How to install Ansible on RHEL7/ CentOS7

We are going to see how to install Ansible on RHEL7/ CentOS7 in this post.

Control node needs to install Python 2.6 or latest version and windows doesn’t support for control node.

Since the ansible agentless tool, on Managed hosts no need to install any specific agent/client. And need to install python 2.4 or latest version on managed hosts.

How to install Ansible on RHEL7/ CentOS7

Installing Ansible on RHEL7/ CentOS7:

To install the Ansible we should have Enabled EPEL repository on our server already

Once enable EPEL Repo, then we can start installing Ansible using yum.

[[email protected] ~]# yum install ansible -y

Post installation of ansible will check the version of Ansible by using below command

[[email protected] ~]# ansible --version
ansible 2.7.9
 config file = /etc/ansible/ansible.cfg
 configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
 ansible python module location = /usr/lib/python2.7/site-packages/ansible
 executable location = /usr/bin/ansible
 python version = 2.7.5 (default, Aug 2 2016, 04:20:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]
[[email protected] ~]#

Finally, we installed ansible over our machine which we are going to take it as a control node.

Hereafter if we want to deploy or manage any remote hosts(Managed Host) from the control node, SSH authentication is mandatory. So, We should copy and paste the SSH keys to the remote hosts to make the communication available between the control and managed node.

 

Reference: Ansible documented site

 

 

Architecture of Ansible

we are going to see the Architecture of Ansible in this post.

Communication:

Architecture of Ansible

Communication established between control node(Server) and Managed hosts(Client machines) using SSH Protocol.

A normal user will be sufficient for communication between Control and Managed hosts.

A normal user can able to perform a few tasks but for other tasks, we need administrators user or other users who have sudo access to perfom that tasks.

complete Architecture detail of Ansible:

Architecture of Ansible

 

This will explain how the ansible working and what are all the things contains as architecture.

As we can see the above diagram ansible automation engine will interact directly with the person who writes playbooks to do tasks.

It also interacts with the cloud(public/private) directly. Basically its CMDB(Configuration Management Data Base).

Also, it contains the below components:

  1. Inventory
  2. Modules
  3. API
  4. Plugins

 

Inventory:

Inventory will contain the List of Host or IP Address of Host/ Wildcards where we are going to do automation tasks using ansible.

default ansible inventory path: /etc/ansible/hosts

We can specify the different inventory path using -i option.

Modules:

Ansible has more 1000 readymade playbooks in it and we should use those modules in paybooks to do automation tasks. Modules will be copied from Control node to managed hosts while executing the tasks and it will run the program based on playbook and Module then will give back us the output.

Also, the user can create custom playbooks based on their needs.

We should mention the modules in playbooks and modules will be directly executed in remote hosts through playbooks and will get the output.

API:

Ansible uses API as transport  for Cloud services.

Plugins:

Plugins will enhance the features ansible.

Plugins will allow executing the task on build stat. Its a piece of code.

Using ansible we can automate the tasks on different types of network.

 

 

 

 

Introduction of Ansible automation tool

We are going to see Introduction of Ansible automation tool in this post. By reading the future post you can learn full ansible automation and it’s purely based on RedHat Linux.

Ansible is written by Micheal DeHaan

What is Ansible?

It’s a simple IT automation and powerful configuration management tool which is written in python.

It’s an open source configuration management tool.

We can standardize our environment configuration from one server to all other remote servers using ansible by creating the playbooks to complete that task.

Mainly it’s agentless automation tool. Work is pushed to the remote host when the ansible executed.

What we can do:

  • Configuration of Servers
  • Application Deployments
  • Continuous testing of existing application
  • Provisioning
  • Orchestration
  • Automating our administration tasks

 

What we cannot do:

  • We cannot install the initial minimum installation of the system.
  • We cannot monitor the servers
  • It will not track what changes are made over the files on the system.

How the Ansible work:

 

Introduction of Ansible automation tool

Ansible Syntax (or) ansible adhoc command:

Ex:

#Ansible -m command -a "uptime" Test

 

Ansible:- Keyword

m:- Module

command:- Module Name

uptime:-  OSCommand

Test:- Target server Group

 

Ansible Features:

  • Easy to learn
  • Written in python
  • Agentless
  • YAML based playbooks
  • Ansible Galaxy

Ansible Modules:

It’s having 1375 modules. For each and every operation we need to use modules to run the commands.

So we should understand the modules to do automation.

 

How to install Docker EE in RHEL7

How to install Docker EE in RHEL7

Will see How to install Docker EE in RHEL7 in this post. We have other steps as well on our blog to install the Docker in Linux.

It’s a container virtualization technology and more efficient in the deploy an application.

We have two option to install the Docker EE in RedHat Linux.

  1. Yum Repository: Create/ Enable YUM Repository and install using that. this is the recommended one to install/ upgrade a package in Linux.
  2. RPM: We have to download and install manually. This will be useful to install when the system doesn’t have internet access.

Requirement:

RHEL 7.1 or Higher Operating System.

overlay2 or device-mapper storage driver(direct-lvm mode for production environment)

Yum repository.

Disable SELinux in IBM Power Systems before install/ Upgrade

Enabling YUM Repository for Docker EE Installation:

Browse “https://store.docker.com/my-content” and login. You should at least registered for the trail.

Once logged in, Click “Setup” to get the URL to enable the repository.

Copy the URL from “Copy and paste this URL to download your Edition:” and save it for later use.

You will use this URL to create the variable called “DOCKERURL“.

Use the below command to remove existing docker repo.

[[email protected] ~]# rm /etc/yum.repos.d/docker*.repo

Save the copied URL in the environmental variable(DOCKERURL). Replace with URL where “<DOCKER-URL>” is mentioned in below command.

#export DOCKERURL="<DOCKER-EE-URL>"

Than now store the variable(DOCKERURL) in yum variable /etc/yum/vars

[[email protected] ~]# sudo -E sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'

Now store the OS version in /etc/yum/vars/dockerosversion:

[[email protected] ~]# sh -c 'echo "7.3" > /etc/yum/vars/dockerosversion'

Then install the required packages yum-utils, device-mapper-persistent-data and lvm2

[[email protected] ~]# yum -y install yum-utils device-mapper-persistent-data lvm2

Now will enable extras RHEL repository and This will ensure the access to container-selinux which is package required by “Docker-EE” and the below command will be used in all Architecture except IBM Power Systems.

[[email protected] ~]# yum-config-manager --enable rhel-7-server-extras-rpms
Loaded plugins: product-id

For IBM Power System use the below command:

#yum-config-manager --enable extras
#subscription-manager repos --enable=rhel-7-for-power-le-extras-rpms
#yum makecache fast
#yum -y install container-selinux

Add the Docker EE repository using below command.

[[email protected] ~]# yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"

Installing Docker EE in RedHat Linux:

Now using the docker repository will install the Docker-EE by executing below command.

[[email protected] ~]# yum install docker-ee

Note: If the above command failed for “container-selinux” dependency. Then we should install the container-selinux and below two are dependency packages for container-selinux

policycoreutils.2.5-11.el7 Click here to download

policycoreutils-python (This will be available in your OS packages list)

Now again try to install the docker-ee using yum.

Start the docker using systemctl.

[[email protected] ~]# systemctl start docker

Now we completed docker-ee installation.

To verify Docker-EE installed correctly, use the hello-world image. This will download a test image and run it in a container. Will give you the information.

[[email protected] ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
9bb5a5d4561a: Pull complete
Digest: sha256:f5233545e43561214ca4891fd1157e1c3c563316ed8e237750d59bde73361e77
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/

 

So, Finally we completed the Docker installation.

Refernce: docs.docker.com

About Python

About Python:

Python language created by Guido van Rossum.

Features of Python

Built on c  routines

Easy to use and debug

Portable

Object oriented

Interface with other languages

compiled and Interpreted language

Open and free

 

Download link:        www.python.org

To know python version use below command

python -v

Note: Any line starts with # will commented and not used by script while executing.

Will create a script file with .py extension and should use python command to run the python script.

Example:     

python first.py

Installing Puppet in RHEL7/ Cent OS 7

Will see Installing Puppet in RHEL7/ Cent OS 7

Nowadays all the administration tasks are rapidly moving to automation and its reducing manpower, cost and time. It’s mandatory to learn any one of the scripting and anyone of automation tool for system administrators at this situation.  Automating tasks in server end is very critical and most important one.  There are lots of tools available for automation. Here we are going to see the puppet.

What is puppet?

It’s an open source tool and developed by puppet labs for Linux/Unix/Mac and Windows machines. Puppet is written in Ruby language and its mostly used for automating jobs in the server and automating the jobs from the server to clients.

Features:

To avoid duplication of work.

Powerful framework

Mature tool

System administrator tasks simplify.

To make speed and repeated changes automatically.

To maintain system consistency and integrity

Very easy to manage vm, cloud and physical machines.

Enabling EPEL repository and dependencies for installation:

System time should be set as accurately on server, which is going to act as master chef server. So, set the time in your server.

Make sure that both the master and agent server should resolev the hostnames. So, make an entry in /etc/hosts file.

once time fixed will enable EPEL repository by using below command.

RHEL7/ Cent OS 7:

[[email protected] init.d]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-releas e-latest-7.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.yXngEr: Header V3 RSA/SHA256 Signature, key ID 352c64e 5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
 1:epel-release-7-10 ################################# [100%]

List the EPEL Repository Packages :

[[email protected] init.d]# yum --disablerepo=* --enablerepo=epel list

Now to have puppet ready setup, have to use apache with passanger. To get that, download and place the repo file in /etc/yum.repos.d/

[[email protected] init.d]# curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo

To setup puppet master/node now we need to enable the puppet lab repository and dependencies and run it on both master and agent servers.

[[email protected] init.d]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Preparing... ################################# [100%]
 package puppetlabs-release-22.0-2.noarch is already installed

 

Installing Puppet:

Use the below command to install Puppet server. This will install init script (/etc/init.d/puppetmaster) to run a test-quality puppet master server.

[[email protected] ~]# yum install puppet-server

Installed:
 puppet-server.noarch 0:3.8.7-1.el7

Dependency Installed:
 facter.x86_64 1:2.4.6-1.el7 hiera.noarch 0:1.3.4-1.el7 libselinux-ruby.x86_64 0:2.5-6.el7 libyaml.x86_64 0:0.1.4-11.el7_0
 puppet.noarch 0:3.8.7-1.el7 ruby.x86_64 0:2.0.0.648-29.el7 ruby-augeas.x86_64 0:0.4.1-3.el7 ruby-irb.noarch 0:2.0.0.648-29.el7
 ruby-libs.x86_64 0:2.0.0.648-29.el7 ruby-shadow.x86_64 1:2.2.0-2.el7 rubygem-bigdecimal.x86_64 0:1.2.0-29.el7 rubygem-io-console.x86_64 0:0.4.2-29.el7
 rubygem-json.x86_64 0:1.7.7-29.el7 rubygem-psych.x86_64 0:2.0.0-29.el7 rubygem-rdoc.noarch 0:4.0.0-29.el7 rubygems.noarch 0:2.0.14.1-29.el7

Complete!

Now we need to configure the puppet master/agent architecture.  in our case this node going to work as master server. So, edit /etc/puppet/puppet.conf file and change the dns_alt_names.

[[email protected] ~]# vi /etc/puppet/puppet.conf
[main]
 dns_alt_names=server,server.lbcdomain.com
 certname=server.lbcdomain.com

Save and exit from the file.

Run the below command to create puppet master certificate:

[[email protected] ~]# puppet master --verbose --no-daemonize

Once received “Notice: Starting Puppet master version 3.8.7” press ctrl+c to kill the process.

Now will configure Web server:

Puppet comes with basic web server. In production basically will not use this web server. Before managing nodes by puppet master server, will configure web server first.

[[email protected] ~]# yum -y install httpd httpd-devel mod_ssl ruby-devel rubygems gcc gcc-c++ pygpgme curl

Now install passenger and apache module:

[[email protected] ~]# yum install -y mod_passenger

create parent, public and tmp  directories for the application. Copy the ext/rack/config.ru from the puppet source code into the parent directory and set ownership as puppet to the directory.

[[email protected] ~]# mkdir -p /usr/share/puppet/rack/puppetmasterd
[[email protected] ~]# mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
[[email protected] ~]# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
[[email protected] ~]# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru

Create configuration file to add virtual host for puppet.

[[email protected] ~]# vi /etc/httpd/conf.d/puppetmaster.conf

make the below entries in virtual host file.

[[email protected] ~]# vi /etc/httpd/conf.d/puppetmaster.conf
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120

Listen 8140

<VirtualHost *:8140>
        SSLEngine on
        SSLProtocol             ALL -SSLv2 -SSLv3
        SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
        SSLHonorCipherOrder     on

        SSLCertificateFile      /var/lib/puppet/ssl/certs/server.lbcdomain.com.pem
        SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/server.lbcdomain.com.pem
        SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
        SSLCACertificateFile   /var/lib/puppet/ssl/ca/ca_crt.pem
        # If Apache complains about invalid signatures on the CRL, you can try disabling
        # CRL checking by commenting the next line, but this is not recommended.
        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
        # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
        # which effectively disables CRL checking; if you are using Apache 2.4+ you must
        # specify 'SSLCARevocationCheck chain' to actually use the CRL.
        # SSLCARevocationCheck chain
        SSLVerifyClient optional
        SSLVerifyDepth  1
        # The `ExportCertData` option is needed for agent certificate expiration warnings
        SSLOptions +StdEnvVars +ExportCertData

        # This header needs to be set if using a loadbalancer or proxy
        RequestHeader unset X-Forwarded-For

        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

         DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>  

Now restart the apache service.

[[email protected] ~]# systemctl restart httpd

Enable apache and disable puppet to autostart while booting.

[[email protected] ~]# systemctl disable puppet.service
[[email protected] ~]# systemctl enable httpd.service

Now enable puppet listening port in firewall:

Port: 8140

[[email protected] ~]# firewall-cmd --zone=public --add-port=8140/tcp --permanent
[[email protected] ~]# firewall-cmd --reload

 

Now install puppet on Node machines:

before starting puppet agent installation have to configure yum repository same like master server.

Command to install puppet:

[[email protected] ~]# yum -y install puppet

Make master puppet server details in puppet configuration file like below.

[[email protected] ~]# vi /etc/puppet/puppet.conf

[agent]
server = server.lbcdomain.com

Now start puppet service in node machine and enable it to start automatically while booting in this run level.

[[email protected] ~]# systemctl start puppet
[[email protected] ~]# systemctl enable puppet

Now signin puppet agent node machine certificate in puppet master server:

Agent node will request certificate on first time they attempt to run.

Login and execute the below command in master puppet server.

[[email protected] ~]# puppet cert list

"node.lbcdomain.com" (SHA256) D4:88:EC:C5:0A:F7:5D:4E:32:C5:B3:61:E0:51:7B:0C:CD:B3:49:9E:68:0B:E7:5D:75:19:1D:0B:92:8A:E7:C1

Run the below command to sign the cert sign

[[email protected] ~]# puppet cert sign node.lbcdomain.com

Notice: Signed certificate request for node.lbcdomain.com
Notice: Removing file Puppet::SSL::CertificateRequest node.lbcdomain.com at '/var/lib/puppet/ssl/ca/requests/node.lbcdomain.com.pem'

Run below command in puppet agent node machine to verify the certificate.

[[email protected] ~]# puppet agent -t

Info: Caching certificate for node.lbcdomain.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for node.lbcdomain.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node.lbcdomain.com
Info: Applying configuration version '1445401911'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.09 seconds

Finally we completed puppet master and agent configuration successfully.

 

Docker installation in RHEL7/ Cent OS 7

We are going to see Docker installation in RHEL7/ Cent OS 7.

Docker packages are available for RedHat Servers and RHEL Atomic Host editions alone not for other workstations or other variants of RHEL.

In this installation method internet is mandatory.

Docker installation using native docker script is straight forward method. Using “curl”  will install the docker.  Before installing docker, first check curl  package is installed on your system.

#curl –version

[[email protected] ~]# curl --version
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.21 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets
 Installing Docker using curl command
 
  Use the below command to install the docker.
 
#curl -SSL https://get.docker.com/ | sh
 
Now will enable the docker permanently in this runlevel and will start docker.
Command to enable the docker in this runlevel
#systemctl enable docker
 
 
 
Command to start the docker
#systemctl start docker
 
 
command to check the docker status
#systemctl status docker
 
 
Command to restart the docker
#systemctl restart docker
 
 
 
 
Docker has been installed and now will check the docker installation here.
#docker run hello-world
 
 



Will list the new containers with below command

#docker ps -a


Failed to start docker.service: Unit not found / Installation of docker in RHEL7.x / CentOS 7.x

Failed to start docker.service: Unit not found / Installation of  docker in RHEL7.x / CentOS 7.x

Will see how to fix Failed to start docker.service: Unit not found / Installation of docker in RHEL7.x / CentOS 7.x.

Docker is open source and it will help us to deploy applications over the Linux containers.
Docker CLI command line tool will help to manage the lifecycle management of  image based containers.

Linux container will enable fast application deployment, simplest testing, troubleshooting and maintenance.

Check for the installed docker details and remove the docker which is already installed.

Again install docker using below command:

#curl -fsSL https://get.docker.com/ | sh



Enable the docker service permanently in this runlevel

Start the docker service

Now docker has been installed started successfully.

To check docker installed correctly or not issue the below command

Chef server installation on linux

We are going to see Chef server installation on linux

Configuration options in Chef:

 

1. Standalone
2. High Availability
3. Tiered

Requirements:

1. Machine with RedHat server operating system with FQDN.
2. Mail agent which will help chef server to send notification.
3. Should know to work with cron jobs to schedule jobs

We are going to see Standalone chef server in this post.

In this method will use single machine for chef server installation.
1. Download “chef-server-core-<ver>” and kept under /tmp directory on a server which will run the server.
2. Install the package as root user using below commands.

#rpm -ivh chef-server-core-xxx.rpm

It will take some minutes to install it.

Execute the following server to start all services.

#chef-server-ctl reconfigure

Now we should create a user to manage the chef server

#chef-server-ctl user-create <username> <firstname> <lastname> <email> ‘Password’ –filename /path/uname.pem

Now we should create organization

 

#chef-server-ctl org-create short_name ‘full_organization_name’ –association_user user_name –filename ORGANIZATION-validator.pem

Download and install additional packages:
We can use Chef management console to manage the data bags, attributes, run-lists, roles, environments, and cookbooks from a web user interface.

Run below commands on chef server.

#chef-server-ctl install chef-manage
#chef-server-ctl reconfigure
#chef-manage-ctl reconfigure

We can use Chef push jobs to execute the jobs

Run the below commands on chef server.

#chef-server-ctl install opscode-push-jobs-server
#chef-server-ctl reconfigure
#opscode-push-jobs-server-ctl reconfigure

Use reporting will keep track while every client run on full infra.

Run the below commands on chef server:

#chef-server-ctl install opscode-reporting
#chef-server-ctl reconfigure
#opscode-reporting-ctl reconfigure

Update purchase for nodes:

While using more than 25 nodes, configuration should be updated by us for license.
for that, need to edit chef-server.rb file. follow the below steps to edit

#mkdir /etc/opscode && sudo touch /etc/opscode/chef-server.rb

open new chef-server.rb file
#vi /etc/opscode/chef-server.rb

append the below line on that file

#license[‘nodes’] = N (number of licensed nodes you have purchased)


save and exit from the file using :wq


run below command to update the modified changes on chef server

#chef-server-ctl reconfigure