Category Archives: Blogging

Step by Step procedure to install and Configure ANSIBLE on Ubuntu

Step by step procedure to install and configure ansible on ubuntu

Before installing ANSIBLE, let us understand,

What is ANSIBLE ?

1.Ansible Introduction :

Ansible is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero
downtime rolling updates.
Ansible’s goals are foremost those of simplicity and maximum ease of use. It also has a strong focus on security and reliability, featuring a minimum of moving parts, usage of OpenSSH for transport (with an accelerated socket mode and pull modes as alternatives),
and a language that is designed around auditability by humans – even those not familiar with the program.

While there are many popular configuration management systems available for Linux systems, such as Chef and Puppet, these are often more complex than many people want or need.Ansible is a great alternative to these options because it has a much smaller overhead to get started.

for more information visit, Ansible docs.
http://docs.ansible.com/

Assumptions
● You have a ubuntu 12.04 and you are logged-in as root.

2.How Does Ansible Work :
Ansible works by configuring client machines from an computer with Ansible components
installed and configured.
It communicates over normal SSH channels in order to retrieve information from remote
machines, issue commands, and copy files. Because of this, an Ansible system does not require any additional software to be installed on the client computers.
This is one way that Ansible simplifies the administration of servers.
Configuration files are mainly written in the YAML data  format due to its
expressive nature and its similarity to popular markup languages.Ansible can interact with clients through either command line tools or through its configuration scripts called Playbooks.

3. Install Ansible on an Ubuntu 12.04 :
To begin exploring Ansible , we need to install the Ansible package on at least one machine. I have used ubuntu 12.04

git clone git@github.com:ansible/ansible.git
cd ansible
source ./hacking/env-setup
sudo pip install paramiko PyYAML jinja2 --upgrade

We now have all of the software required to administer our servers through Ansible.
Set Up SSH Keys , Ansible primarily communicates with client computers through SSH.While it certainly has the ability to handle password-based SSH authentication, SSH keys help keep things simple.

4. Creating a SSH Pair :
@Server:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory ‘/home/a/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
Now use ssh to create a directory ~/.ssh as user b on Client. (The directory may already exist,
which is fine):
@Server:~> ssh root@123.123.123.123 mkdir -p .ssh
root@Client’s password:
Finally append a’s new public key to root@123.123.123.123:.ssh/authorized_keys and enter
client’s password one last time:
root@Server:~> cat .ssh/id_rsa.pub | ssh root@123.123.123.123 ‘cat >> .ssh/authorized_keys’
root@Client’s password:
From now on you can log into Client as root from A as a without password:
@Server:~> ssh root@123.123.123.123

5. Configuring Ansible Host:
Ansible keeps record of all of the servers that it know through a “hosts” file. We need to configure this file first before we can begin to communicate with our other computers.
Open the file and add,

vim /etc/ansible/hosts
[hosts]
devops ansible_ssh_host=123.123.123.123

Where hosts is list of nodes
devops = host name of one of the client.
123.123.123.123 is hosts ip.
To do this, we will create a directory in the Ansible configuration structure called group_vars.
Within this folder, we can create YAML-formatted files for each group we want to configure:

sudo mkdir /etc/ansible/group_vars
sudo nano /etc/ansible/group_vars/hosts

We can put our configuration in here. YAML files start with “—“, so make sure you don’t forget that part.

ansible_ssh_user: root
Save and close this file when you are finished.

6. Ansible test Examples:

Using Simple Ansible Commands
Now that we have our hosts set up and enough configuration details to allow us to
successfully connect to our hosts, we can try out our very first command.
Ping all of the servers you configured by typing:
root@server:/etc/ansible# ansible -m ping hosts
devops | success >> {
“changed”: false,
“ping”: “pong”
}
This is a basic test to make sure that Ansible has a connection to all of its hosts.

ansible -m shell -a ‘ifconfig’ devops

devops | success | rc=0 >>
eth0 Link encap:Ethernet HWaddr 00:0c:29:a2:42:c4
inet addr:123.123.123.123 Bcast:10.27.111.255 Mask:255.255.255.0

ansible -m shell -a ‘free -m’ devops
devops | success | rc=0 >>
total used free shared buffers cached
Mem: 487 440 47 0 108 173
-/+ buffers/cache: 158 329
Swap: 507 66 441

Lets install sendmail on client from Ansible server, to do that create playbook.yml file in
/etc/ansible 100 Jul 5 02:48 playbook.yml

root@server:/etc/ansible# cat playbook.yml

– hosts: devops
tasks:
– name: 1. install sendmail
apt: name=sendmail state=present

Now execute below command to install on remote server.
ansible-playbook –inventory-file=hosts playbook.yml –sudo –verbose
Below is the result,

ansible 1

Before executing above command, sendmail was not installed. ansible 2

Later after execution, sendmail installed on the remote host.

Advantages of Automation,

,Automation-Advantages

Hence we have Installed and Configured ANSIBLE, Enjoy !!!

How To Create a SSL Certificate on Apache for Ubuntu 12.04

About SSL Certificates

A SSL certificate is a way to encrypt a site’s information and create a more secure connection. Additionally, the certificate can show the virtual private server’s identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the server’s details while a self-signed certificate has no 3rd party corroboration.

Set Up

The steps in this tutorial require the user to have root privileges on the VPS. You can see how to set that up here in steps 3 and 4.

Additionally, you need to have apache already installed and running on your virtual server.
If this is not the case, you can download it with this command:

sudo apt-get install apache2


Step One—Activate the SSL Module


The next step is to enable SSL on the droplet.
sudo a2enmod ssl
Follow up by restarting Apache.
sudo service apache2 restart
Step Two—Create a New Directory
We need to create a new directory where we will store the server key and certificate
sudo mkdir /etc/apache2/ssl

Step Three—Create a Self Signed SSL Certificate


When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.

This command will prompt terminal to display a lists of fields that need to be filled in.

The most important line is "Common Name". Enter your official domain name here or, if you don't have one yet, your site's IP address.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com                  
Email Address []:webmaster@awesomeinc.com

Step Four—Set Up the Certificate


Now we have all of the required components of the finished certificate.The next thing to do is to set up the virtual hosts to display the new certificate. 

Open up the SSL config file:
 nano /etc/apache2/sites-available/default-ssl
Within the section that begins with <VirtualHost _default_:443>, quickly make the following changes.

Add a line with your server name right below the Server Admin email:
 ServerName example.com:443
Replace example.com with your DNS approved domain name or server IP address (it should be the same as the common name on the certificate).

Find the following three lines, and make sure that they match the extensions below:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Save and Exit out of the file.

Step Five—Activate the New Virtual Host


Before the website that will come on the 443 port can be activated, we need to enable that Virtual Host:
sudo a2ensite default-ssl
You are all set. Restarting your Apache server will reload it with all of your changes in place.
sudo service apache2 reload
In your browser, type https://youraddress, and you will be able to see the new certificate.

Installing Apache and PHP from source

I’ve just been through the process of installing the latest versions (as of this writing) of Apache 2.4.2 and PHP 5.4.5 from source on a new Debian 6 virtual machine for the first time.

I had some small issues along the way and thought I’d do a short post on the process I went through to get it working and resolve various errors which may help someone out. First we will install Apache, followed by PHP.

Prerequisites

Before starting you will need make, gcc and g++ installed.

apt-get install make gcc g++
I also had the latest version of MySQL installed (5.5.25a), as I wanted to use this later on. The latest version was downloaded from the Dotdeb repository

Installing Apache 2.4.2 from source

Apache was then downloaded from http://httpd.apache.org/download using wget on one of the mirrors in my country and then extracted.

wget http://apache.mirror.uber.com.au//httpd/httpd-2.4.2.tar.gz
tar xf httpd-2.4.2.tar.gz
cd httpd-2.4.2/
./configure –enable-so

Configuring Apache Portable Runtime library …
checking for APR… no
configure: error: APR not found. Please read the documentation.
–enable-so is needed later on for PHP.

At this point I downloaded APR 1.4.6 from apr.apache.org/download using wget and then extracted it.

cd ..
wget http://apache.mirror.uber.com.au//apr/apr-1.4.6.tar.gz
tar xf apr-1.4.6.tar.gz
cd apr-1.4.6/
./configure
make
make install
Apache will also need APR-util installed, which can be downloaded from the apr.apache.org/download page too. When you run configure you will have to specify where the apr config is, you should see this location in the output from make install after finishing apr above.

cd ..
wget http://apache.mirror.uber.com.au//apr/apr-util-1.4.1.tar.gz
tar xf apr-util-1.4.1.tar.gz
cd apr-util-1.4.1/
./configure –with-apr=/usr/local/apr/bin/apr-1-config
make
make install
Now that’s complete we can try Apache again.

cd ../httpd-2.4.2/
./configure –enable-so

checking for pcre-config… false
configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/
pcre-8.30.tar.gz was then downloaded from http://pcre.org and for something different, I uploaded it to the server with SFTP to the root directory.

cd ..
tar xf pcre-8.30.tar.gz
cd pcre-8.30/
./configure
make
make install
Now to try Apache again…

cd ../httpd-2.4.2/
./configure –enable-so
make
make install
That’s it, Apache should now be ready to go, let’s move into the default installation and start it up.

cd /usr/local/apache2/bin/
./apachectl start
/usr/local/apache2/bin/httpd: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory
ldconfig
./apachectl start
./apachectl -v
Server version: Apache/2.4.2 (Unix)
Server built: Jul 26 2012 20:51:23
That error relating to the shared libraries was resolved by running ldconfig, see the man page on that for more information.

Browsing to the IP address in my web browser now brings up the Apache default page. As ServerSignature is enabled by default, using Firebug for FireFox I can see “Apache/2.4.2 (Unix)” as the Server header in the response headers, confirming the new install of Apache has served my page.

Installing PHP 5.4.5 from source

PHP was downloaded from http://au.php.net/get/php-5.4.5.tar.gz/from/a/mirror and then uploaded to the root directory on the server using SFTP.

I’m configuring PHP with apxs, this wasn’t working for me unless Apache was configured with –enable-so. I was after MySQL support, feel free to leave –with-mysql off.

cd /root
tar xf php-5.4.5.tar.gz
cd php-5.4.5/
./configure –with-apxs2=/usr/local/apache2/bin/apxs –with-mysql=mysqlnd

configure: error: xml2-config not found. Please check your libxml2 installation.
apt-get install libxml2-dev
./configure –with-apxs2=/usr/local/apache2/bin/apxs –with-mysql=mysqlnd
make
make install
php -v
PHP 5.4.5 (cli) (built: Jul 26 2012 21:18:58)
Configuration

Once you have both Apache and PHP installed and running there is a bit of configuration to do so that Apache knows how to use PHP. I created a phpinfo file here /usr/local/apache2/htdocs/phpinfo.php and it will not display in a browser prior to configuration.

First off, let’s copy the library file over to Apache.

cp /root/php-5.4.5/libs/libphp5.so /usr/local/apache2/modules/
Next you will want to edit the Apache configuration file in /usr/local/apache2/conf/httpd.conf and add the following lines into it.

AddType text/html .php
AddHandler php5-script .php
This line should already be in there, referring to the .so file that was previously copied.

LoadModule php5_module modules/libphp5.so
You probably want to edit DirectoryIndex index.html and include index.php after this.

Once complete, restart Apache.

cd /usr/local/apache2/bin/
./apachectl restart