Table of contents
- Infrastructure as a Code Vs Configuration Management
- IAC
- Configuration Management
- Ansible in real-time
- Approaches used in Configuration Management
- push Configuration management:
- Pull Configuration management:
- Ansible
- Hands-On
- Installing Ansible in Master Node
- Multi Environment Ansible Configuration
- Playbook
- Deploying application using ansible
- Ansible Tower
Infrastructure as a Code Vs Configuration Management
IAC
It refers to the process of managing and provisioning the infrastructure such as servers, networks, and storage, through code without manual effort.
what does infrastructure include?
Primarily focused on defining and managing software and virtual infrastructure components such as virtual machines, containers, networks, and virtualized storage infrastructure.
IAC is writing code. This code is then used to automatically provision and configure the infrastructure. Code can be written in a variety of programming languages, such as YAML, JSON, or Python, and can be managed using version control tools such as Git.
Examples of IAC tools : Ansible, Terraform, and CloudFormation
Configuration Management
Configuration management is the process of managing and maintaining the configuration of software and systems, including the hardware, software, and network components.
Configuring refers to the process of setting up and defining the options, and parameters that define how software is arranged to operate within an IT system.
It includes what services are started, what are services installed, what needs to be backup, giving permissions to the user, adding users, etc.
Examples of Configuration Management tools: Ansible, Puppet, chef
Note: Terraform is an IAC tool whereas ansible is a tool that manages this IAC.
IAC and Configuration Management tools can help organizations to improve the efficiency, reliability, and security of their IT infrastructure while also making it more agile and scalable.
If we use IAC, then without any manual effort, we can automate things.
Important terminologies:
Provisioning: Setting up the infrastructure.
Ansible in real-time
Previously, system ops used to maintain a configuration file, which will have all the details of all the servers/operating systems. In order to update, check status, manage package management, backup, rollback, set up software, etc system ops are used do it. which is tedious.
Here comes ansible where with one master server, everything will be configured to all the servers.
Approaches used in Configuration Management
push Configuration management (Ansible)
Pull Configuration management (chef and puppet)
push Configuration management:
Master Node "pushes" the updates out to the worker nodes.
Master Node decides what configuration changes need to be made and then pushes those changes to the worker nodes.
Pull Configuration management:
The configuration changes are initiated by the worker nodes themselves.
The worker nodes regularly check a central management server (Master Node) or a configuration management tool for updates and then "pull" those updates down to their local systems. Its an agent-based.
Let's learn about push Configuration management through Ansible.
Ansible
This is a master and worker node architecture.
Things that need to be installed/should have in Master Node to connect with worker nodes are:
Ansible installed
Should have an IP address and username of worker nodes.
(No need of installing ansible in worker nodes ๐ )
Should have SSH key
Hands-On
Let's do Hand-On now ๐
Create EC2 Instances ( for Master and Worker Nodes)
While creating use the same key pair.
Use of private and public keys of Master Server:
The master node's public key will be shared with Worker Nodes.
The master node's private key will be present in a master node which is used to connect with worker nodes by sharing with them.
Installing Ansible in Master Node
Follow Ansible Tutorial - Google Docs (Ansible is built in python)
# installing req libraries needed to install ansible
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible -y
# To check if ansible is set up or not
cat /etc/ansible/hosts
you should see a file like this, which means ansible is installed.
This is called an Inventory file where all details of the servers will be present.
Create 3 (let's take) worker nodes with the same access key used. Collect all their IP addresses and add them to this inventory.
Let's connect with worker nodes. Before that add a private key (pem file of the master node ) from the local machine to the master node server. ๐
# secure copy scp is used to copy files from local to remote. Here we are cpoying pem file that was downloaded in the system to master node in /home/ubuntu/.ssh folder.
scp -i "Ansible-Access-Key.pem" Ansible-Access-Key.pem ubuntu@ec2-13-232-231-99.ap-south-1.compute.amazonaws.com:/home/ubuntu/.ssh
local system:
remote master node: you can see that pem file was copied into master node.
You need to use this private pem file of master node in worker nodes to connect.
This pem file should be stored in inventory file (shown above) and this will be allocated to a variable and it will be configured to worker nodes. Lets see.
ansible_python_interpreter=/usr/bin/python3
ansible_ssh_private_key_file=/home/ubuntu/.ssh/Ansible-Access-Key.pem
Give permission to pem file
# used to connect to the worker nodes
ansible servers -m ping
Now we worker nodes were connected with master. ๐
Lets check the disk space of our worker nodes using master node.
ansible servers -a "df -h"
It listed disk space of all the 3 worker nodes. ๐
Likewise you can update , install anything in worker nodes without actually going inside worker nodes, just simply by using master node.
# It will update all the servers
ansible servers -a "sudo apt update"
# It will display running details of the servers
ansible servers -a "uptime"
# it will create dir in all the servers
ansible servers -a "mkdir ansible-dir"
Multi Environment Ansible Configuration
In real time you will be having different environments like prod, dev, stage. For each environment there should be a inventory file. Give prod application ipaddress in Inv file.
ansible -i prod-inv servers -m ping
Playbook
A playbook is a set of instructions that defines a standardized process for executing a specific task or workflow.
For example, a DevOps playbook might outline the steps for deploying a new application or updating an existing one.
Playbook name can be anything. It is an YAML file.
# - is list of tasks
# The playbook is name is "Date playbook"
# runs of group of servers as defined above
# This playbook consists of task which will run on each of the servers, the task is displaying the date and time using date command
-
name: Date playbook
hosts: servers
tasks:
- name: this will show the date
command: date
# Run playbook using
ansible-playbook date.yaml
Now let's install nginx in all the servers using playbook.
# This playbook will install nginx and start nginx
# become : yes is giving sudo permission to install
-
name: Install nginx
hosts: servers
become: yes
tasks:
- name: nginx Installer
apt:
name: nginx
state: latest
- name: nginx start
service:
name: nginx
state: started
enabled: yes
# run the playbook above using
ansible-playbook install-nginx
Let's see if nginx is installed in the servers or not.
It is one of the worker nodes and ngnix is installed. ๐
Note : you can use condition to install software. like below, only when OS is debian or ubuntu then install apache else it will skip.
-
hosts: servers
become: true
tasks:
- name: Install apache
apt:
name: apache2
state: latest
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
with_items in ansible, instead of writing command to install multiple software, use with_items as loop it will install below softwares.
---
- name: Install Mysql package
yum: name={{ item }} state=present
with_items:
- mysql-server
- MySQL-python
- libselinux-python
- libsemanage-python
- name: Configure SELinux to start mysql on any port
seboolean: name=mysql_connect_any state=true persistent=yes
when: ansible_selinux.status == "enabled"
- name: Create Mysql configuration file
template: src=my.cnf.j2 dest=/etc/my.cnf
notify:
- restart mysql
- name: Start Mysql Service
service: name=mysqld state=started enabled=yes
You can use for loop as well
Deploying application using ansible
Now lets deploy one simple HTML application using Ansible. Maintain evrything in a single directory. This application should deploy in prod-inv inventory that we created above.
index.html
<!DOCTYPE html>
<html>
<head>
<style>
body {
font-family: Arial, sans-serif;
background-color: #f2f2f2;
color: #333;
text-align: center;
}
h1 {
font-size: 36px;
margin-top: 50px;
color: #6130e8;
}
p {
font-size: 18px;
margin: 20px 0;
}
</style>
</head>
<body>
<h1>Welcome to Ansible</h1>
<p> *** App deployed successfully using ansible :) *** </p>
</body>
</html>
deploy_webpage.yaml
The Ansible playbook is installing the Nginx web server and then deploying an HTML file (index.html) to the server's default web root directory (/var/www/html). Once the index.html file is in place, Nginx will serve it as a webpage when accessed through a web browser using the server's IP address or hostname.
In other words, the index.html file is being served by the Nginx web server, making it accessible via HTTP or HTTPS to clients such as web browsers.
-
name: this is a simple html project
hosts: servers
become: yes
tasks:
- name: Install nginx
apt:
name: nginx
state: latest
- name: Start nginx
service:
name: nginx
state: started
- name: Deploy webpage
copy:
src: index.html
dest: /var/www/html
# deploy the app using below command
ansible-playbook -i inventories/prod-inv deploy_webpage.yaml
Check the prod server using, it will list all the servers present inside prod environment. Our app is running in this IP address. ๐๐คฉ
ansible-inventory -i inventories/prod-inv --list -y
Ansible Tower
Ansible Tower is a web-based graphical interface and automation management platform that provides a centralized view of Ansible playbooks, inventory, and job runs. It is developed and maintained by Red Hat.
--Thank you for your time--
Happy Learning ๐