Ansible is an open-source automation tool for provisioning, application deployment , and configuration management. It makes it very easy to manage a large collection of servers, as you can automate most if not all tasks that need to be performed on a host. This means that you no longer have to SSH into each host in order to install or update software, as Ansible can take care of this. It especially comes in handy when you have deployed a group of servers, and you then prepare them for production by installing packages, updates and software. Ansible does not need to be installed on remote hosts, as it is agent-less and relies on SSH access instead when performing tasks.
Ansible can accomplish three types of automation:
- Provisioning: It can provision various servers according to the needs of the infrastructure with consistency.
- Configuration management: Perform various configuration changes on servers. For example, starting and stopping services, installing applications and updates, implementing security policies, etc.
- Application deployment: It can automate deployment of internally developed applications to the product system.
This guide demonstrates how to install and configure Ansible on Ubuntu 20.04.
Control Server : You will need to have a VPS or Dedicated server for production use. You will need to install Ubuntu 20.04 on it, and make sure you have OpenSSH active.
Host / Node : This can be a cheap VPS for the purpose of testing before putting the Ansible Control Server into production. For the sake of duplicity, it can be Ubuntu 20.04 as well, with OpenSSH already installed.
Installing Ansible on Ubuntu
First, remove the default version of Ansible supplied by the official Ubuntu repos:
$ sudo apt remove ansible
$ sudo apt --purge autoremove
The next steps is to update the Ubuntu system and apply any pending patches or software updates:
$ sudo apt update
$ sudo apt upgrade
Now we will install ‘software-properties-common’ package on Ubuntu. This is to enable PPA support so that we can add the Ansible PPA repository. Once that is done, we can update the system again.
$ sudo apt -y install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt update
This is all that is required to prepare the server. We can now install Ansible.
$ sudo apt install ansible
That is it.
You now have Ansible installed on your server.
Now that you have a dedicated Ansible Control Server, what is next? Ansible playbooks are run against your infrastructure, and Ansible does this over SSH. Therefor we will have to set up authentication between your Ansible server and your infrastructure. Thankfully – you will do this once and thereafter it will work without issue.
The way we will be doing this is with SSH Keys. The method is quite simple:
- Generate a new set of SSH keys on your Ansible Control Server
- Do a key exchange from the ACS to each server on your infrastructure.
- Before running any playbook, start the SSH agent and load your keys.
You will start the SSH agent, and load your keys, with the following two commands:
$ eval `ssh-agent -s`
$ ssh-add ~/.ssh/id_rsa
The path to the key will be the path to the key you want to use, if you are using a key other than for the logged in user.
This is it. You now have a central server to run all your configuration management and IaC (Infrastructure as Code). Ansible will run your playbooks, and the SSH agent will allow it to authenticate with the hosts on your network.