Getting Started With Ansible

A Linux Engineer’s Guide to Getting Started With Ansible

Ansible is:

• An Open-source automation tool
• Agentless, no need for software on target machines
• Uses declarative YAML language for configurations
• Playbooks define automation tasks
• Modules execute specific tasks on managed hosts
• Inventory file lists managed by hosts
• Idempotent operations for consistent results
• Integrates with cloud providers and infrastructure components
• Uses SSH for secure communication
• Strong community support and extensive documentation
• Efficient for configuration management

What is needed to start with Ansible 

To start with Ansible, you’ll need a few key elements:

• Installation: Begin by installing Ansible on your control machine. You can do this using package managers like yum, apt, or pip, depending on your operating system.
• Control Machine: This is the system where you run Ansible. It can be your local machine or a dedicated server.
• Inventory File: Create an inventory file to list the target hosts or servers that Ansible will manage. This file typically includes IP addresses or domain names.
• SSH Access: Ensure that your control machine can SSH into the managed hosts. Ansible uses SSH to communicate with remote machines, so SSH access must be set up and configured.
• YAML Playbooks: Write simple YAML playbooks that define the tasks you want to automate. Playbooks are the core of Ansible automation.
• Understanding Modules: Ansible modules are used to perform tasks on remote hosts. Have a basic understanding of the modules available for different operations.
• Basic Command Structure: Familiarize yourself with basic Ansible commands. For example, running a playbook using ansible-playbook and checking the inventory with ansible-inventory.
• Optional: Roles and Galaxy: As you advance, consider organizing your playbooks into roles for better structure. Ansible Galaxy is a platform for finding and sharing roles created by the community.
• Documentation: Ansible has extensive documentation available. Refer to it for in-depth information and troubleshooting.
• Practice Environment: Set up a test environment to practice your Ansible playbooks without affecting production systems.

Step 1 – How to Install Ansible

We are going to assume you already have Ansible Installed. If not, you will find a complete guide to Installing Ansible on Linux systems here.

Step 2 – Configure The Ansible Host file

The host file, or inventory file in Ansible, is a key config document listing hosts and groups. It includes IP addresses, DNS names, and network info. Categorize hosts by roles or locations for playbook efficiency. Default location: /etc/ansible/hosts. Use entries and groups for server management:

ansible all --list-hosts

This is what an example ansible host file looks like.

# Ansible Hosts File

[web-servers]
web1 ansible_host=192.168.1.181

[database-servers]
db1 ansible_host=192.168.1.178 

[production]
prod1 ansible_host=192.168.1.179 

Step 3 – Run your Very First Ansible Command

There are lots of ansible commands you will pick up whilst learning Ansible. The two most common are:

ansible-playbook:

• Think of an Ansible Playbook as a collection of ad-hoc Ansible commands. We will dig into playbooks later on.

Example:

ansible-playbook my_playbook.yml

ansible:

• Runs ad-hoc commands for quick tasks without the need for a playbook.

Example:

ansible all -m ping

Lets try running the ad-hoc command above. Providing you have configured the hosts file as per your local environment you should get output similar to this:

ansible all -m ping
192.168.1.181 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.178 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.179 | SUCCESS => {
"changed": false,
"ping": "pong"
}

Tip: You can override the host file using the dash -i

Step 4 – Discovering the ansible.cfg file

• Purpose: ansible.cfg configures Ansible’s command-line tool.
• Location: Found in various places, prioritized in the current directory, user’s home, and system-wide config directory.
• Settings:
  • Inventory file location
  • Default user for remote connections
  • SSH private key file location
  • Default timeout for network operations
  • Default verbosity level for output
• Customization: Tailor Ansible to your preferences by adjusting ansible.cfg.
• Impact: Crucial for defining Ansible’s behavior during playbook runs or ad-hoc commands.

Here is a basic ansible.cfg file with a brief explanation what each configuration is responsible for:

# Ansible Configuration File

[defaults]

# Location of the inventory file. Default is /etc/ansible/hosts
inventory = /path/to/your/inventory/file

# Specify the default user to use when connecting to remote hosts
remote_user = ansible_user

# Location of the private key file for SSH authentication
private_key_file = /path/to/your/private/key

# Default timeout value for network operations (in seconds)
timeout = 30

# Default verbosity level for output. 0 is least verbose, 4 is most verbose.
verbosity = 2

# Uncomment the following line to enable host key checking. Set to False to disable.
# host_key_checking = True

# Control the number of parallel processes to use. Set to 0 for unlimited.
# forks = 5

# Specify the default callback plugin for displaying results.
# stdout_callback = yaml

# Specify additional directories to search for roles.
# roles_path = /path/to/your/roles

Step 5 – Try these Basic Ansible Commands

Ping all hosts

ansible all -m ping

The Ansible command “ansible all -m ping” sends a ping message to all hosts specified in the inventory, checking if they are reachable and responsive.

List packages installed

ansible all -s -m shell -a 'apt list --installed | grep python' –ask-become-pass

This Ansible command, when executed, uses the “shell” module to run the ‘apt list –installed | grep python’ command on all hosts (“-s” for sudo, “–ask-become-pass” to prompt for privilege escalation), checking for installed Python packages and providing the results.

Install software on all ansible nodes

ansible all -s -m shell -a 'apt-get install telnet' --ask-become-pass

This Ansible command executes a shell module with elevated privileges to install the Telnet package using the ‘apt-get’ package manager, prompting for sudo password with the ‘–ask-become-pass’ option.

Install Lynx web browser

ansible all -s -m shell -a 'apt-get install lynx -y' --ask-become-pass

This Ansible command executes the shell module with elevated privileges on all hosts, installing the Lynx text-based web browser using the apt-get package manager and providing the required password for privilege escalation.

Check disk space on all servers

ansible -m shell -a 'df -h' all

92.168.1.178 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
udev 926M 0 926M 0% /dev
tmpfs 191M 5.9M 185M 4% /run
/dev/mapper/ansible--webserver--vg-root 18G 2.1G 15G 13% /
tmpfs 953M 0 953M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 953M 0 953M 0% /sys/fs/cgroup
tmpfs 191M 0 191M 0% /run/user/1000

192.168.1.179 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
udev 926M 0 926M 0% /dev
tmpfs 191M 5.9M 185M 4% /run
/dev/mapper/ansible--appserver--vg-root 18G 2.1G 15G 13% /
tmpfs 953M 0 953M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 953M 0 953M 0% /sys/fs/cgroup
tmpfs 191M 0 191M 0% /run/user/1000

192.168.1.181 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
udev 1.9G 0 1.9G 0% /dev
tmpfs 393M 11M 382M 3% /run
/dev/mapper/ansible--dbserver--vg-root 16G 2.1G 13G 14% /
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
tmpfs 393M 0 393M 0% /run/user/1000

This Ansible command utilizes the shell module to execute the ‘df -h’ command across all hosts, providing information about disk usage in a human-readable format.

Using the whoami command

When running commands ansible uses my credentials Richard

ansible -m shell -a 'whoami' all

192.168.1.178 | SUCCESS | rc=0 >>
richard

192.168.1.179 | SUCCESS | rc=0 >>
richard

192.168.1.181 | SUCCESS | rc=0 >>
Richard

This Ansible command executes the “whoami” shell command across all hosts (“-a ‘whoami’ all”), providing information about the current user on each host.

How to create users on all servers

ansible -b -K -m user -a 'name=testuser' all
SUDO password:

192.168.1.178 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 1001,
"home": "/home/testuser",
"name": "testuser",
"shell": "",
"state": "present",
"system": false,
"uid": 1001

192.168.1.179 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 1001,
"home": "/home/testuser",
"name": "testuser",
"shell": "",
"state": "present",
"system": false,
"uid": 1001

192.168.1.181 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 1001,
"home": "/home/testuser",
"name": "testuser",
"shell": "",
"state": "present",
"system": false,
"uid": 1001
}

This Ansible command, executed with elevated privileges (“-b”), prompting for the sudo password (“-K”), uses the “user” module to create a user with the name “testuser” across all specified hosts (“all”).

• Use Ansible to check if users have been created

ansible -m shell -a 'getent passwd | grep testuser' all

192.168.1.179 | SUCCESS | rc=0 >>
testuser:x:1001:1001::/home/testuser:

192.168.1.178 | SUCCESS | rc=0 >>
testuser:x:1001:1001::/home/testuser:

192.168.1.181 | SUCCESS | rc=0 >>
testuser:x:1001:1001::/home/testuser:

This Ansible command employs the “shell” module to execute the ‘getent passwd | grep testuser’ command on all specified hosts, retrieving information about the “testuser” from the system’s passwd file.

• Use Ansible to remove test user

ansible -b -K -m user -a 'name=testuser state=absent' all
SUDO password:

192.168.1.178 | SUCCESS => {
"changed": true,
"force": false,
"name": "testuser",
"remove": false,
"state": "absent"
}

192.168.1.179 | SUCCESS => {
"changed": true,
"force": false,
"name": "testuser",
"remove": false,
"state": "absent"
}

192.168.1.181 | SUCCESS => {
"changed": true,
"force": false,
"name": "testuser",
"remove": false,
"state": "absent"
}

This Bash command, utilizing Ansible, runs with elevated privileges (-b), prompts for the sudo password (-K), and employs the Ansible module “user” to ensure the absence of a user named “testuser” on all specified hosts.

• Test it has been removed

ansible -m shell -a 'getent passwd | grep testuser' all

192.168.1.179 | FAILED | rc=1 >>
non-zero return code
192.168.1.178 | FAILED | rc=1 >>
non-zero return code
192.168.1.181 | FAILED | rc=1 >>
non-zero return code

This Ansible command utilizes the shell module to execute the ‘getent passwd | grep testuser’ command on all hosts, searching for information related to the ‘testuser’ in the passwd database.

Step 6 – Use Ansible to discover facts

The Ansible Setup module is a powerful tool used to gather system facts and information from remote hosts. It provides a comprehensive overview of the target system’s configuration, enabling users to make informed decisions in their playbooks.

• Gather All Setup details about your local machine

ansible localhost -m setup

The Ansible command “ansible localhost -m setup” gathers and displays detailed facts about the local host’s system, providing comprehensive information for use in automation and configuration management tasks.

• You can write output to tmp

ansible localhost -m setup --tree /tmp/facts

The Ansible command “ansible localhost -m setup –tree /tmp/facts” gathers system facts on the localhost and stores the output in JSON format under the specified directory “/tmp/facts.”

• you can filter it for information

ansible localhost -m setup -a 'filter=*ipv4*'

This Ansible command gathers information about the local machine using the “setup” module, filtering the output to include only details related to IPv4 addresses.

NB – if you grep it will grep blank info

• System Facts – common values for playbooks

ansible apacheweb -m setup -a "filter=ansible_architecture"
ansible all -m setup -a "filter=ansible_fqdn"
ansible all -m setup -a "filter=ansible_kernel"
ansible all -m setup -a "filter=ansible_memtotal_mb"
ansible all -m setup -a "filter=ansible_proc*"
ansible all -m setup -a "filter=ansible_vir*"

These Ansible commands collect system information for specific filters, such as architecture, fully qualified domain name, kernel version, total memory, processes, and virtualization details, across different hosts.

Step 7 – Start Experimenting

In Ansible, various commands serve different purposes. We have already covered the adhoc ansible command, and mentioned ansible-playbook.

Here are some other essential types of Ansible commands:

ansible-galaxy:

Manages Ansible roles from Ansible Galaxy, a platform for sharing and finding roles.
Example:

ansible-galaxy install username.role_name

ansible-vault:

Encrypts sensitive data within Ansible playbooks or files.
Example:

ansible-vault encrypt my_file.yml

ansible-doc:

Provides documentation for Ansible modules.
Example:

ansible-doc copy

ansible-config

Displays Ansible configuration settings.
Example:

ansible-config view

ansible-pull:

Pulls Ansible playbooks from a version control system to the local machine and runs them.
Example:

ansible-pull -U repository_url

ansible-inventory:

Displays the inventory hosts defined for Ansible.
Example:

ansible-inventory --list

These commands cover a range of tasks, from running playbooks to managing roles, encrypting data, and exploring documentation. Depending on your needs, you can choose the appropriate command for the task at hand.

We have just scratched the surface of Ansible. It is a powerful declarative configuration tool which i user almost everyday. Once you grasp the basics, you will no doubt start to realize its potential at scale.