• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • Getting started with Ansible on Ubuntu for better environment provisioning and configuration management.

    Configuration Management is a crucial stage in DevOps lifecycle. It helps in automation and orchestration of the IT infrastructure.

    There are several tools for configuration management, for example, Puppet, Ansible, Chef, SaltStack. And, of course, Ansible which is one of the most popular tools currently in DevOps. It can manage 1000’s of servers and your complete IT infrastructure with ease.

    We will cover the following in this article.

    • Ansible installation
    • SSH key exchange
    • Ansible client setup
    • Ansible testing

    If you are absolute beginner then check out this Ansible introduction post.

    Ansible Installation

    To keep it simple, let’s try using Ansible on two servers. One will be ansible-server and another one ansible-client with the following IP.

    • ansible-server – 10.0.0.1
    • ansible-client – 10.0.0.25

    Installation is straightforward…the following needs to be done on all the servers where you want to use Ansible. In this case, on above both servers.

    • Run the below command to install the necessary software required for installing ansible.
    [email protected]:~# apt install software-properties-common
    • Install the repository with ansible package.
    [email protected]:~# apt-add-repository --yes --update ppa:ansible/ansible
    • Update the advanced packaging tool (apt)
    [email protected]:~# apt update
    • And, finally – run the command below to install
    [email protected]:~# apt install ansible

    It will take few seconds to install the necessary package.

    How do you ensure its installed and its version?

    Well, it is easy. You can use --version syntax with ansible to find out like below.

    [email protected]:~# ansible --version
    ansible 2.8.1
      config file = /etc/ansible/ansible.cfg
      configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/lib/python2.7/dist-packages/ansible
      executable location = /usr/bin/ansible
      python version = 2.7.15+ (default, Nov 27 2018, 23:36:35) [GCC 7.3.0]
    [email protected]:~#

    As you can see, Ansible 2.8.1 is installed and it provides the necessary information such as configuration file location, python module.

    Next, we need to do SSH key exchange so serve and a client can talk to each other.

    SSH Key Exchange

    Ansible connects to its client through SSH (Secure shell).

    We will first generate a public key on the ansible-server, which needs to be copied to the ansible-client.

    Ensure you are logged in as a root user.

    • Generate the key using ssh-keygen command as shown below
    [email protected]:~# ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:cDapZBESo+8XcbXupbtILkFrklUSpwa70Y1c7yH5K1A [email protected]
    The key's randomart image is:
    +---[RSA 2048]----+
    |    =.+oo .      |
    |   . B.B.= .     |
    |  . o @oE +      |
    |   . *oO * .     |
    |    o++.S + .    |
    |   .o +o . +     |
    |    .o..o +      |
    |     ..o o .     |
    |       .o o.     |
    +----[SHA256]-----+
    [email protected]:~#

    As you would have noticed, it has generated a public key in the .ssh folder. The complete path is /root/.ssh/id_rsa.pub

    Note: ensure the private and public key files are not world readable. You can list the files to verify them.

    • Go to the .ssh folder
    cd /root/.ssh
    • List the files
    [email protected]:~# ls -l 
    -rw------- 1 root root 1679 Jun 19 00:37 id_rsa 
    -rw------- 1 root root 404 Jun 19 00:37 id_rsa.pub

    If you notice permission is wrong, then you may change it by using chmod command

    Ex:

    chmod 400 id_rsa
    chmod 400 id_rsa.pub

    Let’s copy the public key to Ansible host which IP address is 192.168.56.101

    [email protected]:~/.ssh# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    The authenticity of host '10.0.0.25 (10.0.0.25)' can't be established.
    ECDSA key fingerprint is SHA256:eXduPrfV0mhxUcpsZWg+0oXDim7bHb90caA/Rt79cIs.
    Are you sure you want to continue connecting (yes/no)? yes
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    [email protected]'s password: 
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '[email protected]'"
    and check to make sure that only the key(s) you wanted were added.
    
    [email protected]:~/.ssh#

    You can see in the output above, 1 key has been added successfully. This indicates that the SSH key is exchanged.

    Next, we will setup an Ansible client.

    Ansible Client Setup

    I assume you have already followed the Ansible installation steps on the client server as explained in previous steps.

    Client or Host setup is nothing but making the Ansible server aware of the clients. And, to do so:

    • Login to Ansible server
    • Go to /etc/ansible
    • Add the following in hosts file by using your favorite editor
    [Client] 
    node1 ansible_ssh_host=10.0.0.25
    • Save the hosts file

    Ansible Test

    If you have followed all the steps correctly, you will get a SUCCESS message when you run the below command on the ansible-server.

    [email protected]:~/.ssh# ansible -m ping Client
    node1 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python3"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    [email protected]:~/.ssh#

    Thea above pings to the client to test the connectivity and confirm if good or not.

    Conclusion

    I hope this gives you an idea to get it started with installation and playing around. Stay tuned for more Ansible tutorials or also check out this Udemy Mastering Ansible course.