Ansible - A Beginner's Tutorial | Ben Fleckenstein | Skillshare

Playback Speed

  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x

Ansible - A Beginner's Tutorial

teacher avatar Ben Fleckenstein

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Lessons in This Class

5 Lessons (45m)
    • 1. Ansible - A Beginner's Tutorial, Part 1

    • 2. Ansible - A Beginner's Tutorial, Part 2

    • 3. Ansible - A Beginner's Tutorial, Part 3

    • 4. Ansible - A Beginner's Tutorial, Part 4

    • 5. Ansible - A Beginner's Tutorial, Part 5

  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.





About This Class

Learn how to use Ansible to setup a web platform.

Meet Your Teacher

Hello, I'm Ben. I've been a Sysadmin for more and ten years and an IT Trainer for two years.

See full profile

Class Ratings

Expectations Met?
  • Exceeded!
  • Yes
  • Somewhat
  • Not really
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.


1. Ansible - A Beginner's Tutorial, Part 1: Hi, I'm been. And this is an Izabela Beginners tutorial apart one euro this serious, I'm going to explain how to use answerable to set up a small Web platform. In the video description, you'll find links to the other parts as well as a clickable table of contents and start. Let me explain what answerable actually is. Don't worry, it won't take long. Answerable is a configuration management system that means it can be used to set up and configure computer system. Its main purpose isn't server configuration, but it can be used for desktop configuration. Also answerable itself is maintained by redheads. That means commercial support is available if needed. However, the most important parts are free and open source. To let answerable do its magic, you have to install it on a control machine that can be your desktop system or a dedicated server on the targets over, However, no configuration is needed. You just need to be able to express some by as a sage, having set that let's have a look at the environment. I'm going to you throughout the serious. The platform we're going to set up in this tutorial consists of three machines plus the additional control machine that will host the answerable tools and configuration on the right. You see the three service off the platform. The Web server will be used as reverse proxy for warning the user's request to the Observer . The Observer will host a small python application that will connect to the database over which in turn will be running a my SQL instance. In the real world platform, the app and data best of us wouldn't be directly reachable. Firewalls here and here would prevent that. But those additional components would make the platform more complicated without adding anything in terms of understanding answerable. So I decided to leave them out. Let's get started as answerable uses as H s connection method. The first thing to make sure is that you can actually look into the service by as his age. To make this more convenient, I'm creating an ssh key so I don't have to type the passport every time I use the command as his age. Copy I d to copy the key to the service. Now I check if I can log into the website for the Observer and the DB Server using the new key. As the Logan is working fine, I can move on to the installation off. Answer. Most modern Linux distributions already provide packages for answerable born to a 16 04 which is what runs on my control machine is no exception, so I could just type up, get, install, answerable and be done with it. But I do want to install the latest version so a little bit more work needs to be done. Essentially, I have to add a repository to the system and install and a bill from that repository. To accomplish that, I type up at repository PP a answerable, answerable. I then update the repository cash off the system, and I'm finally able to install. Answer. Finally, I can testify. Answerable has been installed correctly. Now that answerable is running, I can create the basic configuration and folder structure that answerable requires. The answerable package does install such a basic con figuration and e T. C. Answerable, and you could work directly in that directory. But if you want to manage multiple platforms from one control machine, it's better to create copy off the directory and work on the copy instead. So I just copy ET see, answerable to a local directory named My Platform. There are two fires in the directory answerable dot c f g contains options for answerable, and we need to modify one of them the past to the inventory file instead of an absolute path. We specify that the host files next to the ends will not see if G file should be used. Now I have to modify. The hosts find the default version only includes comments, which I will remove because I still have them at the original location. Instead, I write down the names off the service of my platform as I can reach them, using only their short names. I'm using those. If the platform where to use f qd names or I p addresses, I would write those into the file instead. No, I can run a quick test to see if answerable can reach the machines. Looks fine. The command I have just used to let and we'll check the connection is called an ad hoc command at hockey commands on the usual way to interact with their service, and I will demonstrate the normal style of working in Part two of the Siri's. But the ad hoc commands do come in handy for small task and changes to the platform, like temporarily adding a user acquiring information from the service. Let me demonstrate this. Imagine you want to check the host name values of every server. Normally, you would have to log into every machine and run. The command host named by yourself answerable has a module called Shell that lets you execute any command. All you have to type is answerable minus M. To specify the module minus eight. To pass the command and all toe, identify on which service you want to run the module on answerable with, then return a status line for each server, along with the output of the command. Let's do another example. This time, I want to know the available disc space on the service. I'm using the same answerable module, but this time around DF minus age. When I tell, answerable to run the Who am I command. You can see that Angelis, using my user to execute everything you'll have to keep this in mind when you want to do something on the service that requires root privileges. In that case, you have to tell answerable to switch to the root user. You do this by adding minus B two. The command ansell will then you sue to become route by default. It will just assume that your user is allowed to run pseudo without specifying any password . This doesn't work on my platform as my user is required to enter his credentials. When using pseudo to have answerable, ask for the pseudo password. I have to add the minus case, which, for example, if I want to add a user to the service, I type answerable minus B minus K. Then I specify to use the user module, and I passed the required parameter. The user name. As you can see answerable, asks me to enter my soup password before it connects to the service. Now let's check if the user has been editor of the service. Therefore, log into the website over and clarity users looks good. But hey, I know a better way to do this. Why not use answerable to check for the users? Okay, The user exists on all three towers. This is the end off part, one of the serious. Let me give you some informations When I have answerable removed the test user from the service again. In part two, we will create the first tangible role and I will explain the concept of playbooks. You'll find a link to Part two in the video description. If you like this video, please subscribe to give you the summed up. Thanks for watching. 2. Ansible - A Beginner's Tutorial, Part 2: in Part one I mentioned the usual way of doing work with answerable is by using roads and playbooks. Now to explain what that actually is. A role is just a list of commands that answerable will execute on a target machine in a given order. A playbook is then used to determine which role should be applied toe, which target machine. Every role is a directory below roles, and it must at least contain a folder called Tasks, which contains a file named Main dot Why am L? Let me show you how to create a role when you set up a new server. You often have to install some basic tools, like a text editor or some network utilities. I want to group the commands for installing those tools in a role called basic. Every role is a directory below roles, and it must at least contain a folder called Tasks, with a file named Main that why am L in it? So I create the necessary directory structure and put the required main that yammer there inside the fire main Doctor Yama. I can now define that animal should installed ofhim package. I start by giving the task a descriptive name. It's not strictly required to provide a name, but it's answer prints them out later on. That helped to identify what happens at any given moment. The APP module only requires the name off the module to be installed, given here with a P K G perimeter. But for clarity, I also provided that the state perimeter, which defines in which state the package should be in installed, is the default value off the perimeter. So I could have skipped it here. Okay, now that I have the first roll, I can create a playbook and assigned the role toe own service. A playbook is just another younger file, and I can name and place it however I like, So I just go for play blocked out. Why am L in the main folder? Every entry in the playbook starts with the hosts that the following directors should apply to. I want the basic role assigned to all host, so I justifying all its target installing packages requires through privileges. So I tell answerable to become another user, which means, by default answer. But we run the commands as route by using pseudo. Finally, I can define the roles I want to use. And now I can run Angela Playbook to execute the playbook similar to the plane. Animal Command I have to tell and playbook toe. Ask me for the soup password. And, of course I have to specify the playbook fighting to use. Let me explain what just happened. The output you can see is the status information that and will playbook generates while running the line. Starting with play indicates the targets that the following commands will be run on I d find all as targets. So all is what I get. After that, you can see two sections that start with task. The first is a general set up a task which, by default and herbal will run at the beginning to collect some data about the target hosts . The second task is the one I've specified in the basic role. Answerable will indicate the role and the name I gave to the task. Inside the task section answerable shows the status off the task on each machine. Change means that animal had to do something to reach the desired state in this case and will had to install them on all three hosts. If women had been installed already, instable would list the particular host in green and the status of Okay, The last part is the summary about the run. Please know that a task that change something successfully is counted as changed and as Okay, that is why this recaptures two tasks as okay. And one has changed even though there were only two tasks per host in total. Okay, the first package has been installed. Let me show you how to install additional packages. I don't need a new role for this. I can just extend the existing one. Let's install DNS you tills and get I can simply copy the lines I used for them. Replace the package value and update the name of the task. - I can now run answerable playbook again. I don't have to update the playbook that yammer All changes were made in the basic role and that is already assigned toe all hosts again. Answerable playbook gives me a steak is what it did. And you can see the grim task doesn't show up. Has changed as we already installed wind with the first play background get also didn't show up. Has changed. That is because the machines already had get installed via the OS installation. That also demonstrates that animal will actually check the status of a package before installing, even if the installation off that particular package wasn't done by hand. Zobel installing packages is a quite common job when setting up a new machine. So it's worth knowing a way to save on typing when using answerable instead of defining a task for each package, I can define one task to install packages and just pass a list off the packages that I need . Answerable uses the with item notation for this. Instead of a package name, I write item surrounded by double curly braces. Then I extend the task to include the with items option and pass a list of packages when I run and civil playbook. Now you can see that there is only one task, but it lists all the items I specified. Another common task is copying files over to the target host. Answerable brings the copy more human. For this, let me demonstrate this by rolling out a modified bash RC file. The first thing to do is to specify a new task for this, I could create a new role for the Bashar see. But as this is also some sort of basic set up, I'll included in the basic rule. But that's just my preference. It would be perfectly fine to have a separate role for this. The common options for the copy module, our source and destination, as you would expect. Sources where to find the file on the control machine relative to the main dog number five and destination is where to put the file on the target. Host owner and groups specify to which user and group the fire should belong and Mode defines the excess writes off that fire. The access rights have to be specified the same way you would do when using C age more on the command line. Now I have to put the best on C at the location I specified as source. Therefore, I create the files folder inside the role and copy a prepaid Boesch. I'll see that the best RC I'm using here basically adds a little color to the bash. Prompt. Okay, let's run answerable playbook. And he told me that it copied the file over. But when I locked into the Web server. The shell prompt is still as monochrome as it waas. What happened? Well, they're still a bash R C in the user's home directory that overrides the changes I made. So I have to remove that file for the changes to take effect. And I want to do this with answerable so back to the tasks definition. I'm going to use the shell module to remove the file. It lets me execute any shell command. In addition, it comes with a creates Param eter. This perimeter defines a file which existence answerable, will check and answerable. Won't excuse the shell code If that file already exists By using this, I can tell answerable to only move away The initial bash R C If the user decides to create a new one on as long as it doesn't remove the rename file answerable won't delete the bash R C again as route has also a default. Pesh RC. I'm nothing answerable movie daughter No , I can run and will play book again. Okay, let's check if it works now Looks good. Both the user and route half the new prompt. Okay, now that we have covered the basics off roads and playbooks. We can go on with creating the host specific roads in the next video. Thanks for watching, and don't forget to subscribe. 3. Ansible - A Beginner's Tutorial, Part 3: In the last video, I showed the basics off roles and playbooks. In this video, I'm going to set up the Web server by creating a role that will install and configure reverse proxy. The reverse proxy will forward the requests off the visitors to the application server. Just as with, the basic role of the first step is to create the necessary folder structure, meaning a folder named Web Server below roles that contains a folder tasked with the main dot. Why am L in it? The first command I'm going to add, if the installation off the required packages at the moment, I only need the Apache to package the default insulation off Apache two on a boon to already brings the required Apache module for the reverse proxy directives. But I do have to activate the Apache modules, and there is a specialized answerable module to do this. It's called well, Apache two module, and all it needs as parameter is the name off the Apache module to activate off course. Having the proxy module activated isn't enough. I still need to tell the Apache what requests toe forward toe which destination I do this by copying over a configuration file named proxy dot com. I'm using the template module here. The template module is similar to the copy module in the sense that it copies a file from the control machine to the target host, but it does a bit more than just copying. The template module will investigate the source file for variables and it found replace them with appropriate values. Let me explain this a bit more. The proxy configuration is actually rather simple. Every request the Web server gets will be forwarded to The Observer. To do this, the Web server needs to know the I p. Address off The Observer and deport the Observer. It's listening on for requests. The letter is determined by the application, but the I P address depends on my network set up. I could just have a look at the interface configuration of The Observer and copy the I P address into the configuration file. But there is more elegant solution. Answerable knows everything about the machines, including there appear dresses. So all I have to do is to tell, answerable to put the I P address in the proxy con fire. I can't do this by writing a variable into the conflict file. Variables in answerable are always surrounded by double curly braces, and I have linked to the available variables in the video description. In this case, I need the I p address off the primary Network card of the Observer, and I get this like this. - I also have to add the proxy pass reverse directory because Apache requires this in orderto work properly as reverse proxy. But there two more things. I need to make sure the first is to enable the proxy configuration. The Apache package on Boutros 16 04 brings a command for this called a two n con. Unfortunately, there is no answerable model for this, so I will have to use the shell module. The second part is to notify the Apache about the configuration change. This is done by restarting the service. I could add those commands to the list off tasks in the Web server road, but this would mean that both of them would get executed every time I do unanswerable run. Given that one task is to restart the Apache, this would produce a short downtime every time. To avoid this, I'm going to make use off handless handlers just like a normal answerable task. But it will only be executed if triggered by another task. In this case, the conflict activation and the Apache restart will only occur when the proxy dot com has been changed and not every time an answer run. It started to get such a handler to a task. I have to extend the task with the Notify directive, followed by a list of handlers. I want to be caught. The actual handler definitions go inside remained up. Why am L? But this time the finalist placed in a handler subdirectory instead of tasks. The syntax off handlers is similar to the task syntax. But this time the name met us. It has to match the name that was given in the notify list. As handlers are essentially tasks, I can use the same modules like the shell module. In this example, I can even have handler notify another handler. So I let the activation handler and notify the restart handler. This way, the Apache gets restarted every time the proxy dot com changes. No, I can add the Web server role toe the playbook. I need a new entry because I only want to assign the website of a role toe the website machine. Okay, let's run the playbook. As you can see, answerable installed. That patchy package enabled the module copied the configuration, which in turn triggered the handless. Let's have a look at the website. The Petchey seems to be running, and the proxy dot com has the i. P address off The Observer. Let's check the application by accessing the Web service I p with a browser. Okay, the Apache answers the error messages expected. There is nothing running on the observer yet. Setting up The Observer will be covered in the next video. 4. Ansible - A Beginner's Tutorial, Part 4: In this video, I will create and deploy the observer configuration. The Observer will hostess more python application that connects to the database server to read a quote from the database and, of course, displayed. As with the other roles, the first step is to create the necessary folder structure and the required main dot Why am L This time? I'm going toe. Also, create the handlers and the files folder right from the start, as I'm sure going to need them. The first action that goes into the main dot Why am l is installing the software packages? The application will need in this case that it's goo Nikon supervisor and some pipes and modules the application uses. Goony Khan is a small server for running python Web applications. Supervisor is a process management tool. With it, you can run simple applications like Unicorn or any python script as service. This way, I can run the sample application even while not being locked into the server Supervisor itself is also a service on a boon. To have such services will automatically be started when the according packages installed. Unfortunately, this isn't the case for supervisor, so I have to tell Answerable to start the service right now. And to make sure it's get started on every system boot. The first is achieved by setting the state perimeter to start it. And the letter is done by setting the enable perimeter to Yes. Now, in order to actually have the application on the Observer, I have to create a folder for it and copy the application file over. - If I'm ever going to update the applications file, I want answerable to research the application automatically so ever handled through the copy action. This will also start the application with the initial deployment, The next step is to copy over the con figuration Fire for supervisor. I'm using the template module as the conflict fire will contain data that needs to be filled dynamically. - As supervisor doesn't notice changes in the configuration files by default. I have to make it really read the configuration file on every change. I again use a handler for this. It is also quite likely that I have to restart the application when the supervisor conflict changes. So I add that handler here too. Okay, Now let me copy over the test up code to the appropriate folder and showed to you. As you can see, the application is rather simple, but there are two values you need to see. The application uses DB Server as host name and the environment while your database password to connect to its database. So I have to provide the password and make sure that DB Server can be resolved to the database service I P address. Let's start with the database service password. I'm letting supervisor provide this value were its conflict five. But I don't want to just write it down into the file. Instead, I'm going to use the password. Look up, off answerable Look up is a special function that can be used with answerable actions and templates. It is given the path through a text file on the control machine, and whatever is written inside this text, fire will be used as password by answerable. If the file doesn't exist, however answerable will create a random password and store it in the text file. This way, you can generate passwords automatically. The next step is to make sure that DB Server is resolvable as I don't have working DNS for this name. I'm going to add to the I P address and name to the E T. C hosts. Five. Therefore, I'm making use off the line in file module off, answerable. As the name suggests, the module makes sure that a given line is inside a given file. Again, I'm using a look up to dynamically at the DB Service appear dress. - Now I have to provide the handless that I mentioned in the tasks. Five. The re read handler just used us a shell module to call Supervisor CTL and have it re read the configuration. The restart handler used the supervisor module to restart the test application. Finally, I can add the role to the playbook and run and spoke playbook. - The answerable playbook run doesn't show it, but answerable did create a password for the look up and store it. As you can see here, let's see the result. If everything worked, I should get a response from the application telling me that the database is still offline . Looks good so far in the next video, I'm going to set up the database 5. Ansible - A Beginner's Tutorial, Part 5: the last part that is missing on our platform is the database server, which I will set up in this video. As always, I start with creating the necessary folder structure for the DP. Serve a role. Now I can create the task list. First step installing the necessary software the Paice in my square ldb packages needed in order to enable, answerable to create and manipulate nice scale databases. I do want the database backup and I'm going for a simple solution running my SQL damn, Why a Cron job every night as I need a database and let and were created. When the database doesn't exist, Ansell will consider the adding database task has changed and therefore notify the defined handlers in this case import DB. This makes sure that the initial data base structure is important, but Annable won't touch it afterwards. Hence, it won't override any changes made by the application off course. I have to provide the database dump and I do so by copying and SQL file over. I can't do this after the adding database task because as all handless, the important TB handler will run after all tasks off the new role are done. Besides the database, the application also needs a my SQL user. I use the my school user module to create one that is allowed to exit the database from any host. As president, I'm using the same that answerable created in the application server role. The proof perimeter takes the same arguments at the grand command of my scale. In this case, the user will have all rights on all tables off the answerable tutorial database. Finally, I have to change the configuration off the my scale server itself. By default of my SQL server will, only low access from the machine is running on. More specifically, it will only listen on the local host network into face. In order to allow access from the application server, I have to tell it to listen toe all network interfaces. This can be done by changing the bind perimeter in a conflict file. I will therefore copy the conflict file over to activate that change. I do have to restart my scale. So I added notify here. So now that the list of tasks is done, I have to provide the files. That answer is going to copy and I start with the configuration file as mentioned. I want to change the bind address off the my scale demon and I can do this like that. Next is the SQL dumb I want answerable to import. I copy it to the files folder off the room. As you can see, it's just one table with three records in it. The last part is to create the handless, the 1st 1 waas import DB and I'm again using and Zabel's my SQL DB module. Besides the database name, it also needs the special state import which will tell answerable to import the SQL file specified with the target perimeter. The second handler, waas the restart, my SQL handler and I'm using the service module for this With state equals restarted, I can make sure that answerable will restart the service regardless if it was already running or not. No, I can, at the role host combination to the playbook and let answerable executed. - As you can see, the database has been created and that's last step off the roll, the hand less were cold. Let's have a look at the data base over to see if it worked well. The Crown job has been created. The database exists. Also looks good so far. If I open the browser now and hit reload, the application should show me random quotes from the database. Great. It works. This is Theo. End off the tutorial. I hope you liked it. And thanks for watching.