The Ansible is a very powerful tool to quickly and efficiently manage and configure multiple computers. It is an open source automation tool enables IT professionals to configure systems, deploy application and orchestrate complex workflows with simplicity and efficiency.
Ansible connects to the target machines using standard, secure protocols like SSH for Linux/Unix and WinRM for windows. Ansible communicates with the target nodes by pushing modules to them temporarily, running the tasks and then removing them. This simplifies the deployment and maintenance compared to agent based systems.
Why Ansible?
Ansible automates:
- Configuration management
- Application deployment
- Orchestration
- Cloud provisioning
- Security and compliance
Ansible Features
| Feature | Benefit |
|---|---|
| Agentless | No software needed on managed nodes |
| Idempotent | Running tasks multiple times yields the same result |
| YAML Playbooks | Human-readable automation scripts |
| Push-based | Control node pushes changes to targets |
| Python-based | Runs natively on most Linux systems |
Installation
# Update system
sudo apt update && sudo apt upgrade -y
# Install prerequisites
sudo apt install software-properties-common -y
# Add Ansible PPA (latest version)
sudo add-apt-repository --yes --update ppa:ansible/ansible
# Install Ansible
sudo apt install ansible -y
# Verify installation
ansible --versionSSH Setup (Critical!)
Since Ansible uses SSH to communicate Linux hosts, so SSH should be configured to connect the target machines. The most secure method is creating certificates and uploading the certificates to the host machines. Alternatively, we can provide username and password directly (insecure) or using vault.
# Generate SSH key (if not exists)
ssh-keygen -t ed25519 -C "ansible-control-node"
# Copy key to target nodes
ssh-copy-id [email protected]
ssh-copy-id [email protected]Testing the Setup
- Create inventory file
# File: inventory.ini
[local]
localhost ansible_connection=local
[webservers]
192.168.1.200 ansible_user=user ansible_password=pass
[dbservers]
192.168.1.33- Test connectivity
ansible all -i inventory.ini -m ping- Run a simple command
ansible webservers -i inventory.ini -m command -a "uptime"Playbooks
Playbooks are handy to run multiple tasks categorized by hosts groups. So, we can filter out the tasks based on hosts. The following example gets the debug information all systems in the inventory.
# File: debug-facts.yml
---
- name: Show system info
hosts: all
tasks:
- name: Debug OS and memory
debug:
msg: |
Host: {{ inventory_hostname }}
OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
Memory: {{ ansible_memtotal_mb }} MBansible-playback -i inventory.ini debug-facts.ymlAdditional Tasks
Storing secrets in vault
ansible-vault create secrets.yml
ansible-vault edit secrets.ymlansible_password: "pass"
ansible_user: "user"# File playback.yaml
- hosts: remote
tasks:
- name: Print Hello from remote host
debug:
msg: "Hello from remote host!"
vars_files:
- secrets.ymlTagging & limiting
Tagging and limiting can be used to run the tasks only on specific hosts.
- name: Close & open Google Chrome
hosts: server
tags: open_chrome ...ansible-playbook -i inventory playbook.yml --tags open_chrome --limit server --vault-password-file vault-env.shNote: if same hosts are in multiple groups, then all tasks the host belongs are executed!