Getting Started on Ansible — For Beginners [2021]
What is Ansible?
Ansible is simply an open-source automation platform. Let’s say that you want to create a user named “David” on 100 computers. Instead of doing it 100 times manually, you can install Ansible on a Linux computer and give the IP addresses or hostnames of the 100 machines with the user’s details to ansible and just let ansible do the rest in under just 5 minutes.
Ansible’s architecture can be simply expressed in the following diagram.
What You Can Automate with Ansible:
- Infrastructure
- Networks
- Applications
- Containers
- Security
- Cloud
Configuring Ansible
First, we must customize the ansible configuration file. It determines how it behaves. The default configuration file is located at path /etc/ansible/ansible.cfg
. There are some important parameters you might have to change in the config file.
inventory
— location of the inventory file (stores the IP addresses or hostnames of the managed nodes)remote_user
— the name of the user to log in as on the managed hosts. If not specified, the current user’s name is used.ask_pass
— whether to prompt for an SSH password. Can be false if passwordless SSH is configured.become_ask_pass
— whether to prompt for a password forsudo
permissions. Can be false if passwordlesssudo
is configured in the managed node.
Most of the time you may have to change the above parameters according to your needs.
Need multiple configurations? No worries. Just create a configuration file at the same location as the playbook (Ansible gives higher priority to the config file at your current location).
It will be much clearer after going through the example later.
The inventory file contains the collection of IP addresses or hostnames of the managed nodes. The inventory file location is specified in the ansible.cfg file. Normally we categorize managed nodes into groups in the inventory file. It is not compulsory.
Content of the Inventory file
Let’s look at a sample format of a simple playbook.
Ansible playbooks are written in YAML format. Indentation decides the hierarchy. (Tasks should be at the same indentation, parameters at the same. Etc.)
We can run the playbook using the following command.
#ansible-playbook playbookname.yml
Writing an example playbook
Let’s say we have been given a task to create user “HR” in 10 machines.
And the environment is as follows.
- My user in Control node: “automation”
- My user in managed nodes: “admin”
- And “admin” has sudo privileges in all 10 managed nodes. But the password is required to sudo.
- “automation” user has SSH access to all managed nodes with a password.
- I use /home/automation/projects/users directory for my ansible projects.
So, let’s start the automation process by creating a config file as /home/automation/projects/users/ansible.cfg
. I am going to only include the parameters that defer from the default values in /etc/ansible/ansible.cfg
.
As you can see, we need to specify a new inventory file location and we must also set become_ask_pass to True because password-less sudo is not set up in the above environment. And we also need to specify the remote_user as “admin”.
So, we are creating a new config file in /home/automation/projects/users
directory.
New config file: /home/automation/projects/users/ansible.cfg
Now I’m going to create my inventory file.
/home/automation/projects/users/inventory
:
Now let’s create the playbook.
/home/automation/projects/users/myplaybook.yml
:
Now I’m going to the directory where the playbook is in and run it using the following command.
#ansible-playbook myplaybook.yml
We can pass -k
option to make sure ansible asks both SSH and sudo passwords when running the playbook.
#ansible-playbook myplaybook.yml -k
We can run a syntax check before running the playbook by,
#ansible-playbook — -syntax-check myplaybook.yml
Hope you got the idea about writing a simple playbook.
You can learn more about ansible modules in “Ansible.Builtin — Ansible Documentation”.
Please be kind enough to let me know if there are any mistakes.
Originally published at https://edutectra.com.