Using Ansible to Manage Software in Linux

Ansible is a great tool for configuration management when working within any size environment. One use case that is particularly popular is managing system software. There are a few key benefits to using Ansible in this way.

Here are a few considerations when it comes to software:

• Often times, there are a number of core tools that you will want on all of your servers for everyday use.
• Certain groups of servers will frequently have unique software which is what provides the group’s base functionality.
• It is important to keep consistent versioning across your environment. (Especially when servers are part of a cluster!)
• Occasionally a non-standard package may be installed on a system for a one-time use case. Over time, these extra packages cost disk space, patch time, and may even broaden security vulnerabilities on your systems.

Ansible can address these needs by continuously ensuring that each system in a given environment has the necessary software packages at a specified version and no more. The key to managing software with Ansible is knowing which modules to use. The great news is there is support for both yum and apt!

As it turns out, there are a few key modules that allow Ansible to manage software. Each major package manager has a module, such as yum and apt. For example, if you wanted to install netcat on your CentOS hosts, you might use the following playbook:

hosts: centos
 become: yes
 tasks:
 - name: install netcat
   yum:
    name: nmap-ncat
    state: latest

Bare in mind that the yum module will not work correctly on a system that does not use yum for package management. The above example would result in an error on a Debian system. If you wanted to perform the same task on Ubuntu, you would need to invoke the apt module instead:

hosts: ubuntu
 become: yes
 tasks:
 - name: install netcat
   apt:
    name: netcat
    state: latest

The need to use package managers unique to a distribution may be a bit inconvenient for people running mixed distribution environments. The good news is that there is a generic module that can adapt to the distribution on which is is targeting. This module is simply called the package module. Here is how it works:

hosts: all
 become: yes
 tasks:
 - name: install netcat
   package:
    name: netcat
    state: latest

It is important to note that you must take care with package names when using the generic package module. There may be differences in package names between different repositories which the module is unable to translate.

By maintaining a software configuration playbook in Ansible, it becomes easy to keep your environment configuration consistent. With a simple run of the ansible-playbook command, you scan swiftly bring your environment into compliance. Of course, this is assuming you are already using Ansible for other use cases and have the basic configuration for Ansible completed. If not, it is very simple to get set up! Check out Linux Academy's Ansible Quick Start course for a fast spin up on how you can configure and use Ansible in your environment. Once you begin using Ansible to manage software, you can easily broaden use cases to include all manner of system configuration.

Other Ansible Resources:

• Using Ansible Facts to View System Properties
• Ansible Roles Explained
• Ansible vs Terraform Fight