Ansible is Configuration Management (CM) tool, CM is a process for maintaining computer systems, servers, and softwares automatically.
Prerequisites
You may need to install sshpass and ansible on your system.
Linux (Debian, Ubuntu, Mint)
1
sudo apt install ansible sshpass
MacOSx (don’t forget to install Homebrew if you don’t have one)
1
2
brew install esolitos/ipa/sshpass # OR, brew install http://git.io/sshpass.rb
brew install ansible
Windows (don’t forget to install Chocolatey if you don’t have one)
1
2
# click here to install for sshpass https://stackoverflow.com/a/43068475/9045405
choco install ansible
Now lets understand how Ansible works
| Ansible Variables | |
|---|---|
| Ansible Node | ansible_nodename |
| FQDN | ansible_fqdn |
| IP Address | ansible_eth0.ipv4.address |
| Distribution |
ansible_distribution, ansible_distribution_release, ansible_distribution_version
|
| Kernel | ansible_kernel |
| Python Version | ansible_python_version |
| CPUs | ansible_processor_vcpus |
| Memory | ansible_memtotal_mb |
| Virtualization | ansible_virtualization_type |
| user | ansible_env.SUDO_USER |
| uid | ansible_env.SUDO_UID |
| gid | ansible_env.SUDO_GID |
| home | ansible_env.HOME |
| pwd | ansible_env.PWD |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# Take a backup first before doing anything in `ansible.cfg` file or you can download a new one
sudo curl \
-L \
-o /etc/ansible/ansible.cfg \
https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg
# if you want to enable host_key_checking,
# then run following commands to uncomment it.
sudo sed -i.bak \
's/#host_key_checking/host_key_checking/g' \
/etc/ansible/ansible.cfg \
&& grep host_key_checking /etc/ansible/ansible.cfg
# if you want to login ssh via password,
# then login first with root and
# then run following commands to enable it
# if MacOS then use, -i ''
sed -i \
's/PasswordAuthentication no/PasswordAuthentication yes/g' \
/etc/ssh/sshd_config \
&& systemctl restart sshd
# remove host key from known_hosts file to
# avoid errors while running ansible-playbook
# if MacOS then use, -i ''
sed -i "/^192\.168\.*\.*/d" ~/.ssh/known_hosts
Ansible Inventory
It defines the hosts and groups which operates by ansible-playbook and ad-hoc commands.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
cat <<EOF > /etc/ansible/hosts
[webservers]
webserver1 ansible_host=192.168.x.x ansible_user=USERNAME
example.com ansible_user=USERNAME
# .....
[dbservers]
dbserver1 ansible_host=192.168.x.x ansible_user=USERNAME
# .....
# Connection variables to support servers
[all:vars]
ansible_connection=ssh
ansible_ssh_extra_args='-o StrictHostKeyChecking=no -o IdentitiesOnly=yes'
ansible_python_interpreter=/usr/bin/python3
# ansible_ssh_pass=USERNAME
# ansible_sudo_pass=USERNAME
EOF
Ansible Playbook
It contain steps or tasks which you can execute on a remote machine.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# create a playbook called filename.yml
cat <<EOF > filename.yml
- hosts: all
remote_user: <USERNAME>
become: true
become_method: sudo
become_user: root
tasks:
- name: Ping me
ping:
tags:
- ping-me
- name: make a dir
shell: mkdir -p $HOME/test
tags:
- make-a-dir
EOF
# execute with private key, no password needed
ansible-playbook -l <SERVER_NAME> -u <USERNAME> filename.yml --private-key <.ssh/id_rsa>
# execute with password, no ssh key needed
ansible-playbook -l server1 -u <USERNAME> -k filename.yml
# execute with envrionment variables
ansible-playbook -l server2 -u <USERNAME> -k filename.yml -e <key>=<value>
# execute only specific tag
ansible-playbook -l all -u <USERNAME> -k filename.yml --tags 'tag-name,'
# ask password before execute
ansible-playbook -l all -u <USERNAME> -k filename.yml --ask-vault-pass
# get the password from passwdfile.txt before execute
ansible-playbook -l all -u <USERNAME> -k filename.yml --vault-password-file passwdfile.txt
Ad-Hoc Commands
Instead of writing ansible-playbook, you can use ad-hoc commands. They are quick, easy, but not reusable.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# execute with private key, no password needed
ansible <SERVER_NAME> -u <USERNAME> -i <HOSTS_FILE> -m <MODULE> -a <ARGUMENTS> --private-key <.ssh/id_rsa>
# execute with password, no ssh key needed
ansible <SERVER_NAME> -u <USERNAME> -k -m ping
# check date and time
ansible <SERVER_NAME> -u <USERNAME> -k -a 'uptime'
# run any command within the VM
ansible <SERVER_NAME> -u <USERNAME> -k -m shell/command -a 'any-linux-command'
# check status within the VM
ansible <SERVER_NAME> -u <USERNAME> -k -m shell/command -a '/sbin/service sshd status'
# start sshd within the VM
ansible <SERVER_NAME> -u <USERNAME> -k -m service -a 'name=sshd state=started'
# install pkg if redhat family
ansible <SERVER_NAME> -u <USERNAME> -k -m yum -a 'name=wget state=present/absent'
# install pkg if deb family
ansible <SERVER_NAME> -u <USERNAME> -k -m apt -a 'name=sysstat state=latest' --become
# copy a file from local to remote
ansible <SERVER_NAME> -u <USERNAME> -k -m copy -a 'src=filename.txt dest=/home/$USER/filename.txt'
# remove a file from remote
ansible <SERVER_NAME> -u <USERNAME> -k -m file -a 'dest=/root/filename.txt state=absent'
# copy a file from remote to local
ansible <SERVER_NAME> -u <USERNAME> -k -m fetch -a 'src=remote_machine.txt dest=host_machine.txt'
# create a user in remote
ansible <SERVER_NAME> -u <USERNAME> -k -m user -a 'name=redhat password=redhat'
Ansible Vault
Your ansible-playbook can be password encrypted or decrypted.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# encrypt a file
ansible-vault encrypt filename.yml
# decrypt a file
ansible-vault decrypt filename.yml
# to regenerate an ecrypted file
ansible-vault rekey filename.yml
# to view an ecrypted file
ansible-vault view filename.yml
# to edit an ecrypted file
ansible-vault edit filename.yml
# encrypt your string
ansible-vault encrypt_string <ANY_ANYTHING>
Ansible Roles
A role is a complete unit of automation that can be reused and shared. When you create a role, the default directory structure contains variables, tasks, files, templates, and modules.
Ansible Galaxy
It helps you to generate/create Ansible Roles. https://galaxy.ansible.com is a website where you can host/share your own role(s)._
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# create Ansible Roles or package
ansible-galaxy init <PROJECT_NAME>
# search a role
ansible-galaxy search <ROLE_NAME> --author <AUTHOR_NAME>
# install a role
ansible-galaxy install <AUTHOR_NAME>.<ROLE_NAME>
# get infromation about the role
ansible-galaxy info <AUTHOR_NAME>.<ROLE_NAME>
# Installed roles will be found here
ls -la /etc/ansible/roles
