 # Ansible Basics

### What is Ansible

Ansible is a configuration management tool or infrastructure automation tool. 

Puppet, Chef and Salt stack are few other configuration management tools available.
Each of these(Other than Ansible) tools operate in Master-Agent model.
    * Puppet Master -> Puppet Agent
    * Chef Server -> Chef Client
    * Salt Master -> Salt Minion

Ansible operates in agent less model.
Uses SSH connection(openssh or paramiko). There are few other connection modes(docker, local etc...)

Ansible is written in python. Having python knowledge helps but not required.

Ansible installation:
    * Through system package manager
    * Through python package manager
    
More information is available at below link:  
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html

### Installing Through Package manager

On a Redhat/CentOS flavor of Linux.

```yum install epel-release -y```  
```yum install ansible```  

On Debian/Ubuntu flavor of Linux.

```apt-get update```  
```apt install software-properties-common```  
```apt-add-repository --yes --update ppa:ansible/ansible```   
```apt-get install ansible -y```  

Upon successful installation check ansible version

```ansible --version```  

### Installing Through python package manager

Check if pip is already installed. If not install it.  

```sh
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py  
python get-pip.py  
pip install virtualenv  
virtualenv ansible_env  
source ansible_env/bin/activate  
pip install ansible
```

Upon successful installation, check ansible version.  

```sh
ansible --version  
```  

For future installation on a different set of servers  
```pip freeze > requirements.txt```  
push the requirements.txt file to the target server and run below command there.

```pip install -r requirements.txt```  



### Important files

* ansible.cfg
* inventory/hosts file

### andible.cfg file

Ansible loads the ansible configuration file in below order.

* ansible.cfg (in the current directory)
* ANSIBLE_CONFIG (an environment variable)
* .ansible.cfg (in the home directory)
* /etc/ansible/ansible.cfg

More information on ansible.cfg file can be found at below link.

https://docs.ansible.com/ansible/2.4/intro_configuration.html  
https://github.com/ansible/ansible/blob/devel/examples/ansible.cfg

  

#### Below is a sample ansible.cfg file
```INI
[defaults]  
inventory = /path/to/inventory/file  
host_key_checking = False #To disable ssh host key   
log_path = /path/to/ansible/logfile #To store the output of ansible executions to a log file  
ansible_ssh_user = root #Use some other user if privileges are available.
```
##### ansible special variables:

https://docs.ansible.com/ansible/latest/reference_appendices/special_variables.html



### inventory file

Ansible supports Static inventory and Dynamic inventory.

##### Static Inventory:
##### --------------------

Static inventory contains a list of hosts if required separated into groups. Static inventory can also contain the host variables and group variables.

##### Dynamic Inventory:
##### -------------------------

If your Ansible inventory fluctuates over time, with hosts spinning up and shutting down in response to business demands, the static inventory solutions is not suitable. You may need to track hosts from multiple sources: cloud providers, LDAP, Cobbler, and/or enterprise CMDB systems.

Ansible integrates all of these options via a dynamic external inventory system. Ansible supports two ways to connect with external inventory: Inventory Plugins and inventory scripts.

https://docs.ansible.com/ansible/latest/plugins/inventory.html#inventory-plugins
https://github.com/ansible/ansible/tree/devel/contrib/inventory

#### Static Inventory Example:
```INI
host01.ibm.cloud.com  
host02.ibm.cloud.com  
ansibletower  
ansiblehost01  

[ubuntu]  
host01.ibm.cloud.com  
host02.ibm.cloud.com  

[centos]  
ansibletower  
ansiblehost01  

[webservers]  
host01.ibm.cloud.com   
host02.ibm.cloud.com  
  
[db]  
ansibletower
  
[appservers]  
ansiblehost01

[ubuntu:vars]  
ansible_user = teja  

[all:vars]  
ansible_ssh_private_key_file = /home/teja/.ssh/id_rsa  

```


### ad-hoc commands

```sh
ansible -i inventory --list-hosts  

ansible -m ping all  

ansible centos -m setup  
ansible ubuntu -m setup  
```

#### command modules

raw  
shell  
command   
```sh
ansible all -i host02, -m raw -a "ls -lrt"  
ansible all -i host02, -m command -a "ls -lrt"  
ansible all -i host02, -m shell -a "ls -lrt"  

ansible all -m debug --args='msg="sample debug output"'  
ansible all -i localhost, -m debug --args='msg="sample debug output"'  
ansible all -i localhost, -m debug --args='msg="sample debug output" verbosity=0'  

export ANSIBLE_KEEP_REMOTE_FILES=1  

ansible all -i localhost, -m raw -a "ls -lrt /tmp" -c local -vvv  

ansible all -i localhost, -m command -a "ls -lrt /tmp > /tmp/command.txt" -c local -vvv  

ansible all -i localhost, -m shell -a "ls -lrt /tmp > /tmp/command.txt" -c local -vvv  

```


### Variables


Variable in playbooks are very similar to using variables in any programming language. It helps you to use and assign a value to a variable and use that anywhere in the playbook. One can put conditions around the value of the variables and accordingly use them in the playbook.  

Refer the variables.cfg file



### Modules

https://docs.ansible.com/ansible/latest/modules/modules_by_category.html  

Modules (also referred to as “task plugins” or “library plugins”) are discrete units of code that can be used from the command line or in a playbook task. Ansible executes each module, usually on the remote target node, and collects return values  



### YAML

Yet another markup language. Unlike the name suggests, it is not a markup language. 

### Ansible Playbook

Ansible playbook is a yaml file that contains one or more plays.    
The function of a play is to map a set of instructions defined against a particular host/group of hosts.  
A play can contain one or more tasks.  
Tasks are list of actions(using modules) that need to performed.  
block is a type of task that contains one or more tasks(grouping of tasks)  


### Privilege Escalation

Using become methods a normal user can perform privileged(root) actions.
```sh
become_method  
become_user
become(True/False)  
```
These are the parameters one can use to achieve the privilege escalation on a target mission.  




### Handlers

Handlers are like tasks, but only get triggered once. From tasks we can use a keyword 'notify' to invoke the handler.  
However, how many notifys are used for a handler, handler gets triggered only after the tasks block is completed.  

### Jinja2 templates

Templates module can be used to in combination with jinja2 template to create a file on target server.  With templates, you can use variable replacement and perform conditional checks and even run loops.  

Ansible uses jinja templating for it's variables and facts. variables' values reflect only when used in below format.  
```yaml
"{{ variable_name }}"  
```
catches: in debug module, when you 'msg' you need to keep the variable in jinja templating format. But 'var' it is not required.  

When creating properties files, INI files and some scripts the template module really helps.  

### Loops and conditions

Ansible uses different ways to implement loops over list of items or dictionary items.
```sh
with  
with_items  
loop  
```

### include and imports

Using include statement you can include variables and tasks that are difined in separate files.

include (for including plays and variables)  
include_role (For including roles)  
include_tasks (For including tasks)  

import_playbook   
import_tasks  
import_role  

Examples:  
```yaml
tasks:  
  - import_role:  
      name: myrole  
      
------------------  
- hosts: localhost  
  tasks:  
    - debug:  
        msg: play1  

- name: Include a play after another play  
  import_playbook: otherplays.yaml  

------------------
- hosts: localhost
  tasks:
    - debug:
        msg: play1

- name: Include a play after another play
  include: otherplays.yaml
------------------  

tasks:
- import_tasks: common_tasks.yml
#or
- include_tasks: common_tasks.yml
```

#### Difference between import and include

All import* statements are pre-processed at the time playbooks are parsed.
All include* statements are processed as they are encountered during the execution of the playbook.

        


### Roles

Roles provide a framework for fully independent, or interdependent collections of variables, tasks, files, templates, and modules.  

In Ansible, the role is the primary mechanism for breaking a playbook into multiple files. This simplifies writing complex playbooks, and it makes them easier to reuse. The breaking of playbook allows you to logically break the playbook into reusable components.  

Each role is basically limited to a particular functionality or desired output, with all the necessary steps to provide that result either within that role itself or in other roles listed as dependencies.  

Roles are not playbooks. Roles are small functionality which can be independently used but have to be used within playbooks. There is no way to directly execute a role. Roles have no explicit setting for which host the role will apply to.  


```sh
ansible-galaxy -h 
```

```sh
ansible-galaxy init user
```

Using roles with in a playbook

```yaml
--- 
- hosts: tomcat-node 
  roles: 
   - nginx
   - user
```

requirements.yml

```sh
ansible-galaxy install -r requirements.yml
```
```yml
- src: git+https://github.com/user/repo
  name: eap
  version: v.1.0 #version or the branch
  scm: git

```