Ansible is a free, open-source, and one of the most popular configuration management tools. It is a cross-platform tool that simplifies cloud computing, configuration management, package installation, and service configuration. It uses a YAML file that contains the steps which the user wants to run on a particular machine. With Ansible, you can configure and manage more than hosts with a single command. Ansible is an alternative to the other configuration management tools like Chef and Puppet.
In this article, I will show you how to install and use Ansible configuration management tool on Debian 11.
Prerequisites
- Three servers running Debian 11.
- A root password is configured on each server.
For the purpose of this tutorial, we will use the following setup:
- Ansible Controler – 192.168.10.9
- Ansible Hosts – 192.168.10.10, 192.168.10.11
Install Ansible on Debian 11
By default, the Ansible package is not included in the Debian default repository. There are two ways to install Ansible on Debian 11.
- Using APT Command
- Using PIP Command
Install Ansible Using APT
First, you will need to install some dependencies in your system. You can install the required dependencies using the following command:
apt-get install gnupg2 curl wget -y
Once all the dependencies are installed, edit the APT source.list and add the Ansible repository:
nano /etc/apt/sources.list
Add the following line:
deb http://ppa.launchpad.net/ansible/ansible/ubuntu focal main
Save and close the file when you are done then add the Ansible GPG key using the following command:
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
You should see the following output:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.lFEjztT9TY/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
gpg: key 93C4A3FD7BB9C367: public key "Launchpad PPA for Ansible, Inc." imported
gpg: Total number processed: 1
gpg: imported: 1
Now, update the repository and install the Ansible with the following command:
apt-get update
apt-get install ansible -y
Once the Ansible is installed, verify the Ansible version with the following command:
ansible --version
You should get the following output:
ansible 2.10.8
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
Install Ansible Using PIP
First, you will need to install Python and PIP to your system. You can install it using the following command:
apt-get install python3 python3-pip -y
Once the installation is complete, use the pip command to install Ansible as shown below:
pip install ansible
Install sshpass
The sshpass is a command-line tool that allows you to provide passwords with SSH commands. Here, we will use sshpass on the Ansible controller node with Ansible to authenticate a remote host.
You can install the sshpass with the following command:
apt-get install sshpass -y
Next, connect to the first ansible remote host to add an SSH fingerprint to your known_hosts file:
ssh [email protected]
You will be asked to provide an SSH password as shown below:
The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established.
ECDSA key fingerprint is SHA256:q3zMoJ6qdjYvAdL7/w4Z0gm0ZEgGOB+rNIPKEMdYS6o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.10.10' (ECDSA) to the list of known hosts.
Password:
Provide your password and hit Enter to add an SSH fingerprint.
Next, connect to the second ansible remote host to add an SSH fingerprint to your known_hosts file:
ssh [email protected]
You will be asked to provide an SSH password as shown below:
The authenticity of host '192.168.10.11 (192.168.10.11)' can't be established.
ECDSA key fingerprint is SHA256:q3zMoJ6qdjYvAdL7/w4Z0gm0ZEgGOB+rNIPKEMdYS6o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.10.11' (ECDSA) to the list of known hosts.
Password:
Provide your password and hit Enter.
You can now use the sshpass command to verify the SSH connection:
sshpass -p yourpassword ssh [email protected]
Create Ansible Hosts Inventory File
Next, you will need to create an inventory file to define your remote hosts IP address, username, password and SSH port:
nano ~/.hosts
Add the following lines:
[servers]
server1 ansible_host=192.168.10.10 ansible_user=root ansible_ssh_pass=password ansible_ssh_port=22
server2 ansible_host=192.168.10.11 ansible_user=root ansible_ssh_pass=password ansible_ssh_port=22
Save and close the file.
Note: In the above file, we will use remote hosts’ IP, username, password, and SSH port.
Working with Ansible
Ansible provides a lot of modules that help you to manage remote hosts.
The basic syntax to run Ansible as shown below:
ansible -i [inventory_file] -m [module] [host]
Let’s verify the ping connectivity to all hosts:
ansible -i ~/.hosts -m ping all
If everything is fine, you should get the following output:
server2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
server1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
If you want to verify ping connectivity of the only server1, run the following command:
ansible -i ~/.hosts -m ping server1
You should get the following output:
server1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
You can use the shell module to run all commands on the remote hosts.
For example, to run “free -m” command on server2, run the following command:
ansible -i ~/.hosts -m shell -a "free -m" server2
You should see the following output:
server2 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 1982 128 491 2 1363 1669
Swap: 0 0 0
To run a “df -h” commad on server2, run the following command:
ansible -i ~/.hosts -m shell -a "df -h" server2
You should get the following output:
server2 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
udev 976M 0 976M 0% /dev
tmpfs 199M 404K 198M 1% /run
/dev/sda1 50G 2.4G 45G 5% /
tmpfs 992M 124K 992M 1% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 199M 0 199M 0% /run/user/0
Ansible provides an apt module to install any package to the remote hosts.
To install the Nginx package on server1, run the following command:
ansible -i ~/.hosts -m ansible.builtin.apt -a "name=nginx state=present" server1
You should get the following output:
server1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"cache_update_time": 1631424599,
"cache_updated": false,
"changed": true,
"stderr": "",
"stderr_lines": [],
"Upgrading binary: nginx.",
"Setting up nginx (1.18.0-6.1) ...",
"Processing triggers for man-db (2.9.4-2) ...",
"Processing triggers for libc-bin (2.31-13) ..."
]
}
To check the status of the Nginx service on server1, run the following command:
ansible -i ~/.hosts -m shell -a "systemctl status nginx" server1
You should get the following output:
server1 | CHANGED | rc=0 >>
? nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-09-12 05:55:36 UTC; 49s ago
Docs: man:nginx(8)
Process: 10761 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 10764 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 10871 (nginx)
Tasks: 2 (limit: 2341)
Memory: 5.8M
CPU: 54ms
CGroup: /system.slice/nginx.service
??10871 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
??10874 nginx: worker process
Sep 12 05:55:36 ansible systemd[1]: Starting A high performance web server and a reverse proxy server...
Sep 12 05:55:36 ansible systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Sep 12 05:55:36 ansible systemd[1]: Started A high performance web server and a reverse proxy server.
Ansible provides a user module to create and manage users on the remote hosts.
To create a new user named user1 on server1, run the following command:
ansible -i ~/.hosts -m ansible.builtin.user -a "name=user1 password=yourpassword" server1
You should see the following output:
server1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/user1",
"name": "user1",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/sh",
"state": "present",
"system": false,
"uid": 1000
}
Conclusion
In this article, you learned how to install Ansible with APT and PIP. You also learned how to use different Ansible modules to manage remote hosts. I hope you have now enough understanding of Ansible. Feel free to ask me if you have any questions.
