 Get the cool lights on so me and Phil you'd asked about Ansible. He's my Ansible expert. Hi everybody So this is possibly a beginning series on Ansible and some more Linux tutorials more in-depth that I'm Capable of at the moment, but we're going to learn with you because I want to learn how to do a few of these things better I can tell you what as well as a concept but we're going to get into the deep woods of the functional details of how Ansible works and So basically how to set it up the real that which part that's the easiest part of this everything after that It's gonna show you how to create like a group of them. Yes, we're going to we're going to group our servers together We'll call it a fleet and we'll also give names to our servers so we can target them individually and run some commands Yes, so enough looking at us in the fun lights behind us So let's just go ahead and get started So also the recording format because we're doing two of them we're doing it in studio versus on here So bear with us as we're learning how to record all this at the same time as well But we're gonna do where you jump all completes the screen from here on out. So you might look at us Okay, so Ansible We are if you don't know what Ansible is is a way to use your computer to manage Hundreds thousands or even three as we're gonna do here in a demo other systems at the same time that are using Linux so you can issue a command in group to Groups of servers all the servers in your Ansible inventory So we're gonna cover how to get your Ansible inventory set up We covered we'll cover how to install Ansible with pip, which is really arbitrarily easy And then we'll get dig into some of the command structure and how Ansible works alright Ansible for the uninitiated is a way to use configuration management against all of these servers now We can run what are called ad hoc commands just like running Commands on my local machines command line or We can create what are called roles and playbooks and we'll get into that a little bit later on because it's a bit more advanced But it's really the meat of what configuration management is for yes now you can install Ansible several ways you can install it through your Systems package manager such as apt yum emerge. What have you or you can install it through the Python pip package manager that through pip you can get the absolute latest version of Ansible Since that is super super easy and we want to be running the bleeding edge code We're going to do just that and we're also going to upgrade any Dependencies that Ansible requires now I've already run this command you will see something slightly different But the end result will be the same we will have Ansible in our path on our system And we'll verify that we have the latest Ansible and we do we have Ansible two dot four dot two dot zero perfect now like I had said We are going to run some ad hoc commands. Those are arbitrary things So let's let's run a command against one of the servers that Tom has spun up for us We've got three three servers But we're going to do just one at this time We're going to be using the ping module and we should see a pong response Or we'll see this connection failure So we'll specify a user and we'll also specify a Password prompt take a look at that there you go now. Let's test all of the servers that we have These are all servers we arbitrarily spun up just for this demo Yes We're not concerned at this point with using SSH keys because we didn't want to go through all of that setup process But you absolutely should you should not connect to servers with just using a password like we're doing here This is purely for tutorial purposes to show that it can be done. Yes Ansible uses SSH as its main connection Method you can manage Windows servers with Ansible, but you have to control them through a Linux machine And for Windows the connections are done over win RM You can send commands to firewalls printers if you wanted yeah anything that has SSH in there You can script inside of Ansible So now that we've run our ping against this group of servers. Let's do another command Let's let's see who's logged in to these servers So we're going to use the shell module and we're going to pass an argument to the shell and That argument is the command w and we can see that My user Phil as specified on the command line has made a connection to all of these boxes to run w and Now let's run Df to see how much disk space we have The other advantage of using SSH keys you don't have to type the password each time so you'll want to do that absolutely Now you might be thinking to yourself. You're just checking the users and the disk space now Can't you have your monitoring do that? Absolutely you could but sometimes you just want to run these commands To to verify the integrity of a system before you actually start working on it a lot of times when I log into a system I like to see disk space Ram usage and run top before I start my actual work there. It can get kind of It can get kind of painful typing in this list of IPs over and over and over So what we're going to use is now called the inventory We're not worried about you seeing the root password here so this inventory file We can refer to a server or a group of servers by the name within these brackets So we're going to be managing servers named Steve Tom and Phil Underneath the name of the group is some connection parameters. There are many ways to specify this We just copy-pasted so it looks yeah like this and you can also group servers By other group names so you can have subgroups, right? This makes it very easy to manage. Let's say all of the servers in All of our servers in Michigan and keep them separate from our servers in Ohio or Florida, yes, you can also when you're doing this Fleet represents all the servers Steve Tom and Phil and then Cole and children means Steve Tom and Phil are separate servers So they can specify it individually for sending out commands. Yes, and we'll show examples of that right now Since we have this inventory file. We have to tell Ansible about it. So just like we specified our IPs We can specify the inventory and now we can use Group names so we're going to run The ping module against Tom and it is going to make a connection as Defined by these connection parameters So I don't have to type in dash you and then a user and then dash K for a password prompt It's just going to use what I've already defined And because we're in the same local directory It's pulling the file named inventory based on the dash I input So you could have your Ansible file in another folder You can have a series of them in folders. We happen to be in the same folder. We're running Ansible and that the inventory file exists that we created Let's do just that. I'm going to move the inventory into the test folder We don't need to clear the screen But we'll point at the other file. There we go same results. Yep, then I'm going to move it back So now we want to target all the servers again By specifying our inventory and we get responses great All right, now we're going to run a little bit more of an involved command I am of the belief that VIM should be installed on every system and that emacs should not yes and we can see from this green output and also That these commands say success and have a return code of zero That we have done the thing that we set out to do And you can see Tom does not have emacs installed on this machine. I like them as well And it's important because these machines are operating essentially headless you're issuing the command And that's why he's making sure you choose like QQ so we can not have a bunch of interactive output That's important that none of these commands be interactive. If not, they'll stop at that screen asking a question Yes Back in ye olden days admins had to use expect and work around Those types of problems with with that tool So now we're going to verify that we do have VIM through d package and we can see that we did install it nice now when running ad hoc commands the output is a Bit different than most output that you'll see while searching for ansible on the internet my preferred way and Most of the internet's preferred way to use ansible is through roles and playbooks which we'll get into now We've installed VIM and verified that we've installed VIM which is great But now we want a reproducible script rather than one-liners and to do that. We're going to create a role So I've I've already done this, but I will walk through The role with you the viewer I like to put my roles That I'm that I'm working on from my computer into a directory called roles You can call it whatever you want This is just something that I prefer to do and I also prefer to name them ansible dash role dash Whatever the thing is that I'm going to be doing since we're creating a tutorial We'll call this the ansible role tutorial and inside of here You'll notice two folders defaults and tasks Defaults are a set of default variables that ansible can use you can override these as well And that is an important distinction and then tasks tasks are just like our one-off commands except they are They are in a file defined in front of you or any other engineer who's going to be using your code So now I'm going to open up my Vim and show you defaults and tasks now my Vim is It has quite a bit of plugins installed so it's going to look different than your Vim, but the effect is the same We'll do a separate tutorial on that Sure, we can install my Vim code on all three of these servers even yeah What you're seeing in front of you is an ansible role ansible roles are written as YAML files what you're seeing inside of this file are Three tasks now a task starts with a dash to The furthest left point of a line So we have a task named install our packages Another task named to remove packages and then a task to import more tasks There we go so this first task install our packages uses the package module and I am passing the name of a package, but you'll notice that It's actually two curly braces item and two curly braces This is me using a built-in ansible variable to take The names of packages from a list of packages, which I will show you momentarily And we're just going to make sure that these are installed on the system Not that they're the most up-to-date. I just want them to be there Now with items is a loop it will loop through a list of packages as defined by my my packages variable, which is in my defaults file and Then we're going to clean up packages using the same package module and using the same Ansible built-in variable item except we're going to make sure that they are absent from the system and here we are defining a Static list of files There there are multiple ways to do things in ansible. There's no one true Right way to do it. Everybody codes differently just like everybody looks differently If it works for you great So the my packages Variable is actually this list of four different packages Vim, Rsync, Wget and Telnet And again, it's referenced right here So now we're going to run this and the way that we run this is through a Playbook a playbook is another YAML file and It has a name and this might look exactly like a task and that's because it is its tasks all the way down But in a playbook we define the hosts which come from our inventory in in a playbook ansible will load a file called inventory by default So we don't have to specify the inventory that we are going to be using although we can I Don't feel like opening the documentation at this point to figure out that custom parameter So it's actually looking for a file named inventory. Yes, it is. Okay And then we're going to specify roles and since we're using roles local to the disk. I'm going to provide the path to that role Now Some users may be asking how come you're not specifying the tasks folder and the main dot YAML file That's because an ansible playbook will use the main dot YAML file Inside of the tasks folder by default. It is a built-in Ansible ism and now we'll run this Instead of using just the standard ansible command we now use ansible dash playbook And then we can specify a playbook. I was wrong. We still have to pass an inventory But that's as easy as doing this and I'll go through this output here in a moment a play is The first task in a playbook a playbook can be comprised of multiple plays. We won't worry about this for right now But we can see our tasks Coming in from our role now. You'll see task and then the role from which the task came from and Then the name of the task So we can see install our packages Remove our packages and then this say hi now that came in from the imported tasks and That is just a message that says hi. Thanks for watching since we have three servers in our fleet that we have defined inside of Playbook dot YAML because we are targeting the fleet hosts We can see Several lines stating okay and Several lines dating changed lines starting with okay are in green lines that are changed are In yellow and failed tasks will be in red Everything that changed Means that a system was not in a particular state Now we can run this code again and see what happens and you'll notice something different here Nothing changed. Our system is in the state that we have configured it to be in Everything has returned. Okay This is a top. This is a term called adempotence Essentially, you're doing is making sure all the servers are in exactly the same state before you start working on them. Yep Which is a really important task because before you start issuing commands You gotta make sure they're all in the same state all have the same packages because all this pre-work Before you install something saves you all the trouble of why did one server out of this fleet fail? Yes And we can prevent configuration drift. We can make sure that all of our servers are Up-to-date if an engineer logs on to a server they can be assured that the The correct state is there that they expect to be there in their mental model of that system and they're all the same So now we're going to cover what tasks were in there and how that part worked So you saw install our packages Remove packages and then any tasks that came in from this import tasks And here's how we said hi But that's not exactly useful. So let's do something else. Let's run Ad hoc commands All right So now we're going to run an ad hoc command to show the uptime from all of these servers as An actual task defined in a role You'll notice here that the shell command has returned changed even though all we're doing is Running Running uptime now uptime doesn't change the actual system, but to ansible Changed means that Something happened and it wants the user to know about it that there's some difference in the servers is what we're doing It's showing us. Yes now depending on how you want to Code your roles This might be okay I like to I personally like to code my roles so that if if something doesn't return Completely okay, then I have a server That may have a configuration drift So now this gets into a bit more Advanced steps. How do we make sure that We can run all of our roles adeptently over and over and over even if they're just regular shell commands To get all of our tasks to be adeptant we can use We can use some special ansible error handling now this particular Parameter is called changed win Now uptime I know for certain that uptime won't change the state of a system So we can define that Uptime will never that this shell command running uptime will never Return as changed to ansible so to the to the administrator running this playbook They will only see okay commands Instead of These changing commands As you saw here Everything has returned. Okay now To extrapolate on this if you have If you have firewalls or servers that you have to run one-off Commands against to check a state or import a database or make sure a Configuration contains a certain line Every time you run this playbook You don't want those same you don't want changes to keep happening. So you want to You want to code around this and this is where We'll pick up in another tutorial Yeah, actually how to fix some of the changes. We just want to give you some of the overview stuff So we can kind of start a little bit of a recap here. So from the command line So go ahead and can't meet some of the files. So we started with the inventory file Which got us the connection to each of the computers We defined like the fleet which the fleet of computers was steve tom and phil So we can run commands against all of them or any of them individually With the ansible command then from there We did the playbook And there's the Name our first playbook the host fleet roles And then we specify what role now we can can't make the role file Uh, sorry, I've got command line failing right now So and and these are the packages. So we had a check against vim rsync wget and telnet Name install or upgrade and what this did was make sure that those Packages are available on each of those servers because the if we want we were actually trying to rsync some stuff between them And we want to make sure we had rsync. We had vim installed and it was available on all of this And then the bottom one we actually we want to make sure that none of them had emacs on there Let's have a little fun with this Let's do the package check again So run the package check All right, so we checked the packages And everything's good now. I'm actually on another computer. I'm going to break it Tom is currently Changing the state of one of these servers. Yep, and I'm not telling phil which one that was so now he can run the playbook again though And we're going to show the differences here. So I actually removed vim from one of the servers And it noticed so now we know that that server's out of date So you can see up there where it says changed 3.77 server item vim and it's missing Yes Now something that I like to do is set up ansible to either run on a cron or from um a continuous integration server Which also runs it on a cron but there's a lot more There's a lot more you can do with Continuous integration so that I can have all of my servers Conforming to a specific state and this gets us more into the chef model of how things are done Yes, and it's important too because when you have a rogue tom who goes in and changes something on one server because they They were doing something and thought that you want as an assistant men to be alerted to that And that's where this comes in is once you have all the structure, of course It really gets big I mean can I can't imagine how big some of the ansible files you have are for some of your playbooks Based on you run a lot of servers. So that's your data It's a lot of stuff. So being watching all of that in mass This is what really that takes that pain away from you. You can only trace down the problems Yes, um, I like to have specific roles and specific playbooks that deal with upgrading Applications, um from from whichever company i'm currently working at or uh uninstalling Uh specific applications. I like to separate my maintenance tasks like that And it's uh, it's also really good when there's an outbreak of a problem being able to go through and upgrade all those machines Based on a category and replace whichever pieces need to be replaced on there So that's pretty cool. I like to I'm doing it over on my computer inside. So we plan to probably do some, uh More things while I broke more stuff So, um We'll follow this up on regular camera now. So we're good on this part. Yes. We're gonna do it on So this is the first and it's I know it's a big overview of ansible And we're planning on doing some more tools So people have asked me for some Linux tutorials that are more in depth They go beyond some of my skill but phil Helps me with some of these things. So this was an overview of the ansible And kind of the basics of some of the files what ansible does I we plan to do more videos That's the big thing phil says he can commit some time to it and i'm gonna basically contract phil to make some videos As time allows so but we need a little bit of feedback to see what are the real things people want to learn about ansible He knows a lot about it. So that's sometimes the hard part when you have a lot of knowledge You've been using something day to day it becomes how do I You know do this or do this versus uh, we just do you know because you just start using it all the time I won't even do an ansible phil. I've been using this tool for about three years Yeah, so Three years of use it means it's sometimes hard to pinpoint where exactly to get started this tutorial is like A real brief overview of your inventory file your playbook your roles What ansibles use for making sure servers are in sync, which is What phil has to do a lot? I mean, what's probably the biggest setup you've done with ansible in number of servers quantity-wise? um The the largest deployment I have was about 70 servers in one particular region of the world and it would deploy all the aspects of an application from Building the base server to actually deploying the application configuring the firewalls doing all the backups and Setting up monitoring and all of that That's so rather than log into 70 servers, which is just a unreasonable task That no one should ever be burdened with This is what you would use this force to be able to be able to go through and say all right Are all 70 servers up to date do all 70 servers have this package installed do all 70 servers need This upgrade so when things like heart bleed come out You have 70 servers that need ssl updates if they're web-facing in or running web tools, which I'm assuming they probably are a lot of this does I've also used this When a server fails in the middle of the night instead of getting alerted depending on what type of server it is You just wanted to rebuild itself and through automation and configuration management You can make that a reality. So when you come in the next day, you can say oh five servers failed Okay, and they're back. All right No human needs to be woken up for that. Yeah, and that's a really cool feature as it gets more advanced And we're trying to figure out at what level we should get these details in It would be pretty extensive to get to that level short, but it's something that can be done So if a one server just goes down It sometimes it is it's easy just to reboot it It's to reload it even and you can get that extensive with the scripting in here And that goes way beyond me and way I I'm just going to be doing some basic ansible stuff as I've been wanting to just we have a handful of virtual machines here It's only five. I don't have 70 servers here, but I want to be able to easily Check the uptime at all of them shut down all of them update all of them at the same time So I've been learning ansible slowly, but not quite enough to a tutorial But we'll we're kind of figuring out the happy middle here and what you guys want to hear So leave comments below of some of the specific things you're looking for and it'll hopefully drive a future series of videos We get on this is I I realized when I started looking there's not a lot of good tutorials on it At least not that I found But I've always asked phil and I've been in the linux and open source community my forever So I always know people in this so I want to start bringing those people to youtube to uh, luna's It's also a learning experience for phil because we recorded things and had to stop a few times because there's always like Oh this one commander that command the uh, this this process of training is a Uh There's a lot that just gets deleted. He's learned. It's not like I start when start to finish all the time It's like oh, yeah, there's a lot of pauses cuts and I had to look up a command to remember how to teach how to do it So but uh as always thank you for watching like subscribe and all that fun stuff And let us know what you think comments below or join the forums and drop some messages there We will also leave a link to any of the files we talked about here And so you can actually see all the files raw of on phil's github. There'll be a tutorial I'm gonna leave a link in the description below to all that um And also we mentioned a couple times like ssh and dot file setups uh in desktop in environment setups phil has all of the things he uses which are pretty extensive And I use them on mine as well on his github as well and uh, that might be a fun tutorial Just how to set up your your environment on a new computer. Sure. So I think it'll be a fun tutorial. All right. Thanks again