From f19207cab6523f4d86a004b9b16f6865547c9ca2 Mon Sep 17 00:00:00 2001 From: Ryan Syracuse Date: Fri, 7 Jun 2019 17:12:09 -0400 Subject: [PATCH 01/10] Ansible Rewrite --- .../index.md | 336 ------------------ ...y-configure-servers-with-ansible-title.jpg | Bin .../getting-started-with-ansible/index.md | 196 ++++++++++ .../index.md | 175 +++------ 4 files changed, 241 insertions(+), 466 deletions(-) delete mode 100644 docs/applications/configuration-management/automatically-configure-servers-with-ansible-and-playbooks/index.md rename docs/applications/configuration-management/{automatically-configure-servers-with-ansible-and-playbooks => getting-started-with-ansible}/automatically-configure-servers-with-ansible-title.jpg (100%) create mode 100644 docs/applications/configuration-management/getting-started-with-ansible/index.md rename docs/applications/configuration-management/{learn-how-to-install-ansible-and-run-playbooks => running-ansible-playbooks}/index.md (55%) diff --git a/docs/applications/configuration-management/automatically-configure-servers-with-ansible-and-playbooks/index.md b/docs/applications/configuration-management/automatically-configure-servers-with-ansible-and-playbooks/index.md deleted file mode 100644 index 15de4e41029..00000000000 --- a/docs/applications/configuration-management/automatically-configure-servers-with-ansible-and-playbooks/index.md +++ /dev/null @@ -1,336 +0,0 @@ ---- -author: - name: Linode Community - email: docs@linode.com -description: 'Ansible is an automation tool for server configuration, provisioning, and management. This guide shows how to use Ansible to perform basic configuration tasks on your Linodes as well as set up a simple web server.' -og_description: 'Ansible is an automation tool for server configuration, provisioning, and management. This guide shows how to use Ansible to perform basic configuration tasks on your Linodes as well as set up a simple web server.' -keywords: ["ansible", "ansible configuration", "ansible provisioning", "ansible infrastructure", "ansible automation", "ansible configuration change management", "ansible server automation"] -license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' -aliases: ['applications/ansible/getting-started-with-ansible/','applications/configuration-management/getting-started-with-ansible/'] -published: 2015-09-08 -modified: 2018-03-21 -modified_by: - name: Jared Kobos -title: 'Automatically Configure Servers with Ansible and Playbooks' -contributor: - name: Joshua Lyman - link: https://twitter.com/jlyman -external_resources: - - '[Ansible Home Page](http://www.ansible.com/home)' - - '[Ansible Documentation](http://docs.ansible.com/ansible/index.html)' - - '[Example Playbooks (GitHub)](https://github.com/ansible/ansible-examples)' ---- - -![Automatically Configure Servers with Ansible and Playbooks](automatically-configure-servers-with-ansible-title.jpg "Automatically Configure Servers with Ansible and Playbooks") - -## What is Ansible? - -[Ansible](http://www.ansible.com/home) is an automation tool for server provisioning, configuration, and management. It allows you to organize your server inventory into groups, describe how those groups should be configured or what actions should be taken on them, and issue all of these commands from a central location. - -This guide introduces the basics of using Ansible and creating a configuration playbook. - -## Before You Begin - -All Ansible commands are run from a **control machine**, which can be either a local computer or a Linode. Ansible uses SSH to execute commands remotely on **nodes**. - -This guide will use a control machine with three Linodes serving as nodes. These nodes will be referred to as `node-1`, `node-2`, and `node-3` throughout the guide. Create these three Linodes using the Linode Manager and deploy an appropriate image to each one (the examples in this guide use Ubuntu 16.04). Since Ansible uses SSH, you will need to make sure that your control machine has SSH access to all of the nodes: - -1. Create an SSH key on the control machine. This will create a public/private key pair: `~/home/.ssh/id_rsa.pub` and `~/home/.ssh/is_rsa`: - - ssh-keygen -t rsa -b 4096 - -2. Copy the key to `node-1`: - - ssh-copy-id root@$node-1-ip - - Repeat this procedure for each remaining node. - -{{< note >}} -The examples in this guide are for a multiple-Linode configuration. Most commands can also be performed with a single node for testing purposes. Please adjust accordingly. -{{< /note >}} - -## Install Ansible - -The remainder of the commands in this guide should be performed from the control machine. - -### Install Miniconda - -{{< content "install_python_miniconda" >}} - -### Install Ansible - -1. Create a new virtual environment for Ansible: - - conda create -n ansible-dev python=3 - -2. Activate the new environment: - - source activate ansible-dev - -3. Install Ansible: - - pip install ansible - - Ansible can also be installed using a package manager such as `apt` on Debian/Ubuntu and [Homebrew](https://brew.sh) on OSX. - -4. Verify that the corresponding Python path is correct: - - ansible --version - -## Configure Ansible - -### Create an Inventory File to Track Nodes - -Ansible keeps track of its nodes using an [inventory file](http://docs.ansible.com/ansible/intro_inventory.html). - -1. Create a directory for Ansible configuration files and playbooks: - - mkdir ~/ansible && cd ~/ansible - -2. Create a configuration file and edit it to include the location where you will store your inventory file: - - {{< file "~/ansible/ansible.cfg" ini >}} -[defaults] -inventory = ~/Path/To/ansible/hosts -{{< /file >}} - -3. Create the inventory file. Replace `$node-1-ip`,`$node-2-ip`, and `$node-3-ip` with the public IP address or domain name of each of your nodes: - - {{< file "~/ansible/hosts" ini >}} -[nginx] -$node-1-ip -$node-2-ip - -[linode] -$node-3-ip -{{< /file >}} - - Each bracketed label denotes an Ansible [group](http://docs.ansible.com/ansible/latest/intro_inventory.html#hosts-and-groups). Grouping your nodes by function will make it easier to run commands against the correct set of nodes. - -### Test Inventory Groups - -1. Use the `all` directive to ping all servers in your inventory: - - ansible all -u root -m ping - - {{< output >}} -192.0.2.0 | SUCCESS => { - "changed": false, - "ping": "pong" -} -192.0.2.1 | SUCCESS => { - "changed": false, - "ping": "pong" -} -192.0.2.2 | SUCCESS => { - "changed": false, - "ping": "pong" -} -{{< /output >}} - - The `-u` option is used here to run the command as root, since currently there are no standard user accounts on the nodes. - -2. Repeat the command, targeting only the nodes in the `[nginx]` group: - - ansible nginx -u root -m ping - - This time, only `node-1` and `node-2` should respond. - -## Use Ansible Playbooks - -### Syntax and Examples - -A [Playbook](http://docs.ansible.com/ansible/latest/playbooks.html) defines a series of actions to run on specified groups of servers. Unlike some configuration tools, a playbook does not describe a state of the machine and rely on Ansible to determine the necessary changes to achieve that state. Instead, playbooks should be designed to be **idempotent**, meaning that they can be run more than once without negative effects. For example, a playbook might have a task that sets up a configuration file for a server and injects a few variables. The playbook should be written so that Ansible can take the template configuration file, compare it to the actual file, and create/update it only if necessary. Fortunately, many Ansible modules are built with this functionality in mind. - -Playbooks can be used to perform initial server configurations, add users and directories, ensure certain software packages are installed or uninstalled, move files, etc. A single playbook can run commands on any combination of groups. It is procedural, and tasks are run in order from top to bottom. - -A playbook is a YAML file, and typically follows this structure: - -{{< file "playbook.yml" yaml >}} ---- -- hosts: [target hosts] - remote_user: [yourname] - tasks: - - [task 1] - - [task 2] - -{{< /file >}} - -The following playbook would log in to all servers in the `[nginx]` group and ensure NGINX was started: - -{{< file "playbook.yml" yaml >}} ---- -- hosts: [nginx] - remote_user: webadmin - tasks: - - name: Ensure the NGINX daemon has started - service: name=nginx state=started - become: yes - become_method: sudo - -{{< /file >}} - -Every task should have a name. Task names are logged as Ansible runs and can help you track progress. Following the name line is the module that will be run (in this case, the [service module](http://docs.ansible.com/ansible/service_module.html)), and the other attributes provide more options, in this case instructing Ansible to use `sudo` privileges. - -### Ansible Modules - -Ansible ships with a large collection of modules that you can run as tasks or via commands as needed. To see a listing of all available modules, run: - - ansible-doc -l - -Common core modules include: - -* `command` - [Executes a command on a remote node](http://docs.ansible.com/ansible/command_module.html) -* `script` - [Runs a local script on a remote node after transferring it](http://docs.ansible.com/ansible/script_module.html) -* `shell` - [Execute commands in nodes](http://docs.ansible.com/ansible/shell_module.html) -* `mysql_db` - [Add or remove MySQL databases from a remote host](http://docs.ansible.com/ansible/mysql_db_module.html) -* `mysql_user` - [Adds or removes a user from a MySQL database](http://docs.ansible.com/ansible/mysql_user_module.html) -* `postgresql_db` - [Add or remove PostgreSQL databases from a remote host](http://docs.ansible.com/ansible/postgresql_db_module.html) -* `postgresql_user` - [Adds or removes a users (roles) from a PostgreSQL database](http://docs.ansible.com/ansible/postgresql_user_module.html) -* `fetch` - [Fetches a file from remote nodes](http://docs.ansible.com/ansible/fetch_module.html) -* `template` - [Templates a file out to a remote server](http://docs.ansible.com/ansible/template_module.html) -* `yum` - [Manages packages with the yum package manager](http://docs.ansible.com/ansible/yum_module.html) -* `apt` - [Manages apt-packages](http://docs.ansible.com/ansible/apt_module.html) -* `git` - [Deploy software (or files) from git checkouts](http://docs.ansible.com/ansible/git_module.html) -* `service` - [Manage services](http://docs.ansible.com/ansible/service_module.html) - -## Server Configuration Playbook - -This section demonstrates using a playbook to automate basic server configuration, similar to the steps covered in our [Getting Started](/docs/getting-started/) and [Securing Your Server](/docs/security/securing-your-server/) guides. - -### Create a Hashed Password - -1. Install `passlib`: - - pip install passlib - -2. Create a password hash for Ansible to use when communicating with the servers: - - python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('plaintextpassword')" - -### Create a Regular User - -1. Write a playbook that creates a new normal user, adds the control machine's public key, and adds the new user to the `sudoers` file. Replace `username` with your desired Unix account username and `hashed-password` with your hashed password. In the `authorized_key` task, substitute the path to the SSH key used on the control machine: - - {{< file "initialize_basic_user.yml" yaml >}} ---- -- hosts: all - remote_user: root - vars: - NORMAL_USER_NAME: 'yourusername' - tasks: - - name: "Create a secondary, non-root user" - user: name={{ NORMAL_USER_NAME }} - password='hashed-password' - shell=/bin/bash - - name: Add remote authorized key to allow future passwordless logins - authorized_key: user={{ NORMAL_USER_NAME }} key="{{ lookup('file', '/home/username/.ssh/id_rsa.pub') }}" - - name: Add normal user to sudoers - lineinfile: dest=/etc/sudoers - regexp="{{ NORMAL_USER_NAME }} ALL" - line="{{ NORMAL_USER_NAME }} ALL=(ALL) ALL" - state=present -{{< /file >}} - -2. Run the playbook: - - ansible-playbook -u root initialize_basic_user.yml - -### Set up Server - -1. Create a new playbook to update packages, set timezone and hostname, and edit the `hosts` file. Replace the user information, hostname, and domain name with the appropriate entries: - - {{< file "common_server_setup.yml" yaml >}} ---- -- hosts: linode - remote_user: username - become: yes - become_method: sudo - vars: - LOCAL_HOSTNAME: 'web01' - LOCAL_FQDN_NAME: 'www.example.com' - tasks: - - name: Set the timezone for the server to be UTC - command: file state=link /usr/share/zoneinfo/UTC /etc/localtime - - name: Set up a unique hostname - hostname: name={{ LOCAL_HOSTNAME }} - - name: Add the server's domain to the hosts file - lineinfile: dest=/etc/hosts - regexp='.*{{ item }}$' - line="{{ hostvars[item].ansible_default_ipv4.address }} {{ LOCAL_FQDN_NAME }} {{ LOCAL_HOSTNAME }}" - state=present - when: hostvars[item].ansible_default_ipv4.address is defined - with_items: "{{ groups['linode'] }}" - - name: Update packages - apt: update_cache=yes upgrade=dist -{{< /file >}} - -2. Use `--check` to review the effects of the playbook before running it: - - ansible-playbook common_server_setup.yml --check --ask-become-pass - - You will be prompted for a sudo password. Enter the plain text version of the password you previously hashed. - -3. If the results are good, run the playbook: - - ansible-playbook common_server_setup.yml --ask-become-pass - - Each node should report a status of "changed" after the playbook has run. - -### Install the Stack - -Create a basic server setup with NGINX, PHP, and a test MySQL database to use. - -1. The following playbook downloads the appropriate packages, turns on the nginx and MySQL services, and creates a basic database and user: - - {{< file "setup_webserver.yml" yaml >}} ---- -- hosts: nginx - remote_user: username - become: yes - become_method: sudo - tasks: - - name: "Install NGINX and MySQL" - apt: name={{ item }} state=present - with_items: - - nginx - - mysql-server - - python-mysqldb - - - name: "Start and enable the NGINX and MySQL services" - service: name={{ item }} state=started enabled=yes - with_items: - - nginx - - mysql - - - name: "Create a test database" - mysql_db: name=testDb - state=present - - - name: "Create a new user for connections" - mysql_user: name=webapp - password=password - priv=*.*:ALL state=present - -{{< /file >}} - -2. Run the playbook from your control machine: - - ansible-playbook setup_webserver.yml --ask-become-pass - - When this playbook finishes, visit your Linode's IP address or FQDN to see the default NGINX index page. - -3. Log in via SSH and check to see that the `testDb` has been created: - - mysql -u root -p - show databases; - -## Next Steps - -More complicated playbooks will require working with more advanced concepts. Ansible provides a number of [example playbooks](https://github.com/ansible/ansible-examples) on GitHub. In addition, documentation is available for many of the important concepts for writing playbooks: - -* [Users, and Switching Users](http://docs.ansible.com/ansible/playbooks_intro.html#hosts-and-users) and [Privilege Escalation](http://docs.ansible.com/ansible/become.html) -* [Handlers: Running Operations On Change](http://docs.ansible.com/ansible/playbooks_intro.html#handlers-running-operations-on-change) -* [Roles](http://docs.ansible.com/ansible/playbooks_roles.html) -* [Variables](http://docs.ansible.com/ansible/playbooks_variables.html) -* [Playbook Best Practices](http://docs.ansible.com/ansible/playbooks_best_practices.html) diff --git a/docs/applications/configuration-management/automatically-configure-servers-with-ansible-and-playbooks/automatically-configure-servers-with-ansible-title.jpg b/docs/applications/configuration-management/getting-started-with-ansible/automatically-configure-servers-with-ansible-title.jpg similarity index 100% rename from docs/applications/configuration-management/automatically-configure-servers-with-ansible-and-playbooks/automatically-configure-servers-with-ansible-title.jpg rename to docs/applications/configuration-management/getting-started-with-ansible/automatically-configure-servers-with-ansible-title.jpg diff --git a/docs/applications/configuration-management/getting-started-with-ansible/index.md b/docs/applications/configuration-management/getting-started-with-ansible/index.md new file mode 100644 index 00000000000..fba82b2b5a1 --- /dev/null +++ b/docs/applications/configuration-management/getting-started-with-ansible/index.md @@ -0,0 +1,196 @@ +--- +author: + name: Linode Community + email: docs@linode.com +description: 'Ansible is an automation tool for server configuration, provisioning, and management. This guide shows how to use Ansible to perform basic configuration tasks on your Linodes as well as set up a simple web server.' +og_description: 'Ansible is an automation tool for server configuration, provisioning, and management. This guide shows how to use Ansible to perform basic configuration tasks on your Linodes as well as set up a simple web server.' +keywords: ["ansible", "ansible configuration", "ansible provisioning", "ansible infrastructure", "ansible automation", "ansible configuration change management", "ansible server automation"] +license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' +aliases: ['applications/ansible/getting-started-with-ansible/','applications/configuration-management/getting-started-with-ansible/'] +published: 2015-09-08 +modified: 2018-03-21 +modified_by: + name: Jared Kobos +title: 'Getting Started With Ansible - Basic Installation and Setup' +contributor: + name: Joshua Lyman + link: https://twitter.com/jlyman +external_resources: + - '[Ansible Home Page](http://www.ansible.com/home)' + - '[Ansible Documentation](http://docs.ansible.com/ansible/index.html)' + - '[Example Playbooks (GitHub)](https://github.com/ansible/ansible-examples)' +--- + +![Automatically Configure Servers with Ansible and Playbooks](automatically-configure-servers-with-ansible-title.jpg "Automatically Configure Servers with Ansible and Playbooks") + +## What is Ansible? + +[Ansible](http://www.ansible.com/home) is an automation tool for server provisioning, configuration, and management. It allows you to organize your server inventory into groups, describe how those groups should be configured or what actions should be taken on them, and issue all of these commands from a central location. + +This guide introduces the basics of installing Ansible and preparing your environment to use [Playbooks](https://docs.ansible.com/ansible/latest/user_guide/playbooks.html). + +## Before You Begin + +All Ansible commands are run from a **control machine**, which can be either a local computer or a Linode. This will likely be your laptop or other computer from which you frequently access your server, or it may be a centralized server in more complicated setups. + +Make sure that you have Python 2 (versions 2.6 or 2.7) or Python 3 (versions 3.5 and higher) available on the control machine. Note that Windows is not supported as the control machine. You can [build Ansible from source](https://github.com/ansible/ansible), or install the latest stable packages using the proper command below. Ansible uses SSH to execute commands remotely on **nodes**. + +This guide will use a control machine with three Linodes serving as nodes though this number can be reduced or increased as needed. These nodes will be referred to as `node-1`, `node-2`, and `node-3` throughout the guide. Before proceeding with this guide, create these three Linodes using the Linode Manager and deploy an appropriate image to each one. Since Ansible uses SSH, you will need to make sure that your control machine has SSH access to all of the nodes. + +1. Create an SSH key on the control machine. This will create a public/private key pair: `~/home/.ssh/id_rsa.pub` and `~/home/.ssh/is_rsa`: + + ssh-keygen -t rsa -b 4096 + +2. Copy the key to `node-1`: + + ssh-copy-id root@$node-1-ip + + Repeat this procedure for each remaining node. + +{{< note >}} +The examples in this guide are for a multiple-Linode configuration. Most commands can also be performed with a single node for testing purposes. Please adjust accordingly. +{{< /note >}} + +## Install Ansible + +The remainder of the commands in this guide should be performed from the control machine. + +### MacOS + + sudo easy_install pip + sudo pip install ansible + +### CentOS/Fedora + + sudo yum install ansible + +{{< note >}} +The EPEL-Release repository may need to be added on certain versions of CentOS, RHEL, and Scientific Linux. +{{< /note >}} + +### Ubuntu/Debian + + sudo apt-get update && sudo apt-get upgrade + sudo apt-get install ansible + +{{< note >}} +Ubuntu requires that all nodes have a compatible version of Python installed. In the latest version of Ubuntu, you can install python on each node with the following command: + + sudo apt-get install python + +If you want to create nodes that have this installed automatically, you can use the playbook referenced in `<<<<<<<<<<<<>>>>>>>>>>>>>>>` +{{< /note >}} + + + +### Install and Set Up Miniconda + +With Miniconda, it's possible to create a virtualized environment for Ansible which can help to streamline the installation process for most Distros and environments that require multiple versions of Python. + +1. Download and install Miniconda: + + curl -OL https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh + bash Miniconda3-latest-Linux-x86_64.sh + +1. You will be prompted several times during the installation process. Review the terms and conditions and select “yes” for each prompt. + +1. Restart your shell session for the changes to your PATH to take effect. + +1. Check your Python version: + + python --version + + + +5. Create a new virtual environment for Ansible: + + conda create -n ansible-dev python=3 + +1. Activate the new environment: + + source activate ansible-dev + +1. Install Ansible: + + pip install ansible + + Ansible can also be installed using a package manager such as `apt` on Debian/Ubuntu and [Homebrew](https://brew.sh) on OSX. + +1. Verify that the corresponding Python path is correct: + + ansible --version + +## Configure Ansible + +### Add Your Nodes to Your Inventory File to Track Nodes + +Ansible keeps track of its nodes using an [inventory file](http://docs.ansible.com/ansible/intro_inventory.html), which contains the IP address or domain name of nodes you'll be applying your configurations to: + +Add your nodes to the default inventory file. Replace `$node-1-ip`,`$node-2-ip`, and `$node-3-ip` with the public IP address or domain name of each of your nodes: + +{{< file "/etc/ansible/hosts" ini >}} +[nginx] +$node-1-ip +$node-2-ip + +[linode] +$node-3-ip +{{< /file >}} + +Each bracketed label denotes an Ansible [group](http://docs.ansible.com/ansible/latest/intro_inventory.html#hosts-and-groups). Grouping your nodes by function will make it easier to run commands against the correct set of nodes. + +{{< note >}} +The `/etc/ansible` directory will not exist by default in some environments. If you find that this is the case, you should create it manually with the following command: + + mkdir /etc/ansible/ + +If you are using a non-standard SSH port on your nodes, include the port after a colon on the same line within your hosts file (`myserver.com:2222`). +{{< /note >}} + +### Test Inventory Groups + +1. Use the `all` directive to ping all servers in your inventory: + + ansible all -u root -m ping + + {{< note >}} +If you don't want to use SSH keys, you can add the `--ask-pass` switch, however this is not recommended. +{{< /note >}} + + {{< output >}} +192.0.2.0 | SUCCESS => { + "changed": false, + "ping": "pong" +} +192.0.2.1 | SUCCESS => { + "changed": false, + "ping": "pong" +} +192.0.2.2 | SUCCESS => { + "changed": false, + "ping": "pong" +} +{{< /output >}} + + The `-u` option is used here to run the command as root, since currently there are no standard user accounts on the nodes. By default Ansible will use the same username as your current machine’s username to attempt to connect via SSH into your nodes. If this will not match up, pass the proper username in using the `-u` username argument and replacing "root" with the username of the Linodes. + + + +2. Repeat the command, targeting only the nodes in the `[nginx]` group: + + ansible nginx -u root -m ping + + This time, only `node-1` and `node-2` should respond. + +## Next Steps + +Now that we've completed the installation of Ansible, we can be begin to use Playbooks to quickly and easily manage configurations of your Linodes on a larger scale. Our [Ansible Playbooks Guide](/docs/applications/configuration-management/running-ansible-playbooks/) will begin to teach you how to apply these playbooks to your configurations. + +More complicated playbooks will require working with more advanced concepts. Ansible provides a number of [example playbooks](https://github.com/ansible/ansible-examples) on GitHub. In addition, documentation is available for many of the important concepts for writing playbooks: + +* [Users, and Switching Users](http://docs.ansible.com/ansible/playbooks_intro.html#hosts-and-users) and [Privilege Escalation](http://docs.ansible.com/ansible/become.html) +* [Handlers: Running Operations On Change](http://docs.ansible.com/ansible/playbooks_intro.html#handlers-running-operations-on-change) +* [Roles](http://docs.ansible.com/ansible/playbooks_roles.html) +* [Variables](http://docs.ansible.com/ansible/playbooks_variables.html) +* [Playbook Best Practices](http://docs.ansible.com/ansible/playbooks_best_practices.html) + diff --git a/docs/applications/configuration-management/learn-how-to-install-ansible-and-run-playbooks/index.md b/docs/applications/configuration-management/running-ansible-playbooks/index.md similarity index 55% rename from docs/applications/configuration-management/learn-how-to-install-ansible-and-run-playbooks/index.md rename to docs/applications/configuration-management/running-ansible-playbooks/index.md index fbd42ac2c17..d6156dce03a 100644 --- a/docs/applications/configuration-management/learn-how-to-install-ansible-and-run-playbooks/index.md +++ b/docs/applications/configuration-management/running-ansible-playbooks/index.md @@ -10,7 +10,7 @@ published: 2015-09-08 modified: 2015-09-08 modified_by: name: Linode -title: 'Learn How to Install Ansible and Run Playbooks' +title: Using Ansible Playbooks for Configuration Management contributor: name: Joshua Lyman link: https://twitter.com/jlyman @@ -20,121 +20,19 @@ external_resources: - '[Ansible Example Playbooks (GitHub)](https://github.com/ansible/ansible-examples)' --- -Consider the monotony of administering a server fleet; keeping them all updated, pushing changes out to them, copying files, etc. Things can get complicated and time consuming very quickly, but it doesn't have to be that way. - -*[Ansible](http://www.ansible.com/home)* is a helpful tool that allows you to create groups of machines, describe how those machines should be configured or what actions should be taken on them, and issue all of these commands from a central location. It uses SSH, so nothing needs to be installed on the machines you are targeting. Ansible only runs on your main control machine, which can even be your laptop! It is a simple solution to a complicated problem. - -This guide will introduce you to the basics of Ansible. By the end of this guide, you'll have the tools needed to turn a brand new Linode into a simple web server (Apache, MySQL, PHP), easily replicable and adjustable. +Consider the monotony of administering a server fleet; keeping all your servers updated, pushing needed changes out to them, copying files, and more. *[Ansible](http://www.ansible.com/home)* is a helpful tool that works to streamline these administration tasks by creating groups of machines, describe how those machines should be configured, what actions should be taken on them, and provides the ability to issue all of these commands from a single central location. Ansible only runs on your main control machine, which can be your laptop, desktop, or even a Linode. By the end of this guide, you'll have the tools needed to turn a brand new Linode into a simple web server (Apache, MySQL, PHP), easily replicable and adjustable, only through Ansible playbooks. {{< note >}} This guide is written for a non-root user. Commands that require elevated privileges are prefixed with `sudo`. If you're not familiar with the `sudo` command, you can check our [Users and Groups](/docs/tools-reference/linux-users-and-groups/) guide. Some systems may require you to run Ansible commands as root. If so, prefix the `ansible` commands in this guide with `sudo`. {{< /note >}} -## Installing Ansible - -Ansible only needs to be installed on the *control machine*, or the machine from which you will be running commands. This will likely be your laptop or other computer from which you frequently access your server, or it may be a centralized server in more complicated setups. - -Make sure that you have Python 2 (versions 2.6 or 2.7) or Python 3 (versions 3.5 and higher) available on the control machine. Note that Windows is not supported as the control machine. You can [build Ansible from source](https://github.com/ansible/ansible), or install the latest stable packages using the proper command below. - -### MacOS - - sudo easy_install pip - sudo pip install ansible - -### CentOS/Fedora - - sudo yum install ansible - -{{< note >}} -The EPEL-Release repository may need to be added on certain versions of CentOS, RHEL, and Scientific Linux. -{{< /note >}} - -### Ubuntu - - sudo apt-get install software-properties-common - sudo apt-add-repository ppa:ansible/ansible - sudo apt-get update - sudo apt-get install ansible - - -## First Steps to Configuring Ansible - -Now that you have Ansible installed, let's test it out on a known server. All Ansible commands are executed via the command line (or batched in scripts), and follow the pattern: - - ansible server_or_group -m module_name -a arguments - -We'll get to groups in just a moment, but for now, let's try to make a simple connection to an existing server you have using the ping module. In place of `server_or_group`, type the name of a server that you can currently SSH into from your machine using key authentication. If you are using a non-standard SSH port, include that after a colon on the same line (`myserver.com:2222`). - -By default Ansible will use the same username as your current machine's username. If this will not match up, pass the proper username in using the `-u username` argument. - -{{< note >}} -If you don't want to use SSH keys, you can add the `--ask-pass` switch. -{{< /note >}} - -To try an Ansible command without any additional setup, we'll add a few extra arguments for now. Format a test command like the following: - - ansible all -i myserver.com, -m ping - -{{< note >}} -The extra directives are the `all -i` and the comma after your server name. This is temporary, and is only there to tell Ansible to try connecting directly to the server without an inventory file, which we'll learn about later. -{{< /note >}} - -If you are successful you should see output similar to the following: - - myserver.com | success >> { - "changed": false, - "ping": "pong" - } - -You were just able to get a valid connection to your server via Ansible! - - -## Using Ansible's Inventory File - -You executed an Ansible command against one client, but it would be cumbersome to have to type the host's address every single time, and what if you had several servers you wanted to apply the same configuration to? This is where Ansible's [inventory file](http://docs.ansible.com/ansible/intro_inventory.html) comes into play. - -1. By default, the inventory file is expected to be `/etc/ansible/hosts`. Create that path and file if it does not already exist. - - - If you are running OS X, you may want to create your own Ansible directory elsewhere and then set the path in an Ansible configuration file: - - mkdir ~/Path/To/ansible - touch ~/Path/To/ansible/hosts - touch ~/.ansible.cfg - - Open `~/.ansible.cfg` file and add the following lines: - - {{< file "~/.ansible.cfg" ini >}} - [defaults] - inventory = ~/Path/To/ansible/hosts - {{< /file >}} - - -2. Add an entry to your hosts file, pointing to a server that you connected to in the previous section. You can include multiple servers in this file, using either domains or IP addresses, and can even group them: - - {{< file "~/Path/To/ansible/hosts" ini >}} -mainserver.com -myserver.net:2222 - -[mailservers] -mail1.mainserver.com -mail2.mainserver.com - -{{< /file >}} - - -3. Use the `all` directive to ping all servers in your `hosts` file via Ansible: - - ansible all -m ping - -You should receive the same output as before, for each server in your `hosts` file. Note that instead of `all`, you could have substituted `mailservers` from the example file, and it would run just against those servers. - -You can heavily customize the Inventory file, so [check out the docs for it](http://docs.ansible.com/ansible/intro_inventory.html) if you're interested. +## Before You Begin +Make sure that you're familiar with the concepts described in our [Getting Started With Ansible Guide](/docs/applications/configuration-management/getting-started-with-ansible). ## Ansible Configuration via Playbooks -*Playbooks* in Ansible define a series of actions to run, and address particular sets of servers. It's important to note that, unlike some other configuration tools, a playbook does not describe a state of the machine, with Ansible determining all the changes that need to be made on its own. However, playbooks should be designed to be idempotent, meaning that they can be run more than once without negative effects. For example, a playbook might have a task that sets up a configuration file for a server and injects a few variables. The playbook should be written such that Ansible can take the template configuration file, compare it to the actual file, and create/update it only if necessary. Luckily, many Ansible modules take care of the heavy lifting for that. +**Playbooks** in Ansible define a series of actions to run, and address particular sets of servers. It's important to note that, unlike some other configuration tools, a playbook does not describe a state of the machine, with Ansible determining all the changes that need to be made on its own. However, playbooks should be designed to be idempotent, meaning that they can be run more than once without negative effects. For example, a playbook might have a task that sets up a configuration file for a server and injects a few variables. The playbook should be written such that Ansible can take the template configuration file, compare it to the actual file, and create/update it only if necessary. Luckily, many Ansible **modules** take care of the heavy lifting for that. You can write playbooks to perform initial server configurations, add users and directories, ensure certain software packages are installed or uninstalled, move files, etc. A playbook can also run a few commands on one set of machines, switch to a different set to run different commands, and then switch back to the original or a different set of machines. It is procedural, and tasks are run in order, top to bottom. @@ -150,7 +48,6 @@ A playbook is a YAML file, and typically follows this structure: {{< /file >}} - For example, the following playbook would log in to all servers in the `marketingservers` group and ensure Apache was started. {{< file "Sample service check playbook" yaml >}} @@ -165,7 +62,6 @@ For example, the following playbook would log in to all servers in the `marketin {{< /file >}} - In the playbook above is an example of a task: {{< file "Playbook task" yaml >}} @@ -178,7 +74,7 @@ tasks: {{< /file >}} -Every task should have a name, which is logged and can help you track progress. Following the name line is the module that will be run (in this case, the [service module](http://docs.ansible.com/ansible/service_module.html)), and the other attributes provide more options, in this case instructing Ansible to use `sudo` privileges (which we will configure later). +Every task should have a name, which is logged and can help you track progress. Following the name line is the module that will be run (in this case, the [service module](http://docs.ansible.com/ansible/service_module.html), and the other attributes provide more options, in this case instructing Ansible to use `sudo` privileges (which we will configure later). ### Running Playbooks @@ -192,7 +88,7 @@ If you want to see what hosts this playbook will affect without having to open u ### Types of Tasks You Can Run -Ansible ships with a large collection of modules that you can run as tasks or via ad-hoc commands. To see a listing of all available modules, run: +Ansible ships with a large collection of [modules](https://docs.ansible.com/ansible/latest/user_guide/modules_intro.html) that you can run as tasks or via ad-hoc commands. To see a listing of all available modules, run: ansible-doc -l @@ -212,32 +108,52 @@ A few common core modules you might be interested in learning first include: * [git - Deploy software (or files) from git checkouts](http://docs.ansible.com/ansible/git_module.html) * [service - Manage services](http://docs.ansible.com/ansible/service_module.html) +You can also see a full list of modules assorted by category by navigating to [Ansible's Module Index Page](https://docs.ansible.com/ansible/latest/modules/modules_by_category.html). + ## Basic Web Server Setup via Ansible Playbooks As an example, we'll use Ansible to turn a freshly created Linode server into a web server, configured with Apache, MySQL, and PHP, ready to serve up dynamic sites and configured with the proper users and permissions. For brevity we won't handle all of the features and configuration that might normally be involved, but will cover enough to get you started. {{< caution >}} -The following playbooks are for learning purposes only, and will NOT result in a hardened or secure server. Use them to learn from, but do not use them for production instances! +The following playbooks are for learning purposes only, and will not result in a fully hardened or secure server. Use them to learn from, but do not use them for production without including additional security steps. {{< /caution >}} ### Prerequisites -- This example will assume a brand new Ubuntu 14.04 LTS server, without any additional configuration already done to the box. The very first order of business will be to add in our public encryption keys so that we can connect without supplying passwords. +- This example can be configured using two separate Linodes on Debian 9, one which will serve as a master node with an [Authentication Key Pair](https://www.linode.com/docs/security/securing-your-server/#create-an-authentication-key-pair) pre-generated and [Ansible](http://localhost:1313/docs/applications/configuration-management/getting-started-with-ansible/#install-ansible) pre-installed. Your second Linode should have no initial configuration tasks performed. We will add our public encryption key from our master node using playbooks so that we can complete all configuration tasks through our master node. + +- Because Ansible playbooks are idempotent and can be run repeatedly without error, the **user** task checks that a user exists and that the password on file (which the system stores hashed) matches the hash you are supplying. Therefore you cannot (and should not) just put in a plaintext password, you must pre-hash it. + +- Create a password hash on your master for Ansible to use in a later step. An easy method is to use Python's PassLib library, which can be installed with the following commands: + + sudo apt install python-pip + sudo pip install passlib -- Because Ansible playbooks are idempotent and can be run repeatedly without error, the `user` task checks that a user exists and that the password on file (which the system stores hashed) matches the hash you are supplying. Therefore you cannot (and should not) just put in a plaintext password, you must pre-hash it. -- Create a password hash for Ansible to use when communicating with the servers. An easy method is to use Python's PassLib library, which can be installed with `sudo pip install passlib`. + Once installed, run the following command, replacing `plaintextpassword` with a password you'd like to use to access your node: - Once installed, run the following command, replacing `plaintextpassword` with your actual password: + python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('plaintextpassword')" + + The number that appears following this command will be the hash for your password. + +- Since we are automating the process of adding our SSH key, we'll need to install `sshpass` in order to be able to initially log in and install our SSH key successfully through a playbook: + + apt-get install sshpass + +- Since `sshpass` does not support host key checking, something performed by default on ansible, open the `/etc/ansible/ansible.cfg` file in a text editor of your choice and uncomment the following line to disable it: + + {{< file "/etc/ansible/ansible.cfg" ini >}} +#host_key_checking = False + +{{< /file >}} - python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('plaintextpassword')" ### Create the System User -2. Add your new server's IP address to your Ansible `hosts` file so that we can address it. Remove any previous entries you may have added in the test sections above. Give the new server a group name to make it easier to refer to later. In our example the group name is `linode`. +2. Add your node's IP address to your Ansible master's `hosts` file so that we can address it. Give the new server a group name to make it easier to refer to later. In our example the group name is `linode`. {{< file "/etc/ansible/hosts" ini >}} [linode] @@ -248,7 +164,7 @@ The following playbooks are for learning purposes only, and will NOT result in a 3. Write a playbook that creates a new normal user, adds in our public key, and adds the new user to the `sudoers` file. - We're introducing a new aspect of Ansible here: *variables*. Note the `vars:` entry and the `NORMAL_USER_NAME` line. You'll notice that it is reused twice in the file so that we only have to change it once. Replace `yourusername` with your chosen username, `localusername` in the path for the `authorized_key`, and the password hash. + We're introducing a new aspect of Ansible: **variables**. Note the `vars:` entry and the `NORMAL_USER_NAME` line. You'll notice that it is reused twice in the file so that we only have to change it once. Replace `yourusername` with a new username of your choice, ensure that the path for the `authorized_key` is correct, and the password hash you generated earlier is in the password field. {{< file "initialize_basic_user.yml" yaml >}} --- @@ -262,7 +178,7 @@ The following playbooks are for learning purposes only, and will NOT result in a password='$6$rounds=656000$W.dSlhtSxE2HdSc1$4WbCFM6zQV1hTQYTCqmcddnKrSXIZ9LfWRAjJBervBFG.rH953lTa7rMeZNrN65zPzEONntMtYt9Bw74PvAei0' shell=/bin/bash - name: Add remote authorized key to allow future passwordless logins - authorized_key: user={{ NORMAL_USER_NAME }} key="{{ lookup('file', '/Users/localusername/.ssh/id_rsa.pub') }}" + authorized_key: user={{ NORMAL_USER_NAME }} key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" - name: Add normal user to sudoers lineinfile: dest=/etc/sudoers regexp="{{ NORMAL_USER_NAME }} ALL" @@ -272,11 +188,11 @@ The following playbooks are for learning purposes only, and will NOT result in a {{< /file >}} -4. Save the playbook file as `initialize_basic_user.yml` and run the playbook with the following command. Note how we specify the use of a particular user (`-u root`) and force Ansible to prompt us for the password (`-ask-pass`) since we don't have key authentication set up yet: +4. Save the playbook file as `initialize_basic_user.yml` and run the playbook with the following command. Note how we specify the use of a particular user (`-u root`) and force Ansible to prompt us for the password (`-ask-pass`) since we don't have key authentication set up yet. As part of this step, we'll install our public key: ansible-playbook --ask-pass -u root initialize_basic_user.yml -You should see output from Ansible that reports that the three tasks all completed successfully with a status of "changed." We can now work with new playbooks using our normal user account and keys. + You should see output from Ansible that reports that the three tasks all completed successfully with a status of "changed." We can now work with new playbooks using our normal user account and keys. ### Configure the Base System @@ -308,12 +224,11 @@ Let's take care of some common server setup tasks, such as setting the timezone, {{< /file >}} - -Run this playbook: +Replace `yourusername` with the username you set up in your previous step, and run this playbook, using the plaintext sudo password you hashed earlier and your SSH key when prompted: ansible-playbook common_server_setup.yml --ask-become-pass -As you run this playbook you will again see the steps come across as "changed." Updating packages may take a few minutes, so don't fret if it doesn't return straight away. +As you run this playbook you will again see the steps come across as "changed." Updating packages may take a few minutes. ### Install the Stack @@ -334,9 +249,9 @@ Finally, let's get a very basic server set up with Apache and PHP, and a test My - apache2 - mysql-server - python-mysqldb - - php5 + - php - php-pear - - php5-mysql + - php-mysql - name: "Turn on Apache and MySQL and set them to run on boot" service: name={{ item }} state=started enabled=yes @@ -362,12 +277,12 @@ Finally, let's get a very basic server set up with Apache and PHP, and a test My When this playbook finishes, visit your Linode's IP address or FQDN to see the default Ubuntu Apache index page. -3. Log in via SSH and check to see that the `testDb` has indeed been created: +3. Log in to the Linode we just configured via SSH and check to see that the `testDb` has indeed been created: - mysql -u root -p + sudo mysql -u root -p show databases; - You can even create a sample PHP page and place it in `/var/www/html` to test that PHP is active on the server. Ansible has done as we instructed it to, installing the appropriate packages and setting things up as we want. + You can even create a sample PHP page and place it in `/var/www/html` to test that PHP is active on the server. ## Exploring Ansible Further From 22a987b783e801a35ed951de8e41650d8a7da46f Mon Sep 17 00:00:00 2001 From: Ryan Syracuse Date: Fri, 7 Jun 2019 17:27:38 -0400 Subject: [PATCH 02/10] 404 fix --- .../configuration-management/running-ansible-playbooks/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/applications/configuration-management/running-ansible-playbooks/index.md b/docs/applications/configuration-management/running-ansible-playbooks/index.md index d6156dce03a..8c7ae516c45 100644 --- a/docs/applications/configuration-management/running-ansible-playbooks/index.md +++ b/docs/applications/configuration-management/running-ansible-playbooks/index.md @@ -121,7 +121,7 @@ The following playbooks are for learning purposes only, and will not result in a ### Prerequisites -- This example can be configured using two separate Linodes on Debian 9, one which will serve as a master node with an [Authentication Key Pair](https://www.linode.com/docs/security/securing-your-server/#create-an-authentication-key-pair) pre-generated and [Ansible](http://localhost:1313/docs/applications/configuration-management/getting-started-with-ansible/#install-ansible) pre-installed. Your second Linode should have no initial configuration tasks performed. We will add our public encryption key from our master node using playbooks so that we can complete all configuration tasks through our master node. +- This example can be configured using two separate Linodes on Debian 9, one which will serve as a master node with an [Authentication Key Pair](https://www.linode.com/docs/security/securing-your-server/#create-an-authentication-key-pair) pre-generated and [Ansible](/docs/applications/configuration-management/getting-started-with-ansible/#install-ansible) pre-installed. Your second Linode should have no initial configuration tasks performed. We will add our public encryption key from our master node using playbooks so that we can complete all configuration tasks through our master node. - Because Ansible playbooks are idempotent and can be run repeatedly without error, the **user** task checks that a user exists and that the password on file (which the system stores hashed) matches the hash you are supplying. Therefore you cannot (and should not) just put in a plaintext password, you must pre-hash it. From 59b4b2bd2f701aa8de6ae097036a343191d187b4 Mon Sep 17 00:00:00 2001 From: leslitagordita Date: Tue, 18 Jun 2019 15:37:53 -0400 Subject: [PATCH 03/10] Tech Edit:Getting Started With Ansible - Basic Installation and Setup --- .../getting-started-with-ansible/index.md | 212 +++++++++++------- 1 file changed, 128 insertions(+), 84 deletions(-) diff --git a/docs/applications/configuration-management/getting-started-with-ansible/index.md b/docs/applications/configuration-management/getting-started-with-ansible/index.md index fba82b2b5a1..d8c9d1e49ee 100644 --- a/docs/applications/configuration-management/getting-started-with-ansible/index.md +++ b/docs/applications/configuration-management/getting-started-with-ansible/index.md @@ -7,10 +7,10 @@ og_description: 'Ansible is an automation tool for server configuration, provisi keywords: ["ansible", "ansible configuration", "ansible provisioning", "ansible infrastructure", "ansible automation", "ansible configuration change management", "ansible server automation"] license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' aliases: ['applications/ansible/getting-started-with-ansible/','applications/configuration-management/getting-started-with-ansible/'] -published: 2015-09-08 -modified: 2018-03-21 +published: 2018-03-21 +modified: 2019-06-19 modified_by: - name: Jared Kobos + name: Ryan Syracuse title: 'Getting Started With Ansible - Basic Installation and Setup' contributor: name: Joshua Lyman @@ -25,67 +25,65 @@ external_resources: ## What is Ansible? -[Ansible](http://www.ansible.com/home) is an automation tool for server provisioning, configuration, and management. It allows you to organize your server inventory into groups, describe how those groups should be configured or what actions should be taken on them, and issue all of these commands from a central location. +[Ansible](http://www.ansible.com/home) is an automation tool for server provisioning, configuration, and management. It allows you to organize your servers into groups, describe how those groups should be configured, and what actions should be taken on them, all from a central location. -This guide introduces the basics of installing Ansible and preparing your environment to use [Playbooks](https://docs.ansible.com/ansible/latest/user_guide/playbooks.html). +{{< disclosure-note "Ansible Definitions">}} +To get started using Ansible, it is helpful to become familiar with a few basic terms and concepts used to describe Ansible's main components. -## Before You Begin - -All Ansible commands are run from a **control machine**, which can be either a local computer or a Linode. This will likely be your laptop or other computer from which you frequently access your server, or it may be a centralized server in more complicated setups. - -Make sure that you have Python 2 (versions 2.6 or 2.7) or Python 3 (versions 3.5 and higher) available on the control machine. Note that Windows is not supported as the control machine. You can [build Ansible from source](https://github.com/ansible/ansible), or install the latest stable packages using the proper command below. Ansible uses SSH to execute commands remotely on **nodes**. +* **Control Node**: Your infrastructure nodes are managed by Ansible from a **control node** which can be your personal computer or a server. For increased management speed, it is recommended to host your control node on a server that is as close to your managed nodes as possible. -This guide will use a control machine with three Linodes serving as nodes though this number can be reduced or increased as needed. These nodes will be referred to as `node-1`, `node-2`, and `node-3` throughout the guide. Before proceeding with this guide, create these three Linodes using the Linode Manager and deploy an appropriate image to each one. Since Ansible uses SSH, you will need to make sure that your control machine has SSH access to all of the nodes. +* **Managed Nodes**: The hosts that compose your infrastructure and that are managed by the Ansible control node. Managed nodes do not require Ansible to be installed on them. -1. Create an SSH key on the control machine. This will create a public/private key pair: `~/home/.ssh/id_rsa.pub` and `~/home/.ssh/is_rsa`: - - ssh-keygen -t rsa -b 4096 +* **Inventory**: Ansible keeps track of its managed nodes using an [inventory file](http://docs.ansible.com/ansible/intro_inventory.html) typically located in `/etc/ansible/hosts`. In the inventory file, you can group your managed nodes and use these groups to target specific hosts that make up your infrastructure. Ansible can use multiple inventory sources, like other inventory files and dynamic inventory pulled using an inventory plugin or script. -2. Copy the key to `node-1`: + If your Ansible managed infrastructure will change over time, it is recommended to use the [dynamic inventory plugin for Linode](https://docs.ansible.com/ansible/latest/plugins/inventory/linode.html). You can read the [How to use the Linode Ansible Module to Deploy Linodes](/docs/applications/configuration-management/deploy-linodes-using-ansible/) to learn how to use this plugin. - ssh-copy-id root@$node-1-ip +* **Modules**: Modules add extra functionality to Ansible. You can call Ansible modules directly from the command line to execute on your managed nodes or use them in your Playbooks. See [Ansible's module index](https://docs.ansible.com/ansible/latest/modules/modules_by_category.html) for a list of available modules by category. - Repeat this procedure for each remaining node. +* **Tasks**: The simplest unit of execution in Ansible is a task. Tasks utilize Ansible modules to manage your host's services, packages, files and to perform various system configurations. Tasks can be executed from the command line or within Playbooks. -{{< note >}} -The examples in this guide are for a multiple-Linode configuration. Most commands can also be performed with a single node for testing purposes. Please adjust accordingly. -{{< /note >}} +* **Playbooks**: Playbooks are YAML files containing a list of tasks in the desired order of execution. You can run Playbooks on your managed nodes and reuse and share them. [Variables](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html) and [Jinja templating](https://docs.ansible.com/ansible/latest/user_guide/playbooks_templating.html) provide a powerful way to execute complex tasks on your managed hosts. +{{}} -## Install Ansible +## Scope of this Guide +This guide introduces the basics of installing Ansible and preparing your environment to use [Playbooks](https://docs.ansible.com/ansible/latest/user_guide/playbooks.html). You will complete the following steps in this guide: -The remainder of the commands in this guide should be performed from the control machine. +* Install and configure Ansible on your computer or a Linode to serve as the control node that will manage your infrastructure nodes. +* Create two Linodes to manage with Ansible and establish a basic connection between the control node and your managed nodes. The managed nodes will be referred to as `node-1`, and `node-2` throughout the guide. -### MacOS + {{< note >}} +The examples in this guide provide a manual method to establish a basic connection between your control node and managed nodes as a way to introduce the basics of Ansible. If you would like to learn how to use Ansible's [Linode module](https://docs.ansible.com/ansible/latest/modules/linode_v4_module.html) to automate deploying and managing Linodes, see the [How to use the Linode Ansible Module to Deploy Linodes](docs/applications/configuration-management/deploy-linodes-using-ansible/). The guide assumes familiarity with Ansible modules, Playbooks, and dynamic inventories. + {{}} - sudo easy_install pip - sudo pip install ansible +## Before You Begin -### CentOS/Fedora +{{< caution >}} +This guide's example instructions will create three billable Linodes on your account. If you do not want to keep using the example Linodes that you create, be sure to [delete them](#delete-a-cluster) when you have finished the guide. - sudo yum install ansible +If you remove the resources afterward, you will only be billed for the hour(s) that the resources were present on your account. Consult the [Billing and Payments](/docs/platform/billing-and-support/billing-and-payments/) guide for detailed information about how hourly billing works and for a table of plan pricing. +{{< /caution >}} -{{< note >}} -The EPEL-Release repository may need to be added on certain versions of CentOS, RHEL, and Scientific Linux. -{{< /note >}} +1. [Create three Linodes](/docs/getting-started/#create-a-linode) running Debian 9 to use as your Ansible **managed nodes**. The examples in this guide can also be followed using a single node, if preferred. -### Ubuntu/Debian +1. Ansible uses the SSH protocol to securely log into managed nodes and apply your Playbook configurations. Create an SSH key-pair on the control node to use for authentication. This guide assumes your public and private SSH key-pair is stored in `~/home/.ssh/id_rsa.pub` and `~/home/.ssh/is_rsa`. - sudo apt-get update && sudo apt-get upgrade - sudo apt-get install ansible + ssh-keygen -t rsa -b 4096 -{{< note >}} -Ubuntu requires that all nodes have a compatible version of Python installed. In the latest version of Ubuntu, you can install python on each node with the following command: +2. Copy the key to `node-1`. Replace `192.0.2.0` with your managed Linode's ip address. - sudo apt-get install python + ssh-copy-id root@192.0.2.0 -If you want to create nodes that have this installed automatically, you can use the playbook referenced in `<<<<<<<<<<<<>>>>>>>>>>>>>>>` -{{< /note >}} + Repeat this procedure for each remaining node. + {{< note >}} +This step can be automated by using Ansible's Linode module. See the [How to use the Linode Ansible Module to Deploy Linodes](/docs/applications/configuration-management/deploy-linodes-using-ansible/) for more information. + {{}} +## Set up the Control Node ### Install and Set Up Miniconda -With Miniconda, it's possible to create a virtualized environment for Ansible which can help to streamline the installation process for most Distros and environments that require multiple versions of Python. +With Miniconda, it's possible to create a virtualized environment for Ansible which can help to streamline the installation process for most Distros and environments that require multiple versions of Python. Your control node will require Python version 2.7 or higher to run Ansible. 1. Download and install Miniconda: @@ -96,66 +94,115 @@ With Miniconda, it's possible to create a virtualized environment for Ansible wh 1. Restart your shell session for the changes to your PATH to take effect. + exec bash -l + +1. Create a new virtual environment for Ansible: + + conda create -n ansible-dev python=3 + +1. Activate the new environment: + + conda activate ansible-dev + 1. Check your Python version: python --version +### Install Ansible +{{< note >}} +This guide was created using Ansible 2.8. +{{}} -5. Create a new virtual environment for Ansible: +1. Follow the Ansible installation steps related to your control node's distribution. + #### MacOS - conda create -n ansible-dev python=3 + sudo easy_install pip + sudo pip install ansible -1. Activate the new environment: + #### CentOS 7 - source activate ansible-dev + sudo yum install epel-release + sudo yum install ansible -1. Install Ansible: + {{< note >}} + The EPEL-Release repository may need to be added on certain versions of CentOS, RHEL, and Scientific Linux. + {{}} - pip install ansible + #### Ubuntu 18.04 - Ansible can also be installed using a package manager such as `apt` on Debian/Ubuntu and [Homebrew](https://brew.sh) on OSX. + sudo apt update + sudo apt install software-properties-common + sudo apt-add-repository --yes --update ppa:ansible/ansible + sudo apt install ansible -1. Verify that the corresponding Python path is correct: +1. Verify that Ansible is installed: ansible --version ## Configure Ansible -### Add Your Nodes to Your Inventory File to Track Nodes +By default, Ansible's configuration file location is `/etc/ansible/ansible.cfg`. In most cases, the default configurations are enough to get you started using Ansible. In this example, you will use Ansible's default configurations. -Ansible keeps track of its nodes using an [inventory file](http://docs.ansible.com/ansible/intro_inventory.html), which contains the IP address or domain name of nodes you'll be applying your configurations to: +1. To view a list of all current configs available to your control node, use the `ansible-config` command line utility. -Add your nodes to the default inventory file. Replace `$node-1-ip`,`$node-2-ip`, and `$node-3-ip` with the public IP address or domain name of each of your nodes: + ansible-config list -{{< file "/etc/ansible/hosts" ini >}} + You will see a similar output: + + {{< output >}} + ACTION_WARNINGS: + default: true + description: [By default Ansible will issue a warning when recieved from a task + action (module or action plugin), These warnings can be silenced by adjusting + this setting to False.] + env: + - {name: ANSIBLE_ACTION_WARNINGS} + ini: + - {key: action_warnings, section: defaults} + name: Toggle action warnings + type: boolean + version_added: '2.5' +AGNOSTIC_BECOME_PROMPT: + default: false + ... + {{}} + +### Create an Ansible Inventory + +Ansible keeps track of its managed nodes using an [inventory file](http://docs.ansible.com/ansible/intro_inventory.html) located in `/etc/ansible/hosts`. In the inventory file, you can group your managed nodes and use these groups to target specific hosts that make up your infrastructure. Ansible can use multiple inventory sources, like other inventory files and dynamic inventory pulled using an inventory plugin or script. If your Ansible managed infrastructure will change over time, it is recommended to use the dynamic inventory plugin for Linode. You can read the [How to use the Linode Ansible Module to Deploy Linodes](/docs/applications/configuration-management/deploy-linodes-using-ansible/) to learn how to manage Linodes. + +Following the example below, you will add your three Linodes to the `/etc/ansible/hosts` inventory file in two separate groups. The nodes can be listed using a name that can be resolved by DNS or an IP address. + +1. Add your nodes to the default inventory file. Replace `192.0.2.0` and `192.0.2.1` with the public IP address or domain name of each of your nodes. + + {{< file "/etc/ansible/hosts" ini >}} [nginx] -$node-1-ip -$node-2-ip +192.0.2.0 -[linode] -$node-3-ip -{{< /file >}} +[wordpress] +192.0.2.1 + {{< /file >}} -Each bracketed label denotes an Ansible [group](http://docs.ansible.com/ansible/latest/intro_inventory.html#hosts-and-groups). Grouping your nodes by function will make it easier to run commands against the correct set of nodes. + Each bracketed label denotes an Ansible [group](http://docs.ansible.com/ansible/latest/intro_inventory.html#hosts-and-groups). Grouping your nodes by function will make it easier to run commands against the correct set of nodes. -{{< note >}} -The `/etc/ansible` directory will not exist by default in some environments. If you find that this is the case, you should create it manually with the following command: + {{< note >}} +The `/etc/ansible` directory will not exist by default in some environments. If you find that this is the case, create it manually with the following command: mkdir /etc/ansible/ -If you are using a non-standard SSH port on your nodes, include the port after a colon on the same line within your hosts file (`myserver.com:2222`). -{{< /note >}} +If you are using a non-standard SSH port on your nodes, include the port after a colon on the same line within your hosts file (`192.0.2.1:2222`). + {{< /note >}} + +## Connect to your Managed Nodes -### Test Inventory Groups +After configuring your control node, you can communicate with your managed nodes and begin configuring them as needed. In this section, you will test the connection with your Ansible managed hosts using the ping module. The ping module returns a "pong" response when a control node successfully reaches a node. Pinging your hosts will verify your connection and that the control node can execute Python on the hosts. -1. Use the `all` directive to ping all servers in your inventory: +1. Use the `all` directive to ping all servers in your inventory. By default, Ansible will use your local user account's name to connect to your nodes via SSH. You can override the default behavior by passing the `-u` option, plus the desired username. Since there are no standard user accounts on the nodes, in the example, you run the command as the root user. ansible all -u root -m ping - {{< note >}} -If you don't want to use SSH keys, you can add the `--ask-pass` switch, however this is not recommended. -{{< /note >}} + You should receive a similar output: {{< output >}} 192.0.2.0 | SUCCESS => { @@ -166,31 +213,28 @@ If you don't want to use SSH keys, you can add the `--ask-pass` switch, however "changed": false, "ping": "pong" } -192.0.2.2 | SUCCESS => { - "changed": false, - "ping": "pong" -} -{{< /output >}} - - The `-u` option is used here to run the command as root, since currently there are no standard user accounts on the nodes. By default Ansible will use the same username as your current machine’s username to attempt to connect via SSH into your nodes. If this will not match up, pass the proper username in using the `-u` username argument and replacing "root" with the username of the Linodes. + {{< /output >}} - - -2. Repeat the command, targeting only the nodes in the `[nginx]` group: +2. Repeat the command, targeting only the nodes in the `[nginx]` group that you defined in your [inventory file](#create-an-ansible-inventory). ansible nginx -u root -m ping - This time, only `node-1` and `node-2` should respond. + This time, only `node-1` should respond. ## Next Steps -Now that we've completed the installation of Ansible, we can be begin to use Playbooks to quickly and easily manage configurations of your Linodes on a larger scale. Our [Ansible Playbooks Guide](/docs/applications/configuration-management/running-ansible-playbooks/) will begin to teach you how to apply these playbooks to your configurations. +1. Now that you've installed and configured Ansible, you can begin to use Playbooks to manage your Linodes' configurations. Our [Using Ansible Playbooks for Configuration Management](/docs/applications/configuration-management/running-ansible-playbooks/) guide will demonstrate a basic web server set up using an Ansible Playbook. + +1. You can also reference a number of [example playbooks](https://github.com/ansible/ansible-examples) on Ansible's GitHub account to a see a variety of implementations. + +1. Consult the links below to learn several more advanced concepts related to writing Playbooks: -More complicated playbooks will require working with more advanced concepts. Ansible provides a number of [example playbooks](https://github.com/ansible/ansible-examples) on GitHub. In addition, documentation is available for many of the important concepts for writing playbooks: + * [Users, and Switching Users](http://docs.ansible.com/ansible/playbooks_intro.html#hosts-and-users) and [Privilege Escalation](http://docs.ansible.com/ansible/become.html) + * [Handlers: Running Operations On Change](http://docs.ansible.com/ansible/playbooks_intro.html#handlers-running-operations-on-change) + * [Roles](http://docs.ansible.com/ansible/playbooks_roles.html) + * [Variables](http://docs.ansible.com/ansible/playbooks_variables.html) + * [Playbook Best Practices](http://docs.ansible.com/ansible/playbooks_best_practices.html) -* [Users, and Switching Users](http://docs.ansible.com/ansible/playbooks_intro.html#hosts-and-users) and [Privilege Escalation](http://docs.ansible.com/ansible/become.html) -* [Handlers: Running Operations On Change](http://docs.ansible.com/ansible/playbooks_intro.html#handlers-running-operations-on-change) -* [Roles](http://docs.ansible.com/ansible/playbooks_roles.html) -* [Variables](http://docs.ansible.com/ansible/playbooks_variables.html) -* [Playbook Best Practices](http://docs.ansible.com/ansible/playbooks_best_practices.html) +### Delete Your Linodes +If you no longer wish to use the Linodes created in this guide, you can delete them using the [Linode Cloud Manager](https://cloud.linode.com/linodes). To learn how to remove Linode resources using Ansible's Linode module, see the [Delete Your Resources](/docs/applications/configuration-management/deploy-linodes-using-ansible/#delete-your-resources) section of the [How to use the Linode Ansible Module to Deploy Linodes](/docs/applications/configuration-management/deploy-linodes-using-ansible/) guide. \ No newline at end of file From df596c0b650b767b886153634343441db9f6c77f Mon Sep 17 00:00:00 2001 From: leslitagordita Date: Thu, 20 Jun 2019 19:24:12 -0400 Subject: [PATCH 04/10] Tech edit: Automate server config --- .../running-ansible-playbooks/index.md | 289 ++++++++++-------- 1 file changed, 158 insertions(+), 131 deletions(-) diff --git a/docs/applications/configuration-management/running-ansible-playbooks/index.md b/docs/applications/configuration-management/running-ansible-playbooks/index.md index 8c7ae516c45..3a06dd7155b 100644 --- a/docs/applications/configuration-management/running-ansible-playbooks/index.md +++ b/docs/applications/configuration-management/running-ansible-playbooks/index.md @@ -6,53 +6,79 @@ description: 'An introduction to configuration management with the Ansible IT au keywords: ["ansible", "ansible configuration", "ansible provisioning", "ansible infrastructure", "ansible automation", "ansible configuration", "ansible configuration change management", "ansible server automation"] license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' aliases: ['applications/ansible/getting-started-with-ansible/','applications/configuration-management/getting-started-with-ansible/'] -published: 2015-09-08 -modified: 2015-09-08 +published: 2015-06-01 +modified: 2015-09-21 modified_by: name: Linode -title: Using Ansible Playbooks for Configuration Management +title: Automate Server Configuration with Ansible Playbooks contributor: name: Joshua Lyman link: https://twitter.com/jlyman -external_resources: - - '[Ansible Home Page](http://www.ansible.com/home)' - - '[Ansible Documentation](http://docs.ansible.com/ansible/index.html)' - - '[Ansible Example Playbooks (GitHub)](https://github.com/ansible/ansible-examples)' --- +**Playbooks** define a set of tasks to be executed by Ansible on a group of managed nodes. While you can use Ansible to execute one-off tasks via the command line, Playbooks can be reused, shared across teams, version controlled, and support complex deployment and rollout requirements. You can use features such as, handlers, variables, templates, error handling, and control logic within your Playbooks to intelligently automate your IT processes across a fleet of hosts. -Consider the monotony of administering a server fleet; keeping all your servers updated, pushing needed changes out to them, copying files, and more. *[Ansible](http://www.ansible.com/home)* is a helpful tool that works to streamline these administration tasks by creating groups of machines, describe how those machines should be configured, what actions should be taken on them, and provides the ability to issue all of these commands from a single central location. Ansible only runs on your main control machine, which can be your laptop, desktop, or even a Linode. By the end of this guide, you'll have the tools needed to turn a brand new Linode into a simple web server (Apache, MySQL, PHP), easily replicable and adjustable, only through Ansible playbooks. +## Scope of this Guide -{{< note >}} -This guide is written for a non-root user. Commands that require elevated privileges are prefixed with `sudo`. If you're not familiar with the `sudo` command, you can check our [Users and Groups](/docs/tools-reference/linux-users-and-groups/) guide. Some systems may require you to run Ansible commands as root. If so, prefix the `ansible` commands in this guide with `sudo`. -{{< /note >}} +This guide provides an introduction to Ansible Playbook concepts, like tasks, plays, variables, and Jinja templating. In this guide's examples, you will create Playbooks to automate the following: + +* Creating a limited user account on a Linode +* Common server setup tasks, like setting a hostname, timezone, and updating system software +* Installing a LAMP stack ## Before You Begin -Make sure that you're familiar with the concepts described in our [Getting Started With Ansible Guide](/docs/applications/configuration-management/getting-started-with-ansible). +* If you are not familiar with Ansible, review the [Ansible Definitions](/docs/applications/configuration-management/getting-started-with-ansible/#what-is-ansible) section of the [Getting Started With Ansible](/docs/applications/configuration-management/getting-started-with-ansible/) guide. + +* Install Ansible on your computer or a Linode following the steps in the [Set up the Control Node](/docs/applications/configuration-management/getting-started-with-ansible/#set-up-the-control-node) section of our [Getting Started With Ansible](/docs/applications/configuration-management/getting-started-with-ansible/) guide. + +* Deploy a Linode running Debian 9 to manage with Ansible. All Playbooks created throughout this guide will be executed on this Linode. Follow the [Getting Started With Ansible - Basic Installation and Setup](http://localhost:1313/docs/applications/configuration-management/getting-started-with-ansible/#set-up-the-control-node) to learn how to establish a connection between the Ansible control node and your Linode. + + {{< note >}} +When following the [Getting Started with Ansible](/docs/applications/configuration-management/getting-started-with-ansible/#set-up-the-control-node) guide to deploy a Linode, it is not necessary to add your Ansible control node's SSH key-pair to your managed Linode. This step will be completed using a Playbook later on in this guide. + {{}} + +## Playbook Basics -## Ansible Configuration via Playbooks +Ansible Playbooks are written using YAML syntax, a declarative language, to describe the tasks or actions to execute on a group of managed nodes. Playbook tasks are run in order from top to bottom. You should design your Playbooks to be idempotent, which means a Playbook can be run once or several times with the same expected result. For example, a Playbook might declare a task to set up a server configuration file using a template and inject declared variable values in the file. In this scenario, Ansible should be able to compare the template configuration file to the actual file on the server and create or update it only if necessary. -**Playbooks** in Ansible define a series of actions to run, and address particular sets of servers. It's important to note that, unlike some other configuration tools, a playbook does not describe a state of the machine, with Ansible determining all the changes that need to be made on its own. However, playbooks should be designed to be idempotent, meaning that they can be run more than once without negative effects. For example, a playbook might have a task that sets up a configuration file for a server and injects a few variables. The playbook should be written such that Ansible can take the template configuration file, compare it to the actual file, and create/update it only if necessary. Luckily, many Ansible **modules** take care of the heavy lifting for that. +### Anatomy of a Playbook +The example below displays the skeleton of a Playbook. At its most basic, a Playbook will define a group of target hosts, variables to use within the Playbook, a remote user to execute the tasks as, and a set of named tasks to execute using various [Ansible modules](https://docs.ansible.com/ansible/latest/modules/modules_by_category.html). This grouping within a Playbook is referred to as a **play** and a single Playbook can contain several plays. -You can write playbooks to perform initial server configurations, add users and directories, ensure certain software packages are installed or uninstalled, move files, etc. A playbook can also run a few commands on one set of machines, switch to a different set to run different commands, and then switch back to the original or a different set of machines. It is procedural, and tasks are run in order, top to bottom. +{{< disclosure-note "Common Ansible Modules">}} -A playbook is a YAML file, and typically follows this structure: +| **Module** | **Usage** | +| ---------------- | ------------- | +| [command](http://docs.ansible.com/ansible/command_module.html) | Executes a command on a remote node. | +| [script](http://docs.ansible.com/ansible/script_module.html) | Transfers a local script to a managed node and then runs the script on the remote node. | +| [shell](http://docs.ansible.com/ansible/command_module.html) | Executes a command through a shell (`/bin/sh`) on a remote node. | +| [template](http://docs.ansible.com/ansible/template_module.html) | Uses a local file template to create a file on a remote node. | +| [apt](http://docs.ansible.com/ansible/apt_module.html) | Manages apt packages on Debian or Ubuntu systems. | +| [git](http://docs.ansible.com/ansible/apt_module.html) | Deploy software or files from git checkouts. | +| [service](http://docs.ansible.com/ansible/apt_module.html) | Manage services on your remote node's system. Supports BSD init, OpenRC, SysV, Solaris SMF, systemd, upstart init systems. | -{{< file "Sample Playbook YAML file" yaml >}} + +{{}} + +{{< file "Playbook Skeleton" yaml >}} --- - hosts: [target hosts] + vars: + var1: [value 1] + var2: [value 2] remote_user: [yourname] tasks: - - [task 1] - - [task 2] + - name: [task 1] + module: + - name: [task 2] + moduel: {{< /file >}} -For example, the following playbook would log in to all servers in the `marketingservers` group and ensure Apache was started. +The second example Playbook targets all hosts in the `marketing_servers` group and ensures Apache is started. The task is completed as the `webadmin` user. -{{< file "Sample service check playbook" yaml >}} +{{< file "Service Check Playbook" yaml >}} --- -- hosts: [marketingservers] +- hosts: [marketing_servers] remote_user: webadmin tasks: - name: Ensure the Apache daemon has started @@ -62,145 +88,123 @@ For example, the following playbook would log in to all servers in the `marketin {{< /file >}} -In the playbook above is an example of a task: - -{{< file "Playbook task" yaml >}} -tasks: - - name: Ensure the Apache daemon has started - service: name=httpd state=started - become: yes - become_method: sudo - -{{< /file >}} - - -Every task should have a name, which is logged and can help you track progress. Following the name line is the module that will be run (in this case, the [service module](http://docs.ansible.com/ansible/service_module.html), and the other attributes provide more options, in this case instructing Ansible to use `sudo` privileges (which we will configure later). - -### Running Playbooks - -Executing a playbook is even easier than running ad-hoc commands like we did earlier. Assuming you are in the same directory as a playbook file, you run the following command: - - ansible-playbook myplaybook.yml - -If you want to see what hosts this playbook will affect without having to open up the YAML file, you can run: - - ansible-playbook myplaybook.yml --list-hosts - -### Types of Tasks You Can Run - -Ansible ships with a large collection of [modules](https://docs.ansible.com/ansible/latest/user_guide/modules_intro.html) that you can run as tasks or via ad-hoc commands. To see a listing of all available modules, run: - - ansible-doc -l +## Web Server Setup with Ansible Playbooks -A few common core modules you might be interested in learning first include: +In this example, you will create three different Playbooks to configure your Linode as a web server running a LAMP stack. You will also configure the Linode to add a limited user account. The Playbooks will provide basic configurations that you can expand on, if needed. -* [command - Executes a command on a remote node](http://docs.ansible.com/ansible/command_module.html) -* [script - Runs a local script on a remote node after transferring it](http://docs.ansible.com/ansible/script_module.html) -* [shell - Execute commands in nodes](http://docs.ansible.com/ansible/shell_module.html) -* [mysql_db - Add or remove MySQL databases from a remote host](http://docs.ansible.com/ansible/mysql_db_module.html) -* [mysql_user - Adds or removes a user from a MySQL database](http://docs.ansible.com/ansible/mysql_user_module.html) -* [postgresql_db - Add or remove PostgreSQL databases from a remote host](http://docs.ansible.com/ansible/postgresql_db_module.html) -* [postgresql_user - Adds or removes a users (roles) from a PostgreSQL database](http://docs.ansible.com/ansible/postgresql_user_module.html) -* [fetch - Fetches a file from remote nodes](http://docs.ansible.com/ansible/fetch_module.html) -* [template - Templates a file out to a remote server](http://docs.ansible.com/ansible/template_module.html) -* [yum - Manages packages with the yum package manager](http://docs.ansible.com/ansible/yum_module.html) -* [apt - Manages apt-packages](http://docs.ansible.com/ansible/apt_module.html) -* [git - Deploy software (or files) from git checkouts](http://docs.ansible.com/ansible/git_module.html) -* [service - Manage services](http://docs.ansible.com/ansible/service_module.html) + {{< caution >}} +The Playbooks created in this section are for learning purpose and will not result in a fully hardened or secure server. To further secure your Linode, you can use Ansible's [firewalld module](https://docs.ansible.com/ansible/latest/modules/firewalld_module.html). +{{< /caution >}} -You can also see a full list of modules assorted by category by navigating to [Ansible's Module Index Page](https://docs.ansible.com/ansible/latest/modules/modules_by_category.html). +### Add a Limited User Account +In this section you will create a Playbook to add a limited user account to your Linode. -## Basic Web Server Setup via Ansible Playbooks +#### Create a Password Hash -As an example, we'll use Ansible to turn a freshly created Linode server into a web server, configured with Apache, MySQL, and PHP, ready to serve up dynamic sites and configured with the proper users and permissions. For brevity we won't handle all of the features and configuration that might normally be involved, but will cover enough to get you started. +When creating a limited user account you are required to create a host login password for the new user. Since you should never include plaintext passwords in your Playbooks, in this section you will use the Python passlib library to create a password hash that you can securely include in your Playbook. - {{< caution >}} -The following playbooks are for learning purposes only, and will not result in a fully hardened or secure server. Use them to learn from, but do not use them for production without including additional security steps. -{{< /caution >}} +{{< note >}} +[Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypt-string-for-use-in-yaml) can also be used to encrypt sensitive data. This guide will not make use of Ansible Vault, however, you can consult the [How to use the Linode Ansible Module to Deploy Linodes](/docs/applications/configuration-management/deploy-linodes-using-ansible/) guide to view an example that makes use of this feature. +{{}} -### Prerequisites +1. On your Ansible control node, create a password hash on your control node for Ansible to use in a later step. An easy method is to use Python's PassLib library, which can be installed with the following commands: -- This example can be configured using two separate Linodes on Debian 9, one which will serve as a master node with an [Authentication Key Pair](https://www.linode.com/docs/security/securing-your-server/#create-an-authentication-key-pair) pre-generated and [Ansible](/docs/applications/configuration-management/getting-started-with-ansible/#install-ansible) pre-installed. Your second Linode should have no initial configuration tasks performed. We will add our public encryption key from our master node using playbooks so that we can complete all configuration tasks through our master node. +1. Install pip, the package installer for Python, on your control node if you do not already have it installed: -- Because Ansible playbooks are idempotent and can be run repeatedly without error, the **user** task checks that a user exists and that the password on file (which the system stores hashed) matches the hash you are supplying. Therefore you cannot (and should not) just put in a plaintext password, you must pre-hash it. + sudo apt install python-pip -- Create a password hash on your master for Ansible to use in a later step. An easy method is to use Python's PassLib library, which can be installed with the following commands: +1. Install the passlib library: - sudo apt install python-pip sudo pip install passlib +1. Create a password hash using passlib. Replace `myPlainTextPassword` with the password you'd like to use to access your Linode. - Once installed, run the following command, replacing `plaintextpassword` with a password you'd like to use to access your node: + sudo python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('myPlainTextPassword')" - python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('plaintextpassword')" + A similar output will appear displaying a hash of your password: + {{< output >}} +$6$rounds=656000$dwgOSA/I9yQVHIjJ$rSk8VmlZSlzig7tEwIN/tkT1rqyLQp/S/cD08dlbYctPjdC9ioSp1ykFtSKgLmAnzWVM9T3dTinrz5IeH41/K1 + {{}} - The number that appears following this command will be the hash for your password. +1. Copy and paste the hash somewhere that you can easily access for a later step. -- Since we are automating the process of adding our SSH key, we'll need to install `sshpass` in order to be able to initially log in and install our SSH key successfully through a playbook: +#### Disable Host Key Checking - apt-get install sshpass +Ansible uses the sshpass helper program for SSH authentication. This program is included by default on Ansible 2.8. sshpass requires host key checking to be disabled on your Ansible control node. -- Since `sshpass` does not support host key checking, something performed by default on ansible, open the `/etc/ansible/ansible.cfg` file in a text editor of your choice and uncomment the following line to disable it: +1. Disable host key checking. Open the `/etc/ansible/ansible.cfg` configuration file in a text editor of your choice, uncomment the following line, and save your changes. {{< file "/etc/ansible/ansible.cfg" ini >}} #host_key_checking = False {{< /file >}} +#### Create the Inventory File +In order to target your Linode in a Playbook, you will need to add it to your Ansible control node's inventory file. -### Create the System User - - -2. Add your node's IP address to your Ansible master's `hosts` file so that we can address it. Give the new server a group name to make it easier to refer to later. In our example the group name is `linode`. +1. Edit your inventory file to create the `webserver` group and to add your Linode to the group. Open the `/etc/ansible/hosts` file in your preferred text editor and add the following information. Replace `192.0.2.0` with your Linode's IP address. {{< file "/etc/ansible/hosts" ini >}} -[linode] -123.123.123.123 +[webserver] +192.0.2.0 {{< /file >}} +#### Create the Limited User Account Playbook -3. Write a playbook that creates a new normal user, adds in our public key, and adds the new user to the `sudoers` file. +You are now ready to create the Limited User Account Playbook. This Playbook will create a new user on your Linode, add your Ansible control node's SSH public key to the Linode, and add the new user to the Linode's `sudoers` file. - We're introducing a new aspect of Ansible: **variables**. Note the `vars:` entry and the `NORMAL_USER_NAME` line. You'll notice that it is reused twice in the file so that we only have to change it once. Replace `yourusername` with a new username of your choice, ensure that the path for the `authorized_key` is correct, and the password hash you generated earlier is in the password field. +1. In your home directory, create a file named `limited_user_account.yml` and add the contents of the example. Replace the following values in the file: + * `yourusername` with the user name you would like to create on the Linode + * `$6$rounds=656000$W.dSl` with the password hash you create in the [Create a Password Hash](#create-a-password-has) section of the guide. - {{< file "initialize_basic_user.yml" yaml >}} + {{< file "limited_user_account.yml" yaml >}} --- -- hosts: linode +- hosts: webserver remote_user: root vars: NORMAL_USER_NAME: 'yourusername' tasks: - name: "Create a secondary, non-root user" user: name={{ NORMAL_USER_NAME }} - password='$6$rounds=656000$W.dSlhtSxE2HdSc1$4WbCFM6zQV1hTQYTCqmcddnKrSXIZ9LfWRAjJBervBFG.rH953lTa7rMeZNrN65zPzEONntMtYt9Bw74PvAei0' + password='$6$rounds=656000$W.dSl' shell=/bin/bash - name: Add remote authorized key to allow future passwordless logins - authorized_key: user={{ NORMAL_USER_NAME }} key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" + authorized_key: user={{ NORMAL_USER_NAME }} key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - name: Add normal user to sudoers lineinfile: dest=/etc/sudoers regexp="{{ NORMAL_USER_NAME }} ALL" line="{{ NORMAL_USER_NAME }} ALL=(ALL) ALL" state=present -{{< /file >}} + {{< /file >}} + * The first two lines of the file tells Ansible to target the `webserver` group of hosts in the inventory file and to execute the remote host tasks as the `root` user. + * The `vars` section creates the `NORMAL_USER_NAME` that can be reused throughout the Playbook. Ansible also allows you to create and use variables in separate files, instead of directly in your Playbook. For a deeper dive into the many ways you can use variables with Ansible, see Ansible's official documentation on [Using Variables](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#defining-variables-in-files). + * The `tasks` block of the Playbook, declares three tasks. The first creates the new user and a user password. The second, adds the Ansible control node's public SSH key to the Linode. The third task adds the new user to the sudoers file. + * Each task makes use of Jinja templating, (i.e. `{{ NORMAL_USER_NAME }}`), to access the referenced variable values. Jinja templating is a powerful feature of Ansible that gives you access to control logic, filters, lookups, and functions within your Playbooks. To learn more, consult [Ansible's official documentation](https://docs.ansible.com/ansible/latest/user_guide/playbooks_templating.html#templating-jinja2). -4. Save the playbook file as `initialize_basic_user.yml` and run the playbook with the following command. Note how we specify the use of a particular user (`-u root`) and force Ansible to prompt us for the password (`-ask-pass`) since we don't have key authentication set up yet. As part of this step, we'll install our public key: +1. Run the `limited_user_account.yml` Playbook. The `--ask-pass` option tells Ansible to log into the Linode using password authentication, instead of SSH, since your public SSH key is not yet stored there. The `-u root` option directs Ansible to log in as the root user. By default, Ansible will use your current local system's username of one is not provided. - ansible-playbook --ask-pass -u root initialize_basic_user.yml + ansible-playbook --ask-pass -u root limited_user_account.yml - You should see output from Ansible that reports that the three tasks all completed successfully with a status of "changed." We can now work with new playbooks using our normal user account and keys. + You should see output from Ansible that reports that the three tasks all completed successfully with a status of "changed." We can now work with new playbooks using our limited user account and keys. ### Configure the Base System -Let's take care of some common server setup tasks, such as setting the timezone, updating the hosts file, and updating packages. Here's a playbook covering those steps: +This next Playbook will take care of some common server setup tasks, such as setting the timezone, updating the hosts file, and updating packages. + +1. Create a file in your home directory named `common_server_setup.yml` and add the contents of the example. Replace the following values in the file: -{{< file "common_server_setup.yml" yaml >}} + * `yourusername` with the username you created in the [Create the Limited User Account Playbook](#create-the-limited-user-account-playbook) section of the guide + * `web01` with the hostname you would like to set for your Linode. + * If you have a domain name you would like to set up, replace `www.example.com` with it. + + {{< file "common_server_setup.yml" yaml >}} --- -- hosts: linode +- hosts: webserver remote_user: yourusername become: yes become_method: sudo @@ -221,37 +225,57 @@ Let's take care of some common server setup tasks, such as setting the timezone, with_items: "{{ groups['linode'] }}" - name: Update packages apt: update_cache=yes upgrade=dist + {{< /file >}} -{{< /file >}} + * The first task in this Playbook uses the `command` module to set the Linode's timezone to UTC time. + * The second task uses the `hostname` module to set your system's hostname. + * The third task updates the Linode's host file using the `lineinfile` module. This task uses `hostvars` to retrieve the host's IP address and use it to update the hosts file. `hostvars` is a reserved [special variable](https://docs.ansible.com/ansible/latest/reference_appendices/special_variables.html#special-variables) that you can use to access various information about your hosts. + * The fourth task updates your system's packages using the `apt` module. + +1. Run the `common_server_setup.yml` Playbook. The `--ask-become-pass` tells Ansible to ask you for the limited user account's password in order to `become` the sudo user and execute the Playbook via the limited user account. -Replace `yourusername` with the username you set up in your previous step, and run this playbook, using the plaintext sudo password you hashed earlier and your SSH key when prompted: + {{< note >}} +By default, Ansible will use your current local system's username to authenticate to your Linode. If your local username is not the same as your Linode's limited user account name, you will need to pass the `-u` option along with the limited user account name to appropriately authenticate. Ensure you replace `limitedUserAccountName` with the limited user account name you created in the [Create the Limited User Account Playbook](#create-the-limited-user-account-playbook) section of the guide. + {{}} - ansible-playbook common_server_setup.yml --ask-become-pass + ansible-playbook common_server_setup.yml --ask-become-pass -u limitedUserAccountName -As you run this playbook you will again see the steps come across as "changed." Updating packages may take a few minutes. + * When the Playbook begins to execute, you will be prompted to enter a `BECOME password:`. This is the password you created in the [Create a Password Hash](#create-a-password-hash) section of the guide. + * As the Playbook executes, you will again see the tasks display as "changed." + * Updating packages may take a few minutes. ### Install the Stack -Finally, let's get a very basic server set up with Apache and PHP, and a test MySQL database to use. +You are now ready to create the `setup_webserver.yml` Playbook that will get your Linode set up with Apache, PHP, and a test MySQL database. + +1. Follow the steps in the [Create a Password Hash](#create-a-password-hash) section of the guide to create a new password hash to use in this Playbook. + +1. Create a file in your home directory named `setup_webserver.yml` and add the contents of the example. Replace the following values in the file: + + * `yourusername` with the username you created in the [Create the Limited User Account Playbook](#create-the-limited-user-account-playbook) section of the guide + * In the `Create a new user for connections` task, replace the value of `password` with your desired password. -1. The following playbook downloads the appropriate packages, turns on the Apache and MySQL services, and creates a basic database and user. + {{< note >}} +In order to avoid using plain text passwords in your Playbooks, you can use [Ansible-Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypt-string-for-use-in-yaml) and variables to encrypt sensitive data. You can consult the [How to use the Linode Ansible Module to Deploy Linodes](/docs/applications/configuration-management/deploy-linodes-using-ansible/) guide to view an example that makes use of this feature. + {{}} - {{< file "setup_webserver.yml" yaml >}} + {{< file "setup_webserver.yml" yaml >}} --- -- hosts: linode +- hosts: webserver remote_user: yourusername become: yes become_method: sudo tasks: - - name: "Install Apache, MySQL, and PHP5" - apt: name={{ item }} state=present - with_items: - - apache2 - - mysql-server - - python-mysqldb - - php - - php-pear - - php-mysql + - name: "Install Apache, MySQL, and PHP" + apt: + pkg: + - apache2 + - mysql-server + - python-mysqldb + - php + - php-pear + - php-mysql + state: present - name: "Turn on Apache and MySQL and set them to run on boot" service: name={{ item }} state=started enabled=yes @@ -260,36 +284,39 @@ Finally, let's get a very basic server set up with Apache and PHP, and a test My - mysql - name: Create a test database - mysql_db: name=testDb - state=present + mysql_db: name= testDb + state= present - name: Create a new user for connections mysql_user: name=webapp - password=mypassword + password='$6$rounds=656000$W.dSl' priv=*.*:ALL state=present -{{< /file >}} + {{< /file >}} + * The first task handles installing Apache, MySQL, and PHP. + * The next task ensures that Apache and MySQL remaining running after a system reboot. This task makes use of a [loop](https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html) to populate the value of the `service` name. + * Next, the Playbook creates a MySQL database with the name of `testDB` + * Finally, a new MySQL user named `webapp` is created. -2. Run the playbook from your control machine with the following command: + +1. Run the playbook from your control machine with the following command: ansible-playbook setup_webserver.yml --ask-become-pass - When this playbook finishes, visit your Linode's IP address or FQDN to see the default Ubuntu Apache index page. +1. When this playbook finishes executing, visit your Linode's IP address or FQDN to see the default Ubuntu Apache index page. -3. Log in to the Linode we just configured via SSH and check to see that the `testDb` has indeed been created: +1. Log in to the Linode you just configured via SSH and check to see that the `testDb` has indeed been created: - sudo mysql -u root -p + sudo mysql -u webapp -p show databases; - You can even create a sample PHP page and place it in `/var/www/html` to test that PHP is active on the server. - +1. If desired, you can even create a sample PHP page and place it in `/var/www/html` to test that PHP is active on the server. -## Exploring Ansible Further -This is just the start of learning Ansible, and as you continue to learn and explore you will find it a truly powerful and flexible tool. Take a look at some of the example Ansible playbooks provided by the company itself. +## Next Steps -Below are a few topics to explore that become important as you create playbooks of any complexity, and that you will see frequently in others' playbooks. +Now that you are familiar with Playbooks, you can continue to learn more about Ansible. Ansible's GitHub provides several example Playbooks that you can reference to learn different implementation options and patterns. Below are a few topics you can explore to learn how to build Playbooks of more complexity: * [Ansible Example Playbooks (GitHub)](https://github.com/ansible/ansible-examples) * [WordPress + nginx + PHP-FPM](https://github.com/ansible/ansible-examples/tree/master/wordpress-nginx) From b1b143e420f46b89785834b913871fda214d6cd5 Mon Sep 17 00:00:00 2001 From: hzoppetti Date: Wed, 26 Jun 2019 15:24:22 -0400 Subject: [PATCH 05/10] added sshpass to dictionary, updated wording around how many nodes are added for control and managed nodes, and fixed a bad link. --- ci/vale/dictionary.txt | 1 + .../getting-started-with-ansible/index.md | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ci/vale/dictionary.txt b/ci/vale/dictionary.txt index 213a6d1deb2..c3a95532598 100644 --- a/ci/vale/dictionary.txt +++ b/ci/vale/dictionary.txt @@ -1260,6 +1260,7 @@ src srv sshd sshfs +sshpass ssi ssl stackscript diff --git a/docs/applications/configuration-management/getting-started-with-ansible/index.md b/docs/applications/configuration-management/getting-started-with-ansible/index.md index d8c9d1e49ee..c60520154d3 100644 --- a/docs/applications/configuration-management/getting-started-with-ansible/index.md +++ b/docs/applications/configuration-management/getting-started-with-ansible/index.md @@ -52,18 +52,18 @@ This guide introduces the basics of installing Ansible and preparing your enviro * Create two Linodes to manage with Ansible and establish a basic connection between the control node and your managed nodes. The managed nodes will be referred to as `node-1`, and `node-2` throughout the guide. {{< note >}} -The examples in this guide provide a manual method to establish a basic connection between your control node and managed nodes as a way to introduce the basics of Ansible. If you would like to learn how to use Ansible's [Linode module](https://docs.ansible.com/ansible/latest/modules/linode_v4_module.html) to automate deploying and managing Linodes, see the [How to use the Linode Ansible Module to Deploy Linodes](docs/applications/configuration-management/deploy-linodes-using-ansible/). The guide assumes familiarity with Ansible modules, Playbooks, and dynamic inventories. +The examples in this guide provide a manual method to establish a basic connection between your control node and managed nodes as a way to introduce the basics of Ansible. If you would like to learn how to use Ansible's [Linode module](https://docs.ansible.com/ansible/latest/modules/linode_v4_module.html) to automate deploying and managing Linodes, see the [How to use the Linode Ansible Module to Deploy Linodes](/docs/applications/configuration-management/deploy-linodes-using-ansible/). The guide assumes familiarity with Ansible modules, Playbooks, and dynamic inventories. {{}} ## Before You Begin {{< caution >}} -This guide's example instructions will create three billable Linodes on your account. If you do not want to keep using the example Linodes that you create, be sure to [delete them](#delete-a-cluster) when you have finished the guide. +This guide's example instructions will create up to three billable Linodes on your account. If you do not want to keep using the example Linodes that you create, be sure to [delete them](#delete-a-cluster) when you have finished the guide. If you remove the resources afterward, you will only be billed for the hour(s) that the resources were present on your account. Consult the [Billing and Payments](/docs/platform/billing-and-support/billing-and-payments/) guide for detailed information about how hourly billing works and for a table of plan pricing. {{< /caution >}} -1. [Create three Linodes](/docs/getting-started/#create-a-linode) running Debian 9 to use as your Ansible **managed nodes**. The examples in this guide can also be followed using a single node, if preferred. +1. [Create three Linodes](/docs/getting-started/#create-a-linode) running Debian 9. One will be the **control node** and two you will use as your Ansible **managed nodes**. The examples in this guide can also be followed using a single managed node, if preferred. 1. Ansible uses the SSH protocol to securely log into managed nodes and apply your Playbook configurations. Create an SSH key-pair on the control node to use for authentication. This guide assumes your public and private SSH key-pair is stored in `~/home/.ssh/id_rsa.pub` and `~/home/.ssh/is_rsa`. From 3d047444fecedcaf75e9efbd78185b1911747663 Mon Sep 17 00:00:00 2001 From: hzoppetti Date: Wed, 26 Jun 2019 15:46:40 -0400 Subject: [PATCH 06/10] updated links in deploy linodes using ansible guide to point to new getting started guide --- .../deploy-linodes-using-ansible/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/applications/configuration-management/deploy-linodes-using-ansible/index.md b/docs/applications/configuration-management/deploy-linodes-using-ansible/index.md index 7a8080fcf1e..b1797da83b4 100644 --- a/docs/applications/configuration-management/deploy-linodes-using-ansible/index.md +++ b/docs/applications/configuration-management/deploy-linodes-using-ansible/index.md @@ -15,7 +15,7 @@ contributor: external_resources: - '[Ansible Best Practices](https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html)' --- -Ansible is a popular open-source tool that can be used to automate common IT tasks, like cloud provisioning and configuration management. With [Ansible's 2.8 release](https://docs.ansible.com/ansible/latest/roadmap/ROADMAP_2_8.html), you can deploy Linode instances using our latest [API (v4)](https://developers.linode.com/api/v4/). Ansible's `linode_v4` module adds the functionality needed to deploy and manage Linodes via the command line or in your [Ansible Playbooks](/docs/applications/configuration-management/automatically-configure-servers-with-ansible-and-playbooks/). While the dynamic inventory plugin for Linode helps you source your Ansible inventory directly from the Linode API (v4). +Ansible is a popular open-source tool that can be used to automate common IT tasks, like cloud provisioning and configuration management. With [Ansible's 2.8 release](https://docs.ansible.com/ansible/latest/roadmap/ROADMAP_2_8.html), you can deploy Linode instances using our latest [API (v4)](https://developers.linode.com/api/v4/). Ansible's `linode_v4` module adds the functionality needed to deploy and manage Linodes via the command line or in your [Ansible Playbooks](/docs/applications/configuration-management/running-ansible-playbooks/). While the dynamic inventory plugin for Linode helps you source your Ansible inventory directly from the Linode API (v4). In this guide you will learn how to: @@ -34,7 +34,7 @@ If you remove the resource afterward, you will only be billed for the hour(s) th The steps outlined in this guide require [Ansible version 2.8](https://github.com/ansible/ansible/releases/tag/v2.8.0). {{}} -- Install Ansible on your computer. Use the steps in the [Installing Ansible](https://www.linode.com/docs/applications/configuration-management/learn-how-to-install-ansible-and-run-playbooks/#installing-ansible) section of the [Learn How to Install Ansible and Run Playbooks](/docs/applications/configuration-management/learn-how-to-install-ansible-and-run-playbooks/) guide. +- Install Ansible on your computer. Use the steps in the [Install Ansible](/docs/applications/configuration-management/getting-started-with-ansible/#install-ansible) section of the [Getting Started Wih Ansible - Basic Installation and Setup](/docs/applications/configuration-management/getting-started-with-ansible/) guide. - Ensure you have Python version 2.7 or higher installed on your computer. Issue the following command to check your system's Python version: From b9541be0c736022a832b848a0d2c0f395a73072e Mon Sep 17 00:00:00 2001 From: hzoppetti Date: Wed, 26 Jun 2019 16:00:38 -0400 Subject: [PATCH 07/10] updated links on automating server builds guide --- docs/platform/automating-server-builds/index.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/platform/automating-server-builds/index.md b/docs/platform/automating-server-builds/index.md index 1b8f7054767..312d580d064 100644 --- a/docs/platform/automating-server-builds/index.md +++ b/docs/platform/automating-server-builds/index.md @@ -73,8 +73,9 @@ Knife Linode is based on Linode's deprecated APIv3. The Linode Module from Ansible is based on Linode's deprecated APIv3. {{}} - - [Learn How to Install Ansible and Run Playbooks](/docs/applications/configuration-management/learn-how-to-install-ansible-and-run-playbooks/) - - [Automatically Configure Servers with Ansible and Playbooks](/docs/applications/configuration-management/automatically-configure-servers-with-ansible-and-playbooks/) + - [Getting Started With Ansible - Basic Installation and Setup](/docs/applications/configuration-management/getting-started-with-ansible/) + - [Automate Server Configuration with Ansible Playbooks](/docs/applications/configuration-management/running-ansible-playbooks/) + - [How to use the Linode Ansible Module to Deploy Linodes](/docs/applications/configuration-management/deploy-linodes-using-ansible/) - **Salt:** Salt (also referred to as SaltStack) is a Python-based configuration management and orchestration system. Salt uses a master/client model in which a dedicated Salt master server manages one or more Salt minion servers. To learn more about Salt, see the following guides: From cedcd5f4addd0a1ff8bacc7194e152affe61a7c8 Mon Sep 17 00:00:00 2001 From: hzoppetti Date: Wed, 26 Jun 2019 16:05:29 -0400 Subject: [PATCH 08/10] fix spelling error --- .../deploy-linodes-using-ansible/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/applications/configuration-management/deploy-linodes-using-ansible/index.md b/docs/applications/configuration-management/deploy-linodes-using-ansible/index.md index b1797da83b4..c94e925368c 100644 --- a/docs/applications/configuration-management/deploy-linodes-using-ansible/index.md +++ b/docs/applications/configuration-management/deploy-linodes-using-ansible/index.md @@ -34,7 +34,7 @@ If you remove the resource afterward, you will only be billed for the hour(s) th The steps outlined in this guide require [Ansible version 2.8](https://github.com/ansible/ansible/releases/tag/v2.8.0). {{}} -- Install Ansible on your computer. Use the steps in the [Install Ansible](/docs/applications/configuration-management/getting-started-with-ansible/#install-ansible) section of the [Getting Started Wih Ansible - Basic Installation and Setup](/docs/applications/configuration-management/getting-started-with-ansible/) guide. +- Install Ansible on your computer. Use the steps in the [Install Ansible](/docs/applications/configuration-management/getting-started-with-ansible/#install-ansible) section of the [Getting Started With Ansible - Basic Installation and Setup](/docs/applications/configuration-management/getting-started-with-ansible/) guide. - Ensure you have Python version 2.7 or higher installed on your computer. Issue the following command to check your system's Python version: From b9c1fee792b5774f70cfa8af32eafc6a5d2af1fc Mon Sep 17 00:00:00 2001 From: hzoppetti Date: Wed, 26 Jun 2019 16:09:18 -0400 Subject: [PATCH 09/10] updated link on host a website with high availability --- docs/websites/host-a-website-with-high-availability/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/websites/host-a-website-with-high-availability/index.md b/docs/websites/host-a-website-with-high-availability/index.md index 9ace91af658..937676d0eff 100644 --- a/docs/websites/host-a-website-with-high-availability/index.md +++ b/docs/websites/host-a-website-with-high-availability/index.md @@ -741,4 +741,4 @@ For more information on DNS configuration, refer to our [introduction to DNS rec ## Configuration Management -Because a high availability configuration involves so many different components, you may want to consider additional software to help you manage the cluster and create new nodes when necessary. For more information on the options available for managing your nodes, see our guides on [Salt](/docs/applications/configuration-management/getting-started-with-salt-basic-installation-and-setup/), [Chef](/docs/applications/configuration-management/beginners-guide-chef/), [Puppet](/docs/applications/configuration-management/install-and-configure-puppet/), and [Ansible](/docs/applications/configuration-management/automatically-configure-servers-with-ansible-and-playbooks/). You can also refer to our guide on [Automating Server Builds](/docs/platform/automating-server-builds/) for an overview of how to choose a solution that is right for you. +Because a high availability configuration involves so many different components, you may want to consider additional software to help you manage the cluster and create new nodes when necessary. For more information on the options available for managing your nodes, see our guides on [Salt](/docs/applications/configuration-management/getting-started-with-salt-basic-installation-and-setup/), [Chef](/docs/applications/configuration-management/beginners-guide-chef/), [Puppet](/docs/applications/configuration-management/install-and-configure-puppet/), and [Ansible](/docs/applications/configuration-management/running-ansible-playbooks/). You can also refer to our guide on [Automating Server Builds](/docs/platform/automating-server-builds/) for an overview of how to choose a solution that is right for you. From a6a55fb7013f3ae3f845a1f64731184b77701837 Mon Sep 17 00:00:00 2001 From: hzoppetti Date: Wed, 26 Jun 2019 16:22:29 -0400 Subject: [PATCH 10/10] updated ansible link in use public key authentication guide --- .../use-public-key-authentication-with-ssh/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security/authentication/use-public-key-authentication-with-ssh/index.md b/docs/security/authentication/use-public-key-authentication-with-ssh/index.md index f09a7c14635..df6943ec405 100644 --- a/docs/security/authentication/use-public-key-authentication-with-ssh/index.md +++ b/docs/security/authentication/use-public-key-authentication-with-ssh/index.md @@ -20,7 +20,7 @@ Password authentication is the default method most SSH (Secure Shell) clients us - If a server that uses SSH keys is compromised by a hacker, no authorization credentials are at risk of being exposed. -- Because a password isn't required at login, you are able to able to log in to servers from within scripts or automation tools that you need to run unattended. For example, you can set up periodic updates for your servers with a configuration management tool like [Ansible](/docs/applications/configuration-management/automatically-configure-servers-with-ansible-and-playbooks/), and you can run those updates without having to be physically present. +- Because a password isn't required at login, you are able to able to log in to servers from within scripts or automation tools that you need to run unattended. For example, you can set up periodic updates for your servers with a configuration management tool like [Ansible](/docs/applications/configuration-management/running-ansible-playbooks/), and you can run those updates without having to be physically present. This guide will explain how the SSH key login scheme works, how to generate an SSH key, and how to use those keys with your Linode.