Ansible Basics Flashcards
What are important characteristics of Ansible?
- Agentless
- Idempotent
What language is Ansible written in?
Python
Thats why Ansible requires all nodes to have Python installed
How is Ansible agentless?
One of the key things about Ansible is that it is agentless. This means that there is no need to install any extra software on the managed nodes. The only requirements for the managed nodes are Python and the ability to accept SSH connections from the control node.
The control node connects to the nodes via SSH and pushes small Ansible Modules to them, which will be implementing the tasks.
How is Ansible idempotent?
You can run the same playbook multiple times and it will result in the same state of your managed hosts (servers, machines). After the first run of the playbook, subsequent runs will not make any changes if the desired state as described in the playbook is already reached.
For example, if you have a playbook that installs a package on a server, the first time you run it, Ansible will install the package. But if you run the same playbook again, Ansible will see that the package is already installed and will not attempt to install it again.
This idempotence is a very powerful feature of Ansible, because it allows you to be confident that running your playbooks will not have unexpected side effects. You can run them repeatedly without worrying about things getting messed up.
It’s important to note, however, that not all Ansible modules are idempotent. While Ansible’s core modules are generally idempotent, some community-provided modules or custom scripts may not be.
What is the Architecture of Ansible?
You have one control node and one or more managed nodes.
On the control node you install Ansbile. It then connects to the managed nodes via SSH and pushes Ansible modules to them.
What is an inventory File?
Ansible needs to know about the nodes it will manage. It does this through an inventory file where all the managed nodes are listed, usually grouped logically based on user requirements.
Example:
———————–
[webservers]
webserver1.example.com
webserver2.example.com
[dbservers]
dbserver1.example.com
dbserver2.example.com
————————–
What is a Playbook?
The primary mechanism by which Ansible accomplishes tasks is through a construct called a playbook. Playbooks are like scripts in Ansible’s own language, which are human-readable and describe a policy you want your remote systems to enforce or a set of steps in a general IT process.
Each Playbook contains at least one Play.
Each Play contains at least one Task.
How would a Playbook to install a LAMP stack look like?
- name: Install LAMP stack
hosts: webservers
become: yes
tasks:- name: Install Apache
apt:
name: apache2
state: present
update_cache: yes - name: Install MySQL
apt:
name: mysql-server
state: present
update_cache: yes - name: Install PHP
apt:
name:
- php
- php-mysql
state: present
update_cache: yes
- name: Install Apache
What are the steps to use Ansible?
- Install Ansible
Usesudo apt install ansibleorpip install ansible - Setup an inventory
- Write a Playbook
- Run the Playbook
ansible-playbook -i <your-inventory-file> lamp.yml
Is Ansible declaritive or imperitive?
In general Ansible is considered declaritive.
When you’re defining an Ansible playbook, you’re defining a list of tasks, which often implies a certain order of execution. This part can be seen as more imperative in nature, as you’re giving a series of commands to be executed in a certain order.
However, each individual task is still declarative in nature. For example, if you have a task to install a package, you’re not telling Ansible the commands to run to install the package; you’re declaring that the package should be installed and letting Ansible figure out the steps.
How does ansible achieve idempotency?
For each task, Ansible checks the current state of the target system before deciding whether changes are necessary. If the current state matches the desired state, no changes are made. For example, if a task is supposed to ensure a specific package is installed, Ansible first checks whether the package is already installed. If it is, Ansible skips the task.
What are alternatives to Ansible?
Puppet and Chef
How would a Playbook look like which adds sudo users to a server?
- name: Add user, set password, and grant sudo access
hosts: servers
become: yes
vars:
username: newuser
password: “{{ ‘password’ | password_hash(‘sha512’) }}”
tasks:- name: Ensure user exists
ansible.builtin.user:
name: “{{ username }}”
password: “{{ password }}”
update_password: on_create - name: Add user to sudoers
ansible.builtin.lineinfile:
path: /etc/sudoers
line: “{{ username }} ALL=(ALL) NOPASSWD:ALL”
validate: ‘visudo -cf %s’
- name: Ensure user exists
How can you use variables in Playbooks?
Ansible uses the Jinja2 templating language.
What are some benefits of using Ansible?
If you need to manage multiple servers, ssh-ing into each server and repeating all the steps manually is time consuming and error prone.
With Ansible:
- Execute all tasks from one machine
- Configure all steps in a single yaml file
- Reuse the file multiple times
- More reliable and less error prone
Also Ansible is declarative with a simple YAML language.
