Ansible.txt

ANSIBLE JAN 11, 2023

ANSIBLE is a configuration Management tool
-Use it to automate and configure our servers and also deploy application.

DevOps
Aws DevOps Guru
Azure DevOps  --- Git/Maven


Infrastructure  --- servers  ---VPC Subnets - gateway, Firewall, Security Group, Route table etc  (infrastructures make your connectivity works seamlessly) they can be found
		On-prem - self managed/ company managed
		Cloud Based = AWS,GCP,Azure,Alibaba


Platforms that servers can run on:

Linux - Redhat, Ubuntu, CentOs, Alpine
Windows
Solaris
MacOs etc


DevOps Foundaton:
SDLC

Waterfall
Agile
	Scrum  ---> what would take you 200 features to build, in agile we have;

	iterations or production period
	a sprint = 10 working days
	sprints 1 	20 features
	sprints 2 	20 features
	sprints 3 	20 features
	sprints 4 	20 features
	sprints 5 	20 features
	sprints 6 	20 features
	sprints 7 	20 features
	sprints 8 	20 features

Kanban
  - can finish a task within a week (a time period, but not specific about the hours), once you finish it, you move on to the next task.  
  Scrum breaks it down more in terms of hours and all. 

Resources:
	Developers x 10
	DevOps Engineer x3
	QA x2
	Dev-Sec-Ops x1
  Linux Admin x2

Meetings:
	Standup meeting: talk about what you did yesterday, what you are doing today and is there any impediment/blocker

	Sprint planning meeting: plan what you are going to do for the next sprints.  Goes on for like 1hr

	Retrospect: lesson learnt, what to do differently

DevOps
Operating System:
Linux
  Unix --- Darwin
  Ubuntu
	CentOs
	RedHat
Windows
Solaris
etc

SCM:
	Git/GitHub/Gitlab, Bitbucket, Code Commit(AWS), Cloud code (GCP) = Build Script (BS), Unit Testcast (UTC), Source Code (SC) -- These are what we deploy for our applicatons
  ANything script /code we put them in github too.

Testing:
	Testing
	Selenium
	Sonarqube
	SonarCloud
	Cypress
	Snyk (more for scanning)
	Junit

Build:
	Maven
	Gradle Ant
	NodeJS
	MSbuild

Artifactory:
	Nexus
	Jfrog

Application Servers:
	Tomcat
	Wildfly/Jboss

Webservers/LoadBalancer:
ELB
Nginx Ingress
HAproxy

users  --->  werbseervers/LB   -------> tomcat
				Apache/Nginx/HAproxy/ELB

DevOps Tools
CI CD:
	Jenkins / CloudBees (cloud version of Jenkins)
	Bamboo
	CircleCI
	TravisCI
	CruiseControl
	TeamCity
	GitLab
	BitBucket

Environment: Ask organizations about how their environment are setup.  Request for documentation.
	Dev
	Stage
	QA
	UAT
	Pre-pod
	Prod.

Containerization:
	Docker
	Rocket
	CoreOs
	Container-D

Cloud Providers:
	AWS
	Azure
	GCP
	IBM
	VMWare
	Alibaba

Infrastructure as a code:
	Terraform
	Cloudformation (AWS)


Helm 2 --- requires Tiler Agent
Helm 3 --- Does not require tiler agent


Configurations Management:
	Localhost: = 1 server/ single host
	CLI
	GUI
	
  Automation:
	Commands
	scripts == (BashShell, Powershell, python, Groovy)


Say we have 10 servers we want to automate, we want to patch them, and run some installations and other stuffs in them.  This is where Configuration
Management comes in, in order to autommate configuration in servers.  We wouldn't want to go into each of the server to configure them. For example, we will go
into tomcat server to configure it, go into jenkins server to configure it etc, everytime we want to, that's a lot of stress, and this is why we need automation.

Multi-hosts =
Tools = Ansbile, puppet, Chef

Ansible:

-In Ansible, there is hostfile
-Ansible uses push methodology to push all configurations in the hostfile into the servers (say we have multiple servers) 
-Ansible does not need any agents
-Ansible communicate via ssh port (port 22).  No need to install agent.
-Ansiblbe uses "Playbook" for their play (following a set of configuration instruction)
-Ansible is an open source configuration Management tool
-also used to deploy, managed and mainatin servers.
-Ansible is made by Redhat

Chef and Puppet:
-Chef and Puppet use pull methodology.
-Chef and Puppet - you will need to install agents on all the host, and these agents will help (they are like eyeman giving you feedback)
-Chef and Puppet use cookbooks to do their play


For Ansible, You have your bashtion host and all that which you used to open network coming into our environment, then pull our key first, then we use ssh to communicate with/into our server.
Once you ssh and establish communication, we have different modules, we have ping modules, yum modules, apt modules etc.  Once you have the modules,  you will be able 
to talk to any server.

#Prof made a reference to a spotify movie:  Playlist 

Connection Plugins:
	Linux SSH == openSSH
	winndows - WINRM

	HOST: IPaddress / hostname / key.pem (Think connection using VScode and mobaxterm)
	username: ansible

	How does ansible connect to your hosts:
		ssh
		private-key(pem) or password
		ssh-public-key

LAB:

Step 1-spin up an aws ubuntu instance, t2-medium (can use t2micro too).  Ensure the ssh port 22 is opened.

NOte: you can also run python in ansible if you want

Step 2 - Ansible Installation

2 Methods of Installing Ansible in Ubuntu:

#1 Ansible installation in ubuntu using apt repo   (Use this)
#Ansible installation in ubuntu
#Add user first before installing, because once you switch user, the script will stop, so it  is better to switch user first.
 sudo adduser ansible
 echo "ansible  ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ansible
 sudo su - ansible
 sudo apt-add-repository ppa:ansible/ansible  
 sudo apt install ansible  -y

In ansible there is what we called "MODULES"

to run ansible modules = ansible-doc-i



THIS STEP IS OPTIONAL, YOU CAN MOVE TO STEP 3.

#2 Ansible installation in ubuntu using python3-pip
sudo useradd ansible
sudo passwd ansible
echo "ansible  ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ansible
sudo su - ansible
sudo apt install python3
sudo apt update
sudo apt install python3-pip
pip3 install ansible --user
sudo apt update
sudo apt install sshpass
sudo mkdir /etc/ansible
sudo chown -R ansible:ansible /etc/ansible/
vi  /etc/ansible/ansible.cfg
vi  /etc/ansible/hosts




How to install python3 on Ansible:
sudo apt install python3 -y

OR 

ansible localhost -a "apt install python3 -y" -b 

OR

ansible localhost -a "apt install python3 -y" -become


==================================================
#3 Ansible installation in redhat using python3-pip
1)     SSH to Redhat System & Switch to ansible user
       sudo su - ansible
      
2)     Install python
       sudo yum install python3 -y
      
3)    Update python alaternatives
       sudo alternatives --set python /usr/bin/python3
      
4)    Verify Python Version
         python --version
 
5)    Install PIP
       sudo yum -y install python3-pip
      
6)    Install ansible using PIP
       pip3 install ansible --user
      
7)    Verify Ansible version
       ansible --version
      
8)    Create ansible folder under /etc
       sudo mkdir /etc/ansible
       sudo chown -R ansible:ansible /etc/ansible/
       
      
9)    create ansible.cfg file under /etc/ansible ., and paste complete content from below git link.
      https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg
  
        vi  /etc/ansible/ansible.cfg

10)   Create hosts file under /etc/ansible.
        Sample content can found in below git link.
        https://raw.githubusercontent.com/ansible/ansible/devel/examples/hosts
 
        vi  /etc/ansible/hosts

//Optional Step
11) Install sshpass in Ansible server if you want to cofigure host machines with username and  
      password.


Modules: 
We have the,

yum modules
ping modules
copy modules
etc...  --->  docs.ansible.com/ansible/latest/plugins/module.html


Step 3
sudo vi /etc/ansible/hosts  = where we define our host inventory or details

Step 4
sudo chown -R ansible:ansible /etc/ansible/  = Before you can write inventory details into the hostfile, you need to change the ownership of the hosts file, if a user (ansbile user we created) doesn't want to use sudo privilege.
This is why we are doing this step

Step 5
vi /etc/ansible/hosts = Repeating step 3 without "sudo"

Step 6 (Using Ansible to establish communication to different Servers. This is the same as SSHing into each of the server, but through Ansible.  No matter the region the servers are located)

To use Ansible, You MUST do Inventory files and the format looks like this:
[NameOfServer]
<PrivateIPAddress> ansible_user=<user> ansible_ssh_private_key_file=/tmp/key.pem
[NameofServer]
<PrivateIPAddress>
[NameofServer]
<publicIPAddress>   <--- if the server is in a different region as your ansbile server

Example:
[tomcat]
172.31.93.245 ansible_user=ubuntu ansible_ssh_private_key_file=/tmp/SGself.pem
[sonar] 
172.31.82.162 ansible_user=ubuntu ansible_ssh_private_key_file=/tmp/SGself.pem   <---- for sonar, we used a public IP because they are in diffferent aws region as our ansible
[nexus]
172.31.94.73 ansible_user=ubuntu ansible_ssh_private_key_file=/tmp/SGself.pem <--- for nexus, we changed the IP to public IP (reason is same as above)
[jenkins]
172.31.18.152 ansible_user=ec2-user ansible_ssh_private_key_file=/tmp/shola.pem   <--- for nexus, we changed the IP to public IP (reason is same as above)
[k8s]
172.31.18.165 ansible_user=ec2-user ansible_ssh_private_key_file=/tmp/shola.pem


Note: each of the server(instances) above, we provisioned manually aws. (Terraform can help spin up a server)
note2: if the ansible_user=<user> ansible_ssh_private_key_file ... is not set up, using the ping module or any module will fail.

Step 7
vi /etc/ansible/hosts --> then paste the inventory files above in the file at the bottom of the page and then save

Step 8
copy the content of the key.pem of each server, e.g say we copied for tomcat and paste in the filename SGself.pem in your ansible server (vi /tmp/SGself.self).

Step 9
sudo chmod 400 /tmp/SGself.pem = to change the permission of the key pem file you copied and pasted in. (change the permission from read write to read only)

Step 10
ansible <servername> -m ping = this means we want to use ping module, to ping all of our servers

Example:
ansible tomcat -m ping  = this will ask if you want to authenticate, enter "yes" .
ansible sonar -m ping
ansible nexus -m ping
ansible jenkins -m ping

OR 
ansible all -m ping = we can even do this to ping everything at once.

Step 11 
ansible localhost -m ping = to ping ansible localhost (localhost is the server you are using)


EXamples below is the same as step 6

next :
Add the below to your vi /etc/ansible/hosts
[tomcat]
172.31.88.242 ansible_user=ubuntu ansible_ssh_private_key_file=/tmp/Sgself.pem
[sonar]
172.31.21.231 ansible_user=ec2-user ansible_ssh_private_key_file=/tmp/shola.pem
[nexus]
172.31.18.178 ansible_user=ec2-user ansible_ssh_private_key_file=/tmp/shola.pem
[jenkins]
172.31.18.152 ansible_user=ec2-user ansible_ssh_private_key_file=/tmp/shola.pem
[k8s]
172.31.18.165 ansible_user=ec2-user ansible_ssh_private_key_file=/tmp/shola.pem

See Step 10 (the same)
next run this:
ansible tomcat -m ping

Summary: What we are trying to do up to this point is to SSH into multiple tomcat servers (say we have 20 tomcat servers, 20 jenkins servers etc) 
using ansible (say after we used Terraform to launch the instances), we would need to run the first one manually first 
and then ansible will take care of the rest.



Step 12 - Instead of ansering "yes" to all the authentication question, for easy automation, let's remove the hostkey checking

vi /etc/ansible/ansible.cfg  = This is where we configure port, sudo_user, forks etc find "#host_key_checking = False" (this is usally the first line), 
then uncomment it or remove the #

#To generate an example config file (a "disabled" one with all default settings, commented out), run the command:

ansible-config init --disabled -t all > ansible.cfg

then vi into =  vi /etc/ansible/ansible.cfg

find "#host_key_checking = False" (this is usally the first line), then uncomment it or remove the #


Note: when I did ls in ansible home, I found another ansible.cfg that contains all the configuration information


Step 13 - few ansible commands (default ansible module is the command module)

next:
ansible -m ping all

ansible all -m shell -a "free" = to check the free memory for all the servers we have.

ansible all -a "free" = to see free memory size   ===>  ansible <server or all> -a "<command>""

you can pass arguement(command) with the ansible all -a "COMMAND"

ansible tomcat -m shell -a "df -h"

ansible tomcat -m shell -a "uname -a" -i myhosts

ansible tomcat -m shell -a "free -m" -i myhosts

ansible all -m shell -a "df -h"

Step 14  - running all using script to ssh into all the servers
vi test.sh:
	ansible all -m ping
	ansible localhost -m ping

	write and save the above and run.


Step 15
next change the permission by running "chmod +x test.sh"  ONLY if you want to run using "./test.sh" (i.e if you don't want to use "sh test.sh" to run it)

docks.ansible.com/ansible/2.9/reference_appendices/

NOTE: all we have done above is to establish communication with tomcat, nexus, sonarqube and all servers.  This is just to communicate with but NOT same as SSHing into all of the servers
using Ansible.


Types of host or inventory files:  It contains hosted servers details (Ip or Hostname).  There are two types;
1. Static Inventory:
	This is a static file where hosted servers are  grouped
2. Dynamic Inventory:  This is (shell or Python) a script used to fetch details from cloud providers.  Used when we don't have our host details or inventory files locally, 
it then gooes into the cloud and fetch the details.


NOTE: Why we are using Public IP in some hosted file: is that if you are using your ansible in say east region, and you want to use it to ssh into instances in west region,
Private IP will not work, you will have to use public IP.  This is why at the workplace, they use Elastic IP, because it works for all regions.

Python is used for automation, it can be used to write playbook for ansible and automate it. Python works with ansbile very well.
Basically, we use Python for automation, Shell for automation and Ansible for automation.



BIG NOTE: Be super confident of what you have learnt in class during your interview

==============================================================================================================================




Jan 14,2023

What we have learnt so far:
  Configuration
  Shell script
  ansible

ASIBLE PLAYBOOK: When we did k8s, we did saw imperative and declarative, same with terraform.  Same exists with ansible, and we declare our tasks or plays in the ansible playbook.
-imperative
-declarative

lets create a playbook so that we can create or export our SSH key into all our hosts, instead of writing out the keys in the host.  For security purpose.
Let's run a playbook that would automatically export our ansible keys into all our hosts, so that you wouldn't need to connect with their own keys but with your own key.

Before now, we talk to each server via their respective keys.

Step 16

Creating an SSH key (below is just to see what you have in hidden files)
-ls -a (ansible@ansible)
-ls .ssh

Step 17
ssh-keygen - this will generate pub/private key pair and ask you to enter file in which you want your key saved. Enter couple times, if you want it saved in the default displayed path.

step 18
ls .ssh = this displays and confirms the public and private key pairs of ansible server you just created.

step 19  - to output both your pub and private ansible server keys you created
cat .ssh/id_rsa  
cat .ssh/id_rsa.pub

Step 20A
We want to export keys already created into all our hosts and at the same time create ansible user in all the hosts so that ansible can communicate \
with the hosts without using the old server keys we use to connect before.

vi create_users.yml and paste the below into it.


- hosts: all
  become: true
  tasks:
  - name: Create Ansible User
    user:
      name: ansible
      create_home: true
      shell: /bin/bash
      comment: "Ansible Management Account"
      expires: -1
      password: "{{ 'DevOps@2020' | password_hash('sha512','A512') }}"   <----password 'DevOps@2020' can be anything, I just decided to use that.
  - name: Deploy Local User SSH Key
    authorized_key:
      user: ansible
      state: present
      manage_dir: true
      key: "{{ lookup('file', '/home/ansible/.ssh/id_rsa.pub') }}"     <---- exporting the public we created in all our hosts or servers
  - name: Setup Sudo Access for Ansible User
    copy:
      dest: /etc/sudoers.d/ansible
      content: 'ansible ALL=(ALL) NOPASSWD: ALL' 
      validate: /usr/sbin/visudo -cf %s
  -  name: Disable Password Authentication
     lineinfile:
        dest=/etc/ssh/sshd_config
        regexp='^PasswordAuthentication'
        line="PasswordAuthentication no"
        state=present
        backup=yes
     notify:
       - restart ssh
  handlers:
  - name: restart ssh
    service:
      name=sshd
      state=restarted

note: doing ls = short list = lists very few files, and ll = long list, listing all the files in a directory

we saved the above in create_users.yml


Step 21

ansible-playbook create_users.yml = to run the yaml file we just created

With the above we have created ansible user, export ansible keys into host and disable password authentication.


note: first ansible task is "Gathering facts".  It confirms and gathers all information about the playbook, what you are running.
The setup module is responsible for gathering fact

step 22

ssh ansible@IP

Example for step 22: 

ssh ansible@172.31.63.232 - here you can connect with eith public or Private IP

to confirm that you now have ansible user set up in the server you have connected do

cat /etc/passwd - you would see ansible as one of the users

ssh-copy-id ansible@<otherserver you want to ssh into>

Prior to setting up ansible user below is how we connect normally

ssh -i /tmp/SGself.pem ubuntu@172.31.63.232

Now with the above ssh ansible@<serverIP> we can now SSH into another server using their IP from ansible.


step 20B -BEFORE WITHOUT USING THE PLAYBOOK, BELOW IS HOW WE COPY ANSIBLE SSH KEYS INTO SERVERS 

ssh-copy-id ansible@IP - this will basically copy ansible ssh key into the server you are trying to ssh into.  works the same way as the playbook.

Example:

ssh-copy-id ansible@172.31.63.232

step 23

Now that we have installed ansible and exported Ansible ssh key in all our servers, we can now communicate with the servers (in ansible), 
with IP only (without the long ansible user path).

vi /etc/ansible/hosts and remove the path 


[Tomcat]
172.31.15.180
[sonar]
172.31.53.103
[nexus]
172.31.63.232

Now save the above, ping the servers to test if it would work (IT WORKED)

Test step 23:
ansible all -m ping

ansible all -m shell -a "free -m"

all worked

Note: If servers are in different region, ansible needs public Ip to ssh into them

Note: if servers are in the same region, ansible needs private IP to shh into them.

Note: what we have done with installing ansible in all of our servers if we didn't use the playbook, is to go to each of the servers individually
and  ssh into them, add ansible as a user and add password to ansible user, and the do "echo "ansible ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ansible 
and then sudo su -ansible.  Then sudo vi /etc/ssh/sshd_config then enable password authentication (change no to yes and uncomment it). 
Next restart "sudo systemctl restart ssh.service"  Next:connect ansible server to the server you are creating ansible user on (e.g docker) using ansible server,
do ssh ansible@<dockerserverIP>, notice that, it will ask for password because we didn't have ansible ssh key in the docker server environment.
Next:export ansible key to docker server environment (our id_rsa and id_rsa.pub), do ssh-copy-id@<dockerserverIP>. Now go to Ansible server and connect-ssh ansible@<dockerserverIP>, 
it will ask for password, then the ansible user password you created with ansible user in docker server, once you are in. Next:change the password authentication in docker server to "No"
in vi/etc/ssh/sshd_config.  Next restart the service - sudo systemctl restart ssh.service in docker server. Now you can work in ansible as docker user now.
Next, we can open our /etc/ansible/hosts file and add docker to it, since it has a password we may write the full path or connect without the full path (best option)
[docker]
<dockerIP> ansible_user=ansible ansible_password=<password>
[dk]
<dkIPaddress>



Ansible Commands:

1-Different (Manifest) ansible commands:

ansible all -m ping

ansible all -m shell -a "free -m"

ansible all  -a "free -m"

ansible all -m shell -a "df -h"

ansible node2 -m shell -a "mkdir shola"

ansible node2 -m shell -a "ls"

ansible node2 -m shell -a "rm -rf"

ansible node2 -m shell -a "name=dami state=directory" -b

sudo yum install httpd -y= this is how we install in redhat

ansible node2 -m yum -a "name=httpd state=present" -b  = node2 is the name of the server we want to install httpd in (whatever you name your server as is what you will call it here)
-a is to run all commands in shell, state=present means install, state=absent means uninstall, "yum" is the module we are using (could also be apt or any package manager)
-b means privilege escalation or state=latest means to install latest version of the app, state=started means to start the httpd.

 ansible node2 -m apt -a "name=apache2 state=present" -b = same as above but for ubuntu.

 note: apache2 is for ubuntu and httpd is for redhat.

patching = can mean installing something in a server

OR
we can run it like this

ansible jenkins -a "yum install httpd -y"

For httpd = after installation, we need to enable, start it and write an index.html file to view it.

<h1>Welcome to Acada Learning</h1>
This is Ansible module.

so vi index.html  and write your simple html text 

and copy the index.html file from your ansbile path to the jenkins path (becos that is what we are working on).  see below - 

ansible node2 -m copy -a "src=index.html dest=/var/www/html/index.html" -b


curl -v <jenkinspublicIP>

ansible node2 -m service -a "name=httpd state=started" -b = for redhat

ansible node2 -m service -a "name=apache2 state=started" -b = for ubuntu

curl -v <jenkinspublicIP> = this will output IP and port to run your static html site.

for every modifications you make on the index.html, you must always copy it to the destination to update it in the destination.

note: to run html static site, make sure you open your port 80 in inbound..


2-Using the Declarative way to write playbook:

How to write ansible playbook:

- hosts: jenkins     <----- the server you want to configure
  become: true       <----- to esclate priviledge
  tasks:
    - name: Install Apache <---- or httpd for redhat
      package:    <----- (instead of specifiying which package manager (yum or apt etc), we can use package)
        name: apache2
        state: present
    - name: Copy Index File
      copy:
        src: index.html
        dest: /var/www/html/index.html"
    - name: Start Apache2
      service:
        name: apache2
        state: started

Another way to write ansible-playbook (the above)


- hosts: node2     <-------node2 <the server you want to configure>
  become: true     <----- to esclate priviledge>
  tasks:
    - name: Install Apache
      package: name=apache2 state=latest
    - name: Copy Index File
      copy: src=index.html dest=/var/www/html/index.html
    - name: Start apache2 service
      service: name=apache2 state=started

  To unstall, change state=absent in package and state=stopped in service

Save any of the above in apache.yml 

NOTE:  Apache2 is for ubuntu and httpd doesn't work for ubuntu, works for httpd

Then run using:

ansible-playbook apache.yml


NOTE: installing any of the webservers would create /var/www/html path in your locals.   Example of webserver ; nginx, httpd, apache

ansible-doc -l = to get different ansible module documentation.

ansible-doc -l | grep s3  = to get the documentation for aws s3 bucket.

ansible-doc docker_login

/etc/nginx/nginx.conf










===================================================================================================

Jan 18, 2023


Using Ansible to deploy K8s
- hosts: master
  become: true
  tasks:
    - name: Delete Dev Namespaces
      shell: kuectl delete ns dev
    - name: Deploy acada application
      shell: kubectl apply -f acada.yml   <---- ensure you put the path where the yaml file is
    - name: Install Git
      package: name=git state=latest   <---package installs anywhere irrespective of the operating system (we can use yum here for Rhel, and apt for ubuntu)


Using Ansible to run K8s
- hosts: master    <--- if we want to install on all the servers running, you can put 'All' instead of a single hostname.  Hosts here is whatever name you name your server.
  become: true
  tasks:
    - name: Install wget
      package:
        name: wget
        state: latest
    - name: Install Git
      package: name=git state=latest

NOTE: When running ansible yaml file, no need to run it with extension

-hosts: master
become: true  <--- (if you don;t put become; true here, then when you want to run this playbook, you have to add -b)
tasks:
  #- name: Delete Dev Namespaces
  #shell: kubectl delete ns Dev
  #- name: Deploy acada application
  #shell: kubectl apply -f acada.yml   <--- (acada.yml must be the current path otherwise , use the full path)
  - name: Install Git
  package: name=git state=latest  <---( package is used as global package manager instead of using yum/apt-get etc)
  - name: Install wget
  package: name=wget state=latest
    - name: Install tree
  package:
    name: wget 
    state: latest



 # ansible-playbook k8s -b

ansible-playbook git --syntax-check = to dry run and check if your yaml has error

ansible-playbook git --check -b = to check all your play or tasks

ansible-playbook git -b


TEMPLATE MODULE:

There is what we called "handlers" in template module.

What is the difference between handlers and tasks

- hosts: master
  become: true  <--- (if you don;t put become; true here, then when you want to run this playbook, you have to add -b)
  tasks:
    - name: Install Git
    package: name=git state=latest 
    - name: Install wget
    package: name=wget state=latest
    - name: Install tree
    package:
      name: wget 
      state: latest

tasks = operations you want to run. will be executed from top to bottom. Some tasks have to notify handlers.

handlers = handlers usually execute task e.g state=latest,  state=started, without these handlers name=httpd wouldn't install or work. if task changes, handlers state can change and that will affect task.
However, if tasks doesn't change, the handler derfined wouldn't change.


Example 1: Template: vi template and paste the below

- hosts: Tomcat
  become: true
  tasks:
    - name: Install Apache
      package: name=apache2 state=latest
    - name: Copy Index File
      template: src=index.html dest=/var/www/html/index.html
    - name: Start Apache2 service
      service: name=apache2 state=started

Ensure you write a simple html script in index.html. (simply vi index.html and write anything)

now run the yaml file using ansible-playbook template -b 

remember:

  COPY in docker is used for copying in local source and destination

  ADD in docker can work as copy and also download from internet


  Copy module in ansible copies within local source

  Template module works like ADD in docker, copy within local Environment and also download from the internet. Template works like copy module too but also downloads from the internet in ansible.


VRIABLE AND COPY:

Example2: Copy module: vi test and paste the below

- hosts: Tomcat
  vars:
    Name: Cohort 7
  become: true
  tasks:
    - name: Install Apache
      package: name=apache2 state=present
    - name: Copy Index File
      copy: src=index.html dest=/var/www/html/index.html
    - name: Start Apache service
      service: name=apache2 state=started 

    now write up a simple html script "vi index.html" and write:
     <h1> This is Ansible </h1>
     This is {{ Name }}

    run it "ansible-playbook test -b"   <---test is the name of the declarative file

    "ansible-playbook test --extra-vars "class=Thisis DevOps"  <--- this output This is DevOPs

    "ansible-playbook test -b --extra-vars "class=DevOps"

    see =  https://www.cherryservers.com/blog/how-to-use-variables-in-ansible-playbooks#:~:text=var%3A%20check_uptime.stdout-,Define%20Ansible%20Variables%20at%20Playbook%20Runtime,pair%20of%20single%20curly%20braces.

    https://www.redhat.com/sysadmin/ansible-variables-arguments#:~:text=To%20define%20a%20variable%20dynamically,want%20the%20variable%20to%20contain.


Types of Variables:

  run-time Variable  = is what we practiced above
  playbook Variable = defining the variables in the yaml file
  host_vars
  group_vars


Packages module:

- hosts: tomcat
  become: true
  tasks:
    - name: Install packages
      package:
        name: ['unzip', 'wget', 'nano']  <--- to run multiple packages
        update_cache: yes   <----this will check update, if it has been installed or not.
        state: present  <--- (or latest)


Difference between present and latest:

State as 'Present' and 'Installed' are used interchangeably. They both do the same thing i.e. it will ensure that a desired package in your case 'yum' is installed. 
Whereas State as 'Latest' means in addition to installation, it will go ahead and update if it is not of the latest available version.


Setup Module:

ansible -m setup tomcat = this will give us all of the information on tomcat

ansible -m setup tomcat | grep ansible_os_family

vi test2

- hosts: tomcat
  become: true
  task:
    - name: Install Package
      package:
        name: ['unzip', 'wget', 'nano'] 
        update_cache: yes
        state: latest  <--- ( when you change latest to absent, then it uninstall all the appps defined under package)
      when: ansible_os_family == "Debian"  <---- this means, run this playbook only when the os is Debian, if the server is not debian, then it will skip the task.


Note:  Gethering facts is the first task that runs

- hosts :all <--- this means to run all the tasks defined in all the resources defined.

docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html


ansible-playbook setup.yml --step  = to ask you if you want to skip a step or task, every step of the way.  For step, if you select yes, it will run the current task and ask if to do the next step, if you enter "continue",
it will run all the tasks defined in the playbook.  If you run "No", it will skip the step.


ansible-playbook setup.yml --list-hosts =  to list all the hosts (to do this ensure you have a lot of host and set hosts to all)

ansible-playbook setup.yml -v  = this will output the outcome of the playbook.  Same function as verbose

ansible-playbook setup.yml --list-tags  = this will list all your tasks tags, and then you can use a tag to skip a task/step.



www.codakid.com
=============================================================================

Jan 28, 2023

ANSIBLE Variables. {{}}:



  run-time Variable  = is what we practiced above
  playbook Variable = defining the variables in the yaml file
  host_vars = 
  group_vars = this is also host defined, we must define host



-sudo  mkdir /etc/ansible/group_vars <--- we created this as a ubuntu user

-sudo vi /etc/ansible/group_vars/all.yaml  <---- created a file as ubuntu user

-Define a username and a password in the file above
password: admin123
username: acada

save the above and exit.

Write up a yaml file (named it vars)
- hosts: tomcat
  become: true
  gather_facts: true
  tasks:
  - name: vars demo
    debug:
      msg: "{{username}}"
    ignore_errors: true
  - name: vars demo2
    debug:
      msg: DevOps is very good with ACADA Learning


ansible-playbook vars --extra-vars "username=school"

  note from AYO: @shola, maybe try using a different server in front of your host. t didn't work for my tomcat server. Despite the fact that  my /var/www/html/index.html file was changed. it didn't show on my webpage. 

 So i changed the host to my Jenkins server and it worked.




--sSOME lines missing like 10mins


Ansible Vault:
sudo ansible-vault encrypt /etc/ansible/group_vars/all.yaml <--- encrypting your vault, this will ask for passwd if ran
sudo ansible-vault decrypt /etc/ansible/group_vars/all.yaml <--- to decrypt


ansible-playbook var.yml --ask-vault-pass -b = means run this playbook and ask the vuat for information


sudo ansible-playbook var.yml --vault-password=vaultpass

note: we will come back to the above later

Creating custom hostfile:

vi ...

change the path of your hostfile in the above to  ( se :nu? to search)

write a new path for your host = /etc/ansible/new_hosts (comment out the original one #/etc/ansible/hosts)

next cut your hosts content and paste to the new host you created. 

NOTE Searching vi editor:

To search in vi editor:

Soon as you vi into a file, type "/" (without the quote).

Next, enter the keyword you want to search, then select "Enter key"

To go to the next string tap "n" on your keyboard.

For example, if I want to search "hosts" in /etc/ansible/hosts.

I would vi into that file and then do this:

-/hosts

-select enter key

- tap n = to move to the next search result 


https://www.softwaretestinghelp.com/ansible-roles-jenkins-integration-ec2-modules/amp/

Read about ansible tower and ansible galaxy