Ansible is a tool for configuration management over SSH. I gave it a try recently and it has proven to be very useful since I need manage a set of servers. Here I would like to briefly introduce Ansible to you.
Installation
Ansible is written in Python, on macOS it can be installed with
$ brew install ansible
Getting read for using Ansible
SSH keys
Since Ansible talks with your machines with SSH, it’s recommended that SSH keys are preconfigured on target machines for password-less login. Use ssh-copy-id <user>@<host> to copy your public key over.
Inventory file
Inventory file contains the machines which you would like to manage. By default, Ansible will look for the inventory file located at /etc/ansible/hosts. You can also create the file in any directory and specify it when running Ansible with -i <path>, or specify the path in your ansible.cfg file with
[defaults]
inventory = /path/to/your/inventory/file
A simple inventory file is given below.
web1.example.com
192.168.0.10
You can create groups in inventory file
[webservers]
web1.example.com
web2.example.com
[dbservers]
db1.example.com
db2.example.com
If the host only has a static IP, it can be given an alias
example ansible_host=192.168.0.10
You can specify the connection user with ansible_user
web1.example.com ansible_user=webuser
Variables can also be set for hosts
web1.example.com http_port=8080
Host key checking
When you connect to a server through SSH for the first time, you are asked whether you want to add that host to the known_hosts file. When you use Ansible and you never connect to some of the hosts, you will be prompted to confirm the host key. If you are sure there won’t be any security issues, you can disable host key checking by adding the following to /etc/ansible/ansible.cfg or ~/.ansible.cfg or /your/current/directory/ansible.cfg (searched by Ansible in the reverse order).
[defaults]
host_key_checking = False
Ad-hoc commands
Ansible can be used for executing ad-hoc commands. This can be used to send the same command to a group of hosts in your inventory at once.
Suppose we have a group called cluster in our inventory file, we can send a command to reboot all hosts in that group with
$ ansible cluster -a "/sbin/reboot"
To send to all hosts in the inventory, change cluster to all. If you want to specify a user, use the -u <user> option. To get root privilege, add -b.
Besides commands, Ansible can also execute Ansible modules. Ansible has a list of modules that does all kinds of tasks. These modules accept parameters that changes the behavior of those modules. For example, we want to copy a file from the control machine to the hosts, we can use
$ ansible all -m copy -a "src=~/.zshrc dest=~/.zshrc"
Playbooks
Although ad-hoc commands are pretty handy, you want to use the playbook feature for actual configuration management tasks. Playbook is a file that specifies a collection of tasks to be executed sequentially in order to achieve a goal, say setting up web server on the machines.
Playbook is written in YAML so it’s very easy to write one. Below is an example
- hosts: cluster
tasks:
- name: Stop & disable firewall service
systemd:
name=firewalld
state=stopped
enabled=no
In the above example, the cluster group is targeted and a task using the systemd module is included to stop and disable the firewalld deamon. To run a playbook use
$ ansible-playbook disable-firewall.yml
This is pretty much the most simple playbook you could write. Playbook can achieve much more than that. For example, you can use loops and variables in your playbook. Checkout the references for more information.