Setting up Lab environment for Ansible SkillBuilder Series using GCP.

Hey Techies…👋

In this blog, we’re going to discuss about Setting up Lab environment for Ansible SkillBuilder Series.

🎯Lab Setup: Creating Three Virtual Machines for Ansible

For this lab, you’ll want to set up three virtual machines, which can be hosted on platforms like GCP, Azure, AWS, or even your local machine. Here’s the configuration:

• Server (Control Node): This will serve as your control node, orchestrating Ansible operations.
• node1: This is one of the managed nodes, where Ansible will execute tasks.
• node2: The second managed node, where Ansible will also perform tasks.

🎯Naming them as ‘Server’ for the control node, ‘node1’ for the first managed node, and ‘node2’ for the second managed node will help keep things organized.

These machines are the building blocks for your Ansible environment, where you’ll carry out automation tasks and experiments.

I’m about to set up a virtual machine in Google Cloud Platform (GCP).

🎯Let’s navigate to the Compute Engine dashboard and select ‘Create Instance.’ For our first VM, we’ll name it ‘server’ as follows:

🎯We’ll configure the VM as follows:

• Machine type: N1
• CPU: 1 vCPU
• Memory: 1 GB

🎯I’ve chosen the CentOS operating system as the image for the VM.

🎯Enabling full API access and selecting all firewall rules as indicated.

🎯Following the creation of the first VM, I’ll proceed to create two more VMs with the same configuration. Once they are set up, I’ll click on the SSH connection from the right side and switch to root using the ‘sudo su’ command.

Pre-requisites

1. Install epel-release repository in all machines

# yum install epel-release -y

2. Disable and stop firewalld

#systemctl disable firewalld;systemctl stop firewalld

3. Install vim package in all 3 machines

#yum install vim -y

4. SSH connection need to be enabled in all 3 machines

go to /etc/ssh/sshd_config file using vim editor.

#vim /etc/ssh/sshd_config
PasswordAuthentication yes → this line should be uncommented
#PasswordAuthentication no → this line should be commented

Restart sshd service

#systemctl restart sshd

5. Create user called ‘ansible’ in all machines

#useradd ansible

Set password for ‘ansible’ user in all machines

#passwd ansible

6. Login to all servers and enable sudo permission for ansible user with no password

#visudo

ansible ALL=(ALL) NOPASSWD: ALL

7. Login as ansible user into ansible server

#sudo su - ansible

8. Create ssh keys in ansible server

$ ssh-keygen

9. Copy SSH keys from ansible server to clients

Using the ‘ssh-copy-id’ command, It will exchange SSH keys from the Ansible server, initiated by the Ansible user, with the node1 and node2 servers.

$ ssh-copy-id node1
$ ssh-copy-id node2

10. We will test the SSH key functionality to verify that it doesn’t prompt for a password when logging into ‘node1’ and ‘node2’ using the following commands:

$ ssh node1
$ ssh node2

If the keys are configured correctly, the login should proceed without requiring a password.

11. Install Ansible in Ansible server

Login into Ansible server using the ‘ansible’ user.

$ sudo yum install ansible -y

Before we test Ansible, I’ll ensure that the necessary dependencies are installed. These dependencies include ‘python-paramiko’, ‘python-httplib2’, and ‘python2-cryptography’.

python-paramiko — package is a Python implementation of the SSH protocol, which is essential for secure communication with remote servers, especially when using Ansible for automation and remote server management. It’s an important dependency for Ansible, as it allows for efficient and secure SSH connections to remote hosts. If ‘python-paramiko’ is not installed or configured correctly, Ansible may encounter issues when communicating with remote servers. So, ensuring that ‘python-paramiko’ is installed and correctly configured is crucial for the smooth operation of Ansible.

Python-httplib2- is a Python library for making HTTP requests, and it’s used by Ansible to manage HTTP-based tasks. Ansible, being a versatile automation tool, can interact with various web services and APIs to perform tasks like retrieving information or sending data. The ‘python-httplib2’ package provides the necessary functionality to work with HTTP requests, and it’s a vital dependency for Ansible when dealing with web-based services and URLs. Ensuring ‘python-httplib2’ is installed allows Ansible to communicate effectively with web resources during automation tasks.

python2-cryptography — is a Python library that provides cryptographic functions, including encryption, decryption, and certificate validation. Ansible uses ‘python2-cryptography’ to help secure communication and validate SSL certificates when interacting with remote systems, particularly when dealing with secure connections over HTTPS. This library is essential for ensuring the security and integrity of data transmission during Ansible operations.

By having ‘python2-cryptography’ installed as a dependency, Ansible can securely manage and automate tasks that involve encryption, decryption, and secure communication, adding an extra layer of protection to the automation process

Once these packages are installed, we can check if Ansible is working properly by running the command:

$ ansible –version

This command will provide information about the installed Ansible version and confirm whether Ansible is functioning as expected.

Here “/etc/ansible/ansible.cfg” is the global file.

In Ansible, organizing your configuration files based on different environments is a good practice. Let’s create a directory for the ‘dev’ environment, and then create an empty ‘ansible.cfg’ file within it. Here are the steps:

Create the ‘dev’ Directory:

Switch to the ‘dev’ Directory:

Create an Empty ‘ansible.cfg’ File: You can create an empty ‘ansible.cfg’ file using a text editor or by running:

Now check the ansible version, By placing an ‘ansible.cfg’ file in the ‘dev’ directory, Ansible will prioritize this configuration when working within the ‘dev’ environment. If the ‘ansible.cfg’ file does not exist in the current directory, Ansible will refer to the global configuration file.

This practice allows for environment-specific configurations, making it easier to manage and customize your Ansible setup for different environments.

In a multi-environment project, each environment should have its dedicated ‘ansible.cfg’ file. By organizing your playbooks into separate directories for each environment, you ensure that when a playbook is executed, it refers only to the ‘ansible.cfg’ file specific to that environment. This setup streamlines configuration management and enhances environment-specific control.

12. Create your environment directories.

Create a dev directory. From an ansible point of view this dev directory is considered as one environment. Create ansible.cfg file like below:

$ mkdir dev

$ vim ansible.cfg

In the hosts file add your servers like below. (static inventory file)

vim hosts
[prod]
node1
[backup]
node2

13. Test if your ansible environment is correctly configured or not ?

$ ansible all - list

14. Test your client servers connectivity from ansible ?

$ ansible all -m ping

You must receive “ping”: “pong” in green.

15. Configuring the Vim editor to prevent or manage indentation issues is a common practice.

The .vimrc file is typically located in the user’s home directory and is read by Vim each time it starts. Users can edit and extend this file to create a personalized Vim environment that enhances productivity and fits their workflow.

$ vim .vimrc

In .vimrc file , add the below entries:

set ai
set tabstop=2
set expandtab

Then logoff and login using ‘exit’ command Or

$ source ~/.vimrc

If you’ve successfully completed the steps mentioned above, you’re well-prepared to dive into the exciting world of Ansible labs that lie ahead. Get ready for a hands-on learning experience!

💹Next day — Mastering Ansible Playbook Features.

⭐⭐⭐ Enjoy your learning….!!! ⭐⭐⭐