There are tons of config management / automation tools out there (puppet, salt stack, juju, rudder, CFEngine,.. just to name a few) all with their pros and cons and at the end of the day you have to choose the best fit for your job (if you’re lucky – sometimes you have to stick with the crap someone else has brought on board and make the best out of it, we’ve all been there) and/or combine some of them or extend them with some others. But one thing is for sure, there is no holy software grail out there that does it all.
A couple of years back I came across Ansible and instantly got hooked. But why?
If you’ve read the list and instantly thought “Hellyeah!, let’s get started” that’s awesome, because you don’t need much to get things rolling.
First things first you need to set up a Linux/macOS/BSD control machine/node. I use CentOS for 90% of my Servers in my lab, but you can use any other Linux distribution that is supported.
yum install -y ansible
…and Ansible is installed on your control machine. Pretty neat, right?
You can run everything from the default folder structure, or you can create a new directory structure and add it to your version control of choice. I did the latter and used this article as guideline for my structure. One of the positive side effects of this is that you can pull it from your repository onto any server with an Ansible installation and you’re ready to go.
Once the directory stuff is sorted out you need to create a file named ansible.cfg in your newly created directory (depending on setup there are 3 config files Ansible can use). This file holds the configuration settings for your setup.
[defaults]inventory = /mydirlibrary = /mydir/librarymodule_utils = /mydir/module_utils….
Next on your list is the inventory file “hosts” – you can list and group your servers, switches, firewalls, you name it – in this file. There are many ways you can organise/group your entries (i.e. by site, AZ, whatever does the job.
From the authentication part there are several ways to do so, so if you want to just mess around with Ansible you could add the way of authentication (type/user/password) to your inventory, but like stated before, this is just for messing around. If you consider thinking about stuff like this for a production environment you are going to hell for this. What you should do is add the credentials to Ansible Vault and point from your Playbook to the vault for credentials.
Everything you execute is done through a playbook. This can be everything from just simply updating a single vm through configuring an entire datacenter. So i.e updating 1 to n CentOS machines could look like this:
—– name: update centos vmshosts: ansible-testserverstasks:– name: update yum allyum:name: ‘*’state: latest
Playbooks can be executed against the entire group of servers OR you could pick specific parts of your inventory. Let’s imagine your Environment (anstest-dc) has two AZs (anstest-az1, anstest-az2) and you want to update just one (anstest-az1), you could just point to that location in your inventory.
ansible-playbook -i anstest-az1 updatesomething.yml
This was just a little overview. Part II will cover how you can manage your vmware infrastructure.