12-18-2023 08:51 AM - edited 12-19-2023 11:28 PM
This is a step by step guide of the Ansible community environment creation. We'll set up the Ansible control node, the managed nodes, and we'll deploy the Ansible role for Cisco ThousandEyes Enterprise Agent Linux package deployment on the managed nodes.
Ansible is an agentless automation tool that by default manages machines over the SSH protocol. Once installed, Ansible does not add a database, and there will be no daemons to start or keep running. You only need to install it on one machine (which could easily be a laptop) and it can manage an entire fleet of remote machines from that central point. When Ansible manages remote machines, it does not leave software installed or running on them.
Playbooks are Ansible’s configuration, deployment, and orchestration language. They can describe a policy you want your remote systems to enforce, or a set of steps in a general IT process.
Roles let you automatically load related vars, files, tasks, handlers, and other Ansible artifacts based on a known file structure. After you group your content in roles, you can easily reuse them and share them with other users.
Any machine with Ansible installed. You can run commands and playbooks, invoking /usr/bin/ansible or /usr/bin/ansible-playbook, from any control node. You can use any computer that has Python installed on it as a control node - laptops, shared desktops, and servers can all run Ansible. However, you cannot use a Windows machine as a control node. You can have multiple control nodes.
A list of managed nodes. An inventory file is also sometimes called a “hostfile”. Your inventory can specify information like IP address for each managed node. An inventory can also organize managed nodes, creating and nesting groups for easier scaling.
The network devices, servers, or both that you manage with Ansible. Managed nodes are also sometimes called “hosts”. Ansible is not installed on managed nodes.
The control node must have network connectivity to managed nodes by SSH (TCP port 22). Ansible can be installed on multiple Operating Systems. This guide uses Ansible Community Package 8.x and 9.x installed on a machine with CentOS Stream 9. According to Ansible releases and maintenance schedule, the current version is 9.x with End of Life on May 2025, while the previous version is 8.x with End of Life on Nov 2024. We'll set up both versions on the same machine, as it will be helpful in the future to test the Ansible role's compatibility on multiple Ansible versions. The upcoming 10.x release or newer can be installed in a similar way when they'll be released.
For any concerns related to any of the software installation and configuration on your company's infrastructure per this guide, please get advise from your Infosec or relevant departments, according to your internal policies.
sudo dnf update -y
sudo reboot
II.B.2. Install gitsudo dnf install git -y
II.B.3. Optional: install "nano" text editor; you may use "vi" text editor instead, which is preinstalledsudo dnf install nano -y
sudo dnf install python3-pip -y
II.C.2. Optional: check Python 3 and Python Package Manager versions (commands and sample output included)python3 --version
Python 3.9.18
pip3 --version
pip 21.2.3 from /usr/lib/python3.9/site-packages/pip (python 3.9)
II.C.3. Optional: create a separate folder where all Virtual Environments will be installedmkdir ~/python-env
cd ~/python-env
II.C.4. Create the Virtual Environment where Ansible Community Package 8.7 will be installedpython3 -m venv ansible87
II.C.5. Add Ansible configuration environment variables into Virtual Environment activation script.nano ansible87/bin/activate
Insert the following lines after deactivate () {
# This file must be used with "source bin/activate" *from bash* deactivate () { |
Insert the following lines after export VIRTUAL_ENV
... export ANSIBLE_INVENTORY=/home/silviu/python-env/ansible87/inventory export ANSIBLE_DISPLAY_SKIPPED_HOSTS=false |
source ansible87/bin/activate
The prompt will change to (ansible87) [silviu@ansiblectl python-env]$, showing the virtual environment in use.pip3 install --upgrade pip setuptools
Output should end in Successfully installed pip-23.3.1 setuptools-69.0.2 (your versions might be newer).pip3 index versions ansible
Sample truncated output (you may ignore the warning for now):pip3 install ansible==8.7
II.C.10. Optional: check the installed packagespip3 list
Package ------------------- ansible ansible-core cffi cryptography importlib-resources Jinja2 MarkupSafe packaging pip pycparser PyYAML resolvelib setuptools |
Version ------- 8.7.0 2.15.8 1.16.0 41.0.7 5.0.7 3.1.2 2.1.3 23.2 23.3.1 2.21 6.0.1 1.0.1 69.0.2 |
ansible-config init --disabled -t all > ansible87/ansible.cfg
II.C.12. Edit Ansible configuration filenano ansible87/ansible.cfg
Various approaches can be taken while amending the ansible.cfg file. I usually search for the setting that I'd like to change (i.e. CTRL+W, type roles_path=, then press Enter) and add the new line immediately after the corresponding commented line (the lines in bold were added).
... roles_path=/home/silviu/python-env/ansible87/roles ... inventory=/home/silviu/python-env/ansible87/inventory ... # (boolean) Toggle to control displaying skipped task/host entries in a task in the default callback display_skipped_hosts=False ... # (string) Path to the Python interpreter to be used for module execution on remote targets, or an automatic discovery mode. Supported discovery> interpreter_python=auto_silent ... # (boolean) Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host host_key_checking=False ;there are multiple occurrences of this line ... # (list) List of enabled callbacks, not all callbacks need enabling, but many of those shipped with Ansible do as we don't want them activated by default callbacks_enabled=ansible.posix.timer ... # (boolean) If you have cowsay installed but want to avoid the 'cows' (why????), use this. nocows=True |
nano ansible87/inventory
Add the lines which corresponds to the IP addresses of the managed nodes grouped under [allagents], on which we'll deploy the ThousandEyes Enterprise Agent Linux package software through the Ansible role:
[allagents] 192.168.8.235 192.168.8.238 |
deactivate
The prompt will change back to [silviu@ansiblectl python-env]$sudo dnf install python3.11 python3.11-pip
II.D.2. Optional: check Python 3.11 and Python Package Manager versions (commands and sample output included)python3.11 --version
Python 3.11.5
pip3.11 --version
pip 22.3.1 from /usr/lib/python3.11/site-packages/pip (python 3.11)
II.D.3. Create the Virtual Environment where Ansible Community Package 9.1 will be installed
python3.11 -m venv ansible91
II.D.4. Add Ansible configuration environment variables into Virtual Environment activation script.nano ansible91/bin/activate
Insert the following lines after deactivate () {
# This file must be used with "source bin/activate" *from bash* deactivate () { |
Insert the following lines after export VIRTUAL_ENV
... export ANSIBLE_INVENTORY=/home/silviu/python-env/ansible87/inventory export ANSIBLE_DISPLAY_SKIPPED_HOSTS=false |
source ansible91/bin/activate
The prompt will change to (ansible91) [silviu@ansiblectl python-env]$, showing the virtual environment in use.pip3.11 install --upgrade pip setuptools
Output should end in Successfully installed pip-23.3.1 setuptools-69.0.2 (your versions might be newer).pip3.11 index versions ansible
Sample truncated output (you may ignore the warning for now):pip3.11 install ansible==9.1
II.D.9. Optional: check the installed packagespip3.11 list
Package ------------------- ansible ansible-core cffi cryptography Jinja2 MarkupSafe packaging pip pycparser PyYAML resolvelib setuptools |
Version ------- 9.1.0 2.16.2 1.16.0 41.0.7 3.1.2 2.1.3 23.2 23.3.1 2.21 6.0.1 1.0.1 69.0.2 |
ansible-config init --disabled -t all > ansible91/ansible.cfg
II.D.11. Edit Ansible configuration filenano ansible91/ansible.cfg
Various approaches can be taken while amending the ansible.cfg file. I usually search for the setting that I'd like to change (i.e. CTRL+W, type roles_path=, then press Enter) and add the new line immediately after the corresponding commented line (the lines in bold were added).
... roles_path=/home/silviu/python-env/ansible91/roles ... inventory=/home/silviu/python-env/ansible91/inventory ... # (boolean) Toggle to control displaying skipped task/host entries in a task in the default callback display_skipped_hosts=False ... # (string) Path to the Python interpreter to be used for module execution on remote targets, or an automatic discovery mode. Supported discovery> interpreter_python=auto_silent ... # (boolean) Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host host_key_checking=False ;there are multiple occurrences of this line ... # (list) List of enabled callbacks, not all callbacks need enabling, but many of those shipped with Ansible do as we don't want them activated by default callbacks_enabled=ansible.posix.timer ... # (boolean) If you have cowsay installed but want to avoid the 'cows' (why????), use this. nocows=True |
nano ansible91/inventory
Add the lines which corresponds to the IP addresses of the managed nodes grouped under [allagents], on which we'll deploy the ThousandEyes Enterprise Agent Linux package software through the Ansible role:
[allagents] 192.168.8.235 192.168.8.238 |
deactivate
The prompt will change back to [silviu@ansiblectl python-env]$source ansible87/bin/activate
IV.A.2 Clone the ansible-role-thousandeyes-enterprise-agent-linux repository into the Ansible roles folder locationmkdir ansible87/roles
git clone https://github.com/cisco-open/ansible-role-thousandeyes-enterprise-agent-linux.git ansible87/roles/ansible-role-thousandeyes-enterprise-agent-linux
IV.A.3 Create Ansible playbooknano ansible87/install_thousandeyes.yml
Sample content with correct space indentation:
--- - hosts: allagents remote_user: ansible gather_facts: no # Uncommenting this line allows each host to run until the end of the play as fast as it can # strategy: free pre_tasks: - setup: gather_subset: - '!all' - '!any' - hardware - virtual become: true roles: # - common # - rhel-system-roles.timesync - ansible-role-thousandeyes-enterprise-agent-linux # - other-roles
nano ansible87/roles/ansible-role-thousandeyes-enterprise-agent-linux/vars/main.yml
--- # vars file # Account Group in which the Enterprise Agent will be installed |
sudo dnf install sshpass -y
ansible-playbook -k -K ansible87/install_thousandeyes.yml
After the playbook finish running, the output of each task is displayed (except skipped tasks as configured above), with PLAY RECAP at the end, and total time took to run the playbook - provided by the configured ansible.posix.timer callback.SSH password: BECOME password[defaults to SSH password]: PLAY [allagents] ***************** TASK [setup] ***************** ok: [192.168.8.235] ok: [192.168.8.238] TASK [ansible-role-thousandeyes-enterprise-agent-linux : ====================Welcome to ThousandEyes====================] ** ... TASK [ansible-role-thousandeyes-enterprise-agent-linux : Starting ThousandEyes BrowserBot] ***************** ok: [192.168.8.235] ok: [192.168.8.238] TASK [ansible-role-thousandeyes-enterprise-agent-linux : Starting the ThousandEyes Agent] ***************** changed: [192.168.8.238] changed: [192.168.8.235] PLAY RECAP ***************** 192.168.8.235 : ok=24 changed=10 unreachable=0 failed=0 skipped=46 rescued=0 ignored=0 Playbook run took 0 days, 0 hours, 0 minutes, 19 seconds 192.168.8.238 : ok=24 changed=10 unreachable=0 failed=0 skipped=37 rescued=0 ignored=0 Playbook run took 0 days, 0 hours, 4 minutes, 58 seconds |
deactivate
rm -rfv ansible87
Dear Community member, thank you for reading the article! if you find this article useful, click on the thumbs up button!
Would you like to see more ThousandEyes automation related articles? Feel free to leave comments below and share your automation experience with the rest of the Community.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: