Introduction
Hey there! As a fellow sysadmin, I know you‘ve likely spent countless hours on mundane yet critical tasks like copying files between servers or restarting services. I used to spend my days logged into multiple servers running the same commands over and over again. It was time-consuming and frustrating!
That‘s why I was thrilled when I discovered Ansible, an open source automation tool that changed my sysadmin life. Ansible provides reusable "playbooks" to automate just about any sysadmin task you can think of. No more manually SSHing into servers or keeping track of what‘s been done where!
In this post, I‘ll walk you through 7 common sysadmin tasks that I‘ve been able to easily automate using Ansible playbooks and modules:
- Copy Files from Local/Remote Systems
- Configure Cron Jobs
- Manage Disks and Filesystems
- Collect Server Logs
- Install/Remove Software Packages
- Manage Users and Groups
- Manage Services
For each task, I‘ll share Ansible code examples from my own playbooks, explain how they work, and provide some tips based on experience. Let‘s get started!
Copy Files from Local/Remote Systems
As a sysadmin, you probably need to copy files between servers or directories regularly. For example, you may need to:
- Copy updated configuration files to multiple servers
- Back up a file before replacing it
- Sync files from a remote server to a local destination
Instead of using scp or rsync commands manually, you can create an Ansible playbook to copy files as needed.
Here‘s an example playbook that copies a new NTP configuration file from the local system to the /etc/ directory on remote hosts:
---
- hosts: webservers
tasks:
- name: Copy NTP config file
copy:
src: files/ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: ‘0644‘
This uses Ansible‘s copy module to specify the local file path to copy from in src, and the remote destination path and permissions in dest. I like to use copy for simple single file copies like this.
A few tips when using copy:
- Use the backup option to keep a backup of the original file
- Make sure to define owner, group, and mode to avoid permission issues
Now let‘s look at how to configure those crucial cron jobs!
Configure Cron Jobs
cron allows you to schedule all kinds of automated jobs to run on servers at set times. As a sysadmin, you may need to configure cron jobs for backups, log rotations, reports, and more.
Instead of manually editing crontabs on each server, Ansible makes this a breeze. Here‘s an example cron task:
- name: Schedule database backup
cron:
name: "Daily DB backup"
minute: "0"
hour: "23"
job: "/opt/scripts/db-backup.sh"
This scheduled a script to run daily at 11 PM to back up our database.
Some tips for working with Ansible‘s cron module:
- Use name for the description to identify cron jobs easily
- Validate minute, hour, etc. ensure the job runs when expected
- Put commands/scripts in job: to specify what the cron runs
Next up, managing those disk partitions and filesystems!
Manage Disks and Filesystems
Servers would be useless piles of metal without disks and filesystems to store data. As a sysadmin, common tasks include:
- Partitioning new disks
- Formatting filesystems
- Mounting volumes
- Configuring fstab entries
Rather than all the manual fdisk, mkfs, mount commands, Ansible helps easily configure disk management across all your servers with built-in modules.
Here‘s an example playbook:
- name: Create and mount disk partition
hosts: appservers
tasks:
- name: Create partition
parted:
device: /dev/vdb
number: 1
label: gpt
- name: Format filesystem
filesystem:
fstype: ext4
dev: /dev/vdb1
- name: Mount new disk
mount:
path: /opt/data
src: /dev/vdb1
fstype: ext4
state: mounted
This allows me to partition a disk, format to ext4, and mount it without any tedious manual work. Some helpful tips:
- Use Ansible facts like ansible_devices to get disk names
- Make sure disks/partitions don‘t have valuable data!
- Set fstab: present to add an fstab entry automatically
Collecting those server logs? Ansible has you covered there too!
Collect Server Logs
Log files provide crucial insights into server operations and issues. As a sysadmin, having logs centralized makes monitoring and troubleshooting much easier.
Instead of manually scp-ing logs from different servers, Ansible can handle the log collection for you with just a few simple tasks.
Here‘s an example:
- name: Find all .log files
find:
paths: /var/log/
patterns: ‘*.log‘
register: logs
- name: Fetch logs from servers
fetch:
src: "{{ item.path }}"
dest: /tmp/server_logs/
loop: "{{ logs.files }}"
This uses Ansible‘s find module to locate all .log files in /var/log/. The log file paths get registered to use in the fetch task.
Fetch downloads the files to a local destination, in this case /tmp/server_logs/.
Some tips for collecting logs with Ansible:
- Use patterns to control which files get collected
- Create a dedicated logs directory for easy analysis
- Fetch is agentless – uses scp under the hood
- Set a cron job to have logs fetched automatically!
Managing Software Packages
What‘s a server without any software? Ansible helps automate those mundane package management tasks like installs, upgrades and removals.
Here‘s a simple example for YUM-based systems like CentOS:
- name: Install Apache
yum:
name: httpd
state: latest
- name: Remove old PHP version
yum:
name: php-5.6
state: absent
And the same tasks for apt-based systems like Ubuntu:
- name: Install Apache
apt:
name: apache2
state: latest
- name: Remove old PHP version
apt:
name: php5.6
state: absent
Some best practices when managing software with Ansible:
- use state: latest to upgrade packages
- Run ansible-galaxy to install community modules like MySQL or Nginx
- Set up development environments easily by installing toolchains, compilers, etc.
Now on to managing those user accounts and groups!
Manage Users and Groups
Between developers, operations teams, contractors and more, there‘s always a need for managing what users have access to your servers and what permissions they have.
Ansible provides user and group modules that handle user creation, deletion and management across any number of Linux/Unix servers.
Here‘s an example:
- name: Ensure testuser1 exists
user:
name: testuser1
groups: developers
- name: Remove testuser2
user:
name: testuser2
state: absent
remove: yes
- name: Add appservers group
group:
name: appservers
gid: 5000
This allows me to ensure user accounts and groups are consistent no matter the number of servers.
Some tips for user management in Ansible:
- user module manages local Linux/Unix accounts
- Make sure to handle permission differences between Windows and Linux
- password and ssh_key options help configure auth
- group_id option lets you set the GID
Last but not least – managing those server services with Ansible.
Manage Services
If a server‘s services like sshd, DNS, database processes aren‘t running properly, you‘re going to have issues. Ansible makes starting, stopping and restarting these services a breeze.
Here‘s a simple playbook:
- name: Restart sshd
service:
name: sshd
state: restarted
- name: Stop DNS temporarily
service:
name: named
state: stopped
- name: Start MySQL
service:
name: mysqld
state: started
enabled: yes
This allows me to manage service state consistently across all servers from one playbook.
Some useful tips:
- enabled: yes ensures a service starts at boot
- Check for different service names like ssh vs sshd
- Use ansible facts like ansible_service_mgr to handle system differences behind the scenes
I hope these 7 examples give you a glimpse into how Ansible can transform your life as a sysadmin! Automating previously manual tasks allows us to focus on more interesting work that actually requires human insight.
To take your Ansible skills to the next level, be sure to check out:
- Roles: Reusable playbook components
- Templates: Customize files and configurations
- Variables: Store data to reference across tasks
- When statements: Only run certain tasks based on conditions
Thanks for reading and happy automating! Let me know if you have any other mundane sysadmin tasks I should be automating with Ansible.