This is a small article to briefly introduce a configuration management tool called Ansible. According to the ansible official web site, “Ansible is the simplest way to automate apps and IT infrastructure. Application Deployment + Configuration Management + Continuous Delivery”. If someone sees my previous articles, you may know Terraform can automate the infrastructure as well. The difference between them is that Terraform is for infrastructure deployment while Ansible is for configuration management. In other words, Ansible can help us do small adjustments after we deploy the infrastructure. As captioned, patch management is one of the use case in Ansible.
Why use Ansible?
There are few reasons we use Ansible:
- Ansible does not require any agent, we just need to install ansible in our master node.
- We can use Ansible on Cloud or non-Cloud.
- Ansible is not only for host, but also for network equipment. In this link, we can see it supports Cisco IOS as well.
- Ansible supports Windows as well.
In console, we choose Cloud Shell and then click the editor mode such that we could easily review our code.
The we have to setup our environment e.g. define project, zone and region:
gcloud config set project <you-project-id>
gcloud config set compute/zone us-west1-a
gcloud config set compute/region us-west1
Please download my prepared file from github or
git clone https://github.com/manbobo2002/ansible-system-update.git cd ~/ansible-system-update
Also, we need to install Ansible:
sudo apt-get install ansible
Be friendly reminded that we can do this demonstration apart from CloudShell. That means we can do this locally, use our local machine to control GCP instances.
There are 3 main files in this demonstration: ansible.cfg, hosts, main.yml.
As we can see, ansible.cfg is a configuration file which describes the basic setting of ansible.
Also, hosts store all the host ip or host name you want to manage. We can classify the hosts with different group.
Finally, we have a playbook called main.yml which describes the task details. For this demonstration, we create some patch update tasks.
Create SSH Access
If you have your own public key, feel free to use it. Otherwise, please follow me.
We generate our public/private key pair by typing:
By default, the public key will be stored on /home/[username]/.ssh/id_rsa.pub
We can see the public key by typing:
In Compute Engine, we go to Metadata=>SSK Keys and paste the public key in it. In this way, we are now able to access our instances using SSH.
Update Patch to Instance Using Ansible
First of all, please make sure you have at least one instance, otherwise please create an instance. Copy the External IP.
Back to CloudShell, add this ip to the group you like.
In main.yml, edit the hosts to fit your group. If you want to apply to all, please use “all” instead of the group name.
To test the SSH key works, we can simply “ssh [username]@[hostip]” to our host. Press “exit” if we connect successfully.
Finally, we are able to run the play book by typing: