Ansible is an automation platform that consists of an automation language which is YAML, that can describe an IT application infrastructure in the form of Ansible playbooks. Along with the YAML automation language, Ansible provides an automation engine is responsible for running these playbooks. The core Ansible tool is a command line tool and is freely available. It has been written by Michael DeHaan in the Python programming language and was initially released in the year 2012. Michael DeHaan has also written the server provisioning application cobbler.
Ansible is owned by RedHat and a paid alternative named Ansible Tower is also available for customers who want an enterprise framework for controlling, securing and managing their Ansible automation with a UI and a RESTful API.
In this article, we will go through the various advantages of Ansible and will also show you how to install Ansible.
Why use Ansible?
In this section, we will explore the advantages of using Ansible in depth.
Ansible is Simple
- It provides humanly readable automation in the form of playbooks written in YAML.
- YAML is extremely simple and easy to understand and no special coding skills are required to use Ansible.
- The tasks defined in playbooks are executed in order further adding to the simplicity of the structure.
- Since there are no coding skills involved in using Ansible, there is no steep learning curve and users can get productive quickly
Ansible is powerful
- Application deployment tasks like deploying a LAMP stack can be performed easily.
- Configuration management is easy as Ansible helps us to maintain a defined and expected state for managed systems.
- Using multiple plays and host groups in a playbook allow us to perform workflow orchestration
- Ansible provides the tool to orchestrate the entire application lifecycle.
Ansible is agent less
- It uses an agentless architecture i.e. there is no master-slave architecture involved.
- Ansible uses OpenSSH and WinRM to connect to remote hosts and execute playbooks on those hosts.
- Since it’s agentless, there are no agents to exploit and update.
- An agentless architecture makes Ansible more efficient and secure to use.
Ansible is cross-platform
Agentless support for all major OS variants, physical, virtual and network devices.
Ansible works with existing toolkits
Homogenize existing environments by leveraging current toolsets and update mechanisms.
Ansible comes bundled with over 450 modules
It provides a large range of modules which can be used for tasks like:
- Managing files/directories
- Install and manage software packages
- Integrate with source code/version control systems
- Connect to and administer databases
- It is becoming extremely popular over time with over 250,000 thousand downloads a month.
- Ansible already ships with over 450 modules and this number is expected to grow in the coming releases.
After a detailed discussion about why we should consider using Ansible to automating and managing our IT infrastructure, now we will demonstrate how we may install Ansible. Since Ansible is an agentless tool, we only need to install it on one central server on which we will write our playbooks and deploy them to the rest of the fleet of servers.
-> Install Ansible on a yum based system:
To install Ansible on a yum based system like RedHat/Centos, use the following command.
# yum install ansible
Note that the epel repository must be available on the system in order for the above command to work.
-> Install Ansible on an apt based system:
To install Ansible on an apt based system like Debian/Ubuntu, use the following command.
# apt install ansible
-> Install Ansible via pip:
Since Ansible is a tool written in python, it’s available on the online python package repository To install ansible via pip, type the following command.
# pip install ansible
Check installed version
To verify your Ansible installation, you may use the following command to check the installed version:
[sahil@linuxnix ~]$ ansible --version ansible 188.8.131.52 config file = /etc/ansible/ansible.cfg configured module search path = [u'/home/sahil/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /bin/ansible python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] [sahil@linuxnix ~]$
Setting up the initial environment:
Once Ansible has been installed on our system it is advisable to perform the following tasks for a smooth and secure experience while using Ansible.
Add a user:
Generally, it’s not considered a best practice to use the root user directly to run your playbooks.
So, we will create a user and grant that user sudo privileges.
[root@linuxnix ~]# useradd sahil [root@linuxnix ~]# passwd sahil Changing password for user sahil. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. [root@linuxnix ~]# [root@linuxnix ~]# grep sahil /etc/sudoers sahil ALL=(ALL) NOPASSWD: ALL [root@linuxnix ~]#
We’ve done this on one system and it will need to be done on every system you intend to manage with Ansible.
You may consider working with a non-root user which has already been set up in this manner to avoid the tedious task of adding the user and providing sudo access to it on every server.
Setup up ssh key pair for passwordless authentication:
Using Ansible for automation will not make sense if we need to enter a password every time Ansible needs to perform a task on a remote host. So, to avoid this situation we will generate an RSA key pair which we will use for passwordless ssh authentication
[root@linuxnix ~]# sudo su - sahil Last failed login: Fri Jan 12 07:52:07 UTC 2018 from 184.108.40.206 on ssh:notty There was 1 failed login attempt since the last successful login. [sahil@linuxnix ~]$ [sahil@linuxnix ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/sahil/.ssh/id_rsa): Created directory '/home/sahil/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sahil/.ssh/id_rsa. Your public key has been saved in /home/sahil/.ssh/id_rsa.pub. The key fingerprint is: SHA256:jq2MfHozlLxV95p75YPPdthKYFDr9ZxTPS+7UbsXS6c email@example.com The key's randomart image is: +---[RSA 2048]----+ | . | | . . .| | . . ..o| | .o.. o=| | . .S. .+..o=| | ++. . ..*=| | ..oo o*B+| | . o*. ooE**| | ++oo .o==+| +----[SHA256]-----+
Copy public key across remote hosts:
With the ssh key pair generated, we now need to copy the RSA public key to hosts we intend to manage via Ansible. For demonstration purposes, we will copy the RSA public key of the user sahil across to the local host.
[sahil@linuxnix ~]$ ssh-copy-id linuxnix /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/sahil/.ssh/id_rsa.pub" The authenticity of host 'linuxnix (220.127.116.11)' can't be established. ECDSA key fingerprint is SHA256:Sh5ax5mN3cu8H3XPP7z783SBW2bFRN5+N+7GV218N2k. ECDSA key fingerprint is MD5:0d:0c:b1:1d:e1:cf:6d:9f:51:bf:0f:dc:60:82:a1:73. Are you sure you want to continue connecting (yes/no)? yes /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys sahil@linuxnix's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'linuxnix'" and check to make sure that only the key(s) you wanted were added.
This concludes our article describing the advantages of using Ansible and the different ways of installing Ansible. We also showed you how to set up an OS user to use for running your playbooks. We will be covering Ansible in greater detail in future articles.
Latest posts by Sahil Suri (see all)
- Setting up chrooted ssh jails in Linux - October 8, 2019
- How To exclude copying of specific directories in Linux using cp/scp/rsync - October 7, 2019
- Docker container ports explained - September 27, 2019
- Docker Volumes explained - September 25, 2019
- Docker networking commands explained - September 24, 2019