Ansible is a free-software platform for configuring and managing computers which combines multi-node software deployment, ad hoctask execution, and configuration management. It manages nodes (Linux nodes must have Python 2.4 or later installed on them, Windows nodes require PowerShell 3.0 or later) over SSH or over PowerShell. Modules work over JSON and standard output and can be written in any programming language. The system uses YAML to express reusable descriptions of systems.
Configuration management systems are designed to make controlling large numbers of servers easy for administrators and operations teams. They allow you to control many different systems in an automated way from one central location.
|Language||License||Mutual auth||Encrypts||Verify mode||Agent-less||Have a GUI||First release|
|Ansible||Python||GPLv3+||Yes||Yes||Yes||Yes||Yes(Free 30-day Trial)||2012-03-08|
Platform Support :-
|Ansible||Yes||Yes||Yes||Yes||Yes||Yes||Yes (Need linux control machine)||Yes|
- Minimal in nature. Management systems should not impose additional dependencies on the environment.
- Consistent.[clarification needed]
- Secure. Ansible does not deploy vulnerable agents to nodes. Only OpenSSH is required, which is already critically tested.
- Highly reliable. The idempotent resource model is applied to deployment to prevent side-effects from re-running scripts.
- Low learning curve. Playbooks use an easy and descriptive language based on YAML.
sudo apt-get update sudo apt-get install ansible
Simple basic test of ansible
#ansible localhost -m ping
As seen above, Ansible was called with flag “m” which means module – the module “ping” just contacts the servers and checks if everything is ok. In this case the servers answer was successfully. Also, as you see the output is formatted in JSON style which is helpful in case the results need to be parsed anywhere.
Using -vvv give more details for the connection.
Need help ??? :-
Get the Command Line Document –
Gives you the ansible version number
List the available modules
#ansible-doc <module name>
details information about any module.For exampe ansible-doc ping
Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in Ansible’s inventory file, which defaults to being saved in the location /etc/ansible/hosts
1.Define host details in /etc/ansible/host
sudo vim /etc/ansible/host
add the host details of the host that you want to manage at bottom.You can find other example in same file.
rupin ansible_host=192.168.0.103 ansible_port=22 ansible_user=root ansible_ssh_pass=123
where rupin => is a variable, which will store all the information of the host(can hive a variable any name)
ansible_host => The name of the host to connect to, if different from the alias you wish to give to it.
ansible_port => The ssh port number, if not 22
ansible_user => The default ssh user name to use.
ansible_ssh_pass =>The ssh password to use (this is insecure,strongly recommend using
--ask-pass or SSH keys)
ansible_ssh_private_key_file => Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent.
You can also define a new host file and and use as inventory file for ansible.
Test the connection :-
If you want to have your Ansible
hosts file in another location, then you can set this environment variable:
> export ANSIBLE_HOSTS=/root/ansible_hosts
2.setup ssh key based Authentication:-
The first step to configure SSH key authentication to your server is to generate an SSH key pair on your local computer.
To do this, we can use a special utility called
ssh-keygen, which is included with the standard OpenSSH suite of tools. By default, this will create a 2048 bit RSA key pair, which is fine for most uses.
The easiest way to copy your public key to an existing server is to use a utility called
ssh-copy-id tool is included in the OpenSSH packages in many distributions, so you may have it available on your local system. For this method to work, you must already have password-based SSH access to your server.
The syntax is:
you can directly login without password.
Create a host file or add host in /etc/ansible/host.I will create a new file.
(you can create file with any file name)
[rupin] dev ansible_host=192.168.0.103 ansible_user=root
save it :wq
#ansible -i hosts rupin -m ping
where -i => inventory
Some command Line Examples :–
Get the Host machine Complete Information:-
#ansible -i hosts rupin -m setup
Host only network related information :-
#ansible -i hosts rupin -m setup -a 'filter=ansible_eth[0-2]'
#ansible -i hosts rupin -m setup -a 'filter=ansible_architecture'
get only architecture of the host
#ansible -i hosts rupin -m copy -a "src=/etc/hosts dest=/tmp/hosts"
src => file from server
dest => will copy to client machine.
ansible -i hosts rupin -m service -a "name=cron state=restarted"
ansible -i hosts rupin -m apt -a “name=fts state=present update_cache=yes” -vvvv
install packages .
You need to create encrypted password otherwise it will run successful but it will not login.
step to create encrypted password –
openssl passwd -1 -salt
openssl rand -hex 4
copy encrypted key as show below
#ansible -i hosts rupin -m user -a 'name=test password=$1$2141f9b3$qeED9Kvsj0bGRV/uahfU/1' -vvvv
# python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")'