Getting Started with Ansible on Ubuntu or CentOS

This is a guide to getting started with Ansible. By the end of this guide, you will be up and running with Ansible!
Included is an Ansible role that will create a user which is used by Ansible to connect to your remote servers. After installing Ansible, you will need to setup Ansible by following these steps since there is a bit more to it than you may think.

What is Ansible?

Setup Ansible - Getting Started with Ansible

First of all, Ansible is amazing at IT automation. Ansible is a command line IT automation solution that can deploy configuration changes, software, and perform many other tasks all automatically. To get more information about what Ansible is, check out the Ansible documentation.

Ansible is modular, so you can create groups of tasks, called roles. And then you can group the roles together to all run sequentially inside of a playbook.
An Ansible Playbook can run against one or multiple servers, depending how you reference the servers in your Playbook, and also depending on how you group the servers in your Ansible inventory file.

Setup Ansible

Ansible uses ssh to connect to all of your remote servers to perform the tasks you define. After you install Ansible, it’s a good idea to create a user for Ansible to use. You need to do this on all servers that Ansible will be managing. Instead of doing that manually, use Ansible!

Install Ansible

First, let’s install Ansible on the local machine.

On Ubuntu 16.04 install Ansible using apt-get:

$ sudo apt-get update && sudo apt-get install ansible

On CentOS/RHEL 7 install Ansible using yum:

$ sudo yum install ansible

Ansible local user and Ansible directory

On the local (control) server, all of the below Ansible commands are executed as the local Ansible user.

Create the user if it doesn’t exist and then run every command from now on as the Ansible user:

$ sudo useradd ansible

$ su - ansible

Create and go into the Ansible base directory:

$ mkdir ~/ansible
$ cd ~/ansible

Ansible Inventory

Ansible uses an inventory file which contains all the remote servers you will be connecting to. This is the first thing you need do in order to setup Ansible.

An example of a simple inventory file using a group name “ubuntu-dev” with the hostname of two remote servers:

$ cat > ~/ansible/hosts << 'EOF'
[ubuntu-dev]
ubuntu-web
ubuntu-db
EOF

Create SSH Key

Create an ssh key for the local Ansible user using RSA keys, since that is still more common than ed25519:

$ ssh-keygen -t rsa -b 4096

SSH to all remote servers

You need to ssh to the servers beforehand, since you need to have the ssh host keys in your known_hosts file for security reasons. Therefore, make sure you are connecting to the expected servers.

You could do this manually, but instead use Ansible to ssh to all the servers in your Ansible inventory file to populate the known_hosts file. Do not run this in a production environment and make sure you are connecting to the expected servers by verifying the ssh key fingerprints.

$ ansible all -m ping --extra-vars "ansible_ssh_common_args='-o StrictHostKeyChecking=no'" -i hosts

This command is using the Ansible ping module (-m ping) to ssh to all servers in your inventory file (-i hosts), and this will create entries in the ~/.ssh/known_hosts file.

Install Ansible required packages

Next, you need to install some packages that Ansible requires on the remote servers. Currently, Ansible uses Python 2 by default. So your remote servers will need to have Python 2 installed.

Use Ansible to install Python 2 on a remote Ubuntu server:

$ ansible ubuntu-dev -m raw -a "apt-get update && apt-get install -y python-minimal python-simplejson" -i hosts

If using CentOS 7 or RHEL 7 you don’t need to install Python 2 since it is already installed by default.

But, if using an old version like CentOS 5 or RHEL 5, you will need to run these commands. And if using SELinux with CentOS 5 or RHEL 5, run these commands to allow the Ansible copy/file/template modules.

Create Ansible user on remote servers

You can use my Ansible role on GitHub called create-user-ansible to have Ansible create its own user.

This new user will then use password-less sudo by default. But you can change this with a variable if you want to be prompted for a password every time you run Ansible.

Clone the git repository:

$ git clone https://github.com/ryandaniels/ansible-role-create-user-ansible.git ~/ansible/roles/create-user-ansible

Create the Ansible Playbook file:

$ cat > ~/ansible/create-user-ansible.yml << 'EOF'
---
- hosts: '{{inventory}}'
  become: yes
  roles:
  - create-user-ansible
EOF

Now the most important step, run the Ansible playbook.

This assumes you have a way to log in via ssh to your servers. (How else would you remotely connect?)
Change “remote_existing_user” to the username you already have on your servers.
Change “username” to your local Ansible username. This should be the same user as the local Ansible user since this makes things easier.

As a result, this will create a new user on all your servers named: ansible
More options are available, see the README on GitHub.

If your existing user uses a password for ssh authentication and does not use password-less sudo:

$ ansible-playbook create-user-ansible.yml --ask-pass --become --become-method=su --ask-become-pass --extra-vars "inventory=all ansible_ssh_user=remote_existing_user username=ansible" -i hosts

If your existing user uses password-less ssh using ssh keys and no password for sudo:

$ ansible-playbook create-user-ansible.yml --become --become-method=sudo --extra-vars "inventory=all ansible_ssh_user=remote_existing_user username=ansible" -i hosts

Conclusion

In conclusion, now you have an Ansible user created on all of your servers. You have installed and setup Ansible, and this is the first step! Next, write your own Playbook. Or use one of mine to update all of your Ubuntu or CentOS servers and automatically reboot them.

This guide is a quick way to get started with Ansible. Keep in mind, Ansible can be complex. You should plan out how you want to setup Ansible’s directory structure by following their best practices. And take some time to read their documentation!

Leave a Reply

Your email address will not be published. Required fields are marked *