ansible, automation,

Ansible - Learning Docs & References

Follow · 11 mins read
Ansible - Learning Docs & References
Share this

(This is an upstream version of the document prepared as part of my learning, PoCs and other practices. The full version of this documents will be published in the website techbeatly.com and updated periodically.)

Ansible for Absolute Beginners

Ansible Guides

Automation with Ansible – All You Want to Learn

You have hundreds and thousands of online documentation and wiki pages for learning Ansible, and this is my attempt to cover Ansible in a simple and beginner level approach. Access all chapters on techbeatly.com.

  • ANSIBLE LEARNFEST GUIDE
    • Track 1 “Ansible Automation Platform Administrator”
    • Track 2 “Automation Content Developer”

Table of Contents

Ansible - Frequently Asked Questions

  1. What is Ansible?
  2. What is IaC?
  3. What can Ansible do?
  4. What are the advantages of Ansible?
  5. How does Ansible work?
  6. What is a Playbook?
  7. Are there any requirements for using Ansible?
  8. What is DevOps?
  9. How does Ansible fit into DevOps?
  10. Who is Ansible for? Who should learn Ansible?
  11. What are prerequisites to learning Ansible?s

Ansible Automation Platform (Ansible Tower)

Installing Ansible Automation Platform (Ansible Tower)

Note : The Ansible Automation Platform installer only supports Red Hat Enterprise Linux and CentOS.

Enable RHEL and AAP Subscriptions

Make sure you subscribed to Red Hat and added RHEL Subscription.

# subscription-manager register
# subscription-manager attach --pool=<pool_id of RHEL subscription>
# subscription-manager list --consumed

Now, search for Ansible Automation Platform subscription and attach the pool ID.

# subscription-manager list --available --all | grep "Ansible Automation Platform" -B 3 -A 6
# subscription-manager attach --pool=<pool_id>
# subscription-manager list --consumed

Update required repo for AAP 2.1

# subscription-manager repos \
  --disable=ansible-automation-platform-2.0-early-access-for-rhel-8-x86_64-rpms

# subscription-manager repos \
  --enable=ansible-automation-platform-2.1-for-rhel-8-x86_64-rpms

Prepare for Ansible Automation Platform Installation

  1. Download the latest Ansible Automation Platform Installation Program from access.redhat.com/downloads or from releases.ansible.com. Refer Download the Ansible Automation Platform Installation Program for more details.

Note: You can download either installation package or bundled package (for disconnected setup).

  1. Extract the content
$ tar xvzf ansible-tower-setup-latest.tar.gz
$ cd ansible-tower-setup-<tower_version>

Get Registry Credential

You need access to Red Hat Container Registry to fetch the continer images for automation controller and execution environment. You can create a service account in Red Hat registry for the same and use the credential in AAP installation inventory.

# Execution Environment Configuration
# Credentials for container registry to pull execution environment images from,
# comment out registry_username if authentication is not required
registry_url='registry.redhat.io'
registry_username='YOUR_SERICE_ACCOUNT_USERNAME'
registry_password='YOUR_SERICE_ACCOUNT_PASSWORD'

Read more Registry Service Account Management Application

Configure Ansible Automation Platform Installation Inventory

Run Setup Script

# ./setup.sh

You can ignore ignore_preflight_errors if you are testing or preparing home labs.

# ./setup.sh ignore_preflight_errors=true

Root access to the remote machines is required, you need to use any of the below methods

$ ansible_user=root ansible_ssh_pass=”your_password_here” inventory host or group variables
# or
$ ansible_user=root ansible_ssh_private_key_file=”path_to_your_keyfile.pem” inventory host or group variables
# or
$ ANSIBLE_BECOME_METHOD=’sudo’ ANSIBLE_BECOME=True ./setup.sh

Ansible Tower HA and DR

(TODO)

Verify Streaming Replication**

On primary database node

swtich to postgres user.

[ansible@AAP-DB-1 ~]$ sudo su - postgres

Then,

[postgres@AAP-DB-1 ~]$ psql -c 'select application_name, state, sync_priority, sync_state from pg_stat_replication;'
 application_name |   state   | sync_priority | sync_state 
------------------+-----------+---------------+------------
 awx              | streaming |             1 | sync
(1 row)

or

[postgres@AAP-DB-1 ~]$ psql -c 'select client_addr, state, sent_lsn, write_lsn,flush_lsn, replay_lsn from pg_stat_replication;'
  client_addr  |   state   | sent_lsn  | write_lsn | flush_lsn | replay_lsn 
---------------+-----------+-----------+-----------+-----------+------------
 192.168.56.32 | streaming | 0/402AF38 | 0/402AF38 | 0/402AF38 | 0/402AF38
(1 row)

[postgres@AAP-DB-1 ~]$ psql -c 'select * from pg_stat_replication;'
  pid  | usesysid |  usename   | application_name |  client_addr  | client_hostname | client_port |         
backend_start         | backend_xmin |   state   | sent_lsn  | write_lsn | flush_lsn | replay_lsn |    write
_lag    |    flush_lag    |   replay_lag    | sync_priority | sync_state 
-------+----------+------------+------------------+---------------+-----------------+-------------+---------
----------------------+--------------+-----------+-----------+-----------+-----------+------------+---------
--------+-----------------+-----------------+---------------+------------
 46392 |    23055 | replicator | awx              | 192.168.56.32 |                 |       37668 | 2022-02-
03 07:23:25.296914+00 |              | streaming | 0/402B4E0 | 0/402B4E0 | 0/402B4E0 | 0/402B4E0  | 00:00:00
.002516 | 00:00:00.006299 | 00:00:00.007456 |             1 | sync
(1 row)

On secondary/standby database node

Switch to postgres user

[ansible@AAP-DB-2 ~]$ sudo su - postgres
Last login: Thu Feb  3 07:59:07 UTC 2022 on pts/1
[postgres@AAP-DB-2 ~]$ 

Then,

[postgres@AAP-DB-2 ~]$ psql -c 'select * from pg_stat_wal_receiver;'
  pid  |  status   | receive_start_lsn | receive_start_tli | received_lsn | received_tli |      last_msg_send_time
       |     last_msg_receipt_time     | latest_end_lsn |        latest_end_time        | slot_name |             
                                                                                                                  
                      conninfo                                                                                    
                                                                  
-------+-----------+-------------------+-------------------+--------------+--------------+------------------------
-------+-------------------------------+----------------+-------------------------------+-----------+-------------
------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------
 51587 | streaming | 0/4000000         |                 1 | 0/4031110    |            1 | 2022-02-03 08:15:14.493
483+00 | 2022-02-03 08:15:14.493939+00 | 0/4031110      | 2022-02-03 08:15:14.493483+00 |           | user=replica
tor passfile=/var/lib/pgsql/.pgpass channel_binding=prefer dbname=replication host=192.168.56.31 port=5432 applica
tion_name=awx fallback_application_name=walreceiver sslmode=prefer sslcompression=0 ssl_min_protocol_version=TLSv1
.2 gssencmode=prefer krbsrvname=postgres target_session_attrs=any
(1 row)

or,

[postgres@AAP-DB-2 ~]$ psql -c 'SELECT pg_last_xact_replay_timestamp();'
 pg_last_xact_replay_timestamp 
-------------------------------
 2022-02-03 08:15:54.592737+00
(1 row)

Ansible Tower HA Failover

Check current Tower database configurations.

[root@AnsibleController1x-1 ~]# cat /etc/tower/conf.d/postgres.py
# Ansible Tower database settings.

DATABASES = {
   'default': {
       'ATOMIC_REQUESTS': True,
       'ENGINE': 'awx.main.db.profiled_pg',
       'NAME': 'awx',
       'USER': 'awx',
       'PASSWORD': """aapadmin""",
       'HOST': 'aap-db-1.lab.local',
       'PORT': '5432',
       'OPTIONS': { 'sslmode': 'prefer',
                    'sslrootcert': '/etc/pki/tls/certs/ca-bundle.crt',
       },
   }
}

Database tips

Check Data path

[postgres@AAP-DB-2 ~]$ pg_ctl status
pg_ctl: server is running (PID: 51581)
/usr/bin/postgres "-D" "/var/lib/pgsql/data"

[postgres@AAP-DB-2 ~]$ psql -c "SHOW data_directory;"
   data_directory    
---------------------
 /var/lib/pgsql/data
(1 row)

Ansible Tower with database SSL connection enabled

Verify SSL Certificate-Key pair

If all the three match, the SSL certificate matches the Private Key.

# SSL certificate
$ openssl x509 –noout –modulus –in <file>.crt | openssl md5

# RSA private key
$ openssl rsa –noout –modulus –in <file>.key | openssl md5

# CSR
$ openssl req -noout -modulus -in <file>.csr | openssl md5

SSL Certificate with Passphrase

Troubleshooting

References

Ansible Automation Hub

Documentation

Ansible Playbook References

Tools for Ansible

Ansible for Network Automation

Ansible and Python Modules

pip install --target=/your/pyinstalldir loremipsum
pip install fortiosapi --target=/var/lib/awx/venv/ansible/lib/python2.7/site-packages

pip list --target=/var/lib/awx/venv/ansible/lib/python2.7/site-packages
# subscription-manager repos --enable rhel-server-rhscl-7-rpms
# yum install python27-python-pip

Switch to a normal user and check the pip

$ scl enable python27 bash
$ which pip
$ pip -V

For Existing Tower

# source /var/lib/awx/venv/ansible/bin/activate
# umask 0022
# pip install --upgrade pywinrm
# deactivate

Ansible and Python 3

Ansible 2.5 and above work with Python 3.

[ansible@vm-ans-02 ~]$ ansible --version |grep python
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  python version = 2.7.5 (default, Sep 26 2019, 13:23:47) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

Ansible Blog/Articles to Follow

Ansible Interview Questions

Ansible Modules

Other References

Ansible for IBM Power

Ansible for Arista Networks

Ansible for CIS Hardening/CIS Check

Latest Stories

Featured