Ansible can be used to manage various kinds of Server operating systems – among them Solaris 11.
Managing Solaris 11 servers via Ansible from my Fedora machine is actually less exciting than previously thought. Since the amount of blog articles covering that is limited I thought it might be a nice challenge.
However, the opposite is the case: it just works. On a fresh Solaris installation, out of the box. There is not even need for additional configuration or additional software. Of course, ssh access must be available – but the same is true on Linux machines as well. It’s almost boring 😉
Here is an example to install and remove software on Solaris 11, using the new package system IPS which was introduced in Solaris 11:
$ ansible solaris -s -m pkg5 -a "name=web/server/apache-24" $ ansible solaris -s -m pkg5 -a "state=absent name=/text/patchutils"
While Ansible uses a special module, pkg5, to manage Solaris packages, service managing is even easier because the usual service module is used for Linux as well as Solaris machines:
$ ansible solaris -s -m service -a "name=apache24 state=started" $ ansible solaris -s -m service -a "name=apache24 state=stopped"
So far so good – of course things get really interesting if playbooks can perform tasks on Solaris and Linux machines at the same time. For example, imagine Apache needs to be deployed and started on Linux as well as on Solaris. Here conditions come in handy:
--- - name: install and start Apache hosts: clients vars_files: - "vars/{{ ansible_os_family }}.yml" sudo: yes tasks: - name: install Apache on Solaris pkg5: name=web/server/apache-24 when: ansible_os_family == "Solaris" - name: install Apache on RHEL yum: name=httpd when: ansible_os_family == "RedHat" - name: start Apache service: name={{ apache }} state=started
Since the service name is not the same on different operating systems (or even different Linux distributions) the service name is a variable defined in a family specific Yaml file.
It’s also interesting to note that the same Ansible module works different on the different operating systems: when a service is ordered to be stopped, but is not even available because the corresponding package and thus service definition is not even installed, the return code on Linux is OK, while on Solaris an error is returned:
TASK: [stop Apache on Solaris] ************************************************ failed: [argon] => {"failed": true} msg: svcs: Pattern 'apache24' doesn't match any instances FATAL: all hosts have already failed -- aborting
It would be nice to catch the error, however as far as I know error handling in Ansible can only specify when to fail, and not which messages/errors should be ignored.
But besides this problem managing Solaris via Ansible works smoothly for me. And it even works on Ansible Tower, of course:
I haven’t tried to install Ansible on Solaris itself, but since packages are available that shouldn’t be much of an issue.
So in case you have a mixed environment including Solaris and Linux machines (Red Hat, Fedora, Ubuntu, Debian, Suse, you name it) I can only recommend to start using Ansible as soon as you possible. It simply works and can ease the pain of day to day tasks substantially.
In 2.0 you get the `package` module which will execute the underlying package manager for each OS/Distro, as detected by fact gathering and set in ansible_pkg_mgr var.
As with service, the name is still OS/distro dependent so you still need to deal with that yourself.
But I can’t penetrate it with my user-id using ansible-playbook/tower on solaris 11. I know it execute with your sudo-no-password but can you allow solaris to have no sudo-password, also allowing root remote connection is a big risk. Do installing ansible-client works?
The user management of Solaris is very similar to the user management on Linux machines or other UNIX systems. So yes, you can create a file in /etc/sudoers.d/ setting the appropriate sudo-no-passwd rights.
And yes, allowing root remote connections is a big risk. Use a normal user with limited privileges, and configure sudo appropriately.
Never mind, I was able to allow no sudo password on solaris 11.3,
40 cp /etc/sudoers.d/svc-system-config-user /etc/sudoers.d/svc-system-config-user.bak
41 vi /etc/sudoers.d/svc-system-config-user
42 ls -la /etc/sudoers.d/svc-system-config-user
43 chmod 740 /etc/sudoers.d/svc-system-config-user
44 ls -la /etc/sudoers.d/svc-system-config-user
45 vi /etc/sudoers.d/svc-system-config-user
I’m glad to hear that it works for you. Do you mind sharing the content of the file /etc/sudoers.d/svc-system-config-user to show what you actually configured?
There are Ansible IPS packages available for x86 Solaris 11.3, OpenIndiana and OmniOSce from the SFE project on https://sfe.opencsw.org.