a group of people in clothing
Sat Feb 25

Ansible 101: An Introduction to Automation

Performing maintenance on a single server may seem relatively straightforward. However, the task can become incredibly daunting and exhausting when we have to manage multiple servers simultaneously, be it four or five, hundreds, or even thousands. Manually handling such a scale of operations is simply unfeasible.

What if we could orchestrate all the servers using a program, making it easier to manage them? And what if we could automate this process and control everything from a single host? This is where Ansible comes into the picture, proving to be an extremely useful tool.

Why use Ansible?

Managing plethora or devices are extremely error prone and quite impractical to do manually. With the ability to automate tasks at hand, these problems can be addressed which at the same time, boost productivity by a significant amount.

Ansible is also very beneficial in terms of giving the administrator the flexibility and simplicity. Even better, it doesn’t require you to code and not even require you to know how to code. However, having some coding proficiency could certainly provide an added advantage, even though it is not a prerequisite. Learning and understanding Ansible will definitely give you a competitive edge in your IT skill set, owing to the various benefits it offers. Moreover, the fact that Ansible is open-source makes it all the more advantageous, as it is free to use and allows users to customize it as per their needs.

What is Ansible?

Ansible is all about automation. Ansible is an automation tool to automate any IT tasks such as configuration, system management, deployment or orchestration. This agentless architecture significantly simplifies the management process and the automation workflow.

The Concepts

Ansible, an automation tool, uses the Secure Shell (SSH) protocol by default to establish a secure connection with managed nodes and execute modules that perform tasks. These modules are designed to be idempotent, which means they only make changes to the system if necessary. Additionally, it may be helpful to understand the terms and lingo used in Ansible.

Management control

Control and managed nodes

Ansible follows the control and managed nodes concept. The control node is the machine where you can run the Ansible CLI tools such as ansible-playbook or ansible. Managed nodes refer to hosts that Ansible control can manage as targets.

Inventory

Inventory is a list of the managed nodes handled by Ansible. Using a specific host file, you can list all the hosts you are going to manage. You can do this by specifying the hosts based on the IP address or by its hostname.

Task management and execution

Playbooks
Using the Ansible Playbook on the control nodes, you can run a set of commands automatically by using a YAML file. These files are designed to be easily read and understood by humans and at the same time understandable by the machine running Ansible.

Plays

In Ansible, plays refer to the context of how you describe a desired state based on the set of instructions you have.

Roles

The Ansible role can be said as a reusable bundled package that can be used by the playbooks. In more simple terms, it can be considered as a reusable component. It has to be stored in a structured way and at the very least requires you to have both meta and tasks directory. Otherwise, you can easily generate this using ansible-galaxy command.

	ansible-galaxy role init <role_name>.

Tasks

As the name suggests, tasks are the ‘actions’ we are about to execute on the managed nodes. The tasks will be executed in order based on the set of instructions we define in the Playbooks. Module parameters, options, and settings are typically included in a task, along with the name of the module.

Handlers

Handler is a task that is only triggered once a state of a certain task is changed.

Ad-Hoc Commands

Most of the time, you want to automate the complex tasks to be done within a network with playbooks. Though, you might also want to just execute a simple command to all the managed nodes. Ansible makes this possible by allowing for ad-hoc commands, which can be executed quickly. For example, if you are going to check the connection to the groups defined in the host file, you can simply use the command below instead of using a playbook.

ansible <group_name> -m ping

Extending functionality

Modules

Modules is basically a standalone script that you can use to interact with the Ansible. This can be very useful if you want extra functionality that Ansible doesn’t have yet. Using the Ansible modules, you can push out the script to the managed nodes, execute these modules, and remove them once they have finished running. In this case, the modules can run in any language that returns JSON.

Module Utilites

In developing Ansible modules, sometimes you will need a helper function in the form of a utility module that allows access to the Ansible library. PowerShell or Python is the only language that may be used to write utility modules.

Plugins

Plugins are useful for extending Ansible’s core functionality. As opposed to modules, the plugins run on the control node. You can either use the number of plugins that come pre-made with Ansible or simply create your own plugins which again need to be written in Python.

Collections

Collections may consist of several Ansible content including the playbooks, modules and plugins. It is a distributed reusable content that you can make on your own or get it from a publicly available source such as Ansible Galaxy or git repository. Designed to be modular at its core, users can combine and customize the content to suit their needs. It is important to note that Ansible content in collections needs to be organized in a standardized structured namespace that you can also generate with the ansible-galaxy command.

ansible-galaxy collection init <namespace>.<collection>

Installing Ansible

Ansible is agentless, so we don’t need tools to be installed to all managed nodes. This means that only the control node needs to have Ansible installed, while managed nodes only require SSH access.

Ansible is built on top of Python and can be easily installed using pip, as described in the documentation. If you don’t know, pip is the package manager for Python packages. You can follow the installation guide on its official website if you want, but for this article, we are going to use the APT package.

First you need to update and upgrade your system with the latest package, so we can use this.

sudo apt update && sudo apt upgrade -y

Next, we are going to add the repository to our system and we would like to add the PPA without having to manually edit the sources list.

sudo apt-get install software-properties-common -y && sudo apt-add-repository ppa:ansible/ansible

Then, we are going to install Ansible and we want to keep everything up to date beforehand.

apt-get update && apt-get install ansible -y

Next thing you would want to do is to edit the hosts file, so it can include all your managed nodes. To add your managed nodes to the Ansible inventory file, you can edit the file located at /etc/ansible/hosts.

In this file, you can create groups and add your managed nodes under the appropriate group header by inserting their IP addresses or hostnames. Grouping your hosts in this way makes it easier to manage them by allowing you to target specific subsets of machines for configurations and tasks. Simply insert the lines below assuming that you have ‘clients’ as a group name and that every node is identified by its hostname.

[clients]
client1
client2
client3

To check if everything is working correctly, you can just use the Ansible ping module.

ansible <group_or_node_name> -m ping

Ansible uses SSH to connect to the managed nodes, so it would be better to let the connection run automatically instead of having to provide passwords every single time you want to connect. Therefore, you can consider using public key authentication instead of password.

In order to do this, you need to generate the keys first. You can use the command below.

ssh-keygen

Next, you need to send the key to the managed nodes, but you still need to enter your password at this point.

ssh-copy-id -i /home/<username>/.ssh/id_rsa.pub <username>@<hostname_or_ip>

After that, you can simply deactivate all the password authentication using the Ansible YAML file.

Filename: disablesshpassauth.yaml

---
  - name: Disable password authentication
    hosts: hosts
    tasks:
      - name: Disable ssh pass auth from sshd_config file
        lineinfile:
          dest: /etc/ssh/sshd_config
          regexp: '^Password Authentication'
          line: "Password Authentication no"
          state: present
          backups: no
        become: yes
        notify:
          - restart ssh

    handlers:
      -name: restart ssh
        service:
          name: ssh
          state: restarted

Finally, you can execute this playbook using the command below.

ansible-playbook disablesshpassauth.yaml

Conclusion

Ansible is a highly robust and versatile tool designed to automate various IT- related tasks such as configuration, management, and deployment over the network. With Ansible, you can efficiently manage a multitude of hosts or nodes simultaneously, making it ideal for large-scale operations. While Ansible is capable of handling complex tasks, its simplifying, flexible, and agentless features make it accessible to beginners and advanced users, speeding up automation processes and enhancing productivity.

You might like

What is Defense in Depth?

Learn what defense in depth is, how it works, and how it can be applied to different scenarios to achieve a higher level of security and resilience against cyberattacks.
What is /dev/null in Linux?

Discover the purpose and functionality of /dev/null in Linux. Learn how to discard unwanted data, silence output, and efficiently manage system resources. Explore the null device in the Linux file system.