Let’s put the DevOps culture into practice? In this series of tutorials, we’ll demonstrate how to deploy one of the most powerful and currently used task automation tools: Ansible.
Introduction: What is Ansible
Ansible is an IT infrastructure automation system that enables centralized deployment, configuration, and application management.
If you have to perform any administration activity more than once, it can be automated with Ansible. So instead of having to access all the servers in your park to perform a security update or install a new package, you can ask Ansible to give that apt-get upgrade to all servers at once.
Personally, I prefer Ansible to the other options available on the market because it does the work without requiring an agent to be installed on each host, as well as being much lighter than its competitors. Only Python and SSH packages are required. SSH is a standard method to access servers and is probably already installed on your Linux distribution, but you need to enable it, which some may consider a greater security risk, although Ansible works by using keys, which are more secure.
1. Installing and Configuring Ansible
You can install Ansible with the following command:
# apt-get install ansible
You need to put all the hosts you want to manage with Ansible in the /etc/ansible/hosts file.
First, comment on all the lines of the file, by including the sign # on its begining. Then go to the last line of the hosts’ file to create a category. Let’s say you have a cluster of web servers and a database cluster. You can create two separate categories: web and db.
[ansible] localhost ansible_host=127.0.0.1 [web] web1 ansible_host=192.168.1.2 web2 ansible_host=192.168.2.2 [db] db1 ansible_host=192.168.1.3 db2 ansible_host=192.168.2.3 db3 ansible_host=192.168.1.4 db4 ansible_host=192.168.2.4
If you want to make a change on all database hosts, you can use db as the selection, so only those listed under this category are affected and not other hosts, such as those in the web category.
The lines of the /etc/ansible/hosts file follows the pattern below:
The HostName variable is just any name to refer to its host and the IP variable refers to the host’s network address.
In the example above, we are listing 2 web servers on IP addresses 192.168. [1-2] .2, and 4 database servers on IP addresses 192.168. [1-2] [3-4].
2. Configuring the SSH Keys
Ansible works with SSH keys and, of course, also works using passwords for authentication. As we do not recommend this last method of access, it will not be cited. If your SSH key is on all Ansible-managed hosts, just use Agent Forwarding and you’ll be fine, since Ansible allows the -A option of SSH.
In this tutorial, we will use a new and unique key for Ansible and so we will need to generate it with the command:
Now add the generated SSH key to your hosts:
ssh-copy-id -i ~/.ssh/id_rsa.pub root@ip
3. Testing the Ansible
To verify that you can ping all hosts listed in the /etc/ansible/hosts file, type:
# ansible -m ping all
This confirms whether the hosts are online or not.
You can also run a command, such as date:
# ansible web -m command -a 'date'
In the example above, we ran the date command on all hosts in the web category.
At this point, Ansible is configured and ready to use. Sounds pretty simple, right? Well, we have not yet covered Ansible’s most powerful feature: playbooks – organized units of scripts where you’ll define the tasks to be executed inside a server configuration and will be the central piece of your automation strategy.
Next week, we’ll have a new tutorial with more details about them.