Install Ansible, set up passwordless Authentication, and run your first yaml playbook

what is Ansible?

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications— automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.

Update the package index and install dependencies by running the following command

sudo apt update
sudo apt install software-properties-common

Add the Ansible repository by running the following command:

sudo apt-add-repository --yes --update ppa:ansible/ansible

Install Ansible by running the following command:

sudo apt install ansible

Verify that Ansible is installed by checking its version with the following command

ansible --version

Ansible configuration file location

Connection with Nodes

There are different ways you can ssh to node and automate your stuff,

some of the ways are

  1. Password-based authentication

  2. Public key authentication

  3. Inventory based

For this demo, I am using Public key authentication

The public key authentication method uses a public key and a private key to authenticate a user. The public key is shared with the server and the private key is kept by the user. This method is more secure than password-based authentication as it is less susceptible to brute-force attacks

I have two VM running in my environment I have set the hostname with Ansible and the node

For setting the hostname run the below commands

# On ansible server
sudo hostnamectl set-hostname ansible

#ON node
sudo hostnamectl set-hostname node

After running the above commands login again to hostname to take effect

Let's also create a new sudo user on the node and set up key-based authentication between the node and Ansible

adding your public key to a remote server's authorized_keys file

Now try to log in to the remote node from the Ansible server it will not ask for a password because it is taking your private key as default you created earlier

So far what we have done

  1. Install Ansible

  2. Set up key base authentication between node and ansible

Now let's learn some essential concepts before running our first Ansible ad-hoc command or playbook (we will look at what is an ad-hoc command, or playbook)

  1. Inventory: A list of hosts or groups of hosts that Ansible manages.

  2. Playbook: A YAML file that defines a set of tasks to be executed on one or more hosts.

  3. An ad hoc command in Ansible is a one-time command run from the command line interface that executes a single Ansible module on one or more hosts.

Create an inventory by adding the IP address

The location of the file could be anywhere we will begin with the host file which in created by Ansible at the time of installation

let's add a group of our node (in my case only a single node) to host where we will automate tasks from our ansible server the architecture would be like this

let's ping this by running

# this will ping all the IP address listed in /etc/ansible/hosts in group mynode
ansible mynode -m ping

Using ad-hoc commands

let's create a file on a group of hosts inside mynodeusing an Ansible ad-hoc command, you can use the ansible command with the shell module and the echo command to write the contents of the file. Here's an example

ansible mynode  -m shell -a "echo 'This is a test file' > /home/usama/test-file.txt"

TIPS: How Ansible know our host or IP address of the node group? you can say it will take from /etc/ansible/hosts , but ansible looks in this order

when Ansible is run, it first looks for its configuration file, ansible.cfg, which can be found in several locations. The order of priority for the ansible.cfg file is as follows:

  1. The ANSIBLE_CONFIG environment variable specifies the path to the configuration file.

  2. The current directory.

  3. The user's home directory, either in ~/.ansible.cfg or ~/.ansible/config.

  4. The /etc/ansible/ directory.

The ansible.cfg file contains configuration settings for Ansible, and it uses a simple key-value format. Here's an example of what the file might look like

[defaults]
inventory = /etc/ansible/hosts
remote_user = myuser
private_key_file = ~/.ssh/id_rsa
host_key_checking = False

[privilige_escalation]
become=true
become_method=sudo
become_user=root
become_ask_password=False

Let's install MariaDB server in our VM and see

---
- name: Install MariaDB Server
  hosts: mynode
  become: true

  tasks:
    - name: Install MariaDB Server packages
      apt:
        name:
          - mariadb-server
          - mariadb-client
        state: present

And it's okay if you are following along because this usama user does have sudo access but it will ask for a password when running the sudo command we could add this line to our remote node

usama ALL=(ALL) NOPASSWD: ALL

but the better approach would be to create a new user in all nodes and give it sudo access and also allow running sudo command by asking for a password

Let's quciklly create a user in node and assign a password and allow sudo command without a password, then try to ssh from ansible to this user ):-

 sudo useradd -m ansible_user -s /bin/bash
 echo 'ansible_user:password' | sudo chpasswd
 sudo usermod -aG sudo ansible_user
echo "ansible_user ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ansible_useransible_user ALL=(ALL) NOPASSWD:ALL

let's quickly switch to new use and run sudo command it will not ask for password

sudo su - ansible_user
sudo  apt updat

finally, the last thing is to copy the public key from ansible to the node from this user

one more last thing is to modify the playbook to use this new ansible_user

the update yaml file should be

---
- name: Install MariaDB Server
  hosts: mynode
  become: true
  remote_user: ansible_user
  tasks:
    - name: Install MariaDB Server packages
      apt:
        name:
          - mariadb-server
          - mariadb-client
        state: present

now run playbook again

ansible-playbook install-mariadb.yaml

lets verify from node

modify the script to install Appache2

- name: Install MariaDB Server and Apache
  hosts: mynode
  become: true
  remote_user: ansible_user
  tasks:
    - name: Install MariaDB Server packages
      apt:
        name:
          - mariadb-server
          - mariadb-client
        state: present

    - name: Install Apache packages
      apt:
        name:
          - apache2
        state: present

That's it, now you can try setting up complete LAMP stack by using ansible .

Did you find this article valuable?

Support Muhammad Usama by becoming a sponsor. Any amount is appreciated!