Ansible is a tool for managing a large number of servers centrally. With Ansible playbooks, you can create automated tasks to run against your servers remotely from a central control node. Installing Ansible on Ubuntu requires the following prerequisites and installation commands to be followed promptly.
1. Root privilege.
ansible@ansible-VirtualBox:~$ sudo -i
[sudo] password for ansible:
root@ansible-VirtualBox:~#2. Install update packages and upgrades
root@ansible-VirtualBox:/# apt-get update && apt-get upgrade
3. One of those many ways to get Ansible running for Ubuntu is to install the project’s PPA (personal package archive), i.e the software-properties-common to your server.
root@ansible-VirtualBox:~# apt-get install software-properties-common
Reading package lists… Done
Building dependency tree
Reading state information… Done
software-properties-common is already the newest version (0.96.20.1).
software-properties-common set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.4. After installing this package, add the Ansible PPA from the repository using this command.
root@ansible-VirtualBox:~# apt-add-repository ppa:ansible/ansible
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications‚ automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.
http://ansible.com/
More info: https://launchpad.net/~ansible/+archive/ubuntu/ansible
Press [ENTER] to continue or ctrl-c to cancel adding it
gpg: keyring `/tmp/tmpooow5ue_/secring.gpg' created
gpg: keyring `/tmp/tmpooow5ue_/pubring.gpg' created
gpg: requesting key 7BB9C367 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpooow5ue_/trustdb.gpg: trustdb created
gpg: key 7BB9C367: public key "Launchpad PPA for Ansible, Inc." imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OKNote: where you have to press enter to accept the PPA added process to continue.
5. Once again, run the apt-get update utility to have the system package refreshed to be aware of the newly added PPA.
root@ansible-VirtualBox:/# apt-get update
6. Now install Ansible software.
root@ansible-VirtualBox:/# apt-get install ansi ansible ansible-fireball ansible-node-fireball ansiweather
root@ansible-VirtualBox:/# apt-get install ansible
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
python-crypto python-ecdsa python-httplib2 python-jinja2 python-markupsafe python-paramiko
python-pkg-resources python-setuptools python-six python-yaml sshpass
Suggested packages:
python-crypto-dbg python-crypto-doc python-jinja2-doc python-setuptools-doc
The following NEW packages will be installed:
ansible python-crypto python-ecdsa python-httplib2 python-jinja2 python-markupsafe
python-paramiko python-pkg-resources python-setuptools python-six python-yaml sshpass
0 upgraded, 12 newly installed, 0 to remove and 3 not upgraded.
Need to get 2.182 kB of archives.
After this operation, 13,8 MB of additional disk space will be used.
Do you want to continue? [Y/n]Note: Just hit enter of “y” key to continue with the installation.
7. SSH Key Setup: SSH keys allow communication (auth) between two hosts without the need for a password. SSH key authentication uses two keys, a private key, and a public key.
Ansible communicates with servers via SSH on Linux. While it certainly has the ability to handle password-based, SSH authentication keys help keep things simple. Simplay enter the following command to generate for you the keys using RSA algorithm
root@ansible-VirtualBox:~# ssh
Note: I used the tab key to display all available options
ssh ssh-argv0 ssh-import-id ssh-keygen
ssh-add ssh-copy-id ssh-import-id-gh ssh-keyscan
ssh-agent sshd ssh-import-id-lp sshpass Note: The step starts from here. During the process you will be prompted for a password, keep hitting the enter button to create the key.
root@ansible-VirtualBox:~# ssh-keygen -t rsa -K4096
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3DLxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE8yGA root@ansible-VirtualBox
The key's randomart image is:
+---[RSA 2048]----+
| .oo.. |
| .. o.o |
| . ..+*. |
| + .+== |
| . o .S.+ .. |
|.Eo . = +.o... |
|.+ + = . o=oB . |
| o = o@.= |
| . =. |
+----[SHA256]-----+Note the following
– Now you have the RSA key generated.
– If you already have an SSH key pair, simply copy this to the specified path of the machine running Ansible (~/.ssh/id_rsa.pub).
– By default, the public key is saved in the file ~/.ssh/id_rsa.pub.
– while the private key is saved in ~/.ssh/id_rsa.
– Not important for this task but vital to add more users.
Now copy the id_rsa.pub file to the remote host and append it to ~/.ssh/authorized_keys
This step is necessary if you wish to have needed other users to administer ansible to connect to these machines.
Now copy the id_rsa.pub file to the remote host and append it to ~/.ssh/authorized_keys using this command:
root@ansible-VirtualBox:~# ssh-copy-id username@remotehost
where remotehost is the IP address or FQDN of the server and username is the “root” or whatsoever name you have configured for the other machine.
Finally, double-check the permissions on the authorized_keys file, only the authenticated user should have read and write permissions. If the permissions are not correct to change them by.
Now assign permission: You should now be able to SSH to the host without being prompted for a password.
root@ansible-VirtualBox:~#chmod 600 .ssh/authorized_keys
To get (view) the public key run this command
root@ansible-VirtualBox:~# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAxxxxxxxxxxxxxxxxxxxxNxfz5NxxxxxxxxxxxRUVxxxxxxxx root@ansible-VirtualBox
root@ansible-VirtualBox:~#To view where your hidden files are kept you use
root@ansible-VirtualBox:/etc# cd ~/.ssh
root@ansible-VirtualBox:~/.ssh# ls
id_rsa id_rsa.pubTo view the private keys, use any of the editor
root@ansible-VirtualBox:~/.ssh# vi id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAyUZdGaqwHoxPb9XVXDN142xvrJN9gvKp6VSqZoIpEYw8LTlExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx6w860wHVDdx/n1tDJqVjM0DJxGJwMJoC9QHejiSjJnz/SJkPB22/BDbuY4/l9tFYWSs+Ih9aekcRwg9KNtRelC8r5j0Vt1Qt3X4GB0q9qZ+hZC5EK219
-----END RSA PRIVATE KEY-----Note: Make sure that you include the first and last marker lines. They are required in order for the key file to be valid and change permission if necessary.
To view the public key, run the same command but with the .pub
root@ansible-VirtualBox:~/.ssh# vi id_rsa.pub
8. Configuring Ansible Hosts:
As we all know, Ansible keeps track of all the servers it knows via a file called “Hosts” file. This needs to be configured (entered) before it will be able to communicate with other computers.
this is how it looks.
root@ansible-VirtualBox:/etc/ansible# ls
ansible.cfg hosts roles
root@ansible-VirtualBox:/etc/ansible# vi hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.coNote: These are just configuration examples. None will work except they are commented out, i.e, by deleting the # symbol and adding the right devices (IP address) are added.
– To do this, you have to uncomment them out and enter the idea ip address(es).
[monitoringservers]
alpha.example.org
beta.example.org
192.168.1.100
192.168.1.110
192.168.177.13Note the following steps below.
Method 1: On how to copy the SSH public key to remote servers
– Step 1: Always remember to copy the ssh public key from the ansible machine to the server you wish to manage.
root@ansible-VirtualBox:/etc# cd ~/.ssh
root@ansible-VirtualBox:~/.ssh# ls
id_rsa id_rsa.pub known_hosts
root@ansible-VirtualBox:~/.ssh# vim id_rsa.pub
And copy the key!!!– Step 2: Create a file called authorized_keys on the target machine you wish to use ansible on. the in the authorized_keys create copy and paste the public of the Ansible server in it.
Note: This has to be in the home directory of the ssh user which is without the bracket (~/.ssh). it should look this way.
Webserver@nagios:~$ vi .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJRl0ZqNote 2: http://docs.ansible.com/ansible/apt_module.html
Also, install the python-apt library on the target machine you wish to administer Ansible on, e.g., my Nagios server
Webserver@nagios:~$ sudo apt-get install python-apt
Webserver@nagios:~$ sudo apt-get install aptitudeor use a single command (any of these)
- Webserver@nagios:~$ sudo apt-get install python-apt; apt-get install aptitude
- Webserver@nagios:~$ sudo apt-get install python-apt && apt-get install aptitude
- Webserver@nagios:~$ sudo apt-get install python-apt || apt-get install aptitudeNote: Without this, it will fail if we want to do some package installations.
Method 2: This method seems to be the easiest way to copy the ssh public key from the ansible machine to the server you wish to manage.
root@ansible-VirtualBox:~/.ssh# ssh
ssh ssh-argv0 ssh-import-id ssh-keygen
ssh-add ssh-copy-id ssh-import-id-gh ssh-keyscan
ssh-agent sshd ssh-import-id-lp sshpass
root@ansible-VirtualBox:~/.ssh# ssh-copy-id webserver@192.168.xxx.1x
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
webserver@192.168.xxx.xx's password:
Number of key(s) added: 1Now try logging into the machine, with: “ssh ‘webserver@192.168.xxx.1x'”
and check to make sure that only the key(s) you wanted were added.
Note: This method has copied the public key to the server you wish to administer. now to see the key on the other server use this command.
webserver@nagios:~$ cat .ssh/authorized_keys
ssh-rsa yc2EAAxxxxxxxxxxxxxxxxxxxxxxxDJRl0Zqrxxxxxxxxxxxxxxxxxxxxxxxx
root@ansible-VirtualBox:~/.ssh#9. After defining your host file in step 8 above
root@ansible-VirtualBox:/etc/ansible# vi hosts
[monitoringservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
192.168.177.13 ansible_user=webserverLet’s do some ping testing
Example 1:
root@ansible-VirtualBox:/etc/ansible# ansible monitoringservers -m ping
This will display the number of servers with IP address it successfully pinged.
192.168.xxx.1x | SUCCESS => {
"changed": false,
"ping": "pong"
}
Note: It shows it is using the module called ping, signified by -m to ping all the available servers in the group of monitoring servers.
root@ansible-VirtualBox:/etc/ansible# ansible -i hosts monitoringservers -m ping
192.168.xxx.1x | SUCCESS => {
"changed": false,
"ping": "pongHere, a hosts is added and it delivers the same output.
Useful link
– https://www.linode.com/docs/applications/ansible/getting-started-with-ansible