= Appendix: Installing software using the Ansible Configuration Management tool = == Tools: == To run this exercise, you will need two pieces of software. If you haven't already, get or install these now: i. `omni` installed on your local machine ([http://trac.gpolab.bbn.com/gcf/wiki#GettingStarted instructions]), and i. `ansible` installed on your local machine ([http://docs.ansible.com/intro_installation.html#latest-release-via-yum find the instructions for your package manager here]). == Resources: == * Ansible Resources: - A third party [https://serversforhackers.com/an-ansible-tutorial Getting Started with Ansible walk through] - [http://docs.ansible.com/modules_by_category.html Ansible Module Documentation] == Instructions == === 2. Establish the Environment === a. To run this exercise, you will need an account and two pieces of software. If you haven't already, get or install these now: i. a GENI Portal account ([SignMeUp instructions]), ii. `omni` installed and configured on your local machine ([http://trac.gpolab.bbn.com/gcf/wiki#GettingStarted instructions]), and iii. `ansible` installed on your local machine ([http://docs.ansible.com/intro_installation.html#latest-release-via-yum find the instructions for your package manager here]). {{{ #!div style="background: #fdd; border: 3px ridge; width: 800px;" Windows users should do the following steps {{{ #!html
Tip Before reserving their resources, Windows users should have followed the instructions for setting up a separate GENI node for running Ansible.
}}} }}} a. Download the Ansible playbook, webpages, etc needed to configure the nodes. {{{ #!div style="background: #ffd; border: 3px ridge; width: 800px;" Use `wget` to download the tarball of files onto your local machine and use `tar` to uncompress it: {{{ #!sh wget http://www.gpolab.bbn.com/experiment-support/XXXXX.tar.gz tar zxvf XXXXXX.tar.gz }}} }}} == 4. Configure and Initialize == `omni` comes with a script, `readyToLogin` which finds the login information for nodes in your slice. As of `omni` version 2.8, `readyToLogin` has an `--ansible-inventory` flag which generates the Ansible inventory, which is a flat file which tells Ansible the name and login information for your nodes. a. Create your Ansible inventory file: {{{ #!div style="background: #ffd; border: 3px ridge; width: 800px;" On your local machine: {{{ #!sh $ readyToLogin MYSLICE --useSliceAggregates --ansible-inventory -o $ cat inventory }}} Example output of running these commands: {{{ #!sh $ readyToLogin MYSLICE --useSliceAggregates --ansible-inventory -o Host info saved in inventory file: /Users/jdoe/projects/GENI/hellogeni/inventory $ cat inventory host-2 ansible_ssh_host=pc2.instageni.stanford.edu ansible_ssh_port=31291 host-1 ansible_ssh_host=pc2.instageni.stanford.edu ansible_ssh_port=31290 server-1 ansible_ssh_host=pcvm2-33.instageni.stanford.edu rt-1 ansible_ssh_host=pc2.instageni.stanford.edu ansible_ssh_port=31292 }}} }}} {{{ #!div style="background: #fdd; border: 3px ridge; width: 800px;" {{{ #!html
Tip Windows users should copy their 'inventory' file onto their node running the ansible client.
}}} }}} b. Be sure your private key has been added to your SSH agent: {{{ #!div style="background: #ffd; border: 3px ridge; width: 800px;" {{{ ssh-add /path/to/your/private/key }}} }}} c. Check to see if your nodes are up and ready. {{{ #!div style="background: #ffd; border: 3px ridge; width: 800px;" This command uses the `ping` module to ping the specified nodes (in this case `all`) listed in the inventory file: {{{ #!sh $ ansible -i inventory all -m ping }}} Example output showing all of the nodes responding to ping: {{{ #!sh $ ansible -i inventory all -m ping server-1 | success >> { "changed": false, "ping": "pong" } host-1 | success >> { "changed": false, "ping": "pong" } rt-1 | success >> { "changed": false, "ping": "pong" } host-2 | success >> { "changed": false, "ping": "pong" } }}} }}} c. Try using the ping module in Ansible to only ping `server-1` or `host-1` by replacing `all` in the above with `server-1` or `host-1`. {{{ #!div style="background: #ffd; border: 3px ridge; width: 800px;" {{{ #!html
Tip Ansible commands can be collected into files called Playbooks. Playbooks are in a configuration file format called YAML which is very straightforward. In particular, Ansible Ad Hoc commands easily map to commands used in an Ansible Playbook.
}}} The Playbook to tell the `server` node to rerun the `nmap` scan and post the results is in `roles/nmap/tasks/map.yml` and looks as follows: {{{ #!python --- - name: map network using nmap command: nmap -sP -oX {{ nmap_xml_file }} {{ address_range }} - name: convert nmap xml to html shell: xsltproc /usr/share/nmap/nmap.xsl {{ nmap_xml_file }} > {{ nmap_html_file }} - name: create directory for nmap logs in WEB_ROOT/nmaplogs with permissions of 755 file: > dest={{ WEB_ROOT }}/{{ nmap_dir }} state=directory mode=755 - name: copy nmap html file to a public place command: mv {{ nmap_html_file }} {{ WEB_ROOT }}/{{ nmap_dir }}/nmap.html removes={{ nmap_html_file }} [ }}} ''Do these commands look like the Ad Hoc commands you came up with in the previous step?'' Put the above content in a file called `server.yml`. Run the playbook with the following command on the local machine: {{{ #!python ansible-playbook server.yml -i inventory }}} }}} a. Browse to the server node. Click on the `nmap` link. a. After some of your neighbors have brought up their nodes, run the following command: {{{ #!python ansible-playbook update-map.yml -i inventory }}} a. You should see more nodes found by the nmap scan. a. Change the value of `address_range` in `groups_vars/all.yml` and rerun `update-map.yml` to search for more nodes.