Managing remote machines direcly using ansible commands
<yambe:breadcrumb>Ansible|Ansible</yambe:breadcrumb>
Managing remote machines directly using ansible commands
Running simple shell command on all remote machines
Steps for managing remote machine are:
- As explained earlier in 'Installing ansible on ansible-management server' first python-simplejson should be installed on remote node using:
- yum -y install python-simplejson
- Then add all remote node FQDN or IPs in a text file (one on each line).
- echo <machine IP or FQDN> >> ansible_hosts
- Then setup trust based ssh to all hosts mentioned in ansible_hosts file using:
- ssh-copy-id root@<machine IP or FQDN>
- Finally to "/bin/echo hello" command on all remote machines use:
- ansible all -i ansible_hosts -a "/bin/echo hello"
Note that without no_log option the commands are recorded in remote systems syslog and can be seen at /var/log/messages. A better way to run commands is to use shell module as follows:
ansible all -i ansible_hosts -m shell -a "echo hello"
with a very big advantage of not having to type full absolute path for the executable.
When running any command with the Ansible ad-hoc CLI, pay particular attention to shell quoting rules, so the local shell doesn’t eat a variable before it gets passed to Ansible. For example, using double vs single quotes as shown below:
ansible all -i ansible_hosts -m shell -a "echo $HOSTNAME"
or
ansible all -i ansible_hosts -m shell -a 'echo $HOSTNAME'
would evaluate the variable on the box where command is run vs evaluation of varilables on remote machine.
Disabling remote ssh host key checking
Running ansible to manage remote hosts when their public keys are not present in '~/.ssh/known_hosts' does not works. To solve this either manually those keys can be added by doing ssh to every node being managed. Or checking of remote host public ssh keys can be disabled by editing ansible configuration. System wide ansible configuration goes in '/etc/ansible/ansible.cfg'. A local user specific override can be done in '~/.ansible.cfg'. To disable ssh key checks use:
[defaults] host_key_checking = False
in one of these two configuration file locations.
The same can also be done for current shell temporarily using:
export ANSIBLE_HOST_KEY_CHECKING=False
Warning: Please note that disabling checks for remote ssh keys will make system vulnerable to Man-In-The-Middle (MITM) attacks.
Ansible command options
Various ansible command options are:
- Host name
First a required argument is host where the ansible command should operate. We can use keyword 'all' or '*' to run the ansible command on all hosts. We can specify group name, where group is properly defined in hosts file to run command on all hosts in the group. Finally we can specify pattern or individual host name to run command only on hosts which satisfy the pattern (192.168.122.*). More than one host or pattern can be specified separated by colon(:).
It is also possible to specify a pattern or a group and then exclude specific hosts or other groups from overall selection using ! operator. Example
192.168*:!192.168.122.101
On shell remember to escape ! by using \ Further if no hosts match then ansible shows "No hosts match" message.
It is also possible to get intersection of two groups using & operator as follows:
webservers:&staging
Please note that even when we use pattern only hosts which are present in hosts file can be contacted or managed.- Hosts file
- We can specicy custom hosts file using '-i'. Default is '/etc/ansible/hosts'. All hosts specified at top of file are treated as uncategorized hosts. After such hosts we can specify a group name such as '[dns]', '[test_dns]' etc and set of hosts under given group. These group names can be used to specify hosts to operate on in ansible command or playbook.
- Module
- We can specify which module to invoke using '-m'. Default is command
- Arguments
- Arguments to the module being invoked can be passed using -a
- Fork
- To configure multiple machines in parallel we can use '-f' option with an integer argument.
- Ask-pass
- To configure ansible to ask ssh root password for remote machine we can use --ask-pass or -l
Ansible modules basics
To learn any ansible module first read its syntax and purpose from ansible docs at http://docs.ansible.com/list_of_all_modules.html For example read information on copy module and try commands mentioned in this article to understand its purpose.
Copy module
To copy a file from ansible server to specified remote hosts use:
ansible dns_hosts -i dns_hosts -m copy -a "src=/etc/hosts dest=/etc/hosts"
Note that output would look similar to:
192.168.122.103 | success >> { "changed": true, "checksum": "ab27c9b77077dd2a9f15246324ca0f8d31436b2f", "dest": "/etc/hosts", "gid": 0, "group": "root", "md5sum": "8cff70896b6b562833d9b14bd8d7bbb9", "mode": "0644", "owner": "root", "size": 308, "src": "/root/.ansible/tmp/ansible-tmp-1423134324.77-50906221386053/source", "state": "file", "uid": 0 } 192.168.122.102 | success >> { "changed": true, "checksum": "ab27c9b77077dd2a9f15246324ca0f8d31436b2f", "dest": "/etc/hosts", "gid": 0, "group": "root", "md5sum": "8cff70896b6b562833d9b14bd8d7bbb9", "mode": "0644", "owner": "root", "size": 308, "src": "/root/.ansible/tmp/ansible-tmp-1423134324.76-153401053249562/source", "state": "file", "uid": 0 }
On running the same copy command again, value of changed in output would change from true to false. Example output on running same copy command is:
192.168.122.103 | success >> { "changed": false, "checksum": "ab27c9b77077dd2a9f15246324ca0f8d31436b2f", "dest": "/etc/hosts", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/etc/hosts", "size": 308, "state": "file", "uid": 0 } 192.168.122.102 | success >> { "changed": false, "checksum": "ab27c9b77077dd2a9f15246324ca0f8d31436b2f", "dest": "/etc/hosts", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/etc/hosts", "size": 308, "state": "file", "uid": 0 }
For further information on copy module visit http://docs.ansible.com/copy_module.html
yum module
Use
ansible dns_hosts -i dns_hosts -m yum -a "name=bind-utils" -f 10
to install bind-utils on all dns_hosts or
ansible dns_hosts -i dns_hosts -m yum -a "name=bind-chroot" -f 10
to remove bind-chroot from all dns_hosts
<yambe:breadcrumb>Ansible|Ansible</yambe:breadcrumb>