Contents
- Part 1: Introduction
- Part 2: Installation and Setup
- Part 3: Running Ad-hoc Commands
- Part 4: Creating Ansible Playbooks
- Part 5: Using Variables in Ansible Playbooks
- Part 6: Using Conditionals in Ansible Playbooks
- Part 7: Using Loops in Ansible Playbooks
- Part 8: Organizing Playbooks with Ansible Roles
- Part 9: Best Practices for Using Ansible in Production
- Share
Part 1: Introduction
What is Ansible?
Ansible is an open-source automation tool that simplifies the management of configuration files and software deployments. It allows you to automate repetitive tasks, such as configuring servers, deploying software, and managing system updates. With Ansible, you can manage large, complex infrastructures with ease, and ensure that your systems are always up-to-date and configured correctly.
One of the key features of Ansible is its simplicity. It uses a human-readable language called YAML to define the configuration files, which makes it easy to learn and use. Ansible is also agentless, which means that you don’t need to install any software on the managed hosts. This makes it easy to get started with Ansible, and it’s especially useful for managing a large number of servers.
Why use Ansible?
There are many benefits to using Ansible for server automation, including:
- Simplicity: Ansible is easy to learn and use, and it uses a human-readable language to define the configuration files.
- Scalability: Ansible can manage a large number of servers and infrastructure components with ease, making it ideal for complex and distributed systems.
- Flexibility: Ansible can be used to manage a wide range of systems and infrastructure components, including servers, databases, networks, and cloud resources.
- Reliability: Ansible ensures that your systems are always configured correctly, and it makes it easy to roll back changes if something goes wrong.
- Reusability: Ansible playbooks and roles can be easily shared and reused, making it easy to apply best practices and standards across your organization.
In the next section, we will cover how to install Ansible and set up an inventory of managed hosts.
Part 2: Installation and Setup
Installing Ansible
The first step in using Ansible is to install it on your control machine. The control machine is the system from which you will manage the other hosts. Ansible can be installed on any Linux, macOS, or Windows system.
To install Ansible on a Linux system, you can use the package manager for your distribution. For example, on Ubuntu, you can run the following command:
sudo apt-get update
sudo apt-get install ansible
CentOS: you can install by running the following command:
sudo yum install epel-release
sudo yum install ansible
macOS: install Ansible using Homebrew:
brew install ansible
Windows: install using the Windows Subsystem for Linux (WSL) or by running Ansible inside a Docker container.
Setting up an inventory
After Ansible is installed, we set up an inventory of the managed hosts. The inventory is a list of the hosts that Ansible will manage, along with any variables and settings that are specific to each host.
The inventory can be defined in a simple text file, which can be located anywhere on the control machine. By default, Ansible looks for the inventory file at /etc/ansible/hosts
. However, you can also specify a different inventory file using the -i
option.
Here is an example inventory file:
[web]
webserver1.example.com
webserver2.example.com
[database]
dbserver1.example.com
In this example, we have defined two groups of hosts: web
and database
. The web
group contains two hosts, webserver1.example.com
and webserver2.example.com
. The database
group contains one host, dbserver1.example.com
.
Configuring SSH access
Finally, in order to manage the managed hosts, Ansible requires SSH access to be configured between the control machine and the managed hosts. To configure SSH access, you need to ensure that you can log in to the managed hosts using SSH keys, rather than a password.
You can do this by generating an SSH key pair on the control machine using the following command:
ssh-keygen
This will generate a public and private key pair in the ~/.ssh
directory. You can then copy the public key to the managed hosts using the ssh-copy-id
command:
ssh-copy-id user@host
This will copy the public key to the authorized_keys
file on the managed host, which will allow you to log in to the managed host using the private key. You can then test SSH access using the ssh
command:
ssh user@host
Once SSH access is set up, you are ready to start using Ansible to manage your servers. In the next section, we will cover how to run ad-hoc commands with Ansible.
Part 3: Running Ad-hoc Commands
One of the most basic ways to use Ansible is to run ad-hoc commands on the managed hosts. Ad-hoc commands are one-time commands that are run against a group of hosts, without the need for a playbook.
To run an ad-hoc command, you can use the ansible
command with the -a
option, followed by the command to run. For example, to check the uptime of all hosts in the web
group, you can run the following command:
ansible web -a "uptime"
This will run the uptime
command on all hosts in the web
group and display the output.
You can also run ad-hoc commands with the ansible
command and the -m
option, followed by the name of the module to use. Modules are pre-built scripts that perform a specific task on the managed hosts. For example, to install the nginx
package on all hosts in the web
group, you can run the following command:
ansible web -m apt -a "name=nginx state=present"
his will use the apt
module to install the nginx
package on all hosts in the web
group.
You can also run ad-hoc commands with the ansible
command and the -b
option, which will run the command with elevated privileges using sudo
. For example, to update the package cache on all hosts in the web
group, you can run the following command:
ansible web -b -m apt -a "update_cache=yes"
This will use the apt
module to update the package cache on all hosts in the web
group with elevated privileges.
Ad-hoc commands are useful for performing quick tasks on the managed hosts without the need for a playbook. However, as they are limited in their functionality, they are not suitable for more complex tasks. For more complex tasks, you should use Ansible playbooks, which we will cover in the next section.
Part 4: Creating Ansible Playbooks
Playbooks are the heart of Ansible. They are written in YAML format and contain a set of tasks to be executed on the managed hosts. Playbooks can be used to automate complex tasks, perform configuration management, and deploy applications.
Each playbook consists of one or more plays, and each play consists of one or more tasks. A task is a single action to be performed on a managed host, such as installing a package, creating a user, or copying a file.
Here’s an example playbook that installs the nginx
package on all hosts in the web
group:
---
- name: Install Nginx
hosts: web
become: true
tasks:
- name: Install Nginx package
apt:
name: nginx
state: present
This playbook consists of a single play with one task. The play is named “Install Nginx” and is targeted at the web
group. The become
option is set to true
, which means the task will be run with elevated privileges using sudo
. The task itself uses the apt
module to install the nginx
package.
To run this playbook, you can use the ansible-playbook
command followed by the name of the playbook file. For example, if the above playbook is saved as install-nginx.yml
, you can run the following command to install Nginx on all hosts in the web
group:
ansible-playbook install-nginx.yml
This will execute the playbook and install the nginx
package on all hosts in the web
group.
Playbooks can be so much more complex than this example, with multiple plays, tasks, and variables, but the basic structure remains the same. In the next section, we will cover some more advanced playbook features.
Part 5: Using Variables in Ansible Playbooks
Variables are a powerful feature of Ansible that allow you to define reusable values that can be used throughout your playbooks. They can be used to define host-specific values, such as IP addresses or domain names, as well as more general values, such as package names or configuration files.
Variables can be defined in a variety of ways, including in inventory files, playbooks, or separate variable files. Here’s an example of how to define a variable in a playbook:
---
- name: Install Nginx
hosts: web
become: true
vars:
nginx_version: "1.18.0"
tasks:
- name: Install Nginx package
apt:
name: "nginx={{ nginx_version }}"
state: present
In this example, a variable named nginx_version
is defined with a value of 1.18.0
. This variable is then used in the task to install the nginx
package. The name
option of the apt
module uses the variable to specify the version of Nginx to install.
Variables can also be defined in separate files, which can be included in playbooks as needed. Here’s an example of how to define a variable in a separate file:
# vars.yml
nginx_version: "1.18.0"
To include this variable file in a playbook, you can use the vars_files
option:
---
- name: Install Nginx
hosts: web
become: true
vars_files:
- vars.yml
tasks:
- name: Install Nginx package
apt:
name: "nginx={{ nginx_version }}"
state: present
This playbook is identical to the previous example, except that the nginx_version
variable is defined in a separate file named vars.yml
, which is included using the vars_files
option.
Using variables in your playbooks allows you to define reusable values and simplify your playbook code. In the next section, we will cover how to use conditionals in Ansible playbooks.
Part 6: Using Conditionals in Ansible Playbooks
Conditionals are a key feature of Ansible playbooks that allow you to execute tasks based on the state of your managed hosts. You can use conditionals to perform different tasks depending on whether a package is already installed, a file exists, or a service is running, among other things.
Conditionals in Ansible are expressed using the when
keyword. Here’s an example of how to use a conditional to check if a file exists before copying it:
---
- name: Copy configuration file
hosts: web
become: true
tasks:
- name: Check if configuration file exists
stat:
path: /etc/nginx/nginx.conf
register: nginx_conf_file
- name: Copy configuration file
copy:
src: files/nginx.conf
dest: /etc/nginx/nginx.conf
when: not nginx_conf_file.stat.exists
In this example, the first task uses the stat
module to check if the file /etc/nginx/nginx.conf
exists. The result of this task is stored in a variable named nginx_conf_file
.
The second task uses the copy
module to copy the file files/nginx.conf
to /etc/nginx/nginx.conf
. However, the task is only executed if the file does not already exist, which is checked using the when
keyword and the not
operator.
You can also use more complex conditionals that involve multiple variables or logical operators. Here’s an example of how to use a conditional to check if a package is installed before running a task:
---
- name: Install Apache
hosts: web
become: true
tasks:
- name: Check if Apache package is installed
stat:
path: /usr/sbin/apache2
register: apache_package
- name: Install Apache package
apt:
name: apache2
state: present
when: not apache_package.stat.exists
In this example, the first task uses the stat
module to check if the package apache2
is installed. The result of this task is stored in a variable named apache_package
.
The second task uses the apt
module to install the package apache2
. However, the task is only executed if the package is not already installed, which is checked using the when
keyword and the not
operator.
Using conditionals in your playbooks allows you to execute tasks based on the state of your managed hosts and perform complex operations. In the next section, we will cover how to use loops in Ansible playbooks.
Part 7: Using Loops in Ansible Playbooks
Loops are another key feature of Ansible playbooks that allow you to perform repetitive tasks. You can use loops to iterate over lists, dictionaries, and other data structures to perform the same task on multiple items.
Loops in Ansible are expressed using the with_*
keywords, where *
is the name of the loop. Here’s an example of how to use a loop to create multiple users on a managed host:
---
- name: Create users
hosts: web
become: true
vars:
users:
- name: alice
groups: wheel
- name: bob
groups: users
tasks:
- name: Create user
user:
name: "{{ item.name }}"
groups: "{{ item.groups }}"
password: "{{ item.name | password_hash('sha512') }}"
with_items: "{{ users }}"
In this example, the users
variable is defined as a list of two dictionaries that contain the name
and groups
keys. The name
key contains the name of the user, while the groups
key contains the groups that the user belongs to.
The user
module is used to create a new user on the managed host. The with_items
keyword is used to iterate over the users
variable and create a new user for each item in the list.
You can also use other loop types, such as with_dict
to iterate over a dictionary, or with_fileglob
to iterate over a set of files. Here’s an example of how to use the with_dict
loop to create multiple files on a managed host:
---
- name: Create files
hosts: web
become: true
vars:
files:
file1:
path: /etc/file1
content: "This is the content of file1"
file2:
path: /etc/file2
content: "This is the content of file2"
tasks:
- name: Create file
copy:
content: "{{ item.value.content }}"
dest: "{{ item.value.path }}"
with_dict: "{{ files }}"
In this example, the files
variable is defined as a dictionary with two keys, file1
and file2
. Each key contains a dictionary with the path
and content
keys.
The copy
module is used to create a new file on the managed host. The with_dict
loop is used to iterate over the files
dictionary and create a new file for each key-value pair.
Using loops in your playbooks allows you to perform repetitive tasks on multiple items and simplify your code. In the next section, we will cover how to use Ansible roles to organize your playbooks.
Part 8: Organizing Playbooks with Ansible Roles
As your Ansible playbooks grow in complexity, it can become difficult to maintain and reuse your code. Ansible roles provide a way to organize your playbooks into smaller, reusable components.
A role is a collection of tasks, handlers, templates, and other files that are grouped together into a single directory structure. You can create a role for a specific task, such as installing a web server, and then reuse that role across multiple playbooks.
To create a new role, use the ansible-galaxy
command with the init
option:
ansible-galaxy init webserver
- Role webserver was created successfully
This command will create a new directory called webserver
with the following structure:
webserver/
├── README.md
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
└── vars
└── main.yml
Each directory contains a different type of file:
defaults
: default variables for the rolefiles
: files to be copied to the managed hostshandlers
: handlers for the rolemeta
: metadata for the roletasks
: the main tasks for the roletemplates
: templates to be copied to the managed hostsvars
: variables for the role
You can add tasks, handlers, templates, and other files to the appropriate directories for your role. Here’s an example of how to create a simple role that installs and starts the Apache web server:
1: Create a new role with ansible-galaxy
:
ansible-galaxy init apache
2: Edit the tasks/main.yml
file and add the following task:
---
# tasks file for apache
- name: Install Apache
yum:
name: httpd
state: present
- name: Start Apache
service:
name: httpd
state: started
enabled: true
This task will use the yum
module to install the Apache web server and the service
module to start and enable the Apache service.
3: Run the role from a playbook:
---
# playbook to install Apache using the apache role
- name: Install Apache
hosts: web
become: true
roles:
- apache
This playbook will run the apache
role on the web
group of hosts, which will install and start the Apache web server.
Using roles to organize your playbooks can make it easier to reuse code and manage complex tasks. In the next section, we will cover some best practices for using Ansible in production environments.
Part 9: Best Practices for Using Ansible in Production
When using Ansible in a production environment, it’s important to follow best practices to ensure that your playbooks are reliable, secure, and maintainable. Here are some tips for using Ansible in production:
- Use version control: Store your playbooks in a version control system like Git to track changes and collaborate with others.
- Separate environment-specific variables: Use Ansible inventory files and variables to separate environment-specific configurations from your playbooks.
- Use tags: Use tags to group related tasks and enable selective runs of your playbooks.
- Check for idempotency: Ensure that your playbooks are idempotent, meaning they can be run multiple times without causing unintended changes.
- Limit access: Limit access to your Ansible control node and managed hosts to trusted users and secure communication channels.
- Test changes: Test changes to your playbooks in a staging environment before deploying them to production.
- Monitor changes: Monitor changes to your managed hosts and use Ansible’s built-in reporting features to track playbook runs and changes.
By following these best practices, you can ensure that your Ansible playbooks are secure, reliable, and maintainable in production environments.
Congratulations! You have now learned the basics of Ansible and how to use it to automate server configuration and management. With this knowledge, you can begin to explore more advanced Ansible features, like dynamic inventory, roles, and modules.
For further reading check out the links below; or try Setting Up WordPress on Linux with Nginx and PHP-FPM Using Ansible
- Ansible Documentation – the official documentation for Ansible, which provides detailed information on how to use Ansible for server configuration and automation.
- Ansible Galaxy – a repository of pre-built Ansible playbooks and roles that you can use to quickly set up common server configurations and applications.
If you have any questions or comments, feel free to leave them below. Thanks for reading!
Average Rating