Managing remote machines direcly using ansible commands

From Notes_Wiki
Revision as of 13:47, 5 February 2015 by Saurabh (talk | contribs) (Created page with "<yambe:breadcrumb>Ansible|Ansible</yambe:breadcrumb> =Managing remote machines directly using ansible commands= ==Running simple shell command on all remote machines== Steps...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

<yambe:breadcrumb>Ansible|Ansible</yambe:breadcrumb>

Managing remote machines directly using ansible commands

Running simple shell command on all remote machines

Steps for managing remote machine are:

  1. As explained earlier in 'Installing ansible on ansible-management server' first python-simplejson should be installed on remote node using:
    yum -y install python-simplejson
  2. Then add all remote node FQDN or IPs in a text file (one on each line).
    echo <machine IP or FQDN> >> ansible_hosts
  3. Then setup trust based ssh to all hosts mentioned in ansible_hosts file using:
    ssh-copy-id root@<machine IP or FQDN>
  4. Finally to "/bin/echo hello" command on all remote machines use:
    ansible all -i ansible_hosts -a "/bin/echo hello"

Note that without no_log option the commands are recorded in remote systems syslog and can be seen at /var/log/messages. A better way to run commands is to use shell module as follows:

    ansible all -i ansible_hosts -m shell -a "echo hello"

with a very big advantage of not having to type full absolute path for the executable.

When running any command with the Ansible ad-hoc CLI, pay particular attention to shell quoting rules, so the local shell doesn’t eat a variable before it gets passed to Ansible. For example, using double vs single quotes as shown below:

    ansible all -i ansible_hosts -m shell -a "echo $HOSTNAME"

or

    ansible all -i ansible_hosts -m shell -a 'echo $HOSTNAME'

would evaluate the variable on the box where command is run vs evaluation of varilables on remote machine.


Disabling remote ssh host key checking

Running ansible to manage remote hosts when their public keys are not present in '~/.ssh/known_hosts' does not works. To solve this either manually those keys can be added by doing ssh to every node being managed. Or checking of remote host public ssh keys can be disabled by editing ansible configuration. System wide ansible configuration goes in '/etc/ansible/ansible.cfg'. A local user specific override can be done in '~/.ansible.cfg'. To disable ssh key checks use:

    [defaults]
    host_key_checking = False

in one of these two configuration file locations.

The same can also be done for current shell temporarily using:

    export ANSIBLE_HOST_KEY_CHECKING=False

Warning: Please note that disabling checks for remote ssh keys will make system vulnerable to Man-In-The-Middle (MITM) attacks.


Ansible command options

Various ansible command options are:

Host name

First a required argument is host where the ansible command should operate. We can use keyword 'all' or '*' to run the ansible command on all hosts. We can specify group name, where group is properly defined in hosts file to run command on all hosts in the group. Finally we can specify pattern or individual host name to run command only on hosts which satisfy the pattern (192.168.122.*). More than one host or pattern can be specified separated by colon(:).

It is also possible to specify a pattern or a group and then exclude specific hosts or other groups from overall selection using ! operator. Example

 192.168*:!192.168.122.101  

On shell remember to escape ! by using \     Further if no hosts match then ansible shows "No hosts match" message.

It is also possible to get intersection of two groups using & operator as follows:

 webservers:&staging 
Please note that even when we use pattern only hosts which are present in hosts file can be contacted or managed.
Hosts file
We can specicy custom hosts file using '-i'. Default is '/etc/ansible/hosts'. All hosts specified at top of file are treated as uncategorized hosts. After such hosts we can specify a group name such as '[dns]', '[test_dns]' etc and set of hosts under given group. These group names can be used to specify hosts to operate on in ansible command or playbook.
Module
We can specify which module to invoke using '-m'. Default is command
Arguments
Arguments to the module being invoked can be passed using -a
Fork
To configure multiple machines in parallel we can use '-f' option with an integer argument.
Ask-pass
To configure ansible to ask ssh root password for remote machine we can use --ask-pass or -l


Ansible modules basics

To learn any ansible module first read its syntax and purpose from ansible docs at http://docs.ansible.com/list_of_all_modules.html For example read information on copy module and try commands mentioned in this article to understand its purpose.

Copy module

To copy a file from ansible server to specified remote hosts use:

     ansible dns_hosts -i dns_hosts -m copy -a "src=/etc/hosts dest=/etc/hosts"

Note that output would look similar to:

192.168.122.103 | success >> {
    "changed": true, 
    "checksum": "ab27c9b77077dd2a9f15246324ca0f8d31436b2f", 
    "dest": "/etc/hosts", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "8cff70896b6b562833d9b14bd8d7bbb9", 
    "mode": "0644", 
    "owner": "root", 
    "size": 308, 
    "src": "/root/.ansible/tmp/ansible-tmp-1423134324.77-50906221386053/source", 
    "state": "file", 
    "uid": 0
}

192.168.122.102 | success >> {
    "changed": true, 
    "checksum": "ab27c9b77077dd2a9f15246324ca0f8d31436b2f", 
    "dest": "/etc/hosts", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "8cff70896b6b562833d9b14bd8d7bbb9", 
    "mode": "0644", 
    "owner": "root", 
    "size": 308, 
    "src": "/root/.ansible/tmp/ansible-tmp-1423134324.76-153401053249562/source", 
    "state": "file", 
    "uid": 0
}

On running the same copy command again, value of changed in output would change from true to false. Example output on running same copy command is:

192.168.122.103 | success >> {
    "changed": false, 
    "checksum": "ab27c9b77077dd2a9f15246324ca0f8d31436b2f", 
    "dest": "/etc/hosts", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "path": "/etc/hosts", 
    "size": 308, 
    "state": "file", 
    "uid": 0
}

192.168.122.102 | success >> {
    "changed": false, 
    "checksum": "ab27c9b77077dd2a9f15246324ca0f8d31436b2f", 
    "dest": "/etc/hosts", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "path": "/etc/hosts", 
    "size": 308, 
    "state": "file", 
    "uid": 0
}

For further information on copy module visit http://docs.ansible.com/copy_module.html


yum module

Use

     ansible dns_hosts -i dns_hosts -m yum -a "name=bind-utils" -f 10

to install bind-utils on all dns_hosts or

     ansible dns_hosts -i dns_hosts -m yum -a "name=bind-chroot" -f 10

to remove bind-chroot from all dns_hosts


<yambe:breadcrumb>Ansible|Ansible</yambe:breadcrumb>