Features of Ansible
- Ansible is Modular
- 1000+ Modules available.
- Modules written in python.
Running Ansible
- Do not use Root account for ansible
- Create an account with all privileges:
sudo visudo
%ansible ALL=(ALL) ALL
usermod -aG ansible aman
- Install python on all hosts:
yum install -y python2 epel-release
- Add entry to Hosts file & enable key less SSH access:
ssh-copy-id -i ~/.ssh/id_rsa.pub aman@server2
- Using the same username is convenient but not required.
Inventory file
cd install
nano inventory
[all]
controller.example.com
node1.example.com
[servers]
node1.example.com
server1.example.com
ansible all -i inventory --list-hosts
Ansible Config File
- Variour ansible.cfg files:
/etc/ansible/ansible.cfg
~/.ansible.cfg
ansible.cfg in project directory (takes precedence)
become: Specify how to escalate privileges on the managed host.
become_user: Specify which user account to use on remote host.
become_ask_pass: Whether or not a password should be asked.
inventory: Which Inventory files to be used.
remote_user: Name of user account on the managed host. Not set by default, so local username is used.
Ansible runs tasks on managed host using same user account as local user, so make sure to copy ssh keys.
Set remote_user in ansible.cfg to specify another user to be used.
If remote_user is not specified, Privilege Escalation can be used.
Enable in [privilege_escalation] section in ansible.cfg:
become=True
become_method=sudo
become_user=root
become_ask_pass=False
Privilege escalation needs sudo configuration
Create a sudo file on all Ansible managed hosts:
nano /etc/sudoers.d/user
user ALL=(ALL) NOPASSWD: ALL