Agenda: getting-started-ansible.htm

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <meta http-equiv="Content-Style-Type" content="text/css" />
  <meta name="generator" content="pandoc" />
  <title>Getting started with Ansible</title>
  <style type="text/css">code{white-space: pre;}</style>
  <link rel="stylesheet" href="../../style.css" type="text/css" />
</head>
<body>
<div id="header">
<h1 class="title">Getting started with Ansible</h1>
</div>
<div id="TOC">
<ul>
<li><a href="#install-packages"><span class="toc-section-number">1</span> Install packages</a></li>
<li><a href="#download-the-workshop-kit-files"><span class="toc-section-number">2</span> Download the workshop-kit files</a></li>
<li><a href="#configure-ansible"><span class="toc-section-number">3</span> Configure ansible</a></li>
<li><a href="#first-run-network-reconfiguration"><span class="toc-section-number">4</span> First run: network reconfiguration</a><ul>
<li><a href="#how-does-it-work"><span class="toc-section-number">4.1</span> How does it work?</a></li>
</ul></li>
<li><a href="#second-run-platform-configuration"><span class="toc-section-number">5</span> Second run: platform configuration</a></li>
<li><a href="#third-run-full-configuration"><span class="toc-section-number">6</span> Third run: full configuration</a></li>
<li><a href="#appendix"><span class="toc-section-number">7</span> Appendix</a><ul>
<li><a href="#pointing-your-apt-to-your-local-apt-cacher-instance"><span class="toc-section-number">7.1</span> Pointing your apt to your local apt-cacher instance</a></li>
<li><a href="#using-git"><span class="toc-section-number">7.2</span> Using git</a><ul>
<li><a href="#configure-git"><span class="toc-section-number">7.2.1</span> Configure git</a></li>
</ul></li>
</ul></li>
<li><a href="#obtaining-workshop-kit-files-with-tarballs"><span class="toc-section-number">8</span> Obtaining workshop kit files with tarballs</a><ul>
<li><a href="#from-a-tarball"><span class="toc-section-number">8.1</span> From a tarball</a></li>
</ul></li>
</ul>
</div>
<p>Be sure you connect via ssh to your MacMini as the nsrc user. Don't become root.</p>
<p>Starting with a fresh Ubuntu 12.04.x install, we will set up ansible to get the workshop server to configure itself.</p>
<h1 id="install-packages"><a href="#install-packages"><span class="header-section-number">1</span> Install packages</a></h1>
<p>Add the <a href="https://launchpad.net/~rquillo/+archive/ansible">ansible PPA</a> to get a more recent version of ansible. Hit Enter when prompted.</p>
<pre><code>sudo apt-get install python-software-properties
sudo add-apt-repository ppa:rquillo/ansible
sudo apt-get update
sudo apt-get install ansible git</code></pre>
<p>Make a note of the ansible version installed. These scripts were tested using ansible=1.3.3-precise1. Although the author strives for backwards compatibility, sometimes later versions may change how scripts work.</p>
<h1 id="download-the-workshop-kit-files"><a href="#download-the-workshop-kit-files"><span class="header-section-number">2</span> Download the workshop-kit files</a></h1>
<p>This should be done as the non-root (nsrc) user, in your home directory. How you do it depends on whether you have been given full access to the git repository. For purposes of class we will use git over http with passwords.</p>
<pre><code>cd 
git clone http://trainers@wsnoc.nsrc.org:8000/nsrc/workshop-kit.git</code></pre>
<p>When prompted for a password use the one given in class.</p>
<h1 id="configure-ansible"><a href="#configure-ansible"><span class="header-section-number">3</span> Configure ansible</a></h1>
<pre><code>sudo editor `/etc/ansible/ansible.cfg` and set:</code></pre>
<p>Make the following changes to the file:</p>
<pre><code>hostfile       = ./hosts.local
...
host_key_checking = False
...
nocows = 1</code></pre>
<p>Finally, in your checkout's ansible directory, copy <code>hosts.sample</code> to <code>hosts.local</code></p>
<pre><code>cd
cd workshop-kit/ansible
cp hosts.sample hosts.local</code></pre>
<h1 id="first-run-network-reconfiguration"><a href="#first-run-network-reconfiguration"><span class="header-section-number">4</span> First run: network reconfiguration</a></h1>
<p>Still inside the ansible directory, run the following commands:</p>
<pre><code>sudo ansible-playbook networking.yml --check --diff     # dummy run
sudo ansible-playbook networking.yml                    # live run</code></pre>
<p>With the <code>--check</code> flag it will show you what it is going to change; without the <code>--check</code> flag it will actually perform the changes. Try both.</p>
<p>The playbook is <em>idempotent</em>. This means it is safe to run it repeatedly; anything which is already in the correct state will not be changed. Feel free to run it again.</p>
<p>After the live run, have a look at the following files:</p>
<ul>
<li>/etc/hostname</li>
<li>/etc/hosts</li>
<li>/etc/network/interfaces</li>
<li>/etc/iptables/rules.v4</li>
</ul>
<p>It should have created a more complex configuration with a bridge interfaces for the LAN and WAN connections (br-lan contains eth0, br-wan contains eth1), an IP alias on 10.10.0.254, and NAT rules.</p>
<p>If you are happy with this configuration, reboot your server to activate the new interfaces.</p>
<pre><code>sudo shutdown -r now</code></pre>
<p>You should not need to re-run <code>networking.yml</code> again unless you want ansible to reconfigure your network.</p>
<h2 id="how-does-it-work"><a href="#how-does-it-work"><span class="header-section-number">4.1</span> How does it work?</a></h2>
<p>Have a look at the playbook:</p>
<pre><code>cd workshop-kit/ansible
cat networking.yml</code></pre>
<p>Notice how it contains:</p>
<ul>
<li>The host(s) or group(s) on which to run this playbook</li>
<li>What tasks or roles to apply</li>
<li>Tags, to allow parts of the playbook to be run selectively</li>
</ul>
<p>Have a look at the tasks and handlers contained under each role. Handlers are extra actions which are triggered at the end of the run if a task has changed something.</p>
<pre><code>cat roles/update_cache/tasks/main.yml
cat roles/ansible_base/tasks/main.yml
cat roles/networking_ubuntu/tasks/main.yml
cat roles/networking_ubuntu/handlers/main.yml
cat roles/networking_ubuntu/templates/hostname
cat roles/gateway_ubuntu/tasks/main.yml
cat roles/gateway_ubuntu/handlers/main.yml</code></pre>
<p>Some of these roles and templates are quite complex - don't worry about the details.</p>
<p>There are also variables which are set per host and group. You can find these in the inventory (hosts) and in files under host_vars/ and group_vars/</p>
<pre><code>cat hosts.local
cat host_vars/s1.ws.nsrc.org
cat group_vars/vm_servers
cat group_vars/all</code></pre>
<p>In particular, notice that there are variables in <code>host_vars/s1.ws.nsrc.org</code> which are used by the interfaces template:</p>
<pre><code>gateway_wan_interface: br-wan
interfaces:
  br-lan:
    bridge_ports: [eth0,tap11,tap12,tap13,tap14,tap15,tap16,tap17,tap18,tap19]
    address: 10.10.0.241
    aliases: [10.10.0.254]
  br-wan:
    bridge_ports: [eth1]
    address: dhcp</code></pre>
<p>If you change these, you can generate a new <code>/etc/network/interfaces</code> with different interfaces.</p>
<h1 id="second-run-platform-configuration"><a href="#second-run-platform-configuration"><span class="header-section-number">5</span> Second run: platform configuration</a></h1>
<pre><code>sudo ansible-playbook vm_servers.yml -t platform</code></pre>
<p>This installs a few basic packages. If your machine is a Mac Mini then it will install packages specific to that platform, e.g. macfanctld.</p>
<p><code>-t platform</code> means only to run those tasks labelled with tag &quot;platform&quot;.</p>
<p>Some steps may take a a while to complete. If you see this step hang for a very long time:</p>
<p>TASK: [install macmini packages] **********************************************</p>
<p>You may want to press &quot;ctrl-c&quot; and run the command again. It's possible there is a dialogue we have not accounted for that has hung the process.</p>
<h1 id="third-run-full-configuration"><a href="#third-run-full-configuration"><span class="header-section-number">6</span> Third run: full configuration</a></h1>
<p>Now run the vm_servers.yml playbook again, but without restricting to the platform tag.</p>
<pre><code>sudo ansible-playbook vm_servers.yml</code></pre>
<p>This will run through a full set of configuration including:</p>
<ul>
<li>dns server</li>
<li>ntp server</li>
<li>snmp agent</li>
<li>apt-cacher</li>
<li>dhcp server</li>
<li>kvm</li>
<li>vmbuilder</li>
<li>dynamips</li>
</ul>
<p>This may take a fair amount of time to complete.</p>
<p>At this point you should have functioning DHCP on your LAN network. If you had configured a static IP on your laptop, you no longer need it.</p>
<p>You can look around and see how your MacMini has changed. For instance, you are now running an snmp server:</p>
<pre><code>snmpwalk -v2c -c NetManage localhost</code></pre>
<p>DNS for your private network that you will be using has been configured:</p>
<pre><code>dig pc10.ws.nsrc.org
dig sw.ws.nsrc.org</code></pre>
<p>You might to consider looking at current running processes, use netstat to see your current routes or open ports, typing ifconig to see all your interfaces, etc... to get a feel for your new MacMini environment.</p>
<p>Note that you can now use your wireless access point to connect to your MacMini. On your laptop connect to the SSID for your group (KITX-24 or KITX-5 where X={1..6}). You will receive an address on the 10.10.0.0/24 network with a gateway of 10.10.0.254, which is your MacMini, a DNS server of 10.10.0.241 (again, your MacMini) and you will have full access to the public internet.</p>
<h1 id="appendix"><a href="#appendix"><span class="header-section-number">7</span> Appendix</a></h1>
<h2 id="pointing-your-apt-to-your-local-apt-cacher-instance"><a href="#pointing-your-apt-to-your-local-apt-cacher-instance"><span class="header-section-number">7.1</span> Pointing your apt to your local apt-cacher instance</a></h2>
<p>Your box is now acting as a cache for installation of software using apt and is available for use for any machine on your private network (10.0.0.0/8). However, we have not set your own MacMini to use the cache that it is running. You can do this if you wish, but remember, if you must troubleshoot issues with apt, then you will probably need to disable this by removing/moving the file we will create below.</p>
<p>If you wish to point to your local apt-cacher program do the following:</p>
<pre><code>sudo editor /etc/apt/apt.conf.d/01proxy</code></pre>
<p>and add the line:</p>
<pre><code>Acquire::http::Proxy &quot;http://127.0.0.1:3142&quot;;</code></pre>
<p>Now update your local apt database:</p>
<pre><code>sudo apt update</code></pre>
<p>The next time you use apt to install a package it will first see if it is available locally and use that copy if it's available. Otherwise, the package will still be downloaded over the network, but it will now be available for all other users who may wish to install the software.</p>
<h2 id="using-git"><a href="#using-git"><span class="header-section-number">7.2</span> Using git</a></h2>
<p>Detailed instructions for using git with ssh and configuring it for use for interactive work flow.</p>
<p>This assumes you have an account on git.nsrc.org and your ssh public key has been installed there.</p>
<pre><code>cd
git clone ssh://YOURUSERNAME@git.nsrc.org/usr/local/repositories/workshop-kit.git
cd workshop-kit</code></pre>
<p>If authentication is rejected, you should NOT copy your ssh private key onto your workshop server! Rather you should:</p>
<ol style="list-style-type: decimal">
<li>Disconnect your ssh session</li>
<li>Log back in using ssh and agent forwarding
<ul>
<li>For Linux and OSX:
<ul>
<li>ssh-add
<ul>
<li>enter your passphrase when prompted</li>
</ul></li>
<li>ssh -oForwardAgent=yes nsrc@x.x.x.x</li>
</ul></li>
<li>For Windows/putty:
<ul>
<li>run pageant</li>
<li>point it to your private key and enter your passphrase</li>
<li>connect with agent forwarding enabled</li>
</ul></li>
</ul></li>
</ol>
<h3 id="configure-git"><a href="#configure-git"><span class="header-section-number">7.2.1</span> Configure git</a></h3>
<p>Create a file <code>~/.gitconfig</code> containing the following. This ensures that any commits you make are labelled with your correct details.</p>
<pre><code>[user]
        name = Your Fullname
        email = yourname@yourdomain
[core]
        excludesfile = ~/.gitignore
        #editor = /usr/bin/joe   &lt;&lt; or whatever you prefer
[push]
        default = tracking</code></pre>
<p>And create <code>~/.gitignore</code> as follows: this is to minimise the junk which is picked up.</p>
<pre><code>*~</code></pre>
<h1 id="obtaining-workshop-kit-files-with-tarballs"><a href="#obtaining-workshop-kit-files-with-tarballs"><span class="header-section-number">8</span> Obtaining workshop kit files with tarballs</a></h1>
<h2 id="from-a-tarball"><a href="#from-a-tarball"><span class="header-section-number">8.1</span> From a tarball</a></h2>
<p>Alternatively, you may be given a tarball or zipfile containing a snapshot of the repository. Download it using wget, and extract it as appropriate:</p>
<pre><code>cd
wget http://...../workshop-kit.tgz
tar -xvzf workshop-kit.tgz

or:
wget http://...../workshop-kit.zip
unzip workshop-kit.zip</code></pre>
<p>Either way, you should have a directory called &quot;workshop-kit&quot; which you can cd into.</p>
</body>
</html>