Ansible for managing Linux servers [Quick Guide]
in this tutorial, we will learn to handle Ansible and more precisely in order to manage a Unix environment. A previous tutorial exposed Ansible usage to manage Windows servers, you’ll find it here: start with Ansible and manage your Windows servers
here is the architecture of demo we will use:
- 1 Server Ansible
- 2 servers Debian 8 (192.168.1.39 and 192.168.1.38)
II. Ansible, what is it?
Ansible is a tool that allows you to automate and centralize administrative tasks. It is an open-source tool which will serve as a management server and from which it will be possible to manage several servers or groups of servers centrally.
Without an agent, it passes through the SSH protocol to manage Linux servers remotely. It is a very effective and comprehensive tool that allows advanced uses, we will only see the basics of its use in this tutorial.
Ansible for also a GUI, it is nevertheless paid. Its use is generally recommended for very large infrastructure to follow in the execution of tasks, to have different graphics, etc.
III. Ansible installation
Let’s start by installing our server Ansible, naturally, its position within a company network must be well thought. It must be able to reach all servers that he will have to manage with the SSH protocol. Also, its security and its access are to monitor loan because, by definition, it will launch actions on to other servers. I recommend and implement methods of hardening the server, but also audit and monitoring of logs and connections. Every access to this machine should be drawn with caution.
For installation under Debian 8, enter the following commands as a root in a terminal:
apt - get install python-pip pip install ansible
Ansible is installed, you can find its configuration in the directory / etc/ansible .
Here are the details of the default files:
- host : this is the file that allows you to specify the client machines, who can be subject to orders Ansible and management through Ansible. Also, this file allows you to specify groups of machines, in order to accelerate the management of several machines having the same configuration for example
- ansible.cfg : this is the main configuration of Ansible, commands, modules, plugins and SSH configuration are there
IV. Connecting to the managed server and first orders
now our server Ansible is ready, we must establish our first contact between the managed machines (our two Debian web servers) and our “control tower” which is our server Ansible. As indicated above, the exchanges will be made using the SSH protocol. As such, two methods of authentication are used:
- the method login/password : standard and most widely used method in a manual SSH connection, we entered the login with which you want to connect, and then the password
- the key method: a key exchange is to establish. The server wishing to connect must have its as authorized public key on the server on which side it wants to connect.
Note: for details on connection methods, I directs you to this part of my SSH class: understand master SSH
with Ansible, we prefer to work with the key exchange, it would be otherwise necessary to enter a password every time that a running command is performed on a remote server. This is hardly thinkable for several tens of servers. For this, it is necessary to create a pair of key on our server Ansible, we will use this command “ ssh-keygen “:
now, I’ll send my public key on all the servers that I manage with Ansible :
ssh-copy-id [email protected] ssh-copy-id [email protected]
after each of these two commands, the password of the user root on will be to grasp. After that, the SSH authentication automatically taken into account 🙂
don’t forget safety. If you can avoid to connect to your servers managed as root it’s a good thing. We must assess the need for a connection to root so that its impact if the Ansible server is compromised. For example, surveillance/monitoring scripts to run does not necessarily require rights root
now, let’s add our two servers in the list of the guests taken into accounts by Ansible, it comes to the file / etc/ansible/ansible_host . Specifically, we will create a machine group, referred to as “web”. This group will consist of the following machines in my case:
so, then with Ansible I’ll decide to launch actions on the group “web”, all machines component this group will target :).
You should know that Ansible allows to use modules, which facilitates the use of the features of the Linux OS. For example:
- module “shell” allows you to place orders through Ansible bash, for example: ansible web shell-a “ls-l /home/” m
- module “ping” allows to test sending command via Ansible perform a ping, for example: ansible web ping m
- “apt” module management of the package as the command “ apt – get ” example: ansible web m apt-a name = tree
here is the list of existing modules of Ansible’s official website: Modules Ansible
you’ll perhaps understand, the argument “ m ” allows you to specify the module to use, the argument “-a ” allows specify arguments to the module and just after the name of the command (“ansible”) , the name of the target or the target group must be specified 🙂
ansible web ping m
here is the expected return:
here we see that the return of the order colored in green, indicates a block by the server with the IP of the server for each block. In this way, we are able to see, for each server, if the command is a success or not, and some additional information.
At present, try to execute a standard command, such as “ls”, on each of our servers. We will use for this module “shell” as following:
ansible web shell-a "ls-l /home/" m
here is the expected return:
once again, we have, for each server component “web” server group , the return of the Ansible operation, and the return of the order, i.e. the content of the /home/ of each server. Here we begin to see the interest of Ansible for the management of a large fleet of server.
Same with the command “ uptime “:
ansible web m shell-a "uptime"
here is the expected return:
return interesting, imagine you having to manage 20 server in this way, instead of to connect/disconnect every time simply connect to the Ansible, targeting the right group of machine (pre-set course) and the tour is played! 🙂
V. Installation to a web environment
in order to have a somewhat more realistic context, Let’s imagine the following scenario:
in infrastructure, two new servers come to be put into production and they expect their installing services . We will manage the installation of the servers directly from Ansible on our two servers. We will install Apache2 and PHP, and finally we will create a first file to the web root of each server.
We will use this time module “ apt ” which allows to manage the packages for the Debian/Ubuntu OS as suggests the Ansible documentation: module Ansible apt
each module for a lot of functionality and parameter. For example, we can start by updating our list of package from the repositories
ansible web m apt-a update-cache = yes
now we will install the package “php5” and “apache2” :
ansible web m apt-a name = "apache2, php5"
well! Now that our web environment is installed. We will place a file “page.html” at the root of these. For this we will use the “copy” module which allows you to copy files remotely! (Ansible machine to servers managed so)
We will create a simple HTML file and copy it to our two servers with a single command. Here is the content:
this file is located in the directory opt on my server Ansible and I want to copy it into the directory / var/www/html / of each of my two servers, I would use the module copy this way:
ansible web copy-a m "src=/opt/page.html dest = / var/www/html /"
here is a part of the expected return , for a specific server.
noted that it is quite possible to manage other elements with the “copy” module, for example, directly affect the user and group “www – data” as the owner of the file:
ansible web copy-a m "src=/opt/page.html dest = / var/www/html / owner = www - data group = www - data"
you can now attach the file “ page.html ” on each of your servers :). The operation here is relatively simple, we can imagine perform the same as simply for dozens of server, or instead on one, by specifying its IP as following:
ansible 192.168.1.38 m copy-a "src=/opt/page.html dest = / var/www/html /"
one more for the road, you want to restart the apache2 service? Use the module service that allows to perform this kind of operation:
ansible web service-a m "name = apache2 state restarted ="
here is the expected return:
now, nothing prevents us to create a pool of server “database” and configure these servers in the same way 🙂
I’ll try to talk about the more advanced options of Ansible in next tutorials, the use of the playbooks , for example, is very interesting.