Hello Guys..
Welcome back..now being an Administrator it can be for any os .We all know As the time passes the infrastructure of the company is always going to increase.Its easy for an Admin to manage 10/20/30 but what if you have to manage 500 server simultaneously..
Eg. we have 500 server installed in company and imagine a new admin come and join you and now its your baby to create login on all 500 servers for him isn't its a time consuming and boring task rather I will say its irritating task for a admin to do this.
but just imagine the same request come to you and you need to just put useradd command with some tool and it will be replicate across all servers isn't it will be cool..
Now there are many IT automation tool available in market.so we need to choose tool as per our requirement.I have choose Ansible as
SO here are few steps which we need to follow to make this happen.
step 1:
To install ansible on redhat or fedora or cent OS either download from git or rpm or install using yum utility.before that we need to install python of the machine using
#yum update && yum -y install python && yum install ansible
or on deb you can do the same by adding ppa to the source of apt for that we need to install python-software-properties.
#sudo apt-get update && sudo apt-get upgrade
#sudo apt-get install python-software-properties -y
#sudo add-apt-repository ppa:rquillo/ansible
#sudo apt-get update
#sudo apt-get install ansible
We can also install using the pip command for that we need to install `python-pip` on server.
After that
pip install ansible
For more info refer. http://docs.ansible.com/intro_installation.html
Step 2:
Create and setup ssh key:
If you do not already have an SSH key pair that you would like to use for Ansible administration.As the user you will be controlling Ansible with, create an RSA key-pair by typing:
# ssh-keygen -t rsa
Note: done put any value just use default values for it
# cat $home/.ssh/id_rsa.pubssh-rsa
o/p:
AAAAB3NzaC1yc2EAAAADAQABAAABAQCjdZoR5lBLaILqn7foYO9N6zlB33K5gUcdCL8LHW4SGS6XZ8f26Ve2oAPHzxVyzLoTar5hlH3sJ/7X0VpfzJBV7fJxUS9/8lZn86sC1g4tZpD3kza6GqMUcBwOcoIfn1EbSVtEqKD+HmHhBgRdNp90//y5n9ULh3Y2IC2UDj+QBoIaKu+LWwJe4N2NgBw/f95Y6a/XGYvtiRiAtZSWPXMTlsFnT/gf7X3+U4nx8Sxzn6rgkOE+QJkKysrrb0o47sguLDcOLGS2h6d2Qo7xvx1ct8v+cRECVfm7XZZIhLP1wbqSh2i7XgOwZELgNqSZ7h+Op+QaF5o/SsB3hHhGzw8j root@nrathi-Lenovo-B460
you will get output some thing like this.We need to copy this o/p to every host which we want to manage using ansible.
As I have only one machine so i am using localhost you can use ip instead of localhost
Create .ssh directory in root's home directory using ansible.
#ansible -m shell -a 'mkdir $HOME/.ssh' localhost -k
note -k is used to specify the ssh password.
# ansible -m shell -a 'chmod -r 700' localhost -k
#ansible -m shell -a 'mkdir $HOME/.ssh' localhost -k
#ansible -m shell -a ' echo "AAAAB3NzaC1yc2EAAAADAQABAAABAQCjdZoR5lBLaILqn7foYO9N6zlB33K5gUcdCL8LHW4SGS6XZ8f26Ve2oAPHzxVyzLoTar5hlH3sJ/7X0VpfzJBV7fJxUS9/8lZn86sC1g4tZpD3kza6GqMUcBwOcoIfn1EbSVtEqKD+HmHhBgRdNp90//y5n9ULh3Y2IC2UDj+QBoIaKu+LWwJe4N2NgBw/f95Y6a/XGYvtiRiAtZSWPXMTlsFnT/gf7X3+U4nx8Sxzn6rgkOE+QJkKysrrb0o47sguLDcOLGS2h6d2Qo7xvx1ct8v+cRECVfm7XZZIhLP1wbqSh2i7XgOwZELgNqSZ7h+Op+QaF5o/SsB3hHhGzw8j root@nrathi-Lenovo-B460" >> .ssh/authorized_keys' localhost -k
ansible -m shell -a 'chmod 600 $HOME/.ssh/authorized_keys' localhost -k
and we are done we have successfully done the setting up the password less ssh across the host in my case they were users of same host.We can foll this or we can add this key in the key start of server which installing it.so that our over head is bit reduce of doing all
we can do the same by traditional way of making password less ssh too.
ref: http://www.namhuy.net/2433/ssh-login-without-password.html
Step 3:
Started with Basic Ansible cofig
On my Ansible computer, I'm using a user called nrathi. Ansible will try to connect to each host with ssh nrathi@<server_ip>.
This will not work if the nrathi user is not on the remote system.
We can create a file that tells all of the servers in the "newhost" group to connect using the root user.
To do this,
we will create a directory in the Ansible configuration structure called group_vars. Within this folder, we can create YAML-formatted files for each group we want to configure:
sudo mkdir /etc/ansible/group_vars
sudo vim /etc/ansible/group_vars/newhost
Note: Name of file and host grup name should be same
We can put our configuration in here. YAML files start with "---".
---
ansible_ssh_user: root
save this file and we are done
Note:
If you want to specify configuration details for every server, regardless of group association, you can put those details in a file at /etc/ansible/group_vars/all. Individual hosts can be configured by creating files under a directory at /etc/ansible/host_vars.
Ping all of the servers you configured by typing:
#ansible -m ping all
ping command does not take any argument but as we seen above.we can also try out them to create new user ssh config.checking free memory by free -m
ansible -m shell -a 'free -m' host1
Question
How can we specify multiple hosts in single command or calling specific set of servers ?
The "all" means all hosts. We could just as easily specify a group:
ansible -m ping newhost
We could also specify an individual host:
ansible -m ping host1
We can specify multiple hosts by separating them with colons:
ansible -m ping host1:host2
Note:
Groups can be combined
A:B designates the union of groups A and B
A:&B designates the intersection of groups A and B
A:!B designates the difference, all from A without those in B
#ansible -m ping web
#ansible -m ping web:db
#ansible -m ping web:&db
#ansible -m ping web:!db
Welcome back..now being an Administrator it can be for any os .We all know As the time passes the infrastructure of the company is always going to increase.Its easy for an Admin to manage 10/20/30 but what if you have to manage 500 server simultaneously..
Eg. we have 500 server installed in company and imagine a new admin come and join you and now its your baby to create login on all 500 servers for him isn't its a time consuming and boring task rather I will say its irritating task for a admin to do this.
but just imagine the same request come to you and you need to just put useradd command with some tool and it will be replicate across all servers isn't it will be cool..
Now there are many IT automation tool available in market.so we need to choose tool as per our requirement.I have choose Ansible as
- Its Free.
- Its works on ssh connection only so it will be secure
- No separate client configuration required
- It uses push model so changes will be reflect fast as compare to pull model
- the syntax its uses its YAML its like XML a simple plain English
- Its interactive
- its light weighted
SO here are few steps which we need to follow to make this happen.
step 1:
To install ansible on redhat or fedora or cent OS either download from git or rpm or install using yum utility.before that we need to install python of the machine using
#yum update && yum -y install python && yum install ansible
or on deb you can do the same by adding ppa to the source of apt for that we need to install python-software-properties.
#sudo apt-get update && sudo apt-get upgrade
#sudo apt-get install python-software-properties -y
#sudo add-apt-repository ppa:rquillo/ansible
#sudo apt-get update
#sudo apt-get install ansible
We can also install using the pip command for that we need to install `python-pip` on server.
After that
pip install ansible
For more info refer. http://docs.ansible.com/intro_installation.html
Step 2:
Create and setup ssh key:
If you do not already have an SSH key pair that you would like to use for Ansible administration.As the user you will be controlling Ansible with, create an RSA key-pair by typing:
# ssh-keygen -t rsa
Note: done put any value just use default values for it
# cat $home/.ssh/id_rsa.pubssh-rsa
o/p:
AAAAB3NzaC1yc2EAAAADAQABAAABAQCjdZoR5lBLaILqn7foYO9N6zlB33K5gUcdCL8LHW4SGS6XZ8f26Ve2oAPHzxVyzLoTar5hlH3sJ/7X0VpfzJBV7fJxUS9/8lZn86sC1g4tZpD3kza6GqMUcBwOcoIfn1EbSVtEqKD+HmHhBgRdNp90//y5n9ULh3Y2IC2UDj+QBoIaKu+LWwJe4N2NgBw/f95Y6a/XGYvtiRiAtZSWPXMTlsFnT/gf7X3+U4nx8Sxzn6rgkOE+QJkKysrrb0o47sguLDcOLGS2h6d2Qo7xvx1ct8v+cRECVfm7XZZIhLP1wbqSh2i7XgOwZELgNqSZ7h+Op+QaF5o/SsB3hHhGzw8j root@nrathi-Lenovo-B460
you will get output some thing like this.We need to copy this o/p to every host which we want to manage using ansible.
As I have only one machine so i am using localhost you can use ip instead of localhost
Create .ssh directory in root's home directory using ansible.
#ansible -m shell -a 'mkdir $HOME/.ssh' localhost -k
note -k is used to specify the ssh password.
# ansible -m shell -a 'chmod -r 700' localhost -k
#ansible -m shell -a 'mkdir $HOME/.ssh' localhost -k
#ansible -m shell -a ' echo "AAAAB3NzaC1yc2EAAAADAQABAAABAQCjdZoR5lBLaILqn7foYO9N6zlB33K5gUcdCL8LHW4SGS6XZ8f26Ve2oAPHzxVyzLoTar5hlH3sJ/7X0VpfzJBV7fJxUS9/8lZn86sC1g4tZpD3kza6GqMUcBwOcoIfn1EbSVtEqKD+HmHhBgRdNp90//y5n9ULh3Y2IC2UDj+QBoIaKu+LWwJe4N2NgBw/f95Y6a/XGYvtiRiAtZSWPXMTlsFnT/gf7X3+U4nx8Sxzn6rgkOE+QJkKysrrb0o47sguLDcOLGS2h6d2Qo7xvx1ct8v+cRECVfm7XZZIhLP1wbqSh2i7XgOwZELgNqSZ7h+Op+QaF5o/SsB3hHhGzw8j root@nrathi-Lenovo-B460" >> .ssh/authorized_keys' localhost -k
ansible -m shell -a 'chmod 600 $HOME/.ssh/authorized_keys' localhost -k
and we are done we have successfully done the setting up the password less ssh across the host in my case they were users of same host.We can foll this or we can add this key in the key start of server which installing it.so that our over head is bit reduce of doing all
we can do the same by traditional way of making password less ssh too.
ref: http://www.namhuy.net/2433/ssh-login-without-password.html
Step 3:
Started with Basic Ansible cofig
On my Ansible computer, I'm using a user called nrathi. Ansible will try to connect to each host with ssh nrathi@<server_ip>.
This will not work if the nrathi user is not on the remote system.
We can create a file that tells all of the servers in the "newhost" group to connect using the root user.
To do this,
we will create a directory in the Ansible configuration structure called group_vars. Within this folder, we can create YAML-formatted files for each group we want to configure:
sudo mkdir /etc/ansible/group_vars
sudo vim /etc/ansible/group_vars/newhost
Note: Name of file and host grup name should be same
We can put our configuration in here. YAML files start with "---".
---
ansible_ssh_user: root
save this file and we are done
Note:
If you want to specify configuration details for every server, regardless of group association, you can put those details in a file at /etc/ansible/group_vars/all. Individual hosts can be configured by creating files under a directory at /etc/ansible/host_vars.
Ping all of the servers you configured by typing:
#ansible -m ping all
ping command does not take any argument but as we seen above.we can also try out them to create new user ssh config.checking free memory by free -m
ansible -m shell -a 'free -m' host1
Question
How can we specify multiple hosts in single command or calling specific set of servers ?
The "all" means all hosts. We could just as easily specify a group:
ansible -m ping newhost
We could also specify an individual host:
ansible -m ping host1
We can specify multiple hosts by separating them with colons:
ansible -m ping host1:host2
Note:
Groups can be combined
A:B designates the union of groups A and B
A:&B designates the intersection of groups A and B
A:!B designates the difference, all from A without those in B
#ansible -m ping web
#ansible -m ping web:db
#ansible -m ping web:&db
#ansible -m ping web:!db
Isn't this is cools guys..........
