Ansible is a tool for configuration management over SSH. I gave it a try recently and it has proven to be very useful since I need manage a set of servers. Here I would like to briefly introduce Ansible to you.
Ansible is written in Python, on macOS it can be installed with
$ brew install ansible
Getting read for using Ansible
Since Ansible talks with your machines with SSH, it’s recommended that SSH keys are preconfigured on target machines for password-less login. Use
ssh-copy-id <user>@<host> to copy your public key over.
Inventory file contains the machines which you would like to manage. By default, Ansible will look for the inventory file located at
/etc/ansible/hosts. You can also create the file in any directory and specify it when running Ansible with
-i <path>, or specify the path in your
ansible.cfg file with
[defaults] inventory = /path/to/your/inventory/file
A simple inventory file is given below.
You can create groups in inventory file
[webservers] web1.example.com web2.example.com [dbservers] db1.example.com db2.example.com
If the host only has a static IP, it can be given an alias
You can specify the connection user with
Variables can also be set for hosts
Host key checking
When you connect to a server through SSH for the first time, you are asked whether you want to add that host to the
known_hosts file. When you use Ansible and you never connect to some of the hosts, you will be prompted to confirm the host key. If you are sure there won’t be any security issues, you can disable host key checking by adding the following to
/your/current/directory/ansible.cfg (searched by Ansible in the reverse order).
[defaults] host_key_checking = False
Ansible can be used for executing ad-hoc commands. This can be used to send the same command to a group of hosts in your inventory at once.
Suppose we have a group called
cluster in our inventory file, we can send a command to reboot all hosts in that group with
$ ansible cluster -a "/sbin/reboot"
To send to all hosts in the inventory, change
all. If you want to specify a user, use the
-u <user> option. To get root privilege, add
Besides commands, Ansible can also execute Ansible modules. Ansible has a list of modules that does all kinds of tasks. These modules accept parameters that changes the behavior of those modules. For example, we want to copy a file from the control machine to the hosts, we can use
$ ansible all -m copy -a "src=~/.zshrc dest=~/.zshrc"
Although ad-hoc commands are pretty handy, you want to use the playbook feature for actual configuration management tasks. Playbook is a file that specifies a collection of tasks to be executed sequentially in order to achieve a goal, say setting up web server on the machines.
Playbook is written in YAML so it’s very easy to write one. Below is an example
- hosts: cluster tasks: - name: Stop & disable firewall service systemd: name=firewalld state=stopped enabled=no
In the above example, the
cluster group is targeted and a task using the
systemd module is included to stop and disable the
firewalld deamon. To run a playbook use
$ ansible-playbook disable-firewall.yml
This is pretty much the most simple playbook you could write. Playbook can achieve much more than that. For example, you can use loops and variables in your playbook. Checkout the references for more information.