English English French French Spanish Spanish German German
Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Share on:

How to Install and Configure Ansible on Ubuntu?

ansible
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Getting started with Ansible on Ubuntu for better environment provisioning and configuration management.

Configuration Management is a crucial stage in DevOps lifecycle. It helps in the automation and orchestration of the IT infrastructure.

There are several tools for configuration management, for example, Puppet, Ansible, Chef, and SaltStack. And, of course, Ansible is one of the most popular tools in DevOps. It can manage thousands of servers and your complete IT infrastructure with ease.

Install and Configure Ansible on Ubuntu

We will cover the following in this article.

  • Ansible installation
  • SSH key exchange
  • Ansible client setup
  • Ansible testing

Ansible Installation

YouTube video

To keep it simple, let’s try using Ansible on two servers. One will be ansible-server and another one ansible-client with the following IP.

  • ansible-server – 10.0.0.1
  • ansible-client – 10.0.0.25

Installation is straightforward…the following needs to be done on all the servers where you want to use Ansible. In this case, on above both servers.

  • Run the below command to install the necessary software required for installing ansible.
root@ansible-server:~# apt install software-properties-common
  • Install the repository with ansible package.
root@ansible-server:~# apt-add-repository --yes --update ppa:ansible/ansible
  • Update the advanced packaging tool (apt)
root@ansible-server:~# apt update
  • And, finally – run the command below to install
root@ansible-server:~# apt install ansible

It will take few seconds to install the necessary package.

How do you ensure its installed and its version?

Well, it is easy. You can use --version syntax with ansible to find out like below.

root@ansible-server:~# ansible --version
ansible 2.8.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15+ (default, Nov 27 2018, 23:36:35) [GCC 7.3.0]
root@ansible-server:~#

As you can see, Ansible 2.8.1 is installed and it provides the necessary information such as configuration file location, python module.

Next, we need to do SSH key exchange so serve and a client can talk to each other.

SSH Key Exchange

Ansible connects to its client through SSH (Secure shell).

We will first generate a public key on the ansible-server, which needs to be copied to the ansible-client.

Ensure you are logged in as a root user.

  • Generate the key using ssh-keygen command as shown below
root@ansible-server:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:cDapZBESo+8XcbXupbtILkFrklUSpwa70Y1c7yH5K1A root@ansible-server
The key's randomart image is:
+---[RSA 2048]----+
|    =.+oo .      |
|   . B.B.= .     |
|  . o @oE +      |
|   . *oO * .     |
|    o++.S + .    |
|   .o +o . +     |
|    .o..o +      |
|     ..o o .     |
|       .o o.     |
+----[SHA256]-----+
root@ansible-server:~#

As you would have noticed, it has generated a public key in the .ssh folder. The complete path is /root/.ssh/id_rsa.pub

Note: ensure the private and public key files are not world readable. You can list the files to verify them.

  • Go to the .ssh folder
cd /root/.ssh
  • List the files
root@ubuntu:~# ls -l 
-rw------- 1 root root 1679 Jun 19 00:37 id_rsa 
-rw------- 1 root root 404 Jun 19 00:37 id_rsa.pub

If you notice permission is wrong, then you may change it by using chmod command

Ex:

chmod 400 id_rsa
chmod 400 id_rsa.pub

Let’s copy the public key to Ansible host which IP address is 192.168.56.101

root@ansible-server:~/.ssh# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.25
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.25 (10.0.0.25)' can't be established.
ECDSA key fingerprint is SHA256:eXduPrfV0mhxUcpsZWg+0oXDim7bHb90caA/Rt79cIs.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.25's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.0.25'"
and check to make sure that only the key(s) you wanted were added.

root@ansible-server:~/.ssh#

You can see in the output above, 1 key has been added successfully. This indicates that the SSH key is exchanged.

Next, we will setup an Ansible client.

Ansible Client Setup

I assume you have already followed the Ansible installation steps on the client server as explained in previous steps.

Client or Host setup is nothing but making the Ansible server aware of the clients. And, to do so:

  • Login to Ansible server
  • Go to /etc/ansible
  • Add the following in hosts file by using your favorite editor
[Client] 
node1 ansible_ssh_host=10.0.0.25
  • Save the hosts file

Ansible Test

If you have followed all the steps correctly, you will get a SUCCESS message when you run the below command on the ansible-server.

root@ansible-server:~/.ssh# ansible -m ping Client
node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    }, 
    "changed": false, 
    "ping": "pong"
}
root@ansible-server:~/.ssh#

Thea above pings to the client to test the connectivity and confirm if good or not.

Conclusion

I hope this gives you an idea to get it started with installation and playing around. Stay tuned for more Ansible tutorials or also check out this Udemy Mastering Ansible course.

Thanks to our Sponsors
More great readings on DevOps
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder