Introduction

Ansible is an automation platform that consists of an automation language which is YAML, that can describe an IT application infrastructure in the form of Ansible playbooks. Along with the YAML automation language, Ansible provides an automation engine is responsible for running these playbooks. The core Ansible tool is a command line tool and is freely available. It has been written by Michael DeHaan in the Python programming language and was initially released in the year 2012. Michael DeHaan has also written the server provisioning application cobbler.
Ansible is owned by RedHat and a paid alternative named Ansible Tower is also available for customers who want an enterprise framework for controlling, securing and managing their Ansible automation with a UI and a RESTful API.

In this article, we will go through the various advantages of Ansible and will also show you how to install Ansible.

 

Why use Ansible?

In this section, we will explore the advantages of using Ansible in depth.

Ansible is Simple

  • It provides humanly readable automation in the form of playbooks written in YAML.
  • YAML is extremely simple and easy to understand and no special coding skills are required to use Ansible.
  • The tasks defined in playbooks are executed in order further adding to the simplicity of the structure.
  • Since there are no coding skills involved in using Ansible, there is no steep learning curve and users can get productive quickly

 

Ansible is powerful

  • Application deployment tasks like deploying a LAMP stack can be performed easily.
  • Configuration management is easy as Ansible helps us to maintain a defined and expected state for managed systems.
  • Using multiple plays and host groups in a playbook allow us to perform workflow orchestration
  • Ansible provides the tool to orchestrate the entire application lifecycle.

 

Ansible is agent less

  • It uses an agentless architecture i.e. there is no master-slave architecture involved.
  • Ansible uses OpenSSH and WinRM to connect to remote hosts and execute playbooks on those hosts.
  • Since it’s agentless, there are no agents to exploit and update.
  • An agentless architecture makes Ansible more efficient and secure to use.

 

Ansible is cross-platform

Agentless support for all major OS variants, physical, virtual and network devices.

 

Ansible works with existing toolkits
Homogenize existing environments by leveraging current toolsets and update mechanisms.

 

Ansible comes bundled with over 450 modules

It provides a large range of modules which can be used for tasks like:

  • Managing files/directories
  • Install and manage software packages
  • Integrate with source code/version control systems
  • Connect to and administer databases

 

Community support

  • It is becoming extremely popular over time with over 250,000 thousand downloads a month.
  • Ansible already ships with over 450 modules and this number is expected to grow in the coming releases.

 

Installing Ansible

After a detailed discussion about why we should consider using Ansible to automating and managing our IT infrastructure, now we will demonstrate how we may install Ansible. Since Ansible is an agentless tool, we only need to install it on one central server on which we will write our playbooks and deploy them to the rest of the fleet of servers.

-> Install Ansible on a yum based system:
To install Ansible on a yum based system like RedHat/Centos, use the following command.

# yum install ansible

Note that the epel repository must be available on the system in order for the above command to work.

-> Install Ansible on an apt based system:
To install Ansible on an apt based system like Debian/Ubuntu, use the following command.

# apt install ansible

-> Install Ansible via pip:
Since Ansible is a tool written in python, it’s available on the online¬†python package repository¬† To install ansible via pip, type the following command.

# pip install ansible

 

Check installed version
To verify your Ansible installation, you may use the following command to check the installed version:

[sahil@linuxnix ~]$ ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/sahil/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
[sahil@linuxnix ~]$

 

Setting up the initial environment:

Once Ansible has been installed on our system it is advisable to perform the following tasks for a smooth and secure experience while using Ansible.

Add a user:
Generally, it’s not considered a best practice to use the root user directly to run your playbooks.
So, we will create a user and grant that user sudo privileges.

[root@linuxnix ~]# useradd sahil
[root@linuxnix ~]# passwd sahil
Changing password for user sahil.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@linuxnix ~]#
[root@linuxnix ~]# grep sahil /etc/sudoers
sahil ALL=(ALL) NOPASSWD: ALL
[root@linuxnix ~]#

We’ve done this on one system and it will need to be done on every system you intend to manage with Ansible.
You may consider working with a non-root user which has already been set up in this manner to avoid the tedious task of adding the user and providing sudo access to it on every server.

Setup up ssh key pair for passwordless authentication:
Using Ansible for automation will not make sense if we need to enter a password every time Ansible needs to perform a task on a remote host. So, to avoid this situation we will generate an RSA key pair which we will use for passwordless ssh authentication

[root@linuxnix ~]# sudo su - sahil
Last failed login: Fri Jan 12 07:52:07 UTC 2018 from 122.248.16.5 on ssh:notty
There was 1 failed login attempt since the last successful login.
[sahil@linuxnix ~]$
[sahil@linuxnix ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sahil/.ssh/id_rsa):
Created directory '/home/sahil/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sahil/.ssh/id_rsa.
Your public key has been saved in /home/sahil/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:jq2MfHozlLxV95p75YPPdthKYFDr9ZxTPS+7UbsXS6c sahil@linuxnix.example.com
The key's randomart image is:
+---[RSA 2048]----+
| . |
| . . .|
| . . ..o|
| .o.. o=|
| . .S. .+..o=|
| ++. . ..*=|
| ..oo o*B+|
| . o*. ooE**|
| ++oo .o==+|
+----[SHA256]-----+

 

Copy public key across remote hosts:
With the ssh key pair generated, we now need to copy the RSA public key to hosts we intend to manage via Ansible. For demonstration purposes, we will copy the RSA public key of the user sahil across to the local host.

[sahil@linuxnix ~]$ ssh-copy-id linuxnix
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/sahil/.ssh/id_rsa.pub"
The authenticity of host 'linuxnix (13.229.210.2)' can't be established.
ECDSA key fingerprint is SHA256:Sh5ax5mN3cu8H3XPP7z783SBW2bFRN5+N+7GV218N2k.
ECDSA key fingerprint is MD5:0d:0c:b1:1d:e1:cf:6d:9f:51:bf:0f:dc:60:82:a1:73.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
sahil@linuxnix's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'linuxnix'"
and check to make sure that only the key(s) you wanted were added.

 

Conclusion

This concludes our article describing the advantages of using Ansible and the different ways of installing Ansible. We also showed you how to set up an OS user to use for running your playbooks. We will be covering Ansible in greater detail in future articles.

The following two tabs change content below.

Sahil Suri

He started his career in IT in 2011 as a system administrator. He has since worked with HP-UX, Solaris and Linux operating systems along with exposure to high availability and virtualization solutions. He has a keen interest in shell, Python and Perl scripting and is learning the ropes on AWS cloud, DevOps tools, and methodologies. He enjoys sharing the knowledge he's gained over the years with the rest of the community.