Performing maintenance on a single server may seem relatively straightforward. However, the task can become incredibly daunting and exhausting when we have to manage multiple servers simultaneously, be it four or five, hundreds, or even thousands. Manually handling such a scale of operations is simply unfeasible.
What if we could orchestrate all the servers using a program, making it easier to manage them? And what if we could automate this process and control everything from a single host? This is where Ansible comes into the picture, proving to be an extremely useful tool.
Why use Ansible?
Managing plethora or devices are extremely error prone and quite impractical to do manually. With the ability to automate tasks at hand, these problems can be addressed which at the same time, boost productivity by a significant amount.
Ansible is also very beneficial in terms of giving the administrator the flexibility and simplicity. Even better, it doesn’t require you to code and not even require you to know how to code. However, having some coding proficiency could certainly provide an added advantage, even though it is not a prerequisite. Learning and understanding Ansible will definitely give you a competitive edge in your IT skill set, owing to the various benefits it offers. Moreover, the fact that Ansible is open-source makes it all the more advantageous, as it is free to use and allows users to customize it as per their needs.
What is Ansible?
Ansible is all about automation. Ansible is an automation tool to automate any IT tasks such as configuration, system management, deployment or orchestration. This agentless architecture significantly simplifies the management process and the automation workflow.
The Concepts
Ansible, an automation tool, uses the Secure Shell (SSH) protocol by default to establish a secure connection with managed nodes and execute modules that perform tasks. These modules are designed to be idempotent, which means they only make changes to the system if necessary. Additionally, it may be helpful to understand the terms and lingo used in Ansible.
Management control
Control and managed nodes
Ansible follows the control and managed nodes concept. The control node is the machine where you can run the Ansible CLI tools such as ansible-playbook or ansible. Managed nodes refer to hosts that Ansible control can manage as targets.
Inventory
Inventory is a list of the managed nodes handled by Ansible. Using a specific host file, you can list all the hosts you are going to manage. You can do this by specifying the hosts based on the IP address or by its hostname.
Task management and execution
Playbooks
Using the Ansible Playbook on the control nodes, you can run a set of commands
automatically by using a YAML file. These files are designed to be easily read
and understood by humans and at the same time understandable by the machine
running Ansible.
Plays
In Ansible, plays refer to the context of how you describe a desired state based on the set of instructions you have.
Roles
The Ansible role can be said as a reusable bundled package that can be used by
the playbooks. In more simple terms, it can be considered as a reusable
component. It has to be stored in a structured way and at the very least
requires you to have both meta and tasks directory. Otherwise, you can easily
generate this using ansible-galaxy
command.
ansible-galaxy role init <role_name>.
Tasks
As the name suggests, tasks are the ‘actions’ we are about to execute on the managed nodes. The tasks will be executed in order based on the set of instructions we define in the Playbooks. Module parameters, options, and settings are typically included in a task, along with the name of the module.
Handlers
Handler is a task that is only triggered once a state of a certain task is changed.
Ad-Hoc Commands
Most of the time, you want to automate the complex tasks to be done within a network with playbooks. Though, you might also want to just execute a simple command to all the managed nodes. Ansible makes this possible by allowing for ad-hoc commands, which can be executed quickly. For example, if you are going to check the connection to the groups defined in the host file, you can simply use the command below instead of using a playbook.
ansible <group_name> -m ping
Extending functionality
Modules
Modules is basically a standalone script that you can use to interact with the Ansible. This can be very useful if you want extra functionality that Ansible doesn’t have yet. Using the Ansible modules, you can push out the script to the managed nodes, execute these modules, and remove them once they have finished running. In this case, the modules can run in any language that returns JSON.
Module Utilites
In developing Ansible modules, sometimes you will need a helper function in the form of a utility module that allows access to the Ansible library. PowerShell or Python is the only language that may be used to write utility modules.
Plugins
Plugins are useful for extending Ansible’s core functionality. As opposed to modules, the plugins run on the control node. You can either use the number of plugins that come pre-made with Ansible or simply create your own plugins which again need to be written in Python.
Collections
Collections may consist of several Ansible content including the playbooks,
modules and plugins. It is a distributed reusable content that you can make on
your own or get it from a publicly available source such as Ansible Galaxy or
git repository. Designed to be modular at its core, users can combine and
customize the content to suit their needs. It is important to note that
Ansible content in collections needs to be organized in a standardized
structured namespace that you can also generate with the ansible-galaxy
command.
ansible-galaxy collection init <namespace>.<collection>
Installing Ansible
Ansible is agentless, so we don’t need tools to be installed to all managed nodes. This means that only the control node needs to have Ansible installed, while managed nodes only require SSH access.
Ansible is built on top of Python and can be easily installed using pip, as described in the documentation. If you don’t know, pip is the package manager for Python packages. You can follow the installation guide on its official website if you want, but for this article, we are going to use the APT package.
First you need to update and upgrade your system with the latest package, so we can use this.
sudo apt update && sudo apt upgrade -y
Next, we are going to add the repository to our system and we would like to add the PPA without having to manually edit the sources list.
sudo apt-get install software-properties-common -y && sudo apt-add-repository ppa:ansible/ansible
Then, we are going to install Ansible and we want to keep everything up to date beforehand.
apt-get update && apt-get install ansible -y
Next thing you would want to do is to edit the hosts file, so it can include all your managed nodes. To add your managed nodes to the Ansible inventory file, you can edit the file located at /etc/ansible/hosts.
In this file, you can create groups and add your managed nodes under the appropriate group header by inserting their IP addresses or hostnames. Grouping your hosts in this way makes it easier to manage them by allowing you to target specific subsets of machines for configurations and tasks. Simply insert the lines below assuming that you have ‘clients’ as a group name and that every node is identified by its hostname.
[clients]
client1
client2
client3
To check if everything is working correctly, you can just use the Ansible ping module.
ansible <group_or_node_name> -m ping
Ansible uses SSH to connect to the managed nodes, so it would be better to let the connection run automatically instead of having to provide passwords every single time you want to connect. Therefore, you can consider using public key authentication instead of password.
In order to do this, you need to generate the keys first. You can use the command below.
ssh-keygen
Next, you need to send the key to the managed nodes, but you still need to enter your password at this point.
ssh-copy-id -i /home/<username>/.ssh/id_rsa.pub <username>@<hostname_or_ip>
After that, you can simply deactivate all the password authentication using the Ansible YAML file.
Filename: disablesshpassauth.yaml
---
- name: Disable password authentication
hosts: hosts
tasks:
- name: Disable ssh pass auth from sshd_config file
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^Password Authentication'
line: "Password Authentication no"
state: present
backups: no
become: yes
notify:
- restart ssh
handlers:
-name: restart ssh
service:
name: ssh
state: restarted
Finally, you can execute this playbook using the command below.
ansible-playbook disablesshpassauth.yaml
Conclusion
Ansible is a highly robust and versatile tool designed to automate various IT- related tasks such as configuration, management, and deployment over the network. With Ansible, you can efficiently manage a multitude of hosts or nodes simultaneously, making it ideal for large-scale operations. While Ansible is capable of handling complex tasks, its simplifying, flexible, and agentless features make it accessible to beginners and advanced users, speeding up automation processes and enhancing productivity.