Getting started with Ansible 05 - Running elevated ad-hoc Commands

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello again everyone we are moving right along in our ansible series i hope you guys love this series because i'm having a blast doing videos on ansible and in the last video i showed you guys how to run ad hoc commands using ansible against our servers and in this video well we're going to do that again but this time around we're going to actually run commands that are going to make changes so let's go ahead and dive into ad hoc commands with elevated privileges so in the last video the commands that we ran they were useful we could do something like gather information or gather facts as you see here and when this runs it's going to pull a bunch of information about our server which can be very useful but again this doesn't really help us in terms of automation this is just something that's useful from an information gathering sense which is what gatherfax does but it doesn't really make any changes to the server itself let's go ahead and change that let's actually run a command that will make changes now the problem here is that we need to run sudo so if i was to run for example on my local workstation app update that's going to fail it tells me permission denied why because i didn't run sudo so if i do run sudo as you already know that's going to work just fine assuming i enter the right password here so anything on a linux server that makes changes to the server itself is going to require you to either be the root user or use sudo i'm sure you probably already knew that but we also have the same problem in ansible as well so now i'm going to show you a command that will make changes to your servers well actually this command is going to fail for the same reason that this command fails so i'm going to show you the ansible equivalent of that failed command so what i'm going to do is run ansible all dash m for module and this time the module we want to run is apt so this is specific to debian and ubuntu and things based on debian or forked from debian but anyway we're running the apt module which if you are a debian or ubuntu user you already know that this is how you install or alter the package database and we've run this a few times throughout the series so far and dash a for the argument the argument we want to give it is update underscore cache and we're going to set that equal to true so i'm going to press enter and again this is going to fail and basically it's failing for the same reason it's telling us fail to lock apt for exclusive operation essentially it's the same thing as running an apt command without sudo but it's not even essentially the same it is the same because if we need to use sudo to do this on a linux system we also need to make ansible use its equivalent of sudo as well so i'm going to recall the previous command here but i'm going to add a little bit to it i'm going to add some more options here at the end i'm going to type dash dash become and then dash dash ask dash become dash pass and i should have a link in the bottom in the description below this video that is going to take you through to a wiki article for this video and the others as well so if you want to go ahead and copy the command or if you think something isn't running right you want to compare what you are typing against mine you can go ahead and check that out again the link will be in the description but here i'm adding two options dash dash become and dash dash ask dash become dash pass so i'll press enter and it's asking me for the become password i'll type the sudo password which is basically the password for my user account and press enter and we're already getting some pretty useful results here so what exactly happened and what exactly is this command doing so if i scroll up here we can see that i'm using the apt module so dash m it basically has me give it a the name of a module the apt module allows us to work with apt packages on a debian-based system dash a allows us to use an argument to that module and what we're using here is update cache equals true so what this essentially is is basically the same thing as running sudo apt update it did make changes to our servers but all it did was update the package index so it's not really a very important change but it was successful because we typed dash dash become which basically allows us to elevate the privileges by default it's going to use sudo there's other methods that you can use with become we're not going to go into that sudo is the default and now that we're running this with sudo privileges we need to be able to apply a password to it and that's where dash dash ask become pass right here the last option that's where that comes into play because it asked us for the become password and since sudo is the default then that means the sudo password is what we need to give it now if we have a different sudo password on our servers this is going to fail now later on in the series we're going to address that but for right now i'm going to assume that on each of your servers you have the same sudo password which is why this is able to work and on each we can see that it says changed true so that means it was able to update the package database or the package index the command was successful so now i'm going to pause for a moment to point you guys to something that is very useful yes i will have a link to a wiki article in the description below and that's going to be pretty useful to you guys but not as useful as the official documentation you can see that i've pulled up the documentation for the apt module as you see right here it allows us well to manage apt packages and if you scroll down here you get a list of the arguments now the one we ran the scroll down here was this one that is the argument that we ran we set it equal to yes and as you can see here it's running the equivalent of apt-get update well technically you don't need the dash get anymore just apt update is fine but using this we were able to actually make some changes to our servers even if the changes we made were just to update the package index but as you can see here their documentation is very useful it gives you all the options that we have for the module apt as you can see it's titled right here these are all the things that we can do with that so that gives us a lot of flexibility now let's go ahead and have some fun how about we install an actual package onto all of our servers with one command this is going to be pretty cool so i'm going to go ahead and type it out so here's the command again we are using ansible obviously that's the title of this series after all we're targeting all of our hosts here with the module app you want to use the app module on all of our hosts the dash a or argument we want to give it is name equals vim hyphen knox now this is basically my favorite version of vim my favorite text editor this is something that i do install on all of my servers dash dash become and that's because again we need sudo privileges to install packages and that's what that does it basically elevates us to have sudo privileges for this command and then dash dash ask dash become pass just like that and we should be able to press enter let's see if this works i'll type in the password here and it looks good to me right so if i go here to server one we have them and if i do apt search vim hyphen knocks we can see that the status is installed same thing here same thing here i promise that wasn't installed before the command that we ran which is this one right here allowed us to basically target each of these servers and install a package on them vim knox that's what we were able to do and as another exercise i could change that to tmux that's another package that i do install on pretty much everything here so i just change the package name then enter again type in the password and it's going to run this on each of the servers in our inventory list and actually i looks like i already installed tmux on each of the servers it says changed false no changes were made why because i already installed tmux i actually forgot that i did that but i'm glad that i did and that this shows no changes so you can see what it looks like because even if we run the original command to install them nox we'll get the same thing because this time that package is already going to be found on each of the servers so it's going to say again changed false because no changes were necessary and that's actually very important here because we only want there to be changes if there are actual changes that are necessary so what ansible is going to do is bring our machines our servers to a defined state we'll create playbooks with commands like maybe users that need to be created or packages that need to be installed and if those requirements are already met it's not going to show a change for those things only for the things that actually did have a change in order to bring the machine current with the defined state i go to any one of these servers here and then into the var log directory we actually have an apt folder right here and this is for logging it changes with apt i'm going to cd into that and we have a history log file right here you can see it history.log and we can see right here the command line that was actually ran when i went to install vim knox earlier and this log file history.log under the apt folder inside the var log folder shows you all the changes that were made to the system via app all the package changes so we can actually follow along and see what the heck ansible actually did which means ansible is not doing any magic well you could think of it as magic but it's not ansible is actually using the built-in apt binary the apt command on the server when it does go to install a package as you can see here it even shows in the log file for apt itself how cool is that now i'm going to clear the screen here and every time i run sudo apt update it's telling me that i actually have some packages that are basically available to be updated have 23 of those i'm not going to finish the command but i could do sudo apt dist upgrade and it shows me a list of packages here that are actually available to be updated like i mentioned so i'm going to show you essentially how to do the same thing with ansible now it doesn't matter what package you use to achieve this i'll just choose snap d as an example i'll go back to the workstation and then i'll recall the previous command we used and i'm going to change the name to snap d and let's go ahead and run this right now and just see what happens i'll type the become password now the result on each is changed false that means that this package is already installed on all of the servers now that package snapdea as you can see it's right here it's showing that an update is available for that package so what we can do is recall this command and we can actually go ahead and update that as well so what we're going to do is put quotes around this right here because if you are going to have more than one argument you do need quotes and the other argument we're going to add is state equals latest i'll press enter and we see that it's actually updating the package on the servers and it's done so i'll go back to this one right here and notice again snap d is on the list of packages that can be updated i'm going to recall this command right here and now you'll notice that snap d is no longer on the list because when we ran the argument state equals latest as you see right here that's going to make sure that the package that's installed and we told it what package we want to install by giving it name equals snap d it's going to make sure that it's the latest version available which means it'll go ahead and update it if necessary let's have a little bit more fun here let's go ahead and use a different argument all together i'm going to take all of this off right here and i'm going to type upgrade equals dist you probably already knew i was going to go this direction but what i'm going to do is install all of the updates on each of the servers so i'll press enter and then the password again and let's see what happens alright so it looks like that was a success back on server two if i clear the screen and run sudo apt disk upgrade it shouldn't show that any updates are necessary at all or even available at all and there you go well what about this one so you do apt update nothing and again nothing because we were able to use one command which was this one right here to install all of the updates on all of the servers in the inventory list so one command installed all of the updates on all the servers we've updated all the things with ansible that's pretty sweet so at this point i would go ahead and commit all of the changes that we've made to the repository so far up to github but in this particular video we didn't actually make any changes so there's no need to do that so in the next video we're actually going to create our first playbook which is basically what ansible is all about playbooks are in the yaml format they allow you to create basically a list of commands or a text file with some plays in it that define the desired state and then ansible will basically get the server to that state and we're going to get a taste of that in the next video and that one should be on my channel already so definitely check it out i will see you there you

Info

Channel: LearnLinuxTV

Views: 17,567

Rating: undefined out of 5

Keywords: Tutorial, Learn Linux, ansible, ansible tutorial, templates, ansible templates, devops, ansible tutorial for beginners, infrastructure as code, devops tools, ansible playbook, devops tutorial, getting started with ansible, ansible automation, ansible for beginners, ansible playbook tutorial, ansible 101, ansible training, learn ansible, ansible training for beginners, ansible training videos, redhat, linux, linux tutorial, ansible roles, ansible overview, devops training

Id: FPU9_KDTa8A

Channel Id: undefined

Length: 17min 23sec (1043 seconds)

Published: Fri Jul 31 2020