In this article, you’re going to learn from the ground up how to download, install and configure an Ansible controller host on Ubuntu, and RHEL/CentOS. You’ll also get a jump start on running your first commands.
5. Connect using Password based Authentication
1. Introduction
- Configuration from scratch of single or multiple nodes
- Deployments
- Configuration changes
- Patching & Upgrading
- Service management
Basic Concepts docs.ansible.com
These concepts are common to all uses of Ansible, including network automation. You need to understand them to use Ansible for network automation. This basic introduction provides the background you need to follow the examples in this guide.
Control node
Any machine with Ansible installed. You can run Ansible commands and playbooks by invoking the ansible or ansible-playbook command from any control node. You can use any computer that has a Python installation as a control node – laptops, shared desktops, and servers can all run Ansible. However, you cannot use a Windows machine as a control node. You can have multiple control nodes.
Managed nodes
The network devices (and/or servers) you manage with Ansible. Managed nodes are also sometimes called “hosts”. Ansible is not installed on managed nodes.
Inventory
A list of managed nodes. An inventory file is also sometimes called a “hostfile”. Your inventory can specify information like IP address for each managed node. An inventory can also organize managed nodes, creating and nesting groups for easier scaling. To learn more about inventory, see the Working with Inventory section.
Collections
Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins. You can install and use collections through Ansible Galaxy. To learn more about collections, see Using collections.
Modules
The units of code Ansible executes. Each module has a particular use, from administering users on a specific type of database to managing VLAN interfaces on a specific type of network device. You can invoke a single module with a task, or invoke several different modules in a playbook. Starting in Ansible 2.10, modules are grouped in collections. For an idea of how many collections Ansible includes, take a look at the Collection Index.
Tasks
The units of action in Ansible. You can execute a single task once with an ad hoc command.
Playbooks
Ordered lists of tasks, saved so you can run those tasks in that order repeatedly. Playbooks can include variables as well as tasks. Playbooks are written in YAML and are easy to read, write, share and understand. To learn more about playbooks, see Intro to playbooks.
2. Install Ansible on Ubuntu
2.1 Update packages
sudo apt update
2.2 Install Ansible
sudo apt install ansible -y
2.3 Verify Ansible Installation and Version
martin@ubuntu2:~$ ansible --version
ansible 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/martin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
3. Install Ansible on CentOS
3.1 Install EPEL Repository
sudo dnf install epel-release -y
3.2 Update packages
sudo dnf update -y
3.3 Install Ansible
sudo dnf install ansible -y
3.4 Verify Ansible Installation and Version
[martin@centos2 ~]$ ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/martin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Oct 19 2021, 05:14:06) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
4. Set up Host Inventory
Inventory
A list of managed nodes. An inventory file is also sometimes called a “hostfile”. Your inventory can specify information like IP address for each managed node. An inventory can also organize managed nodes, creating and nesting groups for easier scaling. The default location for inventory is a file called /etc/ansible/hosts. To learn more about inventory, see the How to build your inventory section.
4.1 Config your hosts
martin@ubuntu2:~$ cat /etc/ansible/hosts
[servers]
centos1 ansible_host=10.0.1.11
centos2 ansible_host=10.0.2.12
4.2 Check your inventory
ansible-inventory --list -y
martin@ubuntu2:~$ ansible-inventory --list -y
all:
children:
servers:
hosts:
centos1:
ansible_host: 10.0.1.11
centos2:
ansible_host: 10.0.2.12
ungrouped: {}
5. Connect using Password based Authentication
If you are connecting from control node to managed nodes using password based authentication you need to include “–ask-pass” option in every Ansible command. Prerequisite for using ssh password based authentication is installed “sshpass” package on the system. If you want to use ssh private key authentication jump to Step.6
5.1 Install sshpass on Ubuntu
sudo apt install sshpass -y
5.2 Install sshpass on CentOS
sudo dnf install sshpass -y
5.3 Test connection
ansible all -m ping -u username --ask-pass
martin@ubuntu2:~$ ansible all -m ping -u martin --ask-pass
SSH password:
centos2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
centos1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
6. Connect using ssh private key
If you are connecting from control node to managed nodes using ssh private keys you need to have generated the keys.
6.1 Create key pair
ssh-keygen
martin@ubuntu2:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/martin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/martin/.ssh/id_rsa
Your public key has been saved in /home/martin/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx martin@ubuntu2
The key's randomart image is:
+---[RSA 3072]----+
|# ##### |
|+++ +++ |
|o o |
|...o.+.o.. |
| + ..S |
| o = |
| o = + + |
| . = .* . |
| . .. ooo |
+----[SHA256]-----+
martin@ubuntu2:~$
6.2 Copy public key from control node to all your managed nodes
ssh-copy-id username@remote_host
martin@ubuntu2:~$ ssh-copy-id martin@10.0.2.12 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/martin/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys martin@10.0.2.12's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'martin@10.0.2.12'" and check to make sure that only the key(s) you wanted were added.
6.3 Test Connection
ansible all -m ping -u username
martin@ubuntu2:~$ ansible all -m ping -u martin
centos2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
centos1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
7. Run simple command
Ansible can be used to execute any shell command remotely on servers specified in the inventory file.
ansible all -a "ANY_SHELL_COMMAND" -u martin
martin@ubuntu2:~$ ansible all -a "uname -a" -u martin
centos2 | CHANGED | rc=0 >>
Linux centos2 4.18.0-348.7.1.el8_5.x86_64 #1 SMP Wed Dec 22 13:25:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
centos1 | CHANGED | rc=0 >>
Linux centos1 4.18.0-338.el8.x86_64 #1 SMP Fri Aug 27 17:32:14 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
8. Run playbook
Playbook is ordered lists of tasks, saved so you can run those tasks in that order repeatedly. They can include variables as well as tasks. Playbooks are written in YAML and are easy to read, write, share and understand. To learn more about playbooks, see Intro to playbooks.
8.1 Create playbook.yml
as an example will be used simple playbook which gives output ipv4 addresses configured on the managed nodes.
---
- hosts: all
tasks:
- name: print facts
debug:
msg: "IPv4 address: {{ ansible_default_ipv4.address }}"
8.2 Run playbook
ansible-playbook playbook.yml -u USERNAME
martin@ubuntu2:~/ansible$ ansible-playbook playbook.yml -u martin
PLAY [all] ****************************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [centos2]
ok: [centos1]
TASK [print facts] ********************************************************************************
ok: [centos1] => {
"msg": "IPv4 address: 10.0.1.11"
}
ok: [centos2] => {
"msg": "IPv4 address: 10.0.2.12"
}
PLAY RECAP ****************************************************************************************
centos1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
centos2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Tip:
To show detailed information about the managed node systems use following command to gather system variables
ansible all -m setup -u USERNAME
Conclusion
In this tutorial you have installed Ansible and created inventory file consisting from managed nodes to execute ad-hoc commands or playbooks from Ansible control node.