# Ansible 101 for configuration management

Ansible is a tool for configuration management over SSH. I gave it a try recently and it has proven to be very useful since I need manage a set of servers. Here I would like to briefly introduce Ansible to you.

## Installation

Ansible is written in Python, on macOS it can be installed with

$brew install ansible  ## Getting read for using Ansible ### SSH keys Since Ansible talks with your machines with SSH, it’s recommended that SSH keys are preconfigured on target machines for password-less login. Use ssh-copy-id <user>@<host> to copy your public key over. ### Inventory file Inventory file contains the machines which you would like to manage. By default, Ansible will look for the inventory file located at /etc/ansible/hosts. You can also create the file in any directory and specify it when running Ansible with -i <path>, or specify the path in your ansible.cfg file with [defaults] inventory = /path/to/your/inventory/file  A simple inventory file is given below. web1.example.com 192.168.0.10  You can create groups in inventory file [webservers] web1.example.com web2.example.com [dbservers] db1.example.com db2.example.com  If the host only has a static IP, it can be given an alias example ansible_host=192.168.0.10  You can specify the connection user with ansible_user web1.example.com ansible_user=webuser  Variables can also be set for hosts web1.example.com http_port=8080  ### Host key checking When you connect to a server through SSH for the first time, you are asked whether you want to add that host to the known_hosts file. When you use Ansible and you never connect to some of the hosts, you will be prompted to confirm the host key. If you are sure there won’t be any security issues, you can disable host key checking by adding the following to /etc/ansible/ansible.cfg or ~/.ansible.cfg or /your/current/directory/ansible.cfg (searched by Ansible in the reverse order). [defaults] host_key_checking = False  ## Ad-hoc commands Ansible can be used for executing ad-hoc commands. This can be used to send the same command to a group of hosts in your inventory at once. Suppose we have a group called cluster in our inventory file, we can send a command to reboot all hosts in that group with $ ansible cluster -a "/sbin/reboot"


To send to all hosts in the inventory, change cluster to all. If you want to specify a user, use the -u <user> option. To get root privilege, add -b.

Besides commands, Ansible can also execute Ansible modules. Ansible has a list of modules that does all kinds of tasks. These modules accept parameters that changes the behavior of those modules. For example, we want to copy a file from the control machine to the hosts, we can use

$ansible all -m copy -a "src=~/.zshrc dest=~/.zshrc"  ## Playbooks Although ad-hoc commands are pretty handy, you want to use the playbook feature for actual configuration management tasks. Playbook is a file that specifies a collection of tasks to be executed sequentially in order to achieve a goal, say setting up web server on the machines. Playbook is written in YAML so it’s very easy to write one. Below is an example - hosts: cluster tasks: - name: Stop & disable firewall service systemd: name=firewalld state=stopped enabled=no  In the above example, the cluster group is targeted and a task using the systemd module is included to stop and disable the firewalld deamon. To run a playbook use $ ansible-playbook disable-firewall.yml


This is pretty much the most simple playbook you could write. Playbook can achieve much more than that. For example, you can use loops and variables in your playbook. Checkout the references for more information.