For an overview of what is Ansible – Getting started with Ansible
For this tutorial we are using 3 VMs, with IPs and hostnames – one Ansible controller/manager (ansible-controller) which will be doing the provisioning on the two remote servers i.e. ansible-node1 and ansible-node2:
192.168.40.192 ansible-controller
192.168.40.193 ansible-node1
192.168.40.194 ansible-node2
192.168.40.193 ansible-node1
192.168.40.194 ansible-node2
‘ansible-controller‘ is the manger node, the one performing the provisioning on the rest of the hosts i.e. on ansible-controller we’ll be installing and configuring Ansible.
Step 0 – preliminary steps
Disbale SELinux
$ sudo set enforce 0
The above command will disable SELinux for the session i.e. until next reboot – to permanently disable it set SELINUX=disabled in /etc/selinux/config file.
Stop Firewalld
As ansible controller needs to access the remote host (via ssh – default port 22)
$ sudo systemctl stop firewalld
Step 1- Installation
Unlike other main configuration management tools, like Chef and Puppet, which require you to install the tool on all the nodes i.e. the contoller/manager node, as well as the managed nodes. Whereas, to use Ansible you’ll be required to install it only on the master/controller/manager node, the one which ‘ll be performing provisioning on all the other nodes.
Install EPEL repo
EPEL (Extra Packages for Enterprise Linux) is an open-source and free community based repository maintained by Fedora team – lists a lot of open-source packages for Fedora, RHEL (Red Hat Enterprise Linux), CentOS, and Scientific Linux. Ansible is also available via EPEL repo.
sudo yum -y install epel-release
Install Ansible
sudo yum -y install ansible
Step 2 – Generate and share the SSH key
To perform any deployment or management from the Ansible controller to the remote hosts first we need to create and copy the ssh keys to all the remote hosts.
For password-less access you need to share the Ansible controller’s public key i.e. copy the key to all the remote hosts, where you need to perform provisioning.
Generate SSH key
$ ssh-keygen -t rsa -b 4096
Copy the public key
Once the private-public key pair is generated, next is to place the public key on the remote servers that we want to use (for a password-less and secure authentication). It is required to add the public key (content of id_rsa.pub) in the remote host’s $HOME/.ssh/authorized_keys. The recommended way is to use the ssh-copy-id command, you need to specify the user and host, and it’ll copy the key i.e. add it to authorized_keys.
$ ssh-copy-id nahmed@192.168.40.193
$ ssh-copy-id nahmed@192.168.40.194
Verify SSH
Let’s now verify if ssh authentication is working fine, by ssh-ing into the remote servers.
$ ssh nahmed@192.168.40.193
$ ssh nahmed@192.168.40.194
Step 3 – Create Ansible Inventory
The Ansible manager (master/controller) gets to know about the hosts to perform provisioning on via ‘Inventory‘ file. The inventory allows simple listing as well as groups. By default the inventory file gets created at /etc/ansible/hosts. Let’s add our two remote hosts into the inventory, open the file using editor of your choice:
$ sudo vi /etc/ansible/hosts
Add the following in the file:
[test-servers]
192.168.40.193
192.168.40.194
192.168.40.193
192.168.40.194
The ‘test-servers‘ in the brackets indicates as group names, it is used in classifying systems and deciding which systems you are going to controlling at what times and for what reason.
Step 4 – Verification
We are done with Ansible setup, all we need to do is verify if it’s working i.e. Ansible manager (ansible-controller in our case) can perform provisioning tasks on remote hosts. There are two ways to use ansible
- Ad-Hoc – executing a task (command) on the remote host using Ansible’s comman-line tool.
- Using Playbboks – permanently writing plays (group of tasks) for all or specific hosts or host groups, using YAML configuration specification language, that can be re-used and put to version control.
Let’s ping the 2 remote nodes using Ansible command-line tool – -m flag is to specify the Ansible module we need to use, and -all for all the hosts/groups in the inventory:
$ ansible -m ping all
Note: In case you have various groups of hosts, instead of all use the group name i.e. ansible -m ping test-servers
Let’s get the hostnames – using the Ansible’s shell (http://docs.ansible.com/ansible/shell_module.html) module:
$ ansible -m shell -a "hostname" test-servers
