Ansible

by adminotaurin automationon Posted on

Ansible is an open source automation platform that works with almost every technology from Linux, Windows, AWS, Azure, Zabbix, Cisco, and much more. Getting started with open source Ansible can be difficult to setup and understand, the intention is to help you get started to help you on your automation journey.

Ansible Can be installed on Ubuntu, Redhat base systems ( Fedora, Alma , Rocky ) , Mac, and even Windows via WSL Ubuntu. We will be using Ubuntu 22.04 LTS in this tutorial. You can view the technical notes here from Decyphertek Read The Docs. You can also get started with Decyphertek Github. 

 # Ubuntu Install
 $ sudo add-apt-repository --yes --update ppa:ansible/ansible
 $ sudo apt install ansible

 # Lets get Decyphertek Ansible repo from github
 $ sudo apt install git  
 $ cd /etc/
 $ sudo rm -rf ansible/
 $ sudo git clone https://github.com/decyphertek-io/ansible.git

The mentioned terminal commands install the Ansible repo, Ansible, git , and then install the Decyphertek Ansible repo . This will help you get started easily. I have a few playbooks and roles already developed that can help you understand the structure and utilize it to build servers or secure your environment right away. Next Lets setup your ansible.cfg , hosts , and generate some ssh keys. 

$ sudo nano /etc/ansible/ansible.cfg
[defaults]
remote_port = 22
remote_user = ubuntu
sudo_user = root
#enable_plugins = aws_ec2
ansible_interpreter_python = /usr/bin/python3
inventory = /etc/ansible/hosts
roles_path = /etc/ansible/roles
#collections_paths = /root/.ansible/collections:/usr/share/.ansible/collections
retry_files_enabled = False
host_key_checking = False
display_skipped_hosts = True
deprecation_warnings = False
stdout_callback = yaml
sbin_ansible_callbacks = true
private_key_file = /home/$USER/.ssh/id_rsa
#log_path = ~/ansible/log/your-branch-name.txt
ask_vault_pass = /etc/ansible/vault/variable.vault

[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False

The most important detail that needs to be updated here is the remote_user should reflect the username of the systems you will be accessing by default, ideally you have a dedicated admin account on each system you access or you can use the default accounts, such as ubuntu, ec2-user , etc. Then you have to change $USER to your actual username. If you type whoami in the terminal it will show you your username. Next we will update the hosts inventory. 

$ sudo nano /etc/ansible/hosts
[test_server]
"Test-Server:                   0.0.0.0   " ansible_host=0.0.0.0

The title [test_server] is a group that can have multiple servers listed under it, so when you mention it when running an ansible playbook, it will run that against all those servers. Lets just test it for now. Find another server that the new Ubuntu Ansible server has ssh access to and find its IP via nmap scan , ifconfig , or ip addr. 

# nmap scan - From ansible server
$ sudo apt install nmap net-tools
$ ifconfig
# find you ip address , lets say its inet 192.168.1.102 , lets scan the entire network
$ sudo nmap -sS -O -Pn 192.168.1.1/24
# This will allow you to see what systems you have access to on the same subnet.
# You need to have ssh access to a system via ssh keys or password. Example.
$ ssh [email protected]
# Add that host to your inventory
$ sudo nano /etc/ansible/hosts
[ubuntu_test_server]
"Ubuntu_Test_Server:                   192.168.1.19   " ansible_host=192.168.1.19

We are almost at the finish line. Next we need to generate some ssh keys, to initiate a more secure ssh connection, instead of a password. From the Ansible server, generate some ssh keys. 

# Agree to default choices, press enter, you choose if you want an ssh key password. 
$ ssh-keygen -t rsa -b 4096
$ chmod 400 ~/.ssh/id_rsa
# You then have to copy over the id_rsa.pub to the server you want to access.
$ cat ~/.ssh/id_rsa.pub

# On the client system you want Ansible to access do the following.
Example of accessing the remote system via ssh.
$ ssh [email protected]
$ mkdir .ssh
$ nano authorized_keys
paste key from above command on ansible server $ cat ~/.ssh/id_rsa.pub
$ exit 
# Test access again from Ansible server to the Test server. 
$ ssh [email protected]

You should be ready now to run your first Ansible Playbook against the test server. Remember that you have to do a similar process to all servers that you want to access, so setup can be tedious, its worth it. Spend the time to deploy the id_rsa.pub key to the ~/.ssh/authorized keys . Let test it out now. 

$ cd /etc/ansible/playbooks/
$ ls 
$ cd patching
# This will update & upgrade the Ubuntu system. 
$ sudo ansible-playbook -l ubuntu_test_server debian-upgrade.yml

Now that you are up and running. Here are some basic commands. Again, you can always reference the Decyphertek Read the Docs if you have any issues. 

 # Ansible Basics
 $ sudo  ansible-playbook -l test_server playbook.yaml
 # How to use Vault:( See Vault instructions for more details ) 
 $ sudo ansible-playbook -l test_server playbook.yml --ask-vault-pass 
 # How to run Windows Playbooks
 $ sudo ansible-playbook -l win template.yml --ask-vault-pass
 # Modify the ansible.cfg to point to your right directories
 $ sudo nano ~/.ansible.cfg
 # Modify the hosts 
 $ sudo nano ~/ansible/inventory/hosts
 # Ansible Docs
 $ sudo ansible-doc --version
 $ sudo ansible-doc -h
 # Module info:
 # sudo ansible-doc <module name> 
 $ sudo ansible-doc copy
 # Plugin info:
 # sudo ansible-doc --type <plugin type> 
 $ sudo ansible-doc -t connection -s ssh

Good luck on your Ansible Journey. Hopefully we helped you find your way.