Small tutorial about how to install Ansible in Linux and run ansible command on the remote clients from the control server.
What is Ansible ?
Ansible is an open-source configuration management tool developed by Red Hat. You can have enterprise support for it from Red Hat subscriptions. Ansible is written in Python, Ruby, and Power shell. It uses SSH in the background to communicate with clients and execute tasks. The best feature of Ansible is being agent-less hence no load on clients and configurations can be pushed from the server at any time.
Ansible installation
The first pre-requisite of Ansible is: Primary or control server should have password-less SSH connection configured for Ansible user for all its client servers. You can configure passwordless SSH in two commands steps using ssh-keygen
and ssh-copy-id
.
For our understanding, we have 1 control server kerneltalks1
and 1 client kerneltalks2
and we have configured passwordless SSH for user shrikant
(which we treat as Ansible user here)
Lets install Ansible on control server i.e. kerneltalks1
Ansible can be installed using the normal package installation procedure. Below are quick commands for your reference.
- RHEL :
subscription-manager repos --enable rhel-7-server-ansible-2.6-rpms
;yum install ansible
- CentOS, Fedora :
yum install ansible
- Ubuntu :
apt-add-repository --yes --update ppa:ansible/ansible
;apt-get install ansible
- Git clone :
git clone https://github.com/ansible/ansible.git
cd ./ansible
;make rpm
rpm -Uvh ./rpm-build/ansible-*.noarch.rpm
I installed Ansible on my CentOS machine using above command.
[root@kerneltalks1 ~]# ansible --version
ansible 2.7.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
Ansible default config structure
After installation, Ansible creates/etc/ansible
directory with default configuration in it. You can find ansible.cfg
and hosts
files in it.
[root@kerneltalks1 ~]# ll /etc/ansible
total 24
-rw-r--r--. 1 root root 20269 Oct 9 01:34 ansible.cfg
-rw-r--r--. 1 root root 1016 Oct 9 01:34 hosts
drwxr-xr-x. 2 root root 6 Oct 9 01:34 roles
ansible.cfg
is default configuration file for ansible executable
hosts
is a list of clients on which control server executes commands remotely via password-less SSH.
Running first command via Ansible
Let’s configure kerneltalks2
and run our first Ansible command on it remotely from kerneltalks1
control server.
You need to configure the password less ssh as we discussed earlier. Then add this server name in /etc/ansible/hosts
file.
root@kerneltalks1 # cat /etc/ansible/hosts
[testservers]
172.31.81.83
Here IP mentioned is of kerneltalks2
and you can specify the grouping of servers in square braces. And you are good to go. Run ansible command with ping module (-m
switch). There are many modules comes in-built with ansible which you can use rather than using equivalent shell commands.
[shrikant@kerneltalks1 ~]$ ansible -m ping all
172.31.81.83 | SUCCESS => {
"changed": false,
"ping": "pong"
}
You can see the output is a success on the mentioned IP. So we installed and ran the first successful command using ansible!
Common errors
1. If you try to run ansible command on a group of the server which does not exist in the host file. You will see below error –
[shrikant@kerneltalks1 ~]$ ansible -m ping testserver
[WARNING]: Could not match supplied host pattern, ignoring: testserver
[WARNING]: No hosts matched, nothing to do
You need to check /etc/ansible/hosts file (or hosts files being referred by your ansible installation) and make sure the server group mentioned on command exists in it.
2. If you do not configure passwordless SSH from the control server to the client or If the client is not reachable over the network you will see below error.
[root@kerneltalks1 ansible]# ansible -m ping all
kerneltalks2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added 'kerneltalks2,172.31.81.83' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
You need to check the connectivity and passwordless ssh access from the control server.