Ansible for Simple Linux Management 2

Posted by JD 02/26/2015 at 19:00

Ansible is a DevOps tool. It is amazing. The purpose of this post is to get you thinking how to use ansible in your environment, not teach you to use it completely.

If you ever need to run a command on 2-50,000 servers and get the results back, then I can’t think of any easier, more flexible tool to use – better than shell scripts since there are so many administrative features already built into Ansible.

For example, I needed to rerun logwatch on my systems this morning after modifying some settings. First I modified the tasks/common_logwatch_settings.yml file and pushed out my new standard settings to all the running machines. This modifies/creates a file in /etc/cron.daily/ . Next, I needed to rerun logwatch to

  • verify the settings were correct on each system
  • get a fresh report from each system

To run the desired command on a group of remote hosts, use:

ansible cur -s -a "/usr/sbin/logwatch —output mail —mailto root@jdpfu.com —detail med "

Let’s break that down:

  • ansible – this is obvious
  • cur – that is a group of machines/IPs in my default ansible hosts-database; it is controlled here by settings in ~/.ansible.cfg.
  • -s – use sudo
  • -a – run the following command

That command can be anything. I routinely use the same technique to see of machines need to be rebooted after a kernel update:

ansible cur -a “/bin/cat /var/run/reboot-required”

Simple?

Or I have a playbook for the same thing:

ansible-playbook chk-reboot-required.yml

Or perhaps you need to push a new base file to all your systems, or a subset of them,
$ more tasks/email_aliases.yml
---

- name: Install /etc/aliases
copy: src=files/aliases dest=/etc/aliases backup=yes owner=root group=root mode=0644

- name: Force newaliases
action: command newaliases

Hopefully, the yml triple-dash shows up.

The files/aliases is a source – relative to the CWD.

So – what can you do with ansible? Just imagine.

  1. Tyler 02/27/2015 at 20:52

    Have you looked at Salt at all?

  2. JD 02/27/2015 at 23:31

    Only reading and watching youtube videos.

    It requires an agent – that is a non-starter for me. If I had 10,000 systems to manage, I’d look at salt carefully. For less than 1,000 – ansible is easier and with minor effort can use rabbitMQ (like salt).

    The agentless deployment is why most of the ruby-based DevOps things can’t be considered. Heck – most of my systems don’t have ruby by default … even though I love the Ruby language, I don’t want to install it on an email gateway server.