This tutorial contains notes about Ansible.
1. Ansible
Ansible
is an open source tool for automated software provisioning and application deployment.
Ansible allows to execute predefined tasks via SSH on remote or local machines. Ansible is simple to use and does not require a server/client architecture. You can execute it from your local machine while the remote machines don’t need an Ansible installation.
2. Installation and configuration of Ansible
2.1. Installation
Ansible is available for all major Linux distributions. You can install it with your package manager. Under Ubuntu you can enter this:
sudo apt install ansible
The Ansible version available through the systems package manager might be outdated. To run the latest Ansible version you can install it through the Python package manager pip. At the time of this writing Ansible supports Python 2.x.
pip install ansible
If you decide to install Ansible through |
2.2. Configuration
For the usage of Ansible you need to configure the machines to which you want to connect.
You can define host groups in the global configuration file /etc/ansible/hosts
.
The following configuration would define a group named test
with two hosts from a local network:
[test] 192.168.56.101 192.168.56.123
Besides the global host file, you can reference other host files on the command line with -i /path
.
This has the advantage that you can put these files under version control and share them with others.
3. Executing ad-hoc commands
The easiest way to get started with Ansible is by executing ad-hoc commands.
Create a directory for your ansible files and save this into a file called hosts
:
[test] your.host
If you changed the SSH port on a host you can specify it like this:
[test] your.host:22222
This host might be for example a:
-
web server
-
VM
-
container
It is also possible to execute your command on your local machine. This is useful for testing or in case you do not have a remote machine available.
For example, to execute the Unix uptime
command via Ansible, you could use following commands.
# ansible -i <host file> <group> -m <module> -a <module arguments>
ansible -i hosts test_group -m shell -a "uptime"
# output should look something like this:
your.host | SUCCESS | rc=0 >>
21:56:49 up 3:04, 2 users, load average: 0.00, 0.00, 0.00
# using localhost:
ansible localhost -m shell -a "uptime"
You can specify the user on the remote machine by passing in the --become-user <username>
parameter.
Otherwise, your local user is used.
To gain administrator (sudo) rights for your command add --become
.
If the remote user needs a password for sudo access, additionally add --ask-become-password
.
4. Playbooks
Playbooks
are Ansible configuration files that specify the tasks to be performed.
Task can be synchronously or asynchronously.
By default, tasks are executed synchronously and sequentially in the order they are defined in the Playbook.
It is possible to switch host groups between tasks.
Playbooks are written in YAML format.
To do a syntax check on a Playbook without executing it, start it with the --syntax-check
parameter:
ansible-playbook my_playbook.yml --syntax-check
Ansible comes with a sizable number of modules that we can use in our playbooks to do common tasks.
Here is an example playbook with three tasks:
- hosts: test (1)
tasks:
- name: Ensure sudo group exists
group: (2)
name: sudo (3)
state: present (4)
- name: Ensure test user exists
user: (5)
name: test
state: present
- name: Add test user to sudo group
user: (6)
name: test
groups: sudo
append: yes
1 | we define the host group on which this playbook is executed |
2 | we use the Ansible group module to add a new user group |
3 | each module defines a specific set of variables by which it can be configured, here we specify the name of the group |
4 | check if user exists and create him if he is missing |
5 | we use the user module to create a new user |
6 | we add our new test user to the sudo group |
It is possible to have multiple task blocks with different settings in one playbook. The next example works on multiple hosts:
- hosts: dbserver
tasks:
- name: fetch backup
fetch:
src: /backup/
dest: /tmp/fetched
- hosts: storageserver
tasks:
- name: upload backup
4.1. Dry run
Many Ansible modules support a test run without persisting any actual changes.
Such runs are called dry runs.
To trigger a dry run execute with the --check
parameter.
To see the changes that would be made add --diff
.
This parameter can also be used in a regular run.
ansible-playbook my_playbook.yml --check --diff
5. Ansible resources
5.1. vogella Java example code
If you need more assistance we offer Online Training and Onsite training as well as consulting