{"id":17168724,"url":"https://github.com/sanix-darker/ansible_learn","last_synced_at":"2025-03-24T18:43:38.881Z","repository":{"id":243224432,"uuid":"766157556","full_name":"Sanix-Darker/ansible_learn","owner":"Sanix-Darker","description":"ansible learn","archived":false,"fork":false,"pushed_at":"2024-06-07T11:52:46.000Z","size":26,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-29T23:27:53.073Z","etag":null,"topics":["ansible","learning","tutorial"],"latest_commit_sha":null,"homepage":"https://sanix-darker.github.io/ansible_learn/ansible.html","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sanix-Darker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-02T13:53:01.000Z","updated_at":"2024-06-07T11:52:49.000Z","dependencies_parsed_at":"2024-06-07T13:13:52.411Z","dependency_job_id":null,"html_url":"https://github.com/Sanix-Darker/ansible_learn","commit_stats":null,"previous_names":["sanix-darker/ansible_learn"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sanix-Darker%2Fansible_learn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sanix-Darker%2Fansible_learn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sanix-Darker%2Fansible_learn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sanix-Darker%2Fansible_learn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sanix-Darker","download_url":"https://codeload.github.com/Sanix-Darker/ansible_learn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245330848,"owners_count":20597846,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","learning","tutorial"],"created_at":"2024-10-14T23:12:41.359Z","updated_at":"2025-03-24T18:43:38.837Z","avatar_url":"https://github.com/Sanix-Darker.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"## TUTORIAL NOTES\n\n\n## RESOURCES\n\nList of resources:\n\n- https://www.youtube.com/watch?v=BS0GLQaSGPo (Ansible tutorial).\n\n## LEARN MAP\n\n![map](./ansible.svg)\n\n[CHECK THE INTERACTIVE MAP](https://sanix-darker.github.io/ansible_learn/ansible.html)\n\n## CONCEPTS\n\n### INTRO\n\nAnsible helps automating tasks when we have a set of\nmultiple servers and we want to automate\nDeployments and keep consistancy accross our servers.\n\nIn the domain of sync conf we have two global mode of doing so:\n - **PULL CONFIGURATION**: each nodes checks the server for updates on the config and sync\n client\n \\\n client -\u003e server \u003c- client\n - **PUSH CONFIGURATION**: the server push the config when it got updated to sync with clients\n client\n \\\n client \u003c- server -\u003e client\n\n\u003e ANSIBLE is a **PUSH CONFIGURATION** type.\n\n### HOW DOES IT WORKS\n\nThe local machine ssh into all the nodes clients and has a list of playbooks.\n\nplaybooks are the core of ansible\nExample of a yaml ansible configuration file :\n\n```yaml\n- name: player1\n hosts: webserver\n tasks:\n - name: install postgresql\n yum:\n name: postgres\n state: present\n - name: start postgresql\n service:\n name: postgres\n state: start\n\n- name player2\n hosts: syncserver\n tasks:\n # We run rsync\n - name: install rsync\n shell:\n name: rsync\n state: present\n```\nWe have in our example two playbooks (player1 and player2).\n\nAnsible works with an inventory file that list all the hosts and their ip addresses\nand it's where we manage all our network management.\nIn this case we have two hosts :\n- webserver\n- syncserver\n\nThe contains of the inventory can looks like :\n```txt\n[webserver]\nweb1.manachine\nweb2.manachine\n\n[syncserver]\ndb1.manachine\n```\n\n### USE CASE\n\n**NOTE:** Don't forget to `export TERM=xterm`\n\nWe're going to play on CentOs\n\nTo install ansible:\n\n```bash\nsudo yum update -y\nsudo yum install epel-release\nsudo yum install ansible -y\nsudo yum install vim -y\n```\n\nThen update the /etc/ansible/hosts\n```bash\n[pgservers]\n192.168.1.129 ansible_ssh_user=root\n# the password will be asked on CLI mode\n```\n\nthen we can create our playbook :\n```yaml\n- name: player1\n hosts: pgservers\n tasks:\n - name: install postgresql\n yum:\n name: postgres\n state: present\n - name: start postgresql\n service:\n name: postgres\n state: start\n```\n\nBefore running, we can first check for the playbook linting with :\n`ansible-playbook ./playbook.yml --syntax-check`\n\nThen to run ansible we can run :\n`ansible-playbook ./playbook.yml`\n\nOr we can also specify the inventory file with this command :\n`ansible-playbook -i inventory.ini playbook.yml`\n\nTo allow ports to be opens :\n```\nsudo yum install firewalld\n\nsudo systemctl start firewalld\nsudo systemctl enable firewalld\n\nsudo firewall-cmd --permanent --add-service=ssh\nsudo firewall-cmd --reload\nsudo firewall-cmd --list-all\n```\n\nTo generate the ansible vault password, we just need to run :\n```bash\necho \"root\" \u003e password.txt\nansible-vault encrypt ./password.txt # to encrypt the password\n```\nThis will encrypt the content of the password and save in txt.\n\nNow, we have this updated version :\n```yaml\n---\n\n- name: player1\n hosts: pgservers\n remote_user: root\n become: true\n tasks:\n - name: check reachable on ping\n ping:\n - name: Ensure a file with the secret password is present\n copy:\n content: \"{{ my_secret_password }}\"\n dest: ./password.txt\n when: my_secret_password is defined\n - name: install postgresql\n yum:\n name: postgresql-server\n state: latest\n\n - name: install postgresql-contrib\n yum:\n name: postgresql-contrib\n state: latest\n\n - name: run postgresql\n service:\n name: postgresql\n state: start\n```\n\nThe content of pasword.yml:\n```yaml\nservers:\n hosts:\n 192.168.1.129:\n ansible_user: root\n ansible_password: !vault |\n $ANSIBLE_VAULT;1.1;AES256\n 33373166653239303231396465616664623262323432316238313235653437666338313935323663\n 3534623364633534353539346239653131313632323631660a663537656235303163616234383932\n 30356332343637353536616637626238316136353631313561623761313366366566633839653032\n 3334366464313963360a623639613832353930616235333937663530343035613833373331656630\n 6262\n```\nthe ansible_password is the content of password.txt\n\n#### with this command, we should provide ssh password asked to run the playbook\nansible-playbook -i ./inventory.ini --ask-pass ./playbook.yml\n\n#### Complete playbook for postgresql for example:\n```yaml\n---\n- name: Install and configure PostgreSQL on CentOS\n hosts: pgservers\n remote_user: root\n become: true # Run tasks with sudo\n\n tasks:\n - name: Install PostgreSQL, Server and Contrib\n yum:\n name: [postgresql, postgresql-server, postgresql-contrib]\n state: present\n\n - name: Initialize PostgreSQL database\n command: postgresql-setup initdb\n args:\n creates: /var/lib/pgsql/data/postgresql.conf\n\n - name: Start PostgreSQL service\n service:\n name: postgresql\n state: started\n enabled: yes # Ensure service starts on boot\n\n - name: Ensure PostgreSQL is listening on port 5432\n wait_for:\n port: 5432\n state: started\n\n- name: Check PostgreSQL status on CentOS\n hosts: postgresql_servers\n gather_facts: no\n\n tasks:\n - name: Check PostgreSQL service status\n service_facts:\n register: service_facts\n - debug:\n msg: \"PostgreSQL service is {{ 'running' if service_facts.ansible_facts.services['postgresql.service'].state == 'running' else 'not running' }}\"\n```\n\nIn case of the error :\n```\nFAILED! =\u003e {\"msg\": \"Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.\"}\n```\nwe need to ssh root@.... first to set keys that ansible is going to use.\n\n### PUBLIC KEY AND NOT SSH PASSWORKD (--ask-pass)\n\nInstead of hitting everytime the ssh password\nWe need to try to connect with the ssh public key\n\n- Generate the ssh key on the master node:\n```bash\nroot@master:~# ssh-keygen -t rsa -C \"name@example.org\"\n```\n\n- Then copy your public key to the servers with ssh-copy-id:\n```bash\nroot@master:~# ssh-copy-id user@child1.dev\nroot@master:~# ssh-copy-id user@child2.dev\n```\n\nConsidering authentification, we can also use *sshpass*:\n\n```\n# install from EPEL\n[root@dlp ~]# yum --enablerepo=epel -y install sshpass\n[2] \tHow to use SSHPass.\n# -p password : from argument\n\n[cent@dlp ~]$ sshpass -p password ssh 10.0.0.51 hostname\nnode01.srv.world\n\n# -f file : from file\n\n[cent@dlp ~]$ echo 'password' \u003e sshpass.txt\n[cent@dlp ~]$ chmod 600 sshpass.txt\n[cent@dlp ~]$ sshpass -f sshpass.txt ssh 10.0.0.51 hostname\n\nnode01.srv.world\n# -e : from env variable\n\n[cent@dlp ~]$ export SSHPASS=password\n[cent@dlp ~]$ sshpass -e ssh 10.0.0.51 hostname\nnode01.srv.world\n```\n\n### BONUS\n\nTo ping all the machines :\n```bash\nansible -m ping all\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsanix-darker%2Fansible_learn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsanix-darker%2Fansible_learn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsanix-darker%2Fansible_learn/lists"}