Ansible beginner tutorial

• Author
• Recent Posts

Hitesh Jethva

Hitesh is a technical writer and DevOps engineer with more than 15 years of experience in IT. He focuses on cloud computing, DevOps, Linux, Kubernetes, Docker, security, and databases.

Latest posts by Hitesh Jethva (see all)

• Ansible beginner tutorial - Wed, Nov 15 2023
• Nested Docker containers: Run Docker in a Docker container - Fri, Nov 10 2023
• Docker networking: Connect a Docker container - Fri, Oct 27 2023

Why Ansible?

The main reasons why you should consider using Ansible for automation are as follows:

Agentless architecture: Ansible is agentless, which means that it does not require the installation of software or an agent on the target machine. It uses SSH and WinRM to communicate with remote servers.

Idempotence: Ansible ensures idempotence, which means that performing the same action multiple times should not have any unintended side effects or produce different outcomes.

Declarative language: Ansible uses declarative language (YAML) to create automation tasks. This implies that you've specified the desired end state, and Ansible attempts to determine how it will be achieved.

Module system: Ansible offers many built-in modules that you can use for different tasks, such as installing packages and managing files. If necessary, you may be able to write your own modules.

Integration: Ansible can be integrated with several tools and platforms, such as cloud services, version control systems, and monitoring tools.

Security: Ansible offers security features, such as Ansible Vault, which allows you to store and protect your confidential data, such as passwords or API keys.

Ansible components

Ansible comprises a set of key components that help automate tasks and manage systems. Understanding these components is critical in understanding the functionality of Ansible. The main components of Ansible are as follows:

Control node: The computer system or server where Ansible is installed and from which you manage your infrastructure is called the control node. You can use the control node to define automation tasks, manage your inventory, and execute playbooks.

Managed node: A remote system, server, or device that Ansible can communicate with and manage. These nodes are defined in an Ansible inventory file, which serves as a catalog or list of the managed nodes where Ansible can perform automation tasks.

Inventory: A configuration file containing information about the remote hosts and systems that you want to control and automate.

Playbooks: Written in YAML format, these core components of Ansible describe a series of tasks that Ansible should perform on the managed nodes.

Tasks: Specific actions Ansible performs on target hosts. Tasks are defined within plays in a playbook. Each task specifies which module should be used, how to pass parameters to it, and the optional conditions for when the task is expected to run. Tasks may perform a variety of activities, such as the installation of software, system configuration, and file copying.

Prerequisites

To follow this guide, you will need three machines in the same subnet with Ubuntu installed. The machine that you will use as your Ansible control node should have SSH access to two managed nodes via public authentication. This means that you have a private key installed on your control host, and the corresponding public keys are installed on the managed nodes. If you are unfamiliar with SSH public authentication, read this guide.

Setting up an SSH key pair

Before installing Ansible, we will set up a new dedicated SSH key pair on the Ansible control node for secure, passwordless authentication when connecting to Ansible-managed nodes.

Log in to your Ansible control node, and run the ssh-keygen command to generate a 2048-bit RSA key pair.

ssh-keygen -t rsa -b 2048

This command prompts you to choose a location to save the SSH key pair. By default, keys are saved in ~/.ssh/idrsa (private key) and ~/.ssh/idrsa.pub (public key). You will also be prompted to define a passphrase for your private key. You should leave it blank for passwordless task execution.

Generating an SSH key pair

Next, copy the public key to all managed nodes that you want to manage from the Ansible control node. You can use the ssh-copy-id command to copy your public key to both managed nodes. Replace the username and managed-node-ip with the appropriate values.

ssh-copy-id root@managed-node-ip

Note that this command only works if your user account already has SSH access to the managed node via public key authentication (see prerequisites).

This command will copy your public key to the managed node's ~/.ssh/authorized_keys file and set the correct permissions. When you run this command the first time, SSH checks a database containing identification for all hosts to prevent server spoofing. This message is normal, and it appears when you connect to a new remote host for the first time. Just type Yes and press the Enter key.

Copying the SSH public key to a managed node

Now verify that your SSH key pair is set up correctly, and you can authenticate to the managed node using the key.

ssh ubuntu@managed-node-ip

You should now be able to log in to the remote node without entering a password.

Verifying SSH connectivity

Installing Ansible on Ubuntu

Ansible can be installed on various platforms, including Linux, macOS, and Windows. The installation process may differ depending on the platform. In this guide, our Ansible control host will run Ubuntu.

First, install the software-properties-common package to easily add new APT repositories in Ubuntu-and Debian-based operating systems.

Sudo apt install software-properties-common -y

Next, add the Ansible official repository using the add-apt-repository command.

Sudo add-apt-repository ppa:ansible/ansible

Next, install Ansible using the apt command.

Sudo apt install ansible -y

After installation, you can verify that Ansible is correctly installed by running the following command:

ansible –version

Verifying the Ansible version

Setting up an Ansible inventory file

The Ansible inventory file defines the target hosts, their IP addresses, and any necessary connection details that Ansible will manage.

The default location of the inventory file is /etc/ansible/hosts on the Ansible control node. However, you can also create an inventory file at a custom location and specify it when running Ansible commands.

To view the list of current inventory configurations, run the ansible-inventory command:

ansible-inventory --list

Showing Ansible default inventory configurations

Next, edit the default Ansible inventory file using the nano editor.

sudo nano /etc/ansible/hosts

The default inventory file provides several examples that you can use as a reference to set up your first inventory. In this example, we add two remote nodes with their IP addresses.

[node1]
192.168.1.20
[node2]
192.168.1.21

Make sure to use the correct IP addresses for your machines. Save and close the file, and then verify your inventory configuration using the following command:

ansible-inventory –list

This will show your added node information, as shown in the following screenshot:

Showing managed nodes information

Next, edit the ansible.cfg configuration file to specify various settings and configurations for your Ansible environment.

sudo nano /etc/ansible/ansible.cfg

Add the following configurations:

[defaults]
inventory = /etc/ansible/hosts
remote_user = unbuntu
private_key_file = ~/.ssh/id_rsa
ansible_python_interpreter = /usr/bin/python3

A brief explanation of each configuration is provided below:

• inventory: Specify the path of your inventory file.
• remote_user: Set the default SSH user for connecting to remote nodes.
• private_key_file: Specify the default SSH private key file.
• ansible_python_interpreter: Set the Python interpreter to be used on remote hosts.

Verifying the connection

After configuring an inventory file, you will need to verify whether Ansible can connect to your remote nodes and run commands via SSH.

Let's run the ansible command to perform a connectivity test using the ping module.

ansible all -m ping

This command attempts to connect to all nodes from your default inventory file and run the ping module. If the connections are successful, you will see output similar to the following:

Verifying connectivity between the control node and the managed nodes

The "ping": "pong" line in the above screenshot indicates a successful connection to the managed nodes.

Working with Ansible ad hoc commands

Your Ansible control node is now able to communicate with both remote nodes. Let's dive in and explore how to run Ansible ad hoc commands. Ansible ad hoc commands are one-line commands that allow you to execute single tasks from the command line interactively.

The basic syntax for running Ansible ad hoc commands is shown below:

ansible <remote_nodes> -m <module_name> -a <module_commands>

Let's see some use cases for running Ansible ad hoc commands.

Check memory usage

You can use the shell module with Ansible to run any command on the target nodes. For example, if you want to check the memory usage on node1, run the free -m command with the shell module:

ansible node1 -m shell -a "free -m"

This command will run the free -m command on node1 and display the memory usage information.

Checking memory usage on managed nodes

Verifying disk usage information

To check disk usage on both target nodes, run the following command:

ansible all -m shell -a "df -h"

This command will look for all nodes in the inventory file, run the df -h command on all nodes, and display the disk usage information.

Displaying disk usage information for both nodes

Installing packages

You can use the apt module to install packages on Ubuntu-based operating systems.

For example, run the following command to install the curl package on node2.

ansible node2 -m apt -a "name=curl state=present" -b

This command will install the curl package on node2 using the apt module.

-b or --become tells Ansible to use privilege escalation (sudo by default).

The parameter state=present specifies the desired state of the curl package on the target system. Here's what it means:

state=present: This tells Ansible to ensure that the package is installed on the target system. If the curl package is not installed, Ansible will install it. However, if the package is already installed, Ansible will not make any changes to it. This state does not upgrade the package to the latest version; it only ensures that the package is installed. This is different from other states you can specify for the package, such as:

state=absent: This ensures that the package is not installed on the target system. If it is installed, Ansible will remove it.

state=latest: This ensures that the latest version of the package is installed. If an older version of the package is installed, Ansible will upgrade it to the latest version.

Installing curl package on node2

Restarting a service

You can use the service module to manage services on specified nodes.

For example, to restart the Apache service on node1, you can run:

ansible node1 -m service -a "name=cron state=restarted" -b

This command will connect to node1 via SSH and restart the cron service.

Restarting the cron service with Ansible

The above examples demonstrate how you can perform simple tasks quickly using Ansible ad hoc commands.

Conclusion

In this Ansible beginner tutorial, we've covered the fundamentals of Ansible, including its core components, installation steps for different platforms, inventory configuration, and the use of ad hoc commands for quick automation tasks.

In the next post in this Ansible series, we dive a little deeper into the shell module.