Install Ansible, set up passwordless Authentication, and run your first yaml playbook
what is Ansible?
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications— automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.
Update the package index and install dependencies by running the following command
sudo apt update
sudo apt install software-properties-common
Add the Ansible repository by running the following command:
sudo apt-add-repository --yes --update ppa:ansible/ansible
Install Ansible by running the following command:
sudo apt install ansible
Verify that Ansible is installed by checking its version with the following command
ansible --version
Ansible configuration file location
Connection with Nodes
There are different ways you can ssh to node and automate your stuff,
some of the ways are
Password-based authentication
Public key authentication
Inventory based
For this demo, I am using Public key authentication
The public key authentication method uses a public key and a private key to authenticate a user. The public key is shared with the server and the private key is kept by the user. This method is more secure than password-based authentication as it is less susceptible to brute-force attacks
I have two VM running in my environment I have set the hostname with Ansible and the node
For setting the hostname run the below commands
# On ansible server
sudo hostnamectl set-hostname ansible
#ON node
sudo hostnamectl set-hostname node
After running the above commands login again to hostname to take effect
Let's also create a new sudo user on the node and set up key-based authentication between the node and Ansible
adding your public key to a remote server's authorized_keys
file
Now try to log in to the remote node from the Ansible server it will not ask for a password because it is taking your private key as default you created earlier
So far what we have done
Install Ansible
Set up key base authentication between node and ansible
Now let's learn some essential concepts before running our first Ansible ad-hoc command or playbook (we will look at what is an ad-hoc command, or playbook)
Inventory: A list of hosts or groups of hosts that Ansible manages.
Playbook: A YAML file that defines a set of tasks to be executed on one or more hosts.
An ad hoc command in Ansible is a one-time command run from the command line interface that executes a single Ansible module on one or more hosts.
Create an inventory by adding the IP address
The location of the file could be anywhere we will begin with the host file which in created by Ansible at the time of installation
let's add a group of our node (in my case only a single node) to host where we will automate tasks from our ansible server the architecture would be like this
let's ping this by running
# this will ping all the IP address listed in /etc/ansible/hosts in group mynode
ansible mynode -m ping
Using ad-hoc commands
let's create a file on a group of hosts inside mynode
using an Ansible ad-hoc command, you can use the ansible
command with the shell
module and the echo
command to write the contents of the file. Here's an example
ansible mynode -m shell -a "echo 'This is a test file' > /home/usama/test-file.txt"
TIPS: How Ansible know our host or IP address of the node group? you can say it will take from /etc/ansible/hosts
, but ansible looks in this order
when Ansible is run, it first looks for its configuration file, ansible.cfg
, which can be found in several locations. The order of priority for the ansible.cfg
file is as follows:
The ANSIBLE_CONFIG environment variable specifies the path to the configuration file.
The current directory.
The user's home directory, either in
~/.ansible.cfg or ~/.ansible/config.
The /etc/ansible/ directory.
The ansible.cfg
file contains configuration settings for Ansible, and it uses a simple key-value format. Here's an example of what the file might look like
[defaults]
inventory = /etc/ansible/hosts
remote_user = myuser
private_key_file = ~/.ssh/id_rsa
host_key_checking = False
[privilige_escalation]
become=true
become_method=sudo
become_user=root
become_ask_password=False
Let's install MariaDB server in our VM and see
---
- name: Install MariaDB Server
hosts: mynode
become: true
tasks:
- name: Install MariaDB Server packages
apt:
name:
- mariadb-server
- mariadb-client
state: present
And it's okay if you are following along because this usama user does have sudo access but it will ask for a password when running the sudo command we could add this line to our remote node
usama ALL=(ALL) NOPASSWD: ALL
but the better approach would be to create a new user in all nodes and give it sudo access and also allow running sudo command by asking for a password
Let's quciklly create a user in node and assign a password and allow sudo command without a password, then try to ssh from ansible to this user ):-
sudo useradd -m ansible_user -s /bin/bash
echo 'ansible_user:password' | sudo chpasswd
sudo usermod -aG sudo ansible_user
echo "ansible_user ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ansible_useransible_user ALL=(ALL) NOPASSWD:ALL
let's quickly switch to new use and run sudo command it will not ask for password
sudo su - ansible_user
sudo apt updat
finally, the last thing is to copy the public key from ansible to the node from this user
one more last thing is to modify the playbook to use this new ansible_user
the update yaml file should be
---
- name: Install MariaDB Server
hosts: mynode
become: true
remote_user: ansible_user
tasks:
- name: Install MariaDB Server packages
apt:
name:
- mariadb-server
- mariadb-client
state: present
now run playbook again
ansible-playbook install-mariadb.yaml
lets verify from node
modify the script to install Appache2
- name: Install MariaDB Server and Apache
hosts: mynode
become: true
remote_user: ansible_user
tasks:
- name: Install MariaDB Server packages
apt:
name:
- mariadb-server
- mariadb-client
state: present
- name: Install Apache packages
apt:
name:
- apache2
state: present
That's it, now you can try setting up complete LAMP stack by using ansible .