If you hate performing repetitive duties, then I’ve a proposition for you. Learn Ansible!
Ansible is a software that may make it easier to do your every day duties simpler and quicker, so you should utilize your time in more practical methods, like studying new know-how that issues. It’s an incredible software for sysadmins as a result of it helps you obtain standardization and collaborate on every day actions, together with:
- Installing, configuring, and provisioning servers and purposes
- Updating and upgrading programs commonly
- Monitoring, mitigating, and troubleshooting points
Typically, many of those important every day duties require handbook steps that rely on a person’s abilities, creating inconsistencies and leading to configuration drift. This could be OK in a small-scale implementation the place you are managing one server and know what you might be doing. But what occurs when you find yourself managing lots of or 1000’s of servers?
If you aren’t cautious, these handbook, repeatable duties could cause delays and points due to human errors, and people errors may affect you and your group’s popularity.
This is the place the worth of automation comes into the image. And Ansible is an ideal software for automating these repeatable every day duties.
Some of the explanations to automate are:
- You desire a constant and secure atmosphere.
- You need to foster standardization.
- You need much less downtime and fewer extreme incident circumstances so you’ll be able to take pleasure in your life.
- You need to have a beer as a substitute of troubleshooting points!
This article affords some examples of the every day duties a sysadmin can automate utilizing Ansible. I put the playbooks and roles from this text right into a sysadmin tasks repository on GitHub to make it simpler so that you can use them.
These playbooks are structured like this (my notes are preceded with ==>
):
[root@homebase 6_sysadmin_tasks]# tree -L 2
.
├── ansible.cfg ===> Ansible config file that's accountable for controlling how ansible behave
├── ansible.log
├── stock
│ ├── group_vars
│ ├── hosts ==> the stock file that accommodates the listing of my goal server
│ └── host_vars
├── LICENSE
├── playbooks ==> the listing that accommodates playbooks that we'll be utilizing for this text
│ ├── c_logs.yml
│ ├── c_stats.yml
│ ├── c_uptime.yml
│ ├── stock
│ ├── r_cron.yml
│ ├── r_install.yml
│ └── r_script.yml
├── README.md
├── roles ==> the listing that accommodates the roles that we'll be utilizing on this article.
│ ├── check_logs
│ ├── check_stats
│ ├── check_uptime
│ ├── install_cron
│ ├── install_tool
│ └── run_scr
└── templates ==> the listing that accommodates the jinja template
├── cron_output.txt.j2
├── sar.txt.j2
└── scr_output.txt.j2
The stock appears to be like like this:
[root@homebase 6_sysadmin_tasks]# cat stock/hosts
[rhel8]
grasp ansible_ssh_host=192.168.1.12
workernode1 ansible_ssh_host=192.168.1.15[rhel8:vars]
ansible_user=ansible ==> Please replace this along with your most popular ansible consumer
Here are 5 every day sysadmin duties which you can automate with Ansible.
1. Check server uptime
You want to verify your servers are up and operating on a regular basis. Organizations have enterprise monitoring instruments to watch server and software uptime, however every so often, the automated monitoring instruments fail, and that you must leap in and confirm a server’s standing. It takes a variety of time to confirm every server’s uptime manually. The extra servers you’ve got, the longer time you need to spend. But with automation, this verification will be accomplished in minutes.
Use the check_uptime function and the c_uptime.yml
playbook:
[root@homebase 6_sysadmin_tasks]# ansible-playbook -i stock/hosts playbooks/c_uptime.yml -k
SSH password:
PLAY [Check Uptime for Servers] ****************************************************************************************************************************************
TASK [check_uptime : Capture timestamp] *************************************************************************************************
.
snip...
.
PLAY RECAP *************************************************************************************************************************************************************
grasp : okay=6 modified=Four unreachable=Zero failed=Zero skipped=Zero rescued=Zero ignored=Zero
workernode1 : okay=6 modified=Four unreachable=Zero failed=Zero skipped=Zero rescued=Zero ignored=Zero
[root@homebase 6_sysadmin_tasks]#
The playbook’s output appears to be like like this:
[root@homebase 6_sysadmin_tasks]# cat /var/tmp/uptime-master-20210221004417.txt
-----------------------------------------------------
Uptime for grasp
-----------------------------------------------------
00:44:17 up 44 min, 2 customers, load common: Zero.01, Zero.09, Zero.09
-----------------------------------------------------
[root@homebase 6_sysadmin_tasks]# cat /var/tmp/uptime-workernode1-20210221184525.txt
-----------------------------------------------------
Uptime for workernode1
-----------------------------------------------------
18:45:26 up 44 min, 2 customers, load common: Zero.01, Zero.01, Zero.00
-----------------------------------------------------
Using Ansible, you will get the standing of a number of servers in a human-readable format with much less effort, and the Jinja template means that you can modify the output primarily based in your wants. With extra automation, you’ll be able to run this on a schedule and ship the output by e mail for reporting functions.
2. Configure extra cron jobs
You have to replace your servers’ scheduled jobs commonly primarily based on infrastructure and software necessities. This could seem to be a menial job, however it must be accomplished appropriately and constantly. Imagine the time this takes in case you are doing this manually with lots of of manufacturing servers. If it’s accomplished flawed, it could actually affect manufacturing purposes, which might trigger software downtime or affect server efficiency if scheduled jobs overlap.
Use the install_cron function and the r_cron.yml
playbook:
[root@homebase 6_sysadmin_tasks]# ansible-playbook -i stock/hosts playbooks/r_cron.yml -k
SSH password:
PLAY [Install extra cron jobs for root] ***************************************************************************************************************************
.
snip
.
PLAY RECAP *************************************************************************************************************************************************************
grasp : okay=10 modified=7 unreachable=Zero failed=Zero skipped=Zero rescued=Zero ignored=Zero
workernode1 : okay=10 modified=7 unreachable=Zero failed=Zero skipped=Zero rescued=Zero ignored=Zero
Verify the playbook’s outcomes:
[root@homebase 6_sysadmin_tasks]# ansible -i stock/hosts all -m shell -a "crontab -l" -k
SSH password:
grasp | CHANGED | rc=Zero >>
1 2 three Four 5 /usr/bin/ls /tmp
#Ansible: Iotop Monitoring
Zero 5,2 * * * /usr/sbin/iotop -b -n 1 >> /var/tmp/iotop.log 2>> /var/tmp/iotop.err
workernode1 | CHANGED | rc=Zero >>
1 2 three Four 5 /usr/bin/ls /tmp
#Ansible: Iotop Monitoring
Zero 5,2 * * * /usr/sbin/iotop -b -n 1 >> /var/tmp/iotop.log 2>> /var/tmp/iotop.err
Using Ansible, you’ll be able to replace the crontab entry on all of your servers in a quick and constant means. You also can report the up to date crontab’s standing utilizing a easy ad-hoc Ansible command to confirm the not too long ago utilized modifications.
three. Gather server stats and sars
During routine troubleshooting and to diagnose server efficiency or software points, that you must collect system exercise stories (sars) and server stats. In most situations, server logs comprise essential info that builders or ops groups want to assist clear up particular issues that have an effect on the general atmosphere.
Security groups are very specific when conducting investigations, and more often than not, they need to have a look at logs for a number of servers. You want to search out a straightforward approach to accumulate this documentation. It’s even higher in case you can delegate the gathering process to them.
Do this with the check_stats function and the c_stats.yml
playbook:
$ ansible-playbook -i stock/hosts playbooks/c_stats.ymlPLAY [Check Stats/sar for Servers] ***********************************************************************************************************************************
TASK [check_stats : Get present date time] ***************************************************************************************************************************
modified: [grasp]
modified: [workernode1]
.
snip...
.
PLAY RECAP ***********************************************************************************************************************************************************
grasp : okay=5 modified=Four unreachable=Zero failed=Zero skipped=Zero rescued=Zero ignored=Zero
workernode1 : okay=5 modified=Four unreachable=Zero failed=Zero skipped=Zero rescued=Zero ignored=Zero
The output will appear to be this:
$ cat /tmp/sar-workernode1-20210221214056.txt
-----------------------------------------------------
sar output for workernode1
-----------------------------------------------------
Linux Four.18.Zero-193.el8.x86_64 (node1) 21/02/21 _x86_64_ (2 CPU)
21:39:30 LINUX RESTART (2 CPU)
-----------------------------------------------------
Four. Collect server logs
In addition to gathering server stats and sars info, additionally, you will want to gather logs every so often, particularly if that you must assist examine points.
Do this with the check_logs function and the r_cron.yml
playbook:
$ ansible-playbook -i stock/hosts playbooks/c_logs.yml -k
SSH password:PLAY [Check Logs for Servers] ****************************************************************************************************************************************
.
snip
.
TASK [check_logs : Capture Timestamp] ********************************************************************************************************************************
modified: [grasp]
modified: [workernode1]
PLAY RECAP ***********************************************************************************************************************************************************
grasp : okay=6 modified=Four unreachable=Zero failed=Zero skipped=Zero rescued=Zero ignored=Zero
workernode1 : okay=6 modified=Four unreachable=Zero failed=Zero skipped=Zero rescued=Zero ignored=Zero
To affirm the output, open the information generated within the dump location. The logs ought to appear to be this:
$ cat /tmp/logs-workernode1-20210221214758.txt | extra
-----------------------------------------------------
Logs gathered: /var/log/messages for workernode1
-----------------------------------------------------Feb 21 18:00:27 node1 kernel: Command line: BOOT_IMAGE=(hd0,gpt2)/vmlinuz-Four.18.Zero-193.el8.x86_64 root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel
-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet
Feb 21 18:00:27 node1 kernel: Disabled quick string operations
Feb 21 18:00:27 node1 kernel: x86/fpu: Supporting XSAVE function 0x001: 'x87 floating level registers'
Feb 21 18:00:27 node1 kernel: x86/fpu: Supporting XSAVE function 0x002: 'SSE registers'
Feb 21 18:00:27 node1 kernel: x86/fpu: Supporting XSAVE function 0x004: 'AVX registers'
Feb 21 18:00:27 node1 kernel: x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
Feb 21 18:00:27 node1 kernel: x86/fpu: Enabled xstate options 0x7, context measurement is 832 bytes, utilizing 'compacted' format.
5. Install or take away packages and software program
You want to have the ability to set up and replace software program and packages in your programs constantly and quickly. Reducing the time it takes to put in or replace packages and software program avoids pointless downtime of servers and purposes.
Do this with the install_tool function and the r_install.yml
playbook:
$ ansible-playbook -i stock/hosts playbooks/r_install.yml -k
SSH password:
PLAY [Install extra instruments/packages] ***********************************************************************************
TASK [install_tool : Install specified instruments within the function vars] *************************************************************
okay: [grasp] => (merchandise=iotop)
okay: [workernode1] => (merchandise=iotop)
okay: [workernode1] => (merchandise=traceroute)
okay: [grasp] => (merchandise=traceroute)PLAY RECAP *****************************************************************************************************************
grasp : okay=1 modified=Zero unreachable=Zero failed=Zero skipped=Zero rescued=Zero ignored=Zero
workernode1 : okay=1 modified=Zero unreachable=Zero failed=Zero skipped=Zero rescued=Zero ignored=Zero
This instance installs two particular packages and variations outlined in a vars file. Using Ansible automation, you’ll be able to set up a number of packages or software program quicker than doing it manually. You also can use the vars file to outline the model of the packages that you simply need to set up:
$ cat roles/install_tool/vars/principal.yml
---
# vars file for install_tool
ins_action: absent
package_list:
- iotop-Zero.6-16.el8.noarch
- traceroute
Embrace automation
To be an efficient sysadmin, that you must embrace automation to encourage standardization and collaboration inside your crew. Ansible allows you to do extra in much less time as a way to spend your time on extra thrilling tasks as a substitute of doing repeatable duties like managing your incident and downside administration processes.
With extra free time in your fingers, you’ll be able to study extra and make your self obtainable for the following profession alternative that comes your means.