This is my first go at Ansible. Ansible uses SSH to setup servers with a desired environment. The scripts can be run again and again, and only apply things that have changed since the previous run.
Please also see this good tutorial which helped me with my first steps: https://serversforhackers.com/an-ansible-tutorial
My environment is like this: my workstation is Fedora 23. The host that I want to configure is a CentOS7 server.
On my Fedora 23 workstation:
# Fedora 23 currently installs Ansible 1.9, but that will be soon Ansible 2.0 dnf install ansible sudo vi /etc/ansible.cfg remote_user = root # 123.123.123.10 is just an example IP address of my CentOS7 server. sudo vi /etc/ansible/hosts [lxc_host_centos7] 123.123.123.10 |
I need a private and a public ssh key. The public key has been installed on the target CentOS7 machine, in /root/.ssh/authorized_keys.
Loading the private ssh key on Fedora 23:
ssh-add |
As a first test, I run:
ansible all -m ping |
Some modules are not part of Ansible 1.9 in Fedora. see also http://docs.ansible.com/ansible/modules_extra.html
git clone https://github.com/ansible/ansible-modules-extras.git mkdir -p /usr/share/my_modules/ cp ansible-modules-extras/packaging/os/yum_repository.py /usr/share/my_modules/ cp ansible-modules-extras/system/iptables.py /usr/share/my_modules/ sudo vi /etc/ansible.cfg library = /usr/share/my_modules/ |
By the way, here are the links to the modules that I am using:
- http://docs.ansible.com/ansible/yum_module.html
- http://docs.ansible.com/ansible/yum_repository_module.html
- http://docs.ansible.com/ansible/shell_module.html
- http://docs.ansible.com/ansible/iptables_module.html
Here is my playbook for installing the lxc scripts:
--- - hosts: lxc_host_centos7 vars: containerpwd: secretPWD tasks: - name: Configure the Epel Repo yum: name=epel-release state=installed - name: Configure the repo lbs-tpokorra-lbs yum_repository: name=lbs-tpokorra-lbs description="lxc scripts" baseurl=https://lbs.solidcharity.com/repos/tpokorra/lbs/centos/7 - name: Install the public key for the signed lxc-scripts package shell: rpm --import "http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x4796B710919684AC" - name: Install LXC host on CentOS7 yum: name=lxc-scripts state=installed - name: Enable and start libvirtd service: name=libvirtd state=started enabled=yes - name: Setup symbolic link shell: ln -s /usr/share/lxc-scripts scripts creates=/root/scripts - name: Create a SSH key pair for the containers shell: ssh-keygen -t rsa -C "root@localhost" -f /root/.ssh/id_rsa -N {{ containerpwd }} creates=/root/.ssh/id_rsa - name: Create a new, unique Diffie-Hellman group shell: mkdir -p /var/lib/certs && openssl dhparam -out /var/lib/certs/dhparams.pem 2048 creates=/var/lib/certs/dhparams.pem - name: Init LXC shell: ( ./initIPTables.sh && ./initLXC.sh ) > /root/lxc.installed chdir=/root/scripts creates=/root/lxc.installed - name: Install nginx yum: name=nginx state=installed - name: Enable and start nginx service: name=nginx state=started enabled=yes - name: Configure firewall port 80 for nginx iptables: chain=IN_public_allow protocol=tcp match=tcp destination_port=80 ctstate=NEW jump=ACCEPT - name: Configure firewall port 443 for nginx iptables: chain=IN_public_allow protocol=tcp match=tcp destination_port=443 ctstate=NEW jump=ACCEPT - name: store iptables shell: iptables-save > /etc/sysconfig/iptables |
This is how I run the playbook:
ansible-playbook lxc.yml --extra-vars "containerpwd=topsecret" |