Post

Ansible Install - Ubuntu 22.04

Posted
Preview Image
By PengWin
5 min read

Ansible is a suite of software tools that enables infrastructure as code. It is open-source and the suite includes software provisioning, configuration management, and application deployment functionality.

In this example I will user 3 servers called:

  • console (192.168.0.100)
  • server_1 (192.168.0.101)
  • server_2 (192.168.0.102)

Before you Begin

Make sure all your servers are updated:

1

sudo apt update && sudo apt upgrade -y

Install Ansible on console

1
2
3

sudo apt install software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible -y

Check Ansible version

1

ansible --version

Should look something like this:

1
2
3
4
5
6
7
8
9

ansible [core 2.13.7]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/sysadmin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/sysadmin/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0]
  jinja version = 3.0.3
  libyaml = True

Configure console

Install SSH server if not already installed.

1
2

sudo apt install openssh-server
sudo systemctl enable ssh

Generate SSH Keys

To install packages or perform some deployment on a remote target server, you will need SSH keys:

1

ssh-keygen -t ed25519 -C "ansible"

-t changes the encryption to ed25519 (which is more secure than the default) and the -C names the key ansible.

NOTE: When running this command, it will ask you for a passphrase. I do recommend that you supply one.

Copy the SSH keys to your servers:

1
2

ssh-copy-id -i ~/.ssh/ansible.pub 192.168.0.101
ssh-copy-id -i ~/.ssh/ansible.pub 192.168.0.102

NOTE: If you selected to supply a passphrase above, you will be asked for it after each command.

Run the following command on your remote servers (server_1 and server_2) so that we can run commands with sudo without entering a password:

1

echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/$(whoami)

If we don’t run the above command, you will receive the following error when running Ansible commands:

1
2

192.168.xx.xx | FAILED | rc=-1 >>
Missing sudo password

Create Inventory File for Remote Servers

In Ansible, we create a file where we will define all the remote hosts or target systems that we want to manage. You can also create a group of hosts. This would be useful when you want to differentiate between webservers, database servers, etc.

As we have two remote servers, let’s add them to the Ansible host file.

1

sudo nano /etc/ansible/hosts

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers:

## green.example.com
## blue.example.com
## 192.168.100.1

192.168.0.101
192.168.0.102

## [webservers]
## alpha.example.org
## beta.example.org

# If you have multiple hosts following a pattern, you can specify
# them like this:

## www[001:006].example.com

# Ex 3: A collection of database servers in the 'dbservers' group:

## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57

# Here's another example of host ranges, this time there are no
# leading 0s:

## db-[99:101]-node.example.com

In the above example, I have added both my servers, but I haven’t created any groups to keep it simple. If you wanted to create a group for your webservers, you would put the name of the group above your servers:

1
2
3

[webservers]
192.168.0.101
192.168.0.102

The benefit of creating a group is you can issue one command to a whole set of servers defined in that particular group of hosts.

To save the file just press Ctrl-x, Type y, and hit the Enter key.

Ping All added Remote Servers

As we have created the inventory file successfully, let’s check whether we can use Ansible to ping all the added servers.

To Ping All the Hosts in the Inventory

1

ansible -m ping all

Output from the command shoudl look like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

[email protected]:~$ ansible -m ping all
192.168.0.101 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
192.168.0.102 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
sysadmin@Console:~$

The ‘all’ means that everything listed in the inventory file will be pinged. If you had created a group within the inventory file, you would then use:

1

ansible -m ping webservers

To ping a single server

1

ansible -m ping ip-address

Ansible Examples

Running apt update on all your remote servers:

1

ansible -b --become-method=sudo -m shell -a 'apt update' all

Install an application (in this case apache):

1

ansible -b --become-method=sudo -m shell -a 'apt install -y apache2' all

For ungroup hosts, you can use their IP addresses, for example:

1

ansible -b --become-method=sudo -m shell -a 'apt install -y apache2' 192.168.0.101

You can also use other commands that don’t require sudo such as checking server uptime:

1

ansible -m command -a "uptime" group-name/ip-adress

The above command can be used for other purposes, just replace uptime with the command that you want to execute on a remote server.

For more information refer to the Ansible Documentation.

homelab, ubuntu
ansible ubuntu install
This post is licensed under CC BY 4.0 by the author.