Showing posts with label ansible. Show all posts
Showing posts with label ansible. Show all posts

Saturday, 28 February 2026

Bash Script To Install Ansible Automation Platform ( AWX)

#!/bin/bash


# --- Configuration ---

AWX_OPERATOR_VERSION="2.19.1"

NAMESPACE="awx"

KUBECONFIG_PATH="/etc/rancher/k3s/k3s.yaml"


echo "๐Ÿงน Phase 1: Cleaning up existing K3s for a fresh start..."

[ -f /usr/local/bin/k3s-uninstall.sh ] && /usr/local/bin/k3s-uninstall.sh

# Remove old manifests to avoid conflicts

rm -f kustomization.yaml awx-instance.yaml


echo "๐Ÿ“ฆ Phase 2: Installing fresh K3s..."

curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644

export KUBECONFIG=$KUBECONFIG_PATH


echo "⏳ Waiting for K3s node to reach 'Ready' state..."

sleep 20

kubectl wait --for=condition=Ready node/$(hostname) --timeout=90s


# Create Namespace

kubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -


echo "๐Ÿ—️ Phase 3: Deploying AWX Operator via Kustomize (with Image Fixes)..."


# This Kustomization solves the 404 URL error AND the gcr.io ImagePullBackOff error

cat <<EOF > kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1

kind: Kustomization

resources:

  - github.com/ansible/awx-operator/config/default?ref=$AWX_OPERATOR_VERSION

images:

  - name: quay.io/ansible/awx-operator

    newTag: $AWX_OPERATOR_VERSION

  - name: gcr.io/kubebuilder/kube-rbac-proxy

    newName: quay.io/brancz/kube-rbac-proxy

    newTag: v0.15.0

namespace: $NAMESPACE

EOF


# Apply the operator

kubectl apply -k .


echo "๐Ÿ“ Phase 4: Creating AWX Instance manifest..."

cat <<EOF > awx-instance.yaml

apiVersion: awx.ansible.com/v1beta1

kind: AWX

metadata:

  name: awx-demo

  namespace: $NAMESPACE

spec:

  service_type: nodeport

  postgres_storage_class: local-path

EOF


# Ensure CRDs are registered before applying the instance

echo "๐Ÿ›ฐ️ Waiting for CRDs to settle, then deploying AWX Instance..."

sleep 20

kubectl apply -f awx-instance.yaml


echo "----------------------------------------------------------"

echo "๐Ÿš€ AWX DEPLOYMENT INITIALIZED"

echo "----------------------------------------------------------"


# Final Phase: Credential Discovery

echo "๐Ÿ”‘ Waiting for AWX to generate the admin password..."

until kubectl get secret awx-demo-admin-password -n $NAMESPACE &> /dev/null; do

  echo -n "."

  sleep 10

done


# Grab details automatically

ADMIN_PASS=$(kubectl get secret awx-demo-admin-password -n $NAMESPACE -o jsonpath='{.data.password}' | base64 --decode)

NODE_PORT=$(kubectl get svc awx-demo-service -n $NAMESPACE -o jsonpath='{.spec.ports[0].nodePort}')

SERVER_IP=$(hostname -I | awk '{print $1}')


echo -e "\n\n✅ INSTALL COMPLETE!"

echo "----------------------------------------------------------"

echo "ACCESS URL: http://$SERVER_IP:$NODE_PORT"

echo "USERNAME:   admin"

echo "PASSWORD:   $ADMIN_PASS"

echo "----------------------------------------------------------"

echo "๐Ÿ” Watch progress: kubectl get pods -n $NAMESPACE -w"



-------------------------------------------------------------------------------------------------------------------









enter the below for the password

kubectl get secret awx-demo-admin-password -n awx -o jsonpath='{.data.password}' | base64 --decode; echo


# Find the NodePort (it will be the 5-digit number after the '80:')

kubectl get svc awx-demo-service -n awx


# Find your Public/Private IP

hostname -I | awk '{print $1}'

at No comments:
Labels: , ,

Thursday, 14 January 2021

Ansible Open Source

 

What Is Ansible?

Ansible is an open source IT Configuration Management, Deployment & Orchestration tool. It aims to provide large productivity gains to a wide variety of automation challenges. This tool is very simple to use yet powerful enough to automate complex multi-tier IT application environments.
All we do is to open a file and start adding tasks.

A task could be Installing NGINX webserver, for example.

In Ansible, we name a task and write down the command we want it to execute.

A task can be part of bigger thing like bringing up our e-commerce website.

Other tasks like applying updates, adding our custom config file can also be added.

The bigger thing or a group of tasks is grouped in what we call a Playbook.

A Playbook is just a file where we tell Ansible the tasks we want it to execute in an orderly fashion.

Ansible doesn't depend on additional daemons, client or servers. 

The mechanics of Ansible

Control node (that has Ansible installed) reads a Playbook file and executes the tasks listed in the playbook.

We also mention in the playbook the host or group of hosts where such tasks should be executed.

The inventory file is where we have a list of individual hosts.

We can group individual hosts into groups within the Inventory file.

In the example below, we execute ansible-playbook <playbook_name> command on Ansible control node (10.10.10.100).

It then reads a Playbook file that has 2 tasks.

Task1 is executed on DBServers group of hosts and Task2 on WebServers group:

Ansible Terms:

  • Controller Machine: The machine where Ansible is installed, responsible for running the provisioning on the servers you are managing.
  • Inventory: An initialization file that contains information about the servers you are managing.
  • Playbook: The entry point for Ansible provisioning, where the automation is defined through tasks using YAML format.
  • Task: A block that defines a single procedure to be executed, e.g. Install a package.
  • ModuleAnsible modules are discrete units of code which can be used from the command line or in a playbook task. 
  • Role: A pre-defined way for organizing playbooks and other files in order to facilitate sharing and reusing portions of a provisioning.
  • Play: A provisioning executed from start to finish is called a playIn simple words, execution of a playbook is called a play.
  • Facts: Global variables containing information about the system, like network interfaces or operating system.
  • Handlers: Used to trigger service status changes, like restarting or stopping a service.

ANSIBLE ARCHITECTURE      

 

       


Ansible installation on linux AWS

Step1:

Launch Two (Amazon Linux 2) Aws instances(one will be the controller, the other will be the Target host)




Step 2:

On The Target host machines Set password Authentication:

Switch to root user

sudo su -

Then edit the sshd_config file to enable password authentication

vi /etc/ssh/sshd_config

look for the below line and change the entry from no to yes

PasswordAuthentication yes

#PermitEmptyPasswords no

#PasswordAuthentication no


Next Create a password for ec2-user

passwd ec2-user

#then enter the password twice and press enter(you can use admin123)

Note: The password will not show on the screen as u type it. Just type and press enter when u are done

Next Edit the sudoers file to enable ec2-user have full previledges

vi /etc/sudoers

Insert the below line in the editor and save

ec2-user ALL=NOPASSWD: ALL

Save ---> :wq!

Next restart the ssh service with below command

systemctl restart sshd

Step 3:On Ansible Controller machine Install Ansible

Switch to root

sudo su -

Install Ansible

sudo yum update -y

sudo yum install ansible -y

ansible --version 


Next edit the hosts file which will contain inventory of all ur target hosts and add ur target host ip

vi /etc/ansible/hosts

Uncomment [webservers] delete the entries under it and Add ip of Target host under it


Save then switch to ec2-user

su - ec2-user

Generate a keypair

ssh-keygen -t ed25519

#Press enter four times to generate ssh key to connect the hosts machine



Next send the public key of the Ansible Controller to the target machine by executing this command

ssh-copy-id ec2-user@ipofansiblehost

eg ssh-copy-id ec2-user@192.168.25.1

You will be prompted for password. Enter ur password: admin123



Now try and connect to the target host

ssh ec2-user@ipofansiblehost

eg ssh ec2-user@192.168.25.1


Then exit

exit




#check for remote connection to your hosts machine with below command

ansible -m ping webservers


1. The Anatomy of the Command

  • ansible: This invokes the Ansible command-line tool for "ad-hoc" commands (one-off tasks that don't require a full playbook).

  • -m ping: This tells Ansible to use the ping module.

    • Note: This is not an ICMP ping (like the one you use in a terminal to check if an IP is alive). It is a Python-based check that logs into the server via SSH and verifies that Python is installed and usable.

  • webservers: This is the pattern or group name. Ansible looks into your inventory file (usually located at /etc/ansible/hosts or a local hosts.ini) and runs the command against every server listed under the [webservers] header


#Ansible Module: A module is a command or set of similar Ansible commands meant to be executed on the client-side

#

Understanding Ansible Modules

Modules perform tasks remotely.

Example:

Create user:

ansible webservers -m user -a "name=devops" --become

Install package:

ansible webservers -m yum -a "name=httpd state=present" --become

Start service:

ansible webservers -m service -a "name=httpd state=started" --become

Think of --become as the Ansible equivalent of typing sudo before a command in a Linux terminal.

When you add --become to your command:

  1. Ansible connects as your normal user (e.g., ec2-user).

  2. It then "becomes" another user (by default, root) to execute the specific task.

  3. Once the task is finished, it drops those privileges.

2. Example Comparison

If you want to install Apache on your webservers, a normal user doesn't have the "keys" to the system's package manager.

This will fail: ansible webservers -m yum -a "name=httpd state=present" (Error: You need to be root to perform this command.)

This will succeed: ansible webservers -m yum -a "name=httpd state=present" --become (Success: Ansible uses sudo to install the package.)


Let's use some playbook
sudo vi playbook.yml

Insert the below lines into the playbook
---
- name: Install Web Server
  hosts: webservers
  become: true

  tasks:

  - name: Install HTTPD
    yum:
      name: httpd
      state: present

  - name: Start HTTPD
    service:
      name: httpd
      state: started
      enabled: yes
Save with :wq!
#check for syntax errors with below command
ansible-playbook playbook.yml --syntax-check

#do a dry run with below command

ansible-playbook playbook.yml --check

#Run the playbook with the below command
ansible-playbook playbook.yml 
Now go to the target server and check if httpd is installed
systemctl status httpd

Lets try another playbook to install tomcat


sudo vi playbook02.yml

Paste the below lines into the editor and save
---
- hosts: webservers
  become: true

  tasks:

  - name: Install Apache
    yum:
      name: httpd
      state: present

  - name: Deploy index file
    copy:
      content: "Hello from Ansible Automation"
      dest: /var/www/html/index.html
    notify: restart apache

  handlers:

  - name: restart apache
    service:
      name: httpd
      state: restarted

#Now run the playbook
ansible-playbook playbook02.yml



open port 80


๐Ÿง  Important Ansible Concepts

✅ Inventory

Defines servers.

webservers
dbservers
k8snodes

✅ Playbook

Automation workflow written in YAML.

✅ Tasks

Individual automation steps.

✅ Modules

Examples:

ModulePurpose
yumInstall packages
serviceManage services
copyTransfer files
userCreate users
gitClone repos

✅ Handlers

Triggered only when changes occur.

✅ Become

Privilege escalation (sudo).

become: true

๐Ÿ—️ REAL DEVOPS USE CASES

Students can automate:

✅ Jenkins installation
✅ Docker setup
✅ Kubernetes nodes
✅ Tomcat deployment
✅ NGINX configuration
✅ Application rollout

SECURITY BEST PRACTICES (IMPORTANT)

✅ Use SSH keys only
✅ Restrict Security Groups
✅ Avoid password authentication
✅ Avoid root login
✅ Use private subnets for automation






at No comments:
Labels: , ,

Saturday, 3 October 2020

How to integrate Jenkins to Ansible Tower and Trigger Tower template from jenkins

 Step 1: Install Ansible Tower Plugin

Go to Manage Jenkins---Manage plugin-----Available-----Search for Ansible Tower


Install without Restart.

Step 2 Go to Manage jenkins----Configure System-----Look for Ansible Tower

Enter Name for Server: Ansible AWX Tower

Enter Awx Tower Url and Credentials










Click Test Connection to test the connection, if Successful, proceed to Step 3

Step 3. Create a new Pipeline Job


Go to Pipeline Section

Copy and paste below code in box

node {

    stage('Tower Deploy') {

        ansibleTower(

            towerServer: 'Ansible AWX Tower',

            jobTemplate: 'Demo Job Template'

        )

    }

}

towerServer: Name of Tower Server you configured in step 2

jobTemplate: Name of the template you want to run












Save.... Build Now

Your job should trigger the Tower template



at No comments:
Labels: , ,

Tuesday, 29 September 2020

What are collections: How to Install amazon.aws collection in Ansible Tower

 


Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins. As modules move from the core Ansible repository into collections, the module documentation will move to the collections pages.

You can install and use collections through Ansible Galaxy.

Installing collections

Installing collections with ansible-galaxy

By default, ansible-galaxy collection install uses https://galaxy.ansible.com as the Galaxy server (as listed in the ansible.cfg file under GALAXY_SERVER). You do not need any further configuration.

See Configuring the ansible-galaxy client if you are using any other Galaxy server, such as Red Hat Automation Hub.

To install a collection hosted in Galaxy:

ansible-galaxy collection install my_namespace.my_collection

You can also directly use the tarball from your build:

ansible-galaxy collection install my_namespace-my_collection-1.0.0.tar.gz -p ./collections

Note

The install command automatically appends the path ansible_collections to the one specified with the -p option unless the parent directory is already in a folder called ansible_collections.

When using the -p option to specify the install path, use one of the values configured in COLLECTIONS_PATHS, as this is where Ansible itself will expect to find collections. If you don’t specify a path, ansible-galaxy collection install installs the collection to the first path defined in COLLECTIONS_PATHS, which by default is ~/.ansible/collections

You can also keep a collection adjacent to the current playbook, under a collections/ansible_collections/ directory structure.

./
├── play.yml
├── collections/
│   └── ansible_collections/
│               └── my_namespace/
│                   └── my_collection/<collection structure lives here>

Installing a collection from a git repository

You can install a collection in a git repository by providing the URI to the repository instead of a collection name or path to a tar.gz file. The collection must contain a galaxy.yml file, which will be used to generate the would-be collection artifact data from the directory. The URI should be prefixed with git+ (or with git@ to use a private repository with ssh authentication) and optionally supports a comma-separated git commit-ish version (for example, a commit or tag).

Warning

Embedding credentials into a git URI is not secure. Make sure to use safe auth options for security reasons. For example, use SSHnetrc or http.extraHeader/url.<base>.pushInsteadOf in Git config to prevent your creds from being exposed in logs.

# Install a collection in a repository using the latest commit on the branch 'devel'
ansible-galaxy collection install git+https://github.com/organization/repo_name.git,devel

# Install a collection from a private github repository
ansible-galaxy collection install git@github.com:organization/repo_name.git

# Install a collection from a local git repository
ansible-galaxy collection install git+file:///home/user/path/to/repo/.git

In a requirements.yml file, you can also use the type and version keys in addition to using the git+repo,version syntax for the collection name.

collections:
  - name: https://github.com/organization/repo_name.git
    type: git
    version: devel

Git repositories can be used for collection dependencies as well. This can be helpful for local development and testing but built/published artifacts should only have dependencies on other artifacts.

dependencies: {'git@github.com:organization/repo_name.git': 'devel'}

Default repository search locations

There are two paths searched in a repository for collections by default.

The first is the galaxy.yml file in the top level of the repository path. If the galaxy.yml file exists it’s used as the collection metadata and the individual collection will be installed.

├── galaxy.yml
├── plugins/
│   ├── lookup/
│   ├── modules/
│   └── module_utils/
└─── README.md

The second is a galaxy.yml file in each directory in the repository path (one level deep). In this scenario, each directory with a galaxy.yml is installed as a collection.

directory/
├── docs/
├── galaxy.yml
├── plugins/
│   ├── inventory/
│   └── modules/
└── roles/

Specifying the location to search for collections

If you have a different repository structure or only want to install a subset of collections, you can add a fragment to the end of your URI (before the optional comma-separated version) to indicate which path ansible-galaxy should inspect for galaxy.yml file(s). The path should be a directory to a collection or multiple collections (rather than the path to a galaxy.yml file).

namespace/
└── name/
    ├── docs/
    ├── galaxy.yml
    ├── plugins/
    │   ├── README.md
    │   └── modules/
    ├── README.md
    └── roles/

# Install all collections in a particular namespace
ansible-galaxy collection install git+https://github.com/organization/repo_name.git#/namespace/

# Install an individual collection using a specific commit
ansible-galaxy collection install git+https://github.com/organization/repo_name.git#/namespace/name/,7b60ddc245bc416b72d8ea6ed7b799885110f5e5

Lab


Step i: Install amazon.aws collection, Boto

connect to your awx server using mobaxterm and enter

pip3 install boto3

 ansible-galaxy collection install amazon.aws -f

IF YOU SEE ERRORS LIKE BELOW

- downloading role 'collection', owned by

 [WARNING]: - collection was NOT installed successfully: Content has no field named 'owner'

ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.


DO THIS TO UPGRADE ANSIBLE TO 2.9

sudo apt remove ansible

  sudo add-apt-repository ppa:ansible/ansible-2.9

   sudo apt install ansible

   sudo ansible-galaxy collection install amazon.aws

.

Step ii: Specify your collection path in the ansible config file

vi /etc/ansible/ansible.cfg


Insert the below line

collections_paths = /home/ubuntu/.ansible/collections/ansible_collections/amazon/aws


Save



at No comments:
Labels: , , ,
Subscribe to: Comments (Atom)

Bash Script To Install Ansible Automation Platform ( AWX)

#!/bin/bash # --- Configuration --- AWX_OPERATOR_VERSION="2.19.1" NAMESPACE="awx" KUBECONFIG_PATH="/etc/rancher/k3s...