Ansible Install - Ubuntu 22.04
Ansible is a suite of software tools that enables infrastructure as code. It is open-source and the suite includes software provisioning, configuration management, and application deployment functionality.
In this example I will user 3 servers called:
- console (192.168.0.100)
- server_1 (192.168.0.101)
- server_2 (192.168.0.102)
Before you Begin
Make sure all your servers are updated:
1
sudo apt update && sudo apt upgrade -y
Install Ansible on console
1
2
3
sudo apt install software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible -y
Check Ansible version
1
ansible --version
Should look something like this:
1
2
3
4
5
6
7
8
9
ansible [core 2.13.7]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/sysadmin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
ansible collection location = /home/sysadmin/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0]
jinja version = 3.0.3
libyaml = True
Configure console
Install SSH server if not already installed.
1
2
sudo apt install openssh-server
sudo systemctl enable ssh
Generate SSH Keys
To install packages or perform some deployment on a remote target server, you will need SSH keys:
1
ssh-keygen -t ed25519 -C "ansible"
-t changes the encryption to ed25519 (which is more secure than the default) and the -C names the key ansible.
NOTE: When running this command, it will ask you for a passphrase. I do recommend that you supply one.
Copy the SSH keys to your servers:
1
2
ssh-copy-id -i ~/.ssh/ansible.pub 192.168.0.101
ssh-copy-id -i ~/.ssh/ansible.pub 192.168.0.102
NOTE: If you selected to supply a passphrase above, you will be asked for it after each command.
Run the following command on your remote servers (server_1 and server_2) so that we can run commands with sudo without entering a password:
1
echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/$(whoami)
If we don’t run the above command, you will receive the following error when running Ansible commands:
1
2
192.168.xx.xx | FAILED | rc=-1 >>
Missing sudo password
Create Inventory File for Remote Servers
In Ansible, we create a file where we will define all the remote hosts or target systems that we want to manage. You can also create a group of hosts. This would be useful when you want to differentiate between webservers, database servers, etc.
As we have two remote servers, let’s add them to the Ansible host file.
1
sudo nano /etc/ansible/hosts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers:
## green.example.com
## blue.example.com
## 192.168.100.1
192.168.0.101
192.168.0.102
## [webservers]
## alpha.example.org
## beta.example.org
# If you have multiple hosts following a pattern, you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group:
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com
In the above example, I have added both my servers, but I haven’t created any groups to keep it simple. If you wanted to create a group for your webservers, you would put the name of the group above your servers:
1
2
3
[webservers]
192.168.0.101
192.168.0.102
The benefit of creating a group is you can issue one command to a whole set of servers defined in that particular group of hosts.
To save the file just press Ctrl-x, Type y, and hit the Enter key.
Ping All added Remote Servers
As we have created the inventory file successfully, let’s check whether we can use Ansible to ping all the added servers.
To Ping All the Hosts in the Inventory
1
ansible -m ping all
Output from the command shoudl look like this:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[email protected]:~$ ansible -m ping all
192.168.0.101 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
192.168.0.102 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
sysadmin@Console:~$
The ‘all’ means that everything listed in the inventory file will be pinged. If you had created a group within the inventory file, you would then use:
1
ansible -m ping webservers
To ping a single server
1
ansible -m ping ip-address
Ansible Examples
Running apt update on all your remote servers:
1
ansible -b --become-method=sudo -m shell -a 'apt update' all
Install an application (in this case apache):
1
ansible -b --become-method=sudo -m shell -a 'apt install -y apache2' all
For ungroup hosts, you can use their IP addresses, for example:
1
ansible -b --become-method=sudo -m shell -a 'apt install -y apache2' 192.168.0.101
You can also use other commands that don’t require sudo such as checking server uptime:
1
ansible -m command -a "uptime" group-name/ip-adress
The above command can be used for other purposes, just replace uptime with the command that you want to execute on a remote server.
For more information refer to the Ansible Documentation.