Complete Guide to Installing and Configuring Ansible on Ubuntu
Ansible is a powerful open-source automation tool that simplifies IT configuration management, application deployment, and task automation. In this article, we’ll provide a step-by-step guide to installing Ansible on an Ubuntu system and a comprehensive overview of Ansible's configuration file (ansible.cfg
). We'll explain key configurations every Ansible engineer must know, how to use environment variables for configurations, and provide a sample comprehensive configuration file.
Why Ansible?
Ansible is:
- Agentless: No need to install any software on Managed Nodes.
- Simple: YAML-based configuration.
- Scalable: Manage thousands of nodes effortlessly.
Before diving into configuration, let's ensure Ansible is installed on your system.
Installing Ansible on Ubuntu
Installing Ansible on Ubuntu is straightforward. Follow these steps:
Step 1: Update Your System
Before installing any software, update your system's package list:
sudo apt update
Step 2: Install Ansible
Install Ansible directly from Ubuntu's repositories:
sudo apt install ansible -y
Step 3: Verify Installation
To confirm that Ansible is installed correctly:
ansible --version
You should see output like:
ansible [core 2.x.x]
config file = /etc/ansible/ansible.cfg
...
Understanding Ansible Configuration
Ansible's behavior is controlled by its configuration file, ansible.cfg
, and environment variables. These determine everything from inventory locations to SSH settings and privilege escalation. By mastering these configurations, you can optimize your Ansible workflows.
Location of ansible.cfg
Ansible looks for its configuration file in the following order:
-
Current directory (
./ansible.cfg
) – Project-specific settings. -
User home directory (
~/.ansible.cfg
) – User-specific settings. -
System-wide configuration (
/etc/ansible/ansible.cfg
) – Global settings.
The first file found in this order is used.
Ansible Configuration File: Beginner to Mastery
The ansible.cfg
file is divided into sections. Each section customizes a specific aspect of Ansible's behavior.
1. [defaults]
This section defines global settings used by Ansible.
Key Options
-
inventory
Specifies the inventory file location (list of Managed Nodes). Example:
inventory = /etc/ansible/hosts
-
remote_user
Default SSH user to connect to Managed Nodes. Example:
remote_user = ansible
-
forks
Number of parallel processes (connections to nodes). Default:5
. Increase for larger environments. Example:
forks = 10
-
timeout
SSH connection timeout in seconds. Example:
timeout = 30
-
log_path
Path for logging Ansible outputs. Example:
log_path = /var/log/ansible.log
2. [privilege_escalation]
This section manages privilege escalation, allowing Ansible to perform tasks requiring higher privileges (e.g., root).
Key Options
-
become
Enables privilege escalation. Example:
become = true
-
become_method
Method for privilege escalation (sudo
,su
, etc.). Example:
become_method = sudo
-
become_user
User to escalate to (default:root
). Example:
become_user = root
-
become_ask_pass
Prompts for a password when escalating privileges. Example:
become_ask_pass = false
3. [inventory]
This section configures the inventory behavior (the list of nodes Ansible manages).
Key Options
-
enable_plugins
Specify inventory plugins (e.g.,yaml
,ini
). Example:
enable_plugins = ini, yaml
4. [ssh_connection]
This section customizes the SSH connections Ansible uses to communicate with Managed Nodes.
Key Options
-
ssh_args
Arguments passed to the SSH command for additional options. Example:
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
-
pipelining
Improves performance by reducing SSH operations. Enable it ifrequiretty
is not set on the remote node. Example:
pipelining = true
-
control_path
Specifies the path for SSH ControlMaster sockets. Example:
control_path = %(directory)s/%%h-%%r
Comprehensive Example: ansible.cfg
Below is a comprehensive example of an ansible.cfg
file that covers common configurations:
[defaults]
inventory = ./inventory
remote_user = ansible
forks = 20
log_path = ./ansible.log
timeout = 30
[privilege_escalation]
become = true
become_method = sudo
become_user = root
[inventory]
enable_plugins = ini, yaml
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
pipelining = true
control_path = %(directory)s/%%h-%%r
Using Environment Variables for Configuration
Environment variables provide a dynamic way to configure Ansible without editing the ansible.cfg
file.
Commonly Used Environment Variables
-
ANSIBLE_INVENTORY
Overrides the inventory file path. Example:
export ANSIBLE_INVENTORY=~/my_inventory/hosts
-
ANSIBLE_REMOTE_USER
Sets the SSH user. Example:
export ANSIBLE_REMOTE_USER=ansible
-
ANSIBLE_TIMEOUT
Overrides the SSH connection timeout. Example:
export ANSIBLE_TIMEOUT=40
-
ANSIBLE_LOG_PATH
Specifies the log file path. Example:
export ANSIBLE_LOG_PATH=/var/log/ansible/ansible.log
-
ANSIBLE_BECOME
Enables privilege escalation. Example:
export ANSIBLE_BECOME=true
Viewing Current Environment Variables
To see which Ansible environment variables are currently set:
env | grep ANSIBLE
Creating a Custom ansible.cfg
File
Step 1: Create a Project Directory
mkdir ~/ansible-project
cd ~/ansible-project
Step 2: Create an ansible.cfg
File
nano ansible.cfg
Step 3: Add Configuration
Add the following to your ansible.cfg
:
[defaults]
inventory = ./inventory
remote_user = ansible
log_path = ./ansible.log
timeout = 30
[privilege_escalation]
become = true
become_method = sudo
become_user = root
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
pipelining = true
control_path = %(directory)s/%%h-%%r
Validating and Testing Configuration
1. Validate Syntax
To ensure there are no syntax errors:
ansible-config validate
2. View Active Configuration
See all active configuration settings:
ansible-config dump
3. Test Connection
Test connectivity to nodes:
ansible all -m ping
Essential Best Practices for Ansible Configuration
Use Project-Specific Configurations
Keep configurations in the project directory (ansible.cfg
) to avoid impacting other projects.Centralized Inventory Management
Use a dedicated inventory file or dynamic inventory plugins for large environments.Log Everything
Enable logging to monitor Ansible tasks:
log_path = /var/log/ansible.log
Secure Sensitive Data
Use Ansible Vault to encrypt sensitive information.Optimize Performance
Enable pipelining and adjust the number of forks for better efficiency.
Quick Guide: Installing SSH on Control and Managed Nodes
Ansible relies on SSH for communication between the Control Node and Managed Nodes. Below is a concise guide for installing and configuring SSH on both nodes to ensure smooth Ansible operations.
1. Install OpenSSH on the Managed Node (Target Node)
-
Update the package list:
sudo apt update
-
Install OpenSSH Server:
sudo apt install openssh-server -y
-
Verify if the SSH service is running:
sudo systemctl status ssh
If the service isn't running, start it with:
sudo systemctl start ssh
2. Install OpenSSH on the Control Node
-
Update the package list:
sudo apt update
-
Install OpenSSH Client:
sudo apt install openssh-client -y
3. Set Up Passwordless Authentication
For ease of access and security, you can configure SSH key-based authentication.
- Generate SSH Key Pair on the Control Node:
ssh-keygen
Press Enter
to accept the default file location (~/.ssh/id_rsa
).
Optionally, set a passphrase for additional security.
- Copy the Public Key to the Managed Node: Use the following command to copy your public key to the Managed Node:
ssh-copy-id username@192.168.1.105
Replace username
with the Managed Node's username and 192.168.1.105
with its IP address.
- Test the Passwordless SSH Connection: Now, test if the passwordless login works:
ssh username@192.168.1.105
You should be logged in without entering a password.
4. Verify Network Connectivity
Before establishing SSH, ensure that the Control Node can reach the Managed Node:
- Ping the Managed Node from the Control Node:
ping -c 5 192.168.1.105
Replace 192.168.1.105
with the Managed Node's IP address. A successful response will show:
5 packets transmitted, 5 received, 0% packet loss
5. Establish SSH Connection
After confirming network connectivity, you can establish the SSH connection from the Control Node:
- SSH into the Managed Node:
ssh username@192.168.1.105
Replace username
with the Managed Node's username and 192.168.1.105
with its IP address.
- Accept the Host Key: The first time you connect, you'll be asked to confirm the authenticity of the Managed Node:
The authenticity of host '192.168.1.105 (192.168.1.105)' can't be established.
RSA key fingerprint is SHA256:...
Are you sure you want to continue connecting (yes/no)?
Type yes
and press Enter
.
- Enter the Password: You'll be prompted for the password of the user account on the Managed Node. After entering it, you’ll be logged in.
Step 6: Troubleshooting Tips
If you encounter any issues during your SSH setup, here are some common problems and how to resolve them:
- SSH Connection Refused: If you can't connect and receive a "Connection Refused" error, ensure that the SSH service is running on the Managed Node:
sudo systemctl start ssh
- Host Key Verification Failed: If you're receiving an error like "Host key verification failed," it's likely because the server’s SSH key has changed. To fix this:
ssh-keygen -R 192.168.1.105
This removes the old key from the ~/.ssh/known_hosts
file. After that, try reconnecting and accept the new key.
- Firewall Blocking SSH: If you’re unable to connect due to firewall issues, you may need to allow SSH traffic through the firewall on the Managed Node:
sudo ufw allow ssh
If you're using a custom SSH port, make sure to allow the port specifically:
sudo ufw allow 2222/tcp
Replace 2222
with the port number you're using.
With these steps and troubleshooting tips, you should have no trouble setting up SSH between your Control Node and Managed Node, which will lay the groundwork for using Ansible to automate your systems.
Conclusion
This guide has covered the installation of Ansible on Ubuntu, the usage of environment variables for configuration, and a detailed explanation of the ansible.cfg
file with a comprehensive example. By mastering these configurations, you can build a solid foundation for using Ansible in any environment.
Top comments (0)