1. Setting up Ansible
During this lab you will configure Ansible. You will be able to use Ansible on the controller node and run your first commands on the ansible nodes (managed nodes).
You have the IP addresses of the controller node and managed nodes (given by your instructor). The controller node is where you execute Ansible from and the other nodes represent the machines you like to manage. We will do some configurations on the controller as well.
To make it easier for inexperienced users, we installed an editor and terminal on the controller, accessible from your browser. You can then connect to the nodes from there.
Unless otherwise specified, your working directory for all labs should be
Some good advice:
- Always read all the tasks first. Some tasks might not be clear until you get the whole scope of the lab.
- Open a terminal that you use only for
ansible-doc(see later) and another terminal that you use for ad hoc commands (see later) to check the result of your plays.
- When possible use copy & paste for filenames and file content. You’ll make fewer mistakes.
Connect to your controller host
Connect to your controller host by pasting the DNS name into your web browser
Login using the following username and password:
username: ansible password: << web password >>
After a successful login you should see an editor similar to visual studio code in your browser. In the navigation bar you can open “Terminal” or press
ctrl-shift-^ to open a terminal. Do this now and then continue with the installation of Ansible.
You can access the nodes using SSH as well. Use your favourite SSH client to connect to the IP address of your controller host as user
- Install all packages needed to use Ansible on the controller host.
sudoto elevate your privilege to those of
root. Be sure to only use root priviledges for installing the packages, you should perform the rest of the lab as user
- Test if you can connect to the nodes from your controller using SSH. Use their public IPs.
- Make sure python is installed on your nodes before continuing with the lab.
Solution Task 1
Installing Ansible with root privileges (on controller host):
dnfdoes not find the
ansiblepackage you might need to install
epel-release.noarchto enable the EPEL repository.
Opening a SSH connection:
- Enter “yes” when prompted if you want to continue connecting
- Insert your SSH-password you received from your instructor when prompted and hit return
On the nodes:
which does not find
- Create a SSH key pair for the user
ansibleon the controller host.
- Don’t set a password for the private key! Just hit ENTER at the prompt.
- Enable SSH key-based login for the user
ansibleon all nodes and the controller by distributing the SSH-public key.
- Test the login on the nodes.
Solution Task 2
Follow the prompt and enter the
ansible user password you received from your instructor:
Don’t forget your controller and the second node.
Test it by running the SSH command executed on that node:
- Create an inventory file named
hostsin your working directory with your public IPs:
TipInstead of copying the ssh-id to the controller itself you could set
ansible_connection=localin the inventory file for host
control0. Then Ansible would not use SSH to connect to the controller, but use the “local” transport mechanism. If you have a valid
/etc/hostsfile containing information about lab hosts, you can omit the
ansible_host=<ip>parts in the inventory file.
- Check if ansible is ready using the
pingmodule to ping all hosts in your inventory
Solution Task 3
NoteIf you are using the lab servers provided by your teacher, the sudoers configuration is already done. Anyways have a look at it to see how stuff works.
- Configure the
ansibleuser to have root privilege on all hosts in your inventory file. Also enable login without a password for this user.
- Test the functionality by running
sudo -vas user
ansibleon all nodes.
Solution Task 4
In the file
/etc/sudoers (On CentOS/RHEL), there’s already a config entry for the wheel group that is similar to the one we need for our ansible user.
Add a similar line for user ansible to the
Alternatively you can put that into a separate file:
ansible user has root privileges:
Note that you cannot do this using Ansible yet. The reason being you need root privileges and we are just setting up those right now.
- extend the inventory with a group
nodesthat has the groups
TipTake a look at Ansible Docs - Inventory Intro for how to use the
:childrensuffix in INI file inventories.
- ping all servers in the group
Solution Task 5
[nodes:children] to inventory file:
ansible -i hosts <group> --list-hosts to verify group membership in Ansible inventories:
- Have a look at The Bullhorn newsletter
- See what inspired the creators of Ansible: Rocannon’s World
- Ansible Configuration File
- Easteregg: Cowsay not found!