Ansible is a simple to use agent-less IaC(Infrastructure as a Code) tool used for configuration management, software provisioning, intra-service orchestration, and app deployment.
Unlike most configuration-management software, Ansible does not require a single controlling machine where orchestration begins. Ansible works against multiple systems in your infrastructure by selecting portions of Ansible’s inventory, stored as edit-able, version-able ASCII text files. Not only is this inventory configurable, but you can also use multiple inventory files at the same time and pull inventory from dynamic or cloud sources or different formats (YAML, INI, etc.). Any machine with Ansible utilities installed can leverage a set of files/directories to orchestrate other nodes. The absence of a central-server requirement greatly simplifies disaster-recovery planning. Nodes are managed by this controlling machine — typically over SSH. The controlling machine describes the location of nodes through its inventory. Sensitive data can be stored in encrypted files using Ansible Vault since 2014. In contrast with other popular configuration-management software — such as Chef, Puppet, and CFEngine — Ansible uses an agentless architecture, with Ansible software not normally running or even installed on the controlled node. Instead, Ansible orchestrates a node by installing and running modules on the node temporarily via SSH. For the duration of an orchestration task, a process running the module communicates with the controlling machine with a JSON-based protocol via its standard input and output. When Ansible is not managing a node, it does not consume resources on the node because no daemons are executing or software installed.”
Shall we start already?
But wait, before we use Ansible, we need a ‘one-time’ setup done.
For this setup environment I’ll be using:
- 1 Virtual Machine with Redhat Operating System (RHEL8) for the main controller/master node.
- 2 RHEL8 VMs, and 1 Ubuntu VM for controlled/managed/worker nodes.
NOTE: You’re free to choose any OS and any number of managed nodes installed on VM/BareMetal/Container/Cloud.
Setting up Ansible Environment
- Ansible Installation on ‘yum’ configured Redhat/CentOS/Fedora:
Since Ansible is an agent-less tool, it only needs to be installed in the controller node.
Open your terminal and run the following commands:
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y ; sudo yum repolist
sudo yum install ansible -y
Ansible is now installed successfully!!
- Setting up passwordless ssh login:
sudo yum install sshpass -y
In Ubuntu before using SSH you might need to install the openssh-server manually.
sudo apt install openssh-client ; sudo apt install openssh-serverssh-keygen
This commands generates an ssh key
Note: Replace ‘user’ and ‘hostname’ with a suitable user name and the hostname you want to copy your key to.
After successfully copying the key, you can easily ssh into the given OS.
Copy key to other worker nodes as well.
- Setting up Ansible Inventory
This is the default location of the configuration file of ansible, we can create a new one, but I’ll stick to this for now
Viewing the configuration file gives us the default location of the inventory, which too can be changed, but I’ll be sticking to the default for now.
Open the file with your favorite text editor and note down your hosts in it, the inventory file should look something like this after the edit.
NOTE: You can replace hostname with IP if you’re comfortable with IP addresses. for more info on inventory click here.
You can make different groups by writing the group name between square brackets and writing all the hosts for the desired group, under it.
Note: I created 2 groups, ‘redhat’ having 2 nodes and ‘ubuntu’ with a single node
- Testing the setup
Ping all the nodes:
ansible -m ping all
We can ping all the nodes, that means our setup is done correctly!
NOTE: Since, we already divided our nodes into the group, we can avoid pinging ‘all’ and ping only nodes from a particular group.
Ansible rather than pinging to all the nodes, only pings to the node(s) from the ‘ubuntu’ group.
This was a very short introduction to Ansible, but once your setup environment is done correctly, you can use Ansible to do way more complex tasks!!!