What is Ansible
A Linux Engineer’s Guide to Ansible
Deploying a new production environment in RedHat or Centos can be challenging, with numerous potential pitfalls. This guide aims to streamline your learning process, helping you set up your production environment swiftly and efficiently.
We’ll walk you through everything you need to know to use a playbook, the Tower tool, and the Galaxy utility effectively. Even if you’re new to these tools, we’ve got you covered, from server configuration to infrastructure management, avoiding common project setbacks.
Assuming a basic understanding of RedHat or Centos system administration, this guide will delve deep into the deployment process, preparing you to enhance your IT skills significantly. By the end, you’ll be equipped to deploy a robust, scalable production environment using a playbook confidently.
What is Ansible?
It’s an open-source automation tool that facilitates the management and configuration of systems at scale. This tool provides a simple, agentless way to automate complex IT tasks, including server configuration, application deployment, and network automation. The platform utilizes a straightforward, declarative language that enables you to outline the desired state of your systems.
It takes into account the underlying details to ensure your systems always maintain the desired state, fostering consistency across your infrastructure, whether managing a few servers or thousands. A significant advantage of this tool is its agentless nature, eliminating the need to install any software on the machines you are overseeing.
This feature not only simplifies the initiation process but also enhances security by preventing the operation of extra daemons or agents on your systems. Widely adopted in enterprise IT settings, as well as in cloud computing and DevOps workflows, it stands as a vital resource in the industry.
With attributes such as ease of use, flexibility, and scalability, it is an indispensable tool for any IT professional aiming to streamline infrastructure management and deployment processes.
The Basics
Before we dive into the more advanced concepts of this automation tool, let’s take a moment to recap the fundamental concepts that every user should be familiar with. First and foremost, it employs a PUSH method, meaning that the control node pushes out the configuration changes to the managed nodes. This approach ensures that your systems are always up-to-date and synchronized, without the necessity for additional agents or daemons running on your managed nodes.
Now, onto YAML. As any user of this tool knows, YAML is a critical component of this powerful automation platform. But don’t be intimidated! YAML, which stands for “YAML Ain’t Markup Language,” is a human-readable data serialization language. Crafting clean, easy-to-read YAML files is key to creating effective and efficient playbooks. Therefore, grasping the basics of writing YAML is essential to fully leverage the capabilities of this automation tool.
Lastly, we delve into Python. While Python 2.7 serves as the minimum requirement, we strongly advocate for the installation of at least version 3 across your estate. Given that Python 2.7 has officially reached its end of life and no longer receives updates or support, upgrading to Python 3 will guarantee a stable and current environment, equipped with the latest features and security updates.
By adhering to these fundamental concepts, you’ll be well on your path to mastering this powerful automation tool in no time. So, let’s embark on this journey and explore its more advanced concepts together!
What is needed to start with Ansible
To get started with Ansible, there are a few key requirements that you’ll need to fulfill:
- Build or nominate a primary controller node, ideally a standalone server running RedHat 8
- Create an Ansible user account to ensure proper security
- Set SELinux to permissive mode for Ansible to operate without security issues
- Create necessary directories for your Ansible playbooks using the mkdir command
- In production environments, create SSH keys between all servers for effective and efficient management
- Understand YAML and how to write clean, easy-to-read YAML files
- Ensure that Python 3 is installed across your estate for stability and the latest features and security updates
Installing Ansible
Step 1 – Adding Ansible Repository
Unless you are using RedHat, the Ansible repository is not available by default. To configure your Linux distribution, follow these steps:
- For RedHat 8: Enable the Ansible RHEL8 Repo by running the command:
$ sudo subscription-manager repos --enable ansible-2.9-for-rhel-8-x86_64-rpms
- For RedHat 7: Enable the Ansible RHEL7 Repo by running the command:
$ sudo subscription-manager repos --enable rhel-7-server-ansible-2.9-rpms
Step 2 – Installing Ansible
Installing Ansible on RedHat / CentOS
Once the repository is enabled, you can install Ansible by running the command:
$ sudo yum install ansible
Installing Ansible on Ubuntu
Follow these steps to install Ansible on Ubuntu:
- Update the system by running the command:
$ sudo apt-get update
- Install software-properties-common by running the command:
$ sudo apt-get install software-properties-common
- Add the Ansible PPA repository by running the command:
$ sudo apt-add-repository ppa:ansible/ansible
- Update the system again by running the command:
$ sudo apt-get update
- Finally, install Ansible by running the command:
$ sudo apt-get install ansible
Step 3 – Verifying the Installation
Once the installation is complete, you can verify the version of Ansible by running the command:
$ ansible --version
Ansible is a small installation of only about 16MB at the time of writing. By following these steps, you can easily install Ansible on your system and start using it to manage your infrastructure.
Install Ansible on Mac
The easiest way is to install it from the terminal using brew.sh
brew install --cask ansible-dk
Host file
The host file, also known as the inventory file in the context of this automation tool, is a pivotal configuration document that delineates the hosts and groups of hosts that can be managed.
This text file follows a specific format, encompassing details about the accessible hosts, including IP addresses, DNS names, and other necessary network information for establishing connections.
Utilizing the host file, you can categorize hosts based on various attributes such as roles or geographical locations. This categorization facilitates the execution of specific playbooks on designated groups of hosts, streamlining infrastructure management.
- The default location is /etc/ansible/hosts
Ansible uses the entries in a hosts file, and you call the group of servers using [my-servers]
ansible all --list-hosts
Example output below
The first test is to ping the hosts to make sure there are no network issues:
The “all” refers to the hosts in your host file (see above)
ansible all -m ping
192.168.1.181 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.178 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.179 | SUCCESS => {
"changed": false,
"ping": "pong"
}
You can override the host file using the dash -i
Ansible can ping all hosts
ansible -m shell -a 'hostname' all
192.168.1.178 | SUCCESS | rc=0 >>
ansible-webserver
192.168.1.181 | SUCCESS | rc=0 >>
ansible-dbserver
192.168.1.179 | SUCCESS | rc=0 >>
ansible-appserver
What is the ansible.cfg file?
The ansible.cfg
file is a configuration file that provides settings and options for the Ansible command-line tool. It is used to configure various aspects of Ansible, such as how Ansible communicates with remote hosts, how it authenticates with them, and how it handles errors and output.
The ansible.cfg
file can be located in several places, including the current working directory, the user’s home directory, and the system-wide configuration directory. When running an Ansible command, the tool looks for the ansible.cfg
file in these locations in the specified order and uses the first one it finds.
The ansible.cfg
file can be used to specify various settings, including:
- The location of the inventory file
- The default user to use when connecting to remote hosts
- The location of the private key file for SSH authentication
- The default timeout value for network operations
- The default verbosity level for output
By customizing the ansible.cfg
file, you can tailor Ansible to your specific needs and preferences. This file is an essential component of Ansible configuration and plays a crucial role in defining how the tool behaves when running playbooks or executing ad-hoc commands.
Create an Ansible User ID
An Ansible system account can be set up to use no password
sudo useradd ansible
sudo passwd ansible
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Add user to the sudoers file
Adding your ansible user account to the sudoers makes administration a lot easier
sudo visudo
Next log in as the ansible user with the password created above
su ansible
Now you wont be prompted for password every time you run sudo
Then check the ansible config file
Next add key to local host
Ssh-copy-id-localhost.localdomain
REPEAT THIS PROCESS ON ALL ANSIBLE CONTROL SERVERS
Ansible – Basic Commands
Ping all hosts
ansible all -m ping
List packages installed
ansible all -s -m shell -a 'apt list --installed | grep python' –ask-become-pass
Install software on all ansible nodes
ansible all -s -m shell -a 'apt-get install telnet' --ask-become-pass

Install Lynx web browser
ansible all -s -m shell -a 'apt-get install lynx -y' --ask-become-pass

Check disk space on all servers
ansible -m shell -a 'df -h' all
192.168.1.178 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
udev 926M 0 926M 0% /dev
tmpfs 191M 5.9M 185M 4% /run
/dev/mapper/ansible–webserver–vg-root 18G 2.1G 15G 13% /
tmpfs 953M 0 953M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 953M 0 953M 0% /sys/fs/cgroup
tmpfs 191M 0 191M 0% /run/user/1000
192.168.1.179 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
udev 926M 0 926M 0% /dev
tmpfs 191M 5.9M 185M 4% /run
/dev/mapper/ansible–appserver–vg-root 18G 2.1G 15G 13% /
tmpfs 953M 0 953M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 953M 0 953M 0% /sys/fs/cgroup
tmpfs 191M 0 191M 0% /run/user/1000
192.168.1.181 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
udev 1.9G 0 1.9G 0% /dev
tmpfs 393M 11M 382M 3% /run
/dev/mapper/ansible–dbserver–vg-root 16G 2.1G 13G 14% /
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
tmpfs 393M 0 393M 0% /run/user/1000
When running commands ansible uses my credentials Richard
ansible -m shell -a 'whoami' all
192.168.1.178 | SUCCESS | rc=0 >>
richard
192.168.1.179 | SUCCESS | rc=0 >>
richard
192.168.1.181 | SUCCESS | rc=0 >>
Richard
How to create users on all servers
ansible -b -K -m user -a 'name=testuser' all
SUDO password:
192.168.1.178 | SUCCESS => {
“changed”: true,
“comment”: “”,
“createhome”: true,
“group”: 1001,
“home”: “/home/testuser”,
“name”: “testuser”,
“shell”: “”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
192.168.1.179 | SUCCESS => {
“changed”: true,
“comment”: “”,
“createhome”: true,
“group”: 1001,
“home”: “/home/testuser”,
“name”: “testuser”,
“shell”: “”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
192.168.1.181 | SUCCESS => {
“changed”: true,
“comment”: “”,
“createhome”: true,
“group”: 1001,
“home”: “/home/testuser”,
“name”: “testuser”,
“shell”: “”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
Use Ansible to check if users have been created
ansible -m shell -a 'getent passwd | grep testuser' all
192.168.1.179 | SUCCESS | rc=0 >>
testuser:x:1001:1001::/home/testuser:
192.168.1.178 | SUCCESS | rc=0 >>
testuser:x:1001:1001::/home/testuser:
192.168.1.181 | SUCCESS | rc=0 >>
testuser:x:1001:1001::/home/testuser:
Use Ansible to remove test user
ansible -b -K -m user -a 'name=testuser state=absent' all
SUDO password:
192.168.1.178 | SUCCESS => {
“changed”: true,
“force”: false,
“name”: “testuser”,
“remove”: false,
“state”: “absent”
}
192.168.1.179 | SUCCESS => {
“changed”: true,
“force”: false,
“name”: “testuser”,
“remove”: false,
“state”: “absent”
}
192.168.1.181 | SUCCESS => {
“changed”: true,
“force”: false,
“name”: “testuser”,
“remove”: false,
“state”: “absent”
}
Test its been removed
ansible -m shell -a 'getent passwd | grep testuser' all
192.168.1.179 | FAILED | rc=1 >>
non-zero return code
192.168.1.178 | FAILED | rc=1 >>
non-zero return code
192.168.1.181 | FAILED | rc=1 >>
non-zero return code
Use ansible to learn system information
This is a file used by ansible that queries the computer information
ansible local -m setup

You can write it to tmp
ansible local -m setup --tree /tmp/facts
you can cat it for information
ansible local -m setup -a 'filter=*ipv4*'
NB – if you grep it will grep blank info

System Facts – common values for playbooks
ansible apacheweb -m setup -a "filter=ansible_architecture"

ansible all -m setup -a "filter=ansible_fqdn"
ansible all -m setup -a "filter=ansible_kernel"
ansible all -m setup -a "filter=ansible_memtotal_mb" ansible all -m setup -a "filter=ansible_proc*"

ansible all -m setup -a "filter=ansible_vir*"
What are Ansible Roles
Role is a list of commands that Ansible will execute on target machine in given order. Every role is in the directory:
ROLES > TASKS > Main.yml
What are Ansible Playbooks
Playbook is used to define which roles are applied against a target machine
If Ansible modules are the tools in your workshop, playbooks are your instruction manuals, and your inventory of hosts are your raw material.
Running playbooks when SUDO
Must use –ask-become-pass
Documentation / man /help
Ansible documentation man ansible doc
Ansible-doc ec2
Ansible-doc htaccess
Eg
EXAMPLES:
# Note: These examples do not set authentication details, see the AWS Guide for details.
# Basic provisioning example
– ec2:
key_name: mykey
instance_type: t2.micro
image: ami-123456
wait: yes
group: webserver
count: 3
vpc_subnet_id: subnet-29e63245
assign_public_ip: yes
Recent Comments