In this post we are going to use a few very basic Ansible modules to build a playbook and then execute it to perform automated tasks that can target multiple machines at the same time.
Before we begin let me give you a quick introduction to Ansible and why is it such a popular IT Automation tool.
From the Ansible documentation,
- Ansible is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
- Ansible’s main goals are simplicity and ease-of-use. It also has a strong focus on security and reliability, featuring a minimum of moving parts, usage of OpenSSH for transport (with an accelerated socket mode and pull modes as alternatives), and a language that is designed around auditability by humans–even those not familiar with the program.
To know more about Ansible in detail please read their documentation here.
So now that we know what ansible is and why we use it, we will move towards writing an ansible playbook to automate a simple task of creating a user in multiple linux machines by running just one ansible script.
Now you must be wondering if the same can be done with shell script then what's the big deal about Ansible!! Well here’s a good read to get an answer to your question.
For this hands on we are going to use mainly two Ansible components,
- Ansible Modules
- Ansible Playbooks
Ansible Modules
Ansible ships with a number of modules (called the ‘module library’) that can be executed directly on remote hosts or through Playbooks.
Users can also write their own modules. These modules can control system resources, like services, packages, or files (anything really), or handle executing system commands.
Ansible Playbooks
Playbooks are Ansible’s configuration, deployment, and orchestration language. They can describe a policy you want your remote systems to enforce, or a set of steps in a general IT process.
If Ansible modules are the tools in your workshop, playbooks are your instruction manuals, and your inventory of hosts are your raw material.
At a basic level, playbooks can be used to manage configurations of and deployments to remote machines.
Now let's move on to setting up Ansible , configuring the host machine and executing a playbook.
Step 1 Installing Ansible in the host machine
The first step is to install ansible in the machine from which we want to manage our remote machines or remote clusters. For this demo I have used Ubuntu 16.04 as the host machine and another Ububtu 16.04 machine as the target machine.
To configure the PPA on your machine and install ansible SSH into the master machine using any SSH client and then run the following commands from the terminal.
- $ sudo apt-get install software-properties-common
- $ sudo apt-add-repository ppa:ansible/ansible
- $ sudo apt-get update
- $ sudo apt-get install ansible
To check if ansible is installed properly please try ansible — version.
Note
For this demo I have used Azure portal to quickly span up 2 Ubuntu 16.04 VMs. To see how to spin up VM in azure portal please visit here.
To know more about installing ansible in other OS please check here.
Step 2 Configuring host file
Once you have installed ansible in your master machine, it's time to configure ansible to connect to the target machines and to run remote commands there. To do this there are two ways. The easiest way is to modify and add the target machine list in the host file or to create a simple inventory file.
First we will see how to modify the default host file in ansible:
Edit (or create) /etc/ansible/hosts
and put one or more remote systems in it. Your public SSH key should be located in authorized_keys
on those systems,
- 192.0.2.50
- aserver.example.org
- bserver.example.org
Please provide the IP address or the domain name of your target machine one after the another in the /etc/ansible/hosts
file.
For the second option we can create an inventory file to specify the target machines. By default ansible selects the /etc/ansible/hosts
as the inventory file or you can specify a different inventory file using the -i <path>
option on the command line.
To know more about inventory file in ansible click here.
Step 3 Run our first ansible command
Before we can run ansible commands, we will need to set up the authentication to the remote machines, and for that please follow the following steps:
For authenticating while connecting to the remote hosts we have two options, either we need to specify the userId and the password in the ansible command .
The same can be set with respect to the target machines in the hosts file or the inventory file as follows,
- 192.0.2.50 ansible_user=<someuser> ansible_ssh_pass=<your_password>
- aserver.example.org
- bserver.example.org
or we can connect via SSH key.
Ansible reads the ssh keys form ~/.ssh/id_rsa
In my case since I have user user named aureuser to connect to the master machine, my ssh key to connect to the remote machines will be stored at
/home/azureuser/.ssh
Now run the following command,
$ ansible all -m ping
The above command simply pings all the target machines that we have specified in the hosts file. Here ansible will attempt to remote connect to the machines using your current user name, just like SSH would. To override the remote user name, you can use the ‘-u’ parameter.
- # as bruce
- $ ansible all -m ping -u bruce
- # as bruce, sudoing to root
- $ ansible all -m ping -u bruce --sudo
- # as bruce, sudoing to batman
- $ ansible all -m ping -u bruce --sudo --sudo-user batman
- # With latest version of ansible `sudo` is deprecated so use become
- # as bruce, sudoing to root
- $ ansible all -m ping -u bruce -b
- # as bruce, sudoing to batman
- $ ansible all -m ping -u bruce -b --become-user batman
Here are some other things that can be achieved.
Step 4 Create and run a simple playbook
Ansible playbooks are written in YAML format. Playbooks are a completely different ways to use ansible than in adhoc task execution mode, and are particularly powerful.
Let's begin writing our basic playbook, which will create a new user in the remote machines.
vars
# created with,
# python -c 'import crypt; print crypt.crypt("Password1$", "$1$SomeSalt$")'
password: $1$SomeSalt$uSU9DN2/.NW9AjY6mreO70
tasks
- user: name=user1 password={{password}}
- name: Placing key
- authorized_key: user=user1 key={{ lookup('file', '../.ssh/user1_user.pub') }}
The above is an example of a very simple playbook that will create a new user and then copy the public SSH key in authorized_keys
of that newly created user from the local machine path which in my case was ‘../.ssh/user1_user.pub’.
Please change this to a path to a public key with whose private key you want to SSH into the target machine as the newly created user.
In order to run this playbook first we need to save this playbook in yml or yaml format.
Then we need to run this playbook from the master node using the following command.
$ansible-playbook <filename>.yaml
To know more about ansible playbook please check here.
So this was a very basic introduction and a quick start for people who want to explore ansible. I highly recommend you go through all the documentations before starting working with ansible. If you find this article useful do recommend this to your friends and colleagues.
Until then happy exploring.