5.1 - Setup
- Install Ansible:
sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible -y
- Create Inventory:
sudo nano /etc/ansible/hosts
[<network>]
<IP1>
<IP2>
<IP3>
- Verify Hosts
ansible all --list-hosts
- Set up SSH connections:
add public ssh keys to authorized keys
ssh-keygen -t ed25519
>setup process
ssh-copy-id -i ~/.ssh/id_rsa.pub <user>@<hostname>
test ssh connection
ssh <user>@<host>
- Ping the managed nodes:
ansible <all/groupname> -m ping
ssh-agent bash/zsh
ssh-add <sshkey>
5.2 - Inventories
Create a file inventory.yaml
<group>:
hosts:
<hostname1>:
ansible_host: <domain1>
<hostname2>:
ansible_host: <domain2>
<hostname3>:
ansible_host: <domain3>
Verify the inventory:
ansible-inventory -i inventory.yaml --list
Ping the inventory:
ansible <group> -m ping -i inventory.yaml
5.2.1 - Metagroups
After creating groups, they can be organized into metagroups.
<metagroup>:
children:
<group1>:
<group2>:
5.2.2 - Variables
Variables allow for changing and tweaking values of managed nodes so they don’t need to be passed by ansible commands. They can apply to specific hosts or all hosts in a group.
<group>:
hosts:
<host1>:
ansible_host: <domain1>
http_port: 80
<host2>:
ansible_host: <domain2>
http_port: 443
<group>:
hosts:
<host1>:
ansible_host: <domain1>
http_port: 80
<host2>:
ansible_host: <domain2>
http_port: 443
vars:
ansible_user: my_server_user
5.3 - Playbooks
Create a playbook yaml file:
playbook.yaml
Run the playbook:
ansible-playbook -i inventory.yaml playbook.yaml
Check the playbook:
ansible-playbook --check playbook.yaml
--check, --diff, --list-hosts, --list-tasks, --syntax-check
--ask-become-pass for root password
5.3.1 - Syntax
Example:
---
- name: Update web servers
hosts: webservers
remote_user: root
tasks:
- name: Ensure apache is at the latest version
ansible.builtin.yum:
name: httpd
state: latest
- name: Write the apache config file
ansible.builtin.template:
src: /srv/httpd.j2
dest: /etc/httpd.conf
- name: Update db servers
hosts: databases
remote_user: root
tasks:
- name: Ensure postgresql is at the latest version
ansible.builtin.yum:
name: postgresql
state: latest
- name: Ensure that postgresql is started
ansible.builtin.service:
name: postgresql
state: started
5.4 - Vaults
- Create a
group_vars/
subdirectory named after the group. - Inside this subdirectory, create two files named
vars
andvault
. - In the
vars
file, define all of the variables needed, including any sensitive ones. - Copy all of the sensitive variables over to the
vault
file and prefix these variables withvault_
. - Adjust the variables in the
vars
file to point to the matchingvault_
variables using jinja2 syntax:db_password: {{ vault_db_password }}
. - Encrypt the
vault
file to protect its contents.ansible-vault create --vault-id
- Use the variable name from the
vars
file in your playbooks.