Ansible for managing Linux servers [Quick Guide]

5:53 pm March 17, 201712107

I. introduction

in this tutorial, we will learn to handle Ansible and more precisely in order to manage a Unix environment. A previous tutorial exposed Ansible usage to manage Windows servers, you’ll find it here: start with Ansible and manage your Windows servers

here is the architecture of demo we will use:

  • 1 Server Ansible
  • 2 servers Debian 8 (192.168.1.39 and 192.168.1.38)

II. Ansible, what is it?

Ansible is a tool that allows you to automate and centralize administrative tasks. It is an open-source tool which will serve as a management server and from which it will be possible to manage several servers or groups of servers centrally.

Without an agent, it passes through the SSH protocol to manage Linux servers remotely. It is a very effective and comprehensive tool that allows advanced uses, we will only see the basics of its use in this tutorial.

Ansible for also a GUI, it is nevertheless paid. Its use is generally recommended for very large infrastructure to follow in the execution of tasks, to have different graphics, etc.

III. Ansible installation

Let’s start by installing our server Ansible, naturally, its position within a company network must be well thought. It must be able to reach all servers that he will have to manage with the SSH protocol. Also, its security and its access are to monitor loan because, by definition, it will launch actions on to other servers. I recommend and implement methods of hardening the server, but also audit and monitoring of logs and connections. Every access to this machine should be drawn with caution.

For installation under Debian 8, enter the following commands as a root in a terminal:

 apt - get install python-pip pip install ansible 

Ansible is installed, you can find its configuration in the directory / etc/ansible .

Here are the details of the default files:

  • host : this is the file that allows you to specify the client machines, who can be subject to orders Ansible and management through Ansible. Also, this file allows you to specify groups of machines, in order to accelerate the management of several machines having the same configuration for example
  • ansible.cfg : this is the main configuration of Ansible, commands, modules, plugins and SSH configuration are there

IV. Connecting to the managed server and first orders

now our server Ansible is ready, we must establish our first contact between the managed machines (our two Debian web servers) and our “control tower” which is our server Ansible. As indicated above, the exchanges will be made using the SSH protocol. As such, two methods of authentication are used:

  • the method login/password : standard and most widely used method in a manual SSH connection, we entered the login with which you want to connect, and then the password
  • the key method: a key exchange is to establish. The server wishing to connect must have its as authorized public key on the server on which side it wants to connect.

Note: for details on connection methods, I directs you to this part of my SSH class: understand master SSH

with Ansible, we prefer to work with the key exchange, it would be otherwise necessary to enter a password every time that a running command is performed on a remote server. This is hardly thinkable for several tens of servers. For this, it is necessary to create a pair of key on our server Ansible, we will use this command “ ssh-keygen “:

ansible_linux_04

Generation of a pair of key on the Ansible Server

now, I’ll send my public key on all the servers that I manage with Ansible :

 ssh-copy-id [email protected] ssh-copy-id [email protected] 

after each of these two commands, the password of the user root on will be to grasp. After that, the SSH authentication automatically taken into account 🙂

ansible_linux_03

copy of the public key to the managed servers

don’t forget safety. If you can avoid to connect to your servers managed as root it’s a good thing. We must assess the need for a connection to root so that its impact if the Ansible server is compromised. For example, surveillance/monitoring scripts to run does not necessarily require rights root

now, let’s add our two servers in the list of the guests taken into accounts by Ansible, it comes to the file / etc/ansible/ansible_host . Specifically, we will create a machine group, referred to as “web”. This group will consist of the following machines in my case:

ansible_linux_08

creating a server in the configuration group Ansible

so, then with Ansible I’ll decide to launch actions on the group “web”, all machines component this group will target :).

You should know that Ansible allows to use modules, which facilitates the use of the features of the Linux OS. For example:

  • module “shell” allows you to place orders through Ansible bash, for example: ansible web shell-a “ls-l /home/” m
  • module “ping” allows to test sending command via Ansible perform a ping, for example: ansible web ping m
  • “apt” module management of the package as the command “ apt – get ” example: ansible web m apt-a name = tree

here is the list of existing modules of Ansible’s official website: Modules Ansible

you’ll perhaps understand, the argument “ m ” allows you to specify the module to use, the argument “-a ” allows specify arguments to the module and just after the name of the command (“ansible”) , the name of the target or the target group must be specified 🙂

here are a few tests that you can perform. Once network connectivity and SSH authentication key will be provided, use the command “ping” on our “web” server group:

 ansible web ping m 

here is the expected return:

ansible_linux_05

using the module “ping” Ansible on a managed server group

here we see that the return of the order colored in green, indicates a block by the server with the IP of the server for each block. In this way, we are able to see, for each server, if the command is a success or not, and some additional information.

At present, try to execute a standard command, such as “ls”, on each of our servers. We will use for this module “shell” as following:

 ansible web shell-a "ls-l /home/" m 

here is the expected return:

ansible_linux_06

use of the module “shell” Ansible on a managed server group

once again, we have, for each server component “web” server group , the return of the Ansible operation, and the return of the order, i.e. the content of the /home/ of each server. Here we begin to see the interest of Ansible for the management of a large fleet of server.

Same with the command “ uptime “:

 ansible web m shell-a "uptime" 

here is the expected return:

ansible_linux_09

use the module “shell” Ansible on a managed server group

return interesting, imagine you having to manage 20 server in this way, instead of to connect/disconnect every time simply connect to the Ansible, targeting the right group of machine (pre-set course) and the tour is played! 🙂

V. Installation to a web environment

in order to have a somewhat more realistic context, Let’s imagine the following scenario:

in infrastructure, two new servers come to be put into production and they expect their installing services . We will manage the installation of the servers directly from Ansible on our two servers. We will install Apache2 and PHP, and finally we will create a first file to the web root of each server.

We will use this time module “ apt ” which allows to manage the packages for the Debian/Ubuntu OS as suggests the Ansible documentation: module Ansible apt

each module for a lot of functionality and parameter. For example, we can start by updating our list of package from the repositories

 ansible web m apt-a update-cache = yes 

now we will install the package “php5” and “apache2” :

 ansible web m apt-a name = "apache2, php5" 

well! Now that our web environment is installed. We will place a file “page.html” at the root of these. For this we will use the “copy” module which allows you to copy files remotely! (Ansible machine to servers managed so)

We will create a simple HTML file and copy it to our two servers with a single command. Here is the content:

   

web server

this file is located in the directory opt on my server Ansible and I want to copy it into the directory / var/www/html / of each of my two servers, I would use the module copy this way:

 ansible web copy-a m "src=/opt/page.html dest = / var/www/html /" 

here is a part of the expected return , for a specific server.

ansible_linux_10

Use of the “apt” Ansible module on a managed server group

noted that it is quite possible to manage other elements with the “copy” module, for example, directly affect the user and group “www – data” as the owner of the file:

 ansible web copy-a m "src=/opt/page.html dest = / var/www/html / owner = www - data group = www - data" 

you can now attach the file “ page.html ” on each of your servers :). The operation here is relatively simple, we can imagine perform the same as simply for dozens of server, or instead on one, by specifying its IP as following:

 ansible 192.168.1.38 m copy-a "src=/opt/page.html dest = / var/www/html /" 

one more for the road, you want to restart the apache2 service? Use the module service that allows to perform this kind of operation:

 ansible web service-a m "name = apache2 state restarted =" 

here is the expected return:

ansible_linux_11

use the module “service” Ansible on a managed server group

now, nothing prevents us to create a pool of server “database” and configure these servers in the same way 🙂

I’ll try to talk about the more advanced options of Ansible in next tutorials, the use of the playbooks , for example, is very interesting.