Configure Multiple Servers with Ansible
Ansible is an infrastructure as code tool that functions as configuration management. Ansible can configure multiple servers at the same time automatically.
Ways of working
Hosts on which Ansible is installed (Control Nodes) must be able to connect to the hosts to be configured (Managed Nodes) via the SSH protocol. Managed Nodes do not need to install agents or other additional applications, just activate SSH.
The list of Managed Nodes is stored in the Inventory file by writing down the IP or hostname.
Configuration commands (Tasks) are commands that are specific to just one command (one task = one command) defined in the Playbook file. For example, if there is an update and an install, it means there are 2 tasks. Commands that can be run in tasks are called Modules or Task Plugins, for example there are for packaging, network, and database.
0. Tutorial Environment
Environment used in this tutorial:
- Control Node: Ubuntu 20.04
- Managed Nodes: 2x VPS Ubuntu 20.04
- Webserver host 178.128.55.175
- Database host 165.22.102.165
- Ansible v2.12.6
1. Install SSH Key
Install an SSH key so that Ansible can communicate with Managed Nodes via SSH by authenticating using the key.
Create an SSH key on the Control Node.
1 | ssh–keygen |
For example, the key is stored with the name ansible.
1 | /home/musa/.ssh/ansible |
Sending keys to the webserver host and database, using the root user.
1 2 | ssh–copy–id –i ~/.ssh/ansible root@178.128.55.175 ssh–copy–id –i ~/.ssh/ansible root@165.22.102.165 |
Testing SSH connections.
1 2 | ssh –i ~/.ssh/ansible root@178.128.55.175 ssh –i ~/.ssh/ansible root@165.22.102.165 |
Install Ansible
Install Ansible on Ubuntu.
1 2 3 4 | sudo apt update sudo apt install software–properties–common –y sudo add–apt–repository —yes —update ppa:ansible/ansible sudo apt install ansible –y |
Installing Ansible on other operating systems read at docs.ansible.com
Inventory Settings
Ansible provides a default Inventory file in /etc/ansible/hosts , but you can also create your own custom Inventory files.
Create a folder to store Ansible project files.
1 2 | mkdir ansible cd ansible |
Create an Inventory file, for example, give it the name inventory.
1 | nano inventory |
Fill inventory.
1 2 3 4 5 6 7 8 9 | [all:vars] ansible_user=root ansible_ssh_private_key_file=/home/musa/.ssh/ansible [webserver] 178.128.55.175 [database] 165.22.102.165 |
- Setting the user and key used by Ansible.
- Create [webserver] and [database] host groups. If there are other servers you want to include, just add the IP in the desired group.
Check inventory by displaying all existing hosts.
1 | ansible–inventory –i inventory —list |
The result.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | { “_meta”: { “hostvars”: { “165.22.102.165”: { “ansible_ssh_private_key_file”: “/home/musa/.ssh/ansible”, “ansible_user”: “root” }, “178.128.55.175”: { “ansible_ssh_private_key_file”: “/home/musa/.ssh/ansible”, “ansible_user”: “root” } } }, “all”: { “children”: [ “database”, “ungrouped”, “webserver” ] }, “database”: { “hosts”: [ “165.22.102.165” ] }, “webserver”: { “hosts”: [ “178.128.55.175” ] } } |
Testing Ansible connection to hosts.
1 | ansible –i inventory all –m ping |
The result.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | 178.128.55.175 | SUCCESS => { “ansible_facts”: { “discovered_interpreter_python”: “/usr/bin/python3” }, “changed”: false, “ping”: “pong” } 165.22.102.165 | SUCCESS => { “ansible_facts”: { “discovered_interpreter_python”: “/usr/bin/python3” }, “changed”: false, “ping”: “pong” } |
Playbooks
Create a Playbook file, for example named playbook.yml.
1 | nano playbook.yml |
Fill in the playbook.yml file.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | – hosts: all tasks: – name: Update apt cache apt: update_cache: yes – hosts: webserver tasks: – name: Install Nginx dan PHP apt: pkg: – nginx – php–fpm – php–common – hosts: database tasks: – name: Install MariaDB apt: name: [‘mariadb-server’, ‘python3-mysqldb’] – name: Membuat database db_app mysql_db: name: db_app state: present – name: Membuat user user_app dan beri hak akses ke db_app mysql_user: name: user_app password: rahasia priv: ‘db_app.*:ALL’ state: present – name: Membuat password root MariaDB mysql_user: name: root password: rahasia state: present |
Command to be executed:
- Update apt cache on all hosts
- Install Nginx and PHP on the hosted webserver
- Install MariaDB on the host database, create a database, user, and set a root password
Running playbooks.
1 | ansible–playbook –i inventory playbook.yml |
The result.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | PLAY [all] ******************************************************************************************************* TASK [Gathering Facts] ******************************************************************************************* ok: [165.22.102.165] ok: [178.128.55.175] TASK [Update apt cache] ****************************************************************************************** changed: [165.22.102.165] changed: [178.128.55.175] PLAY [webserver] ************************************************************************************************* TASK [Gathering Facts] ******************************************************************************************* ok: [178.128.55.175] TASK [Install Nginx dan PHP] ************************************************************************************* changed: [178.128.55.175] PLAY [database] ************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************* ok: [165.22.102.165] TASK [Install MariaDB] ******************************************************************************************* changed: [165.22.102.165] TASK [Membuat database db_app] *********************************************************************************** changed: [165.22.102.165] TASK [Membuat user user_app dan beri hak akses ke db_app] ******************************************************** changed: [165.22.102.165] TASK [Membuat password root MariaDB] ***************************************************************************** changed: [165.22.102.165] PLAY RECAP ******************************************************************************************************* 165.22.102.165 : ok=7 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 178.128.55.175 : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 |
Testing
Testing the results of the Ansible configuration, checking Nginx and PHP on the webserver host and browsing http://IP-Server.
1 2 | systemctl status nginx systemctl status php7.4–fpm |
Checking the database and database users on the host database.
1 2 3 4 5 6 7 | mysql –u root –p show databases; exit mysql –u user_app –p show databases; exit |
Good luck ?
Tidak ada komentar:
Posting Komentar