Ansible Configuration:
Ansible Configuration:
note:login to root(sudo -i)
=>login to master node(ACS(ansible control server)):
=>update PasswordAuthentication to YES anbd then save the file:
------------------------------------------------------------
------------------------------------------------------
root@ip-172-31-45-194:/etc/ssh# vi /etc/ssh/sshd_config
=>update PasswordAuthentication to YES and then save the file:
------------------------------------------------------------
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes
=>restart the servces(SSHD):
-------------------------
root@ip-172-31-45-194:/etc/ssh# service sshd restart
root@ip-172-31-45-194:/etc/ssh# service sshd status
=>add user (username you can use anything for my practice im using "ansible":
-----------------------------------------------------------------------------
root@ip-172-31-45-194:~# adduser ansible
Adding user `ansible' ...
Adding new group `ansible' (1001) ...
Adding new user `ansible' (1001) with group `ansible' ...
Creating home directory `/home/ansible' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for ansible
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
root@ip-172-31-45-194:~#
=>Add ansible user in 'visudo' :
-------------------------------
####################################
ansible ALL=(ALL:ALL) NOPASSWD:ALL
####################################
=>checking: (when you update with apt-get it should not ask password)
---------
root@ip-172-31-45-194:~# visudo
root@ip-172-31-45-194:~# exit
logout
ubuntu@ip-172-31-45-194:~$ su ansible
Password:
ansible@ip-172-31-45-194:/home/ubuntu$ cd ~
ansible@ip-172-31-45-194:~$ pwd
/home/ansible
ansible@ip-172-31-45-194:~$
ansible@ip-172-31-45-194:~$ sudo apt-get update
Hit:1 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial InRelease
Hit:2 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:3 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu xenial-security InRelease
Reading package lists... Done
ansible@ip-172-31-45-194:~$
=>install ansible on ubuntu:
----------------------------
https://docs.ansible.com/ansible/2.5/installation_guide/intro_installation.html#latest-releases-via-apt-ubuntu
=>Commands:
-----------
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible
=>After the above commands check ansible is installed or not:
-------------------------------------------------------------
ansible@ip-172-31-45-194:~$ ansible --version
ansible 2.7.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 20160609]
ansible@ip-172-31-45-194:~$
###########################################################
login to node:
###########################################################
sudo -i
apt-get update
=>update PasswordAuthentication to YES and then save the file:
------------------------------------------------------------
root@ip-172-31-41-126:~# vi /etc/ssh/sshd_config
root@ip-172-31-41-126:~#
=>restart the servces(SSHD):
-------------------------
root@ip-172-31-45-194:/etc/ssh# service sshd restart
root@ip-172-31-45-194:/etc/ssh# service sshd status
=>add user (username you can use anything for my practice im using "ansible":
-----------------------------------------------------------------------------
root@ip-172-31-41-126:~# adduser ansible
Adding user `ansible' ...
=>Add ansible user in 'visudo' :
-------------------------------
####################################
ansible ALL=(ALL:ALL) NOPASSWD:ALL
####################################
root@ip-172-31-41-126:~# visudo
root@ip-172-31-41-126:~# exit
logout
ubuntu@ip-172-31-41-126:~$ su ansible
Password:
ansible@ip-172-31-41-126:/home/ubuntu$ cd ~
ansible@ip-172-31-41-126:~$ sudo apt-get update
Hit:1 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial InRelease
Hit:2 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:3 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu xenial-security InRelease
Reading package lists... Done
ubuntu@ip-172-31-41-126:~$
=>check python is installed or not:
----------------------------------
python --version
If not installed need to install python:
---------------------------------------
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install python
=>check python is installed or not:
----------------------------------
ansible@ip-172-31-41-126:~$ python --version
Python 2.7.12
################################
=>check the connectivity from ACS to node through private IP :
---------------------------------------------------------------
ACS:
public: 18.222.190.19
private: 172.31.45.194
Node:
public: 18.216.254.82
private: 172.31.41.126
ACS:
public: 18.218.144.27
private: 172.31.30.100
Node:
public: 18.225.36.224
private: 172.31.18.12
Node2:
public: 18.224.37.206
private:172.31.38.54
DNS: ip-172-31-38-54.us-east-2.compute.internal
ansible@ip-172-31-45-194:~$ ssh ansible@172.31.18.12
Note:Here its asking pass while connecting to node.
Due to that i have to genearete the keys(public and private) and shared the public key to node.
ACS:(Genaretae keys)
-------------------------------------------
Note: this one will genarate two keys (id_rsa,id_rsa.pub). keep id_rsa key and copy id_rsa.pub to node.
ansible@ip-172-31-45-194:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
ansible@ip-172-31-45-194:~$ ls -latdr .ssh/
drwx------ 2 ansible ansible 4096 Nov 14 12:42 .ssh/
ansible@ip-172-31-45-194:~$
ansible@ip-172-31-45-194:~$ cd .ssh/
ansible@ip-172-31-45-194:~/.ssh$ ls -ltr
total 12
-rw-r--r-- 1 ansible ansible 222 Nov 14 12:33 known_hosts
-rw-r--r-- 1 ansible ansible 406 Nov 14 12:42 id_rsa.pub
-rw------- 1 ansible ansible 1679 Nov 14 12:42 id_rsa
ansible@ip-172-31-45-194:~/.ssh$
Then try to copy the keys with the below command:
----------------------------------------------------
Get the DNS name or ip address for node:
ansible@ip-172-31-45-194:~$ ssh-copy-id ansible@ip-172-31-18-12.us-east-2.compute.internal
ansible@ip-172-31-45-194:~$ ssh-copy-id ansible@ip-172-31-38-54.us-east-2.compute.internal
Now try logging into the machine(node):
---------------------------------------
ansible@ip-172-31-45-194:~$ ssh ip-172-31-41-126.us-east-2.compute.internal
#################################
=>Goto ansible configuration location and check :
-------------------------------------------------
ansible@ip-172-31-30-100:/etc/ansible$ ls -ltr
total 28
-rw-r--r-- 1 root root 20277 Oct 25 21:50 ansible.cfg
drwxr-xr-x 2 root root 4096 Oct 25 21:55 roles
-rw-r--r-- 1 root root 1025 Nov 15 12:40 hosts
ansible@ip-172-31-30-100:/etc/ansible$ pwd
/etc/ansible
=>add localhost in host file:
------------------------------
ansible@ip-172-31-30-100:/etc/ansible$ sudo vi hosts
=>then try to ping using ansible:
---------------------------------
ansible@ip-172-31-30-100:/etc/ansible$ ansible -m ping all
Note: how come same machine inaccessible.
---- It will fail bcz your using through ansbile .Then need to generate the keys.
ansible@ip-172-31-30-100:/etc/ansible$ ssh-copy-id ansible@localhost
localhost
=> Now try to ping:
--------------------
ansible@ip-172-31-30-100:/etc/ansible$ ansible -m ping all
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
=>This time need to add other machines(nodes ips)(private dns only):
-----------------------------------------------------------------------
ansible@ip-172-31-30-100:/etc/ansible$ sudo vi hosts
## db-[99:101]-node.example.com
localhost
ip-172-31-18-12.us-east-2.compute.internal
=> Now try to ping(ansible ping) :This time it has to ping both servers:
------------------------------------------------------------------------
ansible@ip-172-31-30-100:/etc/ansible$ ansible -m ping all
ip-172-31-18-12.us-east-2.compute.internal | SUCCESS => {
"changed": false,
"ping": "pong"
}
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
ansible@ip-172-31-30-100:/etc/ansible$
=====================================================
note:login to root(sudo -i)
=>login to master node(ACS(ansible control server)):
=>update PasswordAuthentication to YES anbd then save the file:
------------------------------------------------------------
------------------------------------------------------
root@ip-172-31-45-194:/etc/ssh# vi /etc/ssh/sshd_config
=>update PasswordAuthentication to YES and then save the file:
------------------------------------------------------------
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes
=>restart the servces(SSHD):
-------------------------
root@ip-172-31-45-194:/etc/ssh# service sshd restart
root@ip-172-31-45-194:/etc/ssh# service sshd status
=>add user (username you can use anything for my practice im using "ansible":
-----------------------------------------------------------------------------
root@ip-172-31-45-194:~# adduser ansible
Adding user `ansible' ...
Adding new group `ansible' (1001) ...
Adding new user `ansible' (1001) with group `ansible' ...
Creating home directory `/home/ansible' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for ansible
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
root@ip-172-31-45-194:~#
=>Add ansible user in 'visudo' :
-------------------------------
####################################
ansible ALL=(ALL:ALL) NOPASSWD:ALL
####################################
=>checking: (when you update with apt-get it should not ask password)
---------
root@ip-172-31-45-194:~# visudo
root@ip-172-31-45-194:~# exit
logout
ubuntu@ip-172-31-45-194:~$ su ansible
Password:
ansible@ip-172-31-45-194:/home/ubuntu$ cd ~
ansible@ip-172-31-45-194:~$ pwd
/home/ansible
ansible@ip-172-31-45-194:~$
ansible@ip-172-31-45-194:~$ sudo apt-get update
Hit:1 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial InRelease
Hit:2 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:3 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu xenial-security InRelease
Reading package lists... Done
ansible@ip-172-31-45-194:~$
=>install ansible on ubuntu:
----------------------------
https://docs.ansible.com/ansible/2.5/installation_guide/intro_installation.html#latest-releases-via-apt-ubuntu
=>Commands:
-----------
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible
=>After the above commands check ansible is installed or not:
-------------------------------------------------------------
ansible@ip-172-31-45-194:~$ ansible --version
ansible 2.7.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 20160609]
ansible@ip-172-31-45-194:~$
###########################################################
login to node:
###########################################################
sudo -i
apt-get update
=>update PasswordAuthentication to YES and then save the file:
------------------------------------------------------------
root@ip-172-31-41-126:~# vi /etc/ssh/sshd_config
root@ip-172-31-41-126:~#
=>restart the servces(SSHD):
-------------------------
root@ip-172-31-45-194:/etc/ssh# service sshd restart
root@ip-172-31-45-194:/etc/ssh# service sshd status
=>add user (username you can use anything for my practice im using "ansible":
-----------------------------------------------------------------------------
root@ip-172-31-41-126:~# adduser ansible
Adding user `ansible' ...
=>Add ansible user in 'visudo' :
-------------------------------
####################################
ansible ALL=(ALL:ALL) NOPASSWD:ALL
####################################
root@ip-172-31-41-126:~# visudo
root@ip-172-31-41-126:~# exit
logout
ubuntu@ip-172-31-41-126:~$ su ansible
Password:
ansible@ip-172-31-41-126:/home/ubuntu$ cd ~
ansible@ip-172-31-41-126:~$ sudo apt-get update
Hit:1 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial InRelease
Hit:2 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:3 http://us-east-2.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu xenial-security InRelease
Reading package lists... Done
ubuntu@ip-172-31-41-126:~$
=>check python is installed or not:
----------------------------------
python --version
If not installed need to install python:
---------------------------------------
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install python
=>check python is installed or not:
----------------------------------
ansible@ip-172-31-41-126:~$ python --version
Python 2.7.12
################################
=>check the connectivity from ACS to node through private IP :
---------------------------------------------------------------
ACS:
public: 18.222.190.19
private: 172.31.45.194
Node:
public: 18.216.254.82
private: 172.31.41.126
ACS:
public: 18.218.144.27
private: 172.31.30.100
Node:
public: 18.225.36.224
private: 172.31.18.12
Node2:
public: 18.224.37.206
private:172.31.38.54
DNS: ip-172-31-38-54.us-east-2.compute.internal
ansible@ip-172-31-45-194:~$ ssh ansible@172.31.18.12
Note:Here its asking pass while connecting to node.
Due to that i have to genearete the keys(public and private) and shared the public key to node.
ACS:(Genaretae keys)
-------------------------------------------
Note: this one will genarate two keys (id_rsa,id_rsa.pub). keep id_rsa key and copy id_rsa.pub to node.
ansible@ip-172-31-45-194:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
ansible@ip-172-31-45-194:~$ ls -latdr .ssh/
drwx------ 2 ansible ansible 4096 Nov 14 12:42 .ssh/
ansible@ip-172-31-45-194:~$
ansible@ip-172-31-45-194:~$ cd .ssh/
ansible@ip-172-31-45-194:~/.ssh$ ls -ltr
total 12
-rw-r--r-- 1 ansible ansible 222 Nov 14 12:33 known_hosts
-rw-r--r-- 1 ansible ansible 406 Nov 14 12:42 id_rsa.pub
-rw------- 1 ansible ansible 1679 Nov 14 12:42 id_rsa
ansible@ip-172-31-45-194:~/.ssh$
Then try to copy the keys with the below command:
----------------------------------------------------
Get the DNS name or ip address for node:
ansible@ip-172-31-45-194:~$ ssh-copy-id ansible@ip-172-31-18-12.us-east-2.compute.internal
ansible@ip-172-31-45-194:~$ ssh-copy-id ansible@ip-172-31-38-54.us-east-2.compute.internal
Now try logging into the machine(node):
---------------------------------------
ansible@ip-172-31-45-194:~$ ssh ip-172-31-41-126.us-east-2.compute.internal
#################################
=>Goto ansible configuration location and check :
-------------------------------------------------
ansible@ip-172-31-30-100:/etc/ansible$ ls -ltr
total 28
-rw-r--r-- 1 root root 20277 Oct 25 21:50 ansible.cfg
drwxr-xr-x 2 root root 4096 Oct 25 21:55 roles
-rw-r--r-- 1 root root 1025 Nov 15 12:40 hosts
ansible@ip-172-31-30-100:/etc/ansible$ pwd
/etc/ansible
=>add localhost in host file:
------------------------------
ansible@ip-172-31-30-100:/etc/ansible$ sudo vi hosts
=>then try to ping using ansible:
---------------------------------
ansible@ip-172-31-30-100:/etc/ansible$ ansible -m ping all
Note: how come same machine inaccessible.
---- It will fail bcz your using through ansbile .Then need to generate the keys.
ansible@ip-172-31-30-100:/etc/ansible$ ssh-copy-id ansible@localhost
localhost
=> Now try to ping:
--------------------
ansible@ip-172-31-30-100:/etc/ansible$ ansible -m ping all
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
=>This time need to add other machines(nodes ips)(private dns only):
-----------------------------------------------------------------------
ansible@ip-172-31-30-100:/etc/ansible$ sudo vi hosts
## db-[99:101]-node.example.com
localhost
ip-172-31-18-12.us-east-2.compute.internal
=> Now try to ping(ansible ping) :This time it has to ping both servers:
------------------------------------------------------------------------
ansible@ip-172-31-30-100:/etc/ansible$ ansible -m ping all
ip-172-31-18-12.us-east-2.compute.internal | SUCCESS => {
"changed": false,
"ping": "pong"
}
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
ansible@ip-172-31-30-100:/etc/ansible$
=====================================================
Comments
Post a Comment