How to configure cronjobs to hundreds of servers in minutes using Ansible!
Automating tasks like cronjob configuration is a lifesaver! not only because it can save you time for other tasks but also because it can…
Automating tasks like cronjob configuration is a lifesaver! not only because it can save you time for other tasks but also because it can minimize errors coming from manual, tedious, and error-prone tasks! Ansible can help us to automate cronjobs easily and consistently; let’s see how!
Installing Ansible
Ansible can be installed in Linux and MacOS; Ansible is a Python application and can be easily installed with the pip command.
$ sudo pip3 install ansibleIf this does not work, you can consult the official ansible webpage.
Installing Ansible — Ansible Documentation
Configuring the inventory
Ansible automates tasks on managed nodes or “hosts” in your infrastructure, using a list or group of lists known as inventory. You can pass host names at the command line, but most Ansible users create inventory files. Your inventory defines the managed nodes you automate, with groups so you can run automation tasks on multiple hosts at the same time. Once your inventory is defined, you use patterns to select the hosts or groups you want Ansible to run against.
You can create your inventory file in one of many formats, depending on the inventory plugins you have. The most common formats are INI and YAML. A basic INI /etc/ansible/hosts might look like this:
mail.example.com
[webservers]
foo.example.com
bar.example.com
[dbservers]
one.example.com
two.example.com
three.example.comIf you have a lot of hosts with a similar pattern, you can add them as a range rather than listing each hostname separately:
[webservers]
www[01:50].example.comIf you need more info on how to build your inventory, you can have a look at the official ansible website
How to build your inventory — Ansible Documentation
Check if we can connect to the hosts
Let’s try to execute an ad-hoc command as a regular user, an ad-hoc command is executed using the -a parameter.
ansible -a "/usr/bin/whoami" webservers
foo.example.com | CHANGED | rc=0 >>
kpatronas
bar.example.com | CHANGED | rc=0 >>
kpatronasthe whoami command prints kpatronas, my username, in your case should print yours.
Now, let’s run the same command as the root user.
$ ansible -u root --ask-pass -a "/usr/bin/whoami" webservers
SSH password:
foo.example.com | CHANGED | rc=0 >>
root
bar.example.com | CHANGED | rc=0 >>
rootA prompt asking the root password will popup, You can find more info here if needed.
Understanding privilege escalation: become — Ansible Documentation
Create the Add-Cronjob task
Save the following playbook as add_cron.yml; this playbook uses the cron module. It creates a cronjob with name “check dirs” and will be configured in all servers of the webservers group under user root.
---
- hosts: webservers
tasks:
- name: Create cronjob for bouncing webservers
ansible.builtin.cron:
disabled: no
name: "check dirs"
minute: "0"
month: "1"
hour: "5,2"
job: "ls -alh > /dev/null"To execute the playbook, run:
$ ansible-playbook ./add_cronjob.yml -u root --ask-pass
SSH password:Enter the SSH password of the root user, it will produce output indicating that ansible connected and made changes to the servers of the webserver group
PLAY [webservers] *************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************
ok: [foo.example.com]
ok: [bar.example.com]
TASK [Create cronjob for bouncing webservers] *****************************************************************************************************changed: [grvpsapp23]
changed: [foo.example.com]
changed: [bar.example.com]
PLAY RECAP *******************************************************************************************************************************************
foo.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
bar.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0If we log in as root to one of the hosts that ansible added the cronjob, we can verify that it exists! There is a comment that serves as the name of the cronjob used for documentation and also by ansible to perform tasks.
#Ansible: check dirs
0 5,2 * 1 * ls -alh > /dev/nullThe task was completed in less than a few seconds, a significant improvement vs. any manual action.
Create the Del-Cronjob task
To delete the cronjobs, create file del-cronjob.yml with the following content:
---
- hosts: webservers
tasks:
- name: Delete cronjob for bouncing webservers
ansible.builtin.cron:
name: "check dirs"
state: absentExecuting this will produce the following output
PLAY [webservers] *************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************
ok: [foo.example.com]
ok: [bar.example.com]
TASK [Delete cronjob for bouncing webservers] *****************************************************************************************************
changed: [foo.example.com]
changed: [bar.example.com]
PLAY RECAP *******************************************************************************************************************************************
foo.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
bar.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0If we check the crontabs of root on those servers, we can verify that the cronjob with the name “check dirs” has been removed
Conclusion
You just learned how powerful that ansible is! you learned how to add or remove cronjobs and save time and errors! did you find the article helpful? will you use ansible to your tasks?
