what is Ansible?
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications— automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.
Update the package index and install dependencies by running the following command
sudo apt update sudo apt install software-properties-common
Add the Ansible repository by running the following command:
sudo apt-add-repository --yes --update ppa:ansible/ansible
Install Ansible by running the following command:
sudo apt install ansible
Verify that Ansible is installed by checking its version with the following command
Ansible configuration file location
Connection with Nodes
There are different ways you can ssh to node and automate your stuff,
some of the ways are
Public key authentication
For this demo, I am using Public key authentication
The public key authentication method uses a public key and a private key to authenticate a user. The public key is shared with the server and the private key is kept by the user. This method is more secure than password-based authentication as it is less susceptible to brute-force attacks
I have two VM running in my environment I have set the hostname with Ansible and the node
For setting the hostname run the below commands
# On ansible server sudo hostnamectl set-hostname ansible #ON node sudo hostnamectl set-hostname node
After running the above commands login again to hostname to take effect
Let's also create a new sudo user on the node and set up key-based authentication between the node and Ansible
adding your public key to a remote server's
Now try to log in to the remote node from the Ansible server it will not ask for a password because it is taking your private key as default you created earlier
So far what we have done
Set up key base authentication between node and ansible
Now let's learn some essential concepts before running our first Ansible ad-hoc command or playbook (we will look at what is an ad-hoc command, or playbook)
Inventory: A list of hosts or groups of hosts that Ansible manages.
Playbook: A YAML file that defines a set of tasks to be executed on one or more hosts.
An ad hoc command in Ansible is a one-time command run from the command line interface that executes a single Ansible module on one or more hosts.
Create an inventory by adding the IP address
The location of the file could be anywhere we will begin with the host file which in created by Ansible at the time of installation
let's add a group of our node (in my case only a single node) to host where we will automate tasks from our ansible server the architecture would be like this
let's ping this by running
# this will ping all the IP address listed in /etc/ansible/hosts in group mynode ansible mynode -m ping
Using ad-hoc commands
let's create a file on a group of hosts inside
mynodeusing an Ansible ad-hoc command, you can use the
ansible command with the
shell module and the
echo command to write the contents of the file. Here's an example
ansible mynode -m shell -a "echo 'This is a test file' > /home/usama/test-file.txt"
TIPS: How Ansible know our host or IP address of the node group? you can say it will take from
/etc/ansible/hosts , but ansible looks in this order
when Ansible is run, it first looks for its configuration file,
ansible.cfg, which can be found in several locations. The order of priority for the
ansible.cfg file is as follows:
The ANSIBLE_CONFIG environment variable specifies the path to the configuration file.
The current directory.
The user's home directory, either in
~/.ansible.cfg or ~/.ansible/config.
The /etc/ansible/ directory.
ansible.cfg file contains configuration settings for Ansible, and it uses a simple key-value format. Here's an example of what the file might look like
[defaults] inventory = /etc/ansible/hosts remote_user = myuser private_key_file = ~/.ssh/id_rsa host_key_checking = False [privilige_escalation] become=true become_method=sudo become_user=root become_ask_password=False
Let's install MariaDB server in our VM and see
- name: Install MariaDB Server hosts: mynode become: true tasks: - name: Install MariaDB Server packages apt: name: - mariadb-server - mariadb-client state: present
And it's okay if you are following along because this usama user does have sudo access but it will ask for a password when running the sudo command we could add this line to our remote node
usama ALL=(ALL) NOPASSWD: ALL
but the better approach would be to create a new user in all nodes and give it sudo access and also allow running sudo command by asking for a password
Let's quciklly create a user in node and assign a password and allow sudo command without a password, then try to ssh from ansible to this user ):-
sudo useradd -m ansible_user -s /bin/bash echo 'ansible_user:password' | sudo chpasswd sudo usermod -aG sudo ansible_user echo "ansible_user ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ansible_useransible_user ALL=(ALL) NOPASSWD:ALL
let's quickly switch to new use and run sudo command it will not ask for password
sudo su - ansible_user sudo apt updat
finally, the last thing is to copy the public key from ansible to the node from this user
one more last thing is to modify the playbook to use this new ansible_user
the update yaml file should be
- name: Install MariaDB Server hosts: mynode become: true remote_user: ansible_user tasks: - name: Install MariaDB Server packages apt: name: - mariadb-server - mariadb-client state: present
now run playbook again
lets verify from node
modify the script to install Appache2
- name: Install MariaDB Server and Apache hosts: mynode become: true remote_user: ansible_user tasks: - name: Install MariaDB Server packages apt: name: - mariadb-server - mariadb-client state: present - name: Install Apache packages apt: name: - apache2 state: present
That's it, now you can try setting up complete LAMP stack by using ansible .