« Ansible - Infrastructure-as-a-Code » : différence entre les versions
mAucun résumé des modifications |
|||
| Ligne 53 : | Ligne 53 : | ||
= Inventory = | = Inventory = | ||
To '''connect''' to different '''hosts in your infrastructure''' and execute Playbooks, Ansible '''uses SSH for Linux systems''' and '''PowerShell Remoting for Windows systems'''. Ansible is an '''agentless''' tool, which means it '''does not require any agent''' to be '''installed on the remote machines'''. It operates through standard protocols like SSH and PowerShell Remoting. | |||
'''Information''' about the target systems is '''stored in an inventory file''', which is located at '''/etc/ansible/hosts''' by default. | |||
Here is an example of a sample Ansible inventory file: | |||
<pre class="linux"> | |||
marijan$ cat /opt/company-playbook/hosts | |||
web ansible_host=server1.company.com ansible_connection=ssh ansible_ssh_pass=P@ssw0rd ansible_port=4115 | |||
db ansible_host=server2.company.com ansible_connection=winrm ansible_user=admin | |||
mail ansible_host=server3.company.com ansible_connection=ssh ansible_ssh_pass=P@ssw0rd | |||
dev ansible_host=server4.company.com ansible_connection=winrm ansible_ssh_pass=P@ssw0rd | |||
</pre> | |||
In this example : | |||
* Each line defines a '''host alias''' (e.g., web, db, mail, dev) along with its connection parameters ; | |||
* '''ansible_host''' specifies the '''FQDN or IP address''' of the '''target machine''' ; | |||
* '''ansible_connection''' defines the '''protocol to use''' (e.g., ssh for Linux, winrm for Windows) ; | |||
* Optional variables like '''ansible_ssh_pass''', '''ansible_port''', and '''ansible_user''' are used to '''customise the connection'''. | |||
For a '''production environment''', it is recommended to use '''certificate-based authentication''' or '''SSH key-based, passwordless authentication'''. | |||
To run a '''Playbook locally''', you can set the following line in the host configuration file : | |||
<pre class="linux"> | |||
marijan$ cat /opt/local-playbook/hosts | |||
localhost ansible_host=localhost | |||
</pre> | |||
= Variables = | = Variables = | ||
Version du 14 avril 2025 à 21:11
Introduction
Ansible is an open-source automation and orchestration tool based on YAML and SSH, used to automate repetitive tasks in infrastructure management, such as provisioning, configuration management, continuous delivery, application deployment, and security compliance.
Developing scripts for these tasks requires time, coding skills, and ongoing maintenance. With Ansible, automation becomes simple and efficient
Configuration Files
Ansible provides a default configuration file, usually located at /etc/ansible/ansible.cfg. This file contains various settings such as the inventory file location, SSH connection options, privilege escalation rules, and more. Depending on the project you're working on, you can define a separate configuration file in a different directory with custom settings. This is one way to override specific parameters in Ansible without changing the global config.
In addition to the configuration file, you can create a playbook, written in YAML. A playbook describes what tasks to run on which hosts. It typically defines target hosts, tasks to execute, roles to apply, variables, handlers, and other automation logic. Playbook is explain more in an another section.
Be careful, when running a playbook, you should explicitly specify which configuration file to use by setting it through an environment variable, or directly in the Playbook file :
marijan$ ANSIBLE_CONFIG=/path/to/ansible.cfg ansible-playbook playbook.yml
Here is the priority order Ansible uses to determine which configuration file to load :
- Environment variable, you can specify the configuration file using the ANSIBLE_CONFIG environment variable, either when running the command or in your environment setup.
- Configuration file in the current directory, if there’s an ansible.cfg file in the same directory where the playbook is being run, Ansible will use it (as long as no environment variable overrides it).
- Default configuration file, if neither of the above is set, Ansible will fall back to the default configuration file located at /etc/ansible/ansible.cfg.
For example, if you have a playbook that currently relies on the default configuration file, but you want to change just one parameter, you should first check the correct name of that parameter in the Ansible documentation or by using command. This is important because the name you see in the configuration file might not always match the name required for environment variables.
To see the full list of available parameters via the command line, run:
Once you've identified the correct variable name, you can use the '''export command (for a Linux shell)''' to set it as an '''environment variable''' : <pre class="linux"> marijan$ export ANSIBLE_INVENTORY=/path/to/your/inventory
This lets you override specific settings without modifying the entire config file. If you only want to change a parameter temporarily, for a single run, you can also specify it directly in the command using the environment variable.
You can check the value of a specific parameter and see where it was defined (e.g., from an environment variable, a config file, etc.) by running the following command :
marijan$ ansible-config dump | grep "parameter"
Finally, to see which configuration file Ansible is currently using, run :
marijan$ ansible-config view"
Inventory
To connect to different hosts in your infrastructure and execute Playbooks, Ansible uses SSH for Linux systems and PowerShell Remoting for Windows systems. Ansible is an agentless tool, which means it does not require any agent to be installed on the remote machines. It operates through standard protocols like SSH and PowerShell Remoting.
Information about the target systems is stored in an inventory file, which is located at /etc/ansible/hosts by default.
Here is an example of a sample Ansible inventory file:
marijan$ cat /opt/company-playbook/hosts web ansible_host=server1.company.com ansible_connection=ssh ansible_ssh_pass=P@ssw0rd ansible_port=4115 db ansible_host=server2.company.com ansible_connection=winrm ansible_user=admin mail ansible_host=server3.company.com ansible_connection=ssh ansible_ssh_pass=P@ssw0rd dev ansible_host=server4.company.com ansible_connection=winrm ansible_ssh_pass=P@ssw0rd
In this example :
- Each line defines a host alias (e.g., web, db, mail, dev) along with its connection parameters ;
- ansible_host specifies the FQDN or IP address of the target machine ;
- ansible_connection defines the protocol to use (e.g., ssh for Linux, winrm for Windows) ;
- Optional variables like ansible_ssh_pass, ansible_port, and ansible_user are used to customise the connection.
For a production environment, it is recommended to use certificate-based authentication or SSH key-based, passwordless authentication.
To run a Playbook locally, you can set the following line in the host configuration file :
marijan$ cat /opt/local-playbook/hosts localhost ansible_host=localhost