sbin/httpd -DFOREGROUND
└─9973 /usr/sbin/httpd -DFOREGROUND
May 01 10:09:58 web1 systemd[1]: Starting The Apache HTTP Server...
May 01 10:09:58 web1 httpd[9967]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, usin... message
May 01 10:09:58 web1 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@web1 home]#
===========================================
Lets see how to copy files from ansible master to client
===========================================
[root@ansimaster ~]# echo "Hello Anuj, this is dummy file" > /tmp/dummy.txt
[root@ansimaster ~]# cat /tmp/dummy.txt
Hello Anuj, this is dummy file
[root@ansimaster ~]#
[root@ansimaster ~]# ansible webservers -m copy -a "src=/tmp/dummy.txt dest=/tmp/dummy.txt" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"changed": true,
"checksum": "d5a896e4a6e6154bd862f2a183288a0e958789de",
"dest": "/tmp/dummy.txt",
"gid": 0,
"group": "root",
"md5sum": "f42503fe4c04db3f52c1657e55abdfc2",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 31,
"src": "/root/.ansible/tmp/ansible-tmp-1556720163.65-117534200332880/source",
"state": "file",
"uid": 0
}
[root@ansimaster ~]#
######
login to client and check file should be created with same content
######
[root@web1 ~]# cat /tmp/dummy.txt <=== file is created on client
Hello Anuj, this is dummy file
[root@web1 ~]#
"mode": "0774",
"owner": "anuj",
"path": "/tmp/dummy.txt",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 31,
"state": "file",
"uid": 1002
}
[root@ansimaster ~]#
=============================================================
Let`s do some oprations on file.
=============================================================
1.) change file permissions on client:
[root@web1 ~]# ll /tmp/dummy.txt
-rw-r--r--. 1 root root 31 May 1 10:16 /tmp/dummy.txt
[root@web1 ~]#
[root@ansimaster ~]# ansible webservers -m file -a "dest=/tmp/dummy.txt mode=774" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0774",
"owner": "root",
"path": "/tmp/dummy.txt",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 31,
"state": "file",
"uid": 0
}
[root@ansimaster ~]#
[root@web1 ~]# ll /tmp/dummy.txt <====== permissions has been changed on client
-rwxrwxr--. 1 root root 31 May 1 10:16 /tmp/dummy.txt
[root@web1 ~]#
2.) Now change owner and group for /tmp/dummy
[root@web1 ~]# ll /tmp/dummy.txt
-rwxrwxr--. 1 root root 31 May 1 10:16 /tmp/dummy.txt
[root@ansimaster ~]# ansible webservers -m file -a "dest=/tmp/dummy.txt owner=anuj group=apache" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"changed": true,
"gid": 48,
"group": "apache",
"mode": "0774",
"owner": "anuj",
"path": "/tmp/dummy.txt",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 31,
"state": "file",
"uid": 1002
}
[root@ansimaster ~]#
[root@web1 ~]# ll /tmp/dummy.txt
-rwxrwxr--. 1 anuj apache 31 May 1 10:16 /tmp/dummy.txt <==== owner and group changed
[root@web1 ~]#
3.) lets try to create directory on clint
[root@web1 ~]# ls -ld /tmp/testdir
ls: cannot access /tmp/testdir: No such file or directory
[root@web1 ~]#
[root@web1 ~]#
[root@ansimaster ~]# ansible webservers -m file -a "dest=/tmp/testdir mode=764 owner=root group=apache state=directory" -s
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature
will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
192.168.159.142 | CHANGED => {
"changed": true,
"gid": 48,
"group": "apache",
"mode": "0764",
"owner": "root",
"path": "/tmp/testdir",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
[root@ansimaster ~]#
[root@web1 ~]# ls -ld /tmp/testdir
drwxrw-r--. 2 root apache 6 May 1 10:51 /tmp/testdir <======== directory has been created
[root@web1 ~]#
No comments:
Post a Comment