DEV Community

Harsh Mishra
Harsh Mishra

Posted on

Ansible: Installation and Configuration Guide for Beginners

Complete Guide to Installing and Configuring Ansible on Ubuntu

Ansible is a powerful open-source automation tool that simplifies IT configuration management, application deployment, and task automation. In this article, we’ll provide a step-by-step guide to installing Ansible on an Ubuntu system and a comprehensive overview of Ansible's configuration file (ansible.cfg). We'll explain key configurations every Ansible engineer must know, how to use environment variables for configurations, and provide a sample comprehensive configuration file.


Why Ansible?

Ansible is:

  • Agentless: No need to install any software on Managed Nodes.
  • Simple: YAML-based configuration.
  • Scalable: Manage thousands of nodes effortlessly.

Before diving into configuration, let's ensure Ansible is installed on your system.


Installing Ansible on Ubuntu

Installing Ansible on Ubuntu is straightforward. Follow these steps:

Step 1: Update Your System

Before installing any software, update your system's package list:

sudo apt update
Enter fullscreen mode Exit fullscreen mode

Step 2: Install Ansible

Install Ansible directly from Ubuntu's repositories:

sudo apt install ansible -y
Enter fullscreen mode Exit fullscreen mode

Step 3: Verify Installation

To confirm that Ansible is installed correctly:

ansible --version
Enter fullscreen mode Exit fullscreen mode

You should see output like:

ansible [core 2.x.x]
  config file = /etc/ansible/ansible.cfg
  ...
Enter fullscreen mode Exit fullscreen mode

Understanding Ansible Configuration

Ansible's behavior is controlled by its configuration file, ansible.cfg, and environment variables. These determine everything from inventory locations to SSH settings and privilege escalation. By mastering these configurations, you can optimize your Ansible workflows.


Location of ansible.cfg

Ansible looks for its configuration file in the following order:

  1. Current directory (./ansible.cfg) – Project-specific settings.
  2. User home directory (~/.ansible.cfg) – User-specific settings.
  3. System-wide configuration (/etc/ansible/ansible.cfg) – Global settings.

The first file found in this order is used.


Ansible Configuration File: Beginner to Mastery

The ansible.cfg file is divided into sections. Each section customizes a specific aspect of Ansible's behavior.

1. [defaults]

This section defines global settings used by Ansible.

Key Options

  1. inventory Specifies the inventory file location (list of Managed Nodes). Example:
   inventory = /etc/ansible/hosts
Enter fullscreen mode Exit fullscreen mode
  1. remote_user Default SSH user to connect to Managed Nodes. Example:
   remote_user = ansible
Enter fullscreen mode Exit fullscreen mode
  1. forks Number of parallel processes (connections to nodes). Default: 5. Increase for larger environments. Example:
   forks = 10
Enter fullscreen mode Exit fullscreen mode
  1. timeout SSH connection timeout in seconds. Example:
   timeout = 30
Enter fullscreen mode Exit fullscreen mode
  1. log_path Path for logging Ansible outputs. Example:
   log_path = /var/log/ansible.log
Enter fullscreen mode Exit fullscreen mode

2. [privilege_escalation]

This section manages privilege escalation, allowing Ansible to perform tasks requiring higher privileges (e.g., root).

Key Options

  1. become Enables privilege escalation. Example:
   become = true
Enter fullscreen mode Exit fullscreen mode
  1. become_method Method for privilege escalation (sudo, su, etc.). Example:
   become_method = sudo
Enter fullscreen mode Exit fullscreen mode
  1. become_user User to escalate to (default: root). Example:
   become_user = root
Enter fullscreen mode Exit fullscreen mode
  1. become_ask_pass Prompts for a password when escalating privileges. Example:
   become_ask_pass = false
Enter fullscreen mode Exit fullscreen mode

3. [inventory]

This section configures the inventory behavior (the list of nodes Ansible manages).

Key Options

  1. enable_plugins Specify inventory plugins (e.g., yaml, ini). Example:
   enable_plugins = ini, yaml
Enter fullscreen mode Exit fullscreen mode

4. [ssh_connection]

This section customizes the SSH connections Ansible uses to communicate with Managed Nodes.

Key Options

  1. ssh_args Arguments passed to the SSH command for additional options. Example:
   ssh_args = -o ControlMaster=auto -o ControlPersist=60s
Enter fullscreen mode Exit fullscreen mode
  1. pipelining Improves performance by reducing SSH operations. Enable it if requiretty is not set on the remote node. Example:
   pipelining = true
Enter fullscreen mode Exit fullscreen mode
  1. control_path Specifies the path for SSH ControlMaster sockets. Example:
   control_path = %(directory)s/%%h-%%r
Enter fullscreen mode Exit fullscreen mode

Comprehensive Example: ansible.cfg

Below is a comprehensive example of an ansible.cfg file that covers common configurations:

[defaults]
inventory = ./inventory
remote_user = ansible
forks = 20
log_path = ./ansible.log
timeout = 30

[privilege_escalation]
become = true
become_method = sudo
become_user = root

[inventory]
enable_plugins = ini, yaml

[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
pipelining = true
control_path = %(directory)s/%%h-%%r
Enter fullscreen mode Exit fullscreen mode

Using Environment Variables for Configuration

Environment variables provide a dynamic way to configure Ansible without editing the ansible.cfg file.

Commonly Used Environment Variables

  1. ANSIBLE_INVENTORY Overrides the inventory file path. Example:
   export ANSIBLE_INVENTORY=~/my_inventory/hosts
Enter fullscreen mode Exit fullscreen mode
  1. ANSIBLE_REMOTE_USER Sets the SSH user. Example:
   export ANSIBLE_REMOTE_USER=ansible
Enter fullscreen mode Exit fullscreen mode
  1. ANSIBLE_TIMEOUT Overrides the SSH connection timeout. Example:
   export ANSIBLE_TIMEOUT=40
Enter fullscreen mode Exit fullscreen mode
  1. ANSIBLE_LOG_PATH Specifies the log file path. Example:
   export ANSIBLE_LOG_PATH=/var/log/ansible/ansible.log
Enter fullscreen mode Exit fullscreen mode
  1. ANSIBLE_BECOME Enables privilege escalation. Example:
   export ANSIBLE_BECOME=true
Enter fullscreen mode Exit fullscreen mode

Viewing Current Environment Variables

To see which Ansible environment variables are currently set:

env | grep ANSIBLE
Enter fullscreen mode Exit fullscreen mode

Creating a Custom ansible.cfg File

Step 1: Create a Project Directory

mkdir ~/ansible-project
cd ~/ansible-project
Enter fullscreen mode Exit fullscreen mode

Step 2: Create an ansible.cfg File

nano ansible.cfg
Enter fullscreen mode Exit fullscreen mode

Step 3: Add Configuration

Add the following to your ansible.cfg:

[defaults]
inventory = ./inventory
remote_user = ansible
log_path = ./ansible.log
timeout = 30

[privilege_escalation]
become = true
become_method = sudo
become_user = root

[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
pipelining = true
control_path = %(directory)s/%%h-%%r
Enter fullscreen mode Exit fullscreen mode

Validating and Testing Configuration

1. Validate Syntax

To ensure there are no syntax errors:

ansible-config validate
Enter fullscreen mode Exit fullscreen mode

2. View Active Configuration

See all active configuration settings:

ansible-config dump
Enter fullscreen mode Exit fullscreen mode

3. Test Connection

Test connectivity to nodes:

ansible all -m ping
Enter fullscreen mode Exit fullscreen mode

Essential Best Practices for Ansible Configuration

  1. Use Project-Specific Configurations

    Keep configurations in the project directory (ansible.cfg) to avoid impacting other projects.

  2. Centralized Inventory Management

    Use a dedicated inventory file or dynamic inventory plugins for large environments.

  3. Log Everything

    Enable logging to monitor Ansible tasks:

   log_path = /var/log/ansible.log
Enter fullscreen mode Exit fullscreen mode
  1. Secure Sensitive Data

    Use Ansible Vault to encrypt sensitive information.

  2. Optimize Performance

    Enable pipelining and adjust the number of forks for better efficiency.


Quick Guide: Installing SSH on Control and Managed Nodes

Ansible relies on SSH for communication between the Control Node and Managed Nodes. Below is a concise guide for installing and configuring SSH on both nodes to ensure smooth Ansible operations.


1. Install OpenSSH on the Managed Node (Target Node)

  • Update the package list:

     sudo apt update
    
  • Install OpenSSH Server:

     sudo apt install openssh-server -y
    
  • Verify if the SSH service is running:

     sudo systemctl status ssh
    

    If the service isn't running, start it with:

     sudo systemctl start ssh
    

2. Install OpenSSH on the Control Node

  • Update the package list:

     sudo apt update
    
  • Install OpenSSH Client:

     sudo apt install openssh-client -y
    

3. Set Up Passwordless Authentication

For ease of access and security, you can configure SSH key-based authentication.

  1. Generate SSH Key Pair on the Control Node:
   ssh-keygen
Enter fullscreen mode Exit fullscreen mode

Press Enter to accept the default file location (~/.ssh/id_rsa).
Optionally, set a passphrase for additional security.

  1. Copy the Public Key to the Managed Node: Use the following command to copy your public key to the Managed Node:
   ssh-copy-id username@192.168.1.105
Enter fullscreen mode Exit fullscreen mode

Replace username with the Managed Node's username and 192.168.1.105 with its IP address.

  1. Test the Passwordless SSH Connection: Now, test if the passwordless login works:
   ssh username@192.168.1.105
Enter fullscreen mode Exit fullscreen mode

You should be logged in without entering a password.


4. Verify Network Connectivity

Before establishing SSH, ensure that the Control Node can reach the Managed Node:

  1. Ping the Managed Node from the Control Node:
   ping -c 5 192.168.1.105
Enter fullscreen mode Exit fullscreen mode

Replace 192.168.1.105 with the Managed Node's IP address. A successful response will show:

   5 packets transmitted, 5 received, 0% packet loss
Enter fullscreen mode Exit fullscreen mode

5. Establish SSH Connection

After confirming network connectivity, you can establish the SSH connection from the Control Node:

  1. SSH into the Managed Node:
   ssh username@192.168.1.105
Enter fullscreen mode Exit fullscreen mode

Replace username with the Managed Node's username and 192.168.1.105 with its IP address.

  1. Accept the Host Key: The first time you connect, you'll be asked to confirm the authenticity of the Managed Node:
   The authenticity of host '192.168.1.105 (192.168.1.105)' can't be established.
   RSA key fingerprint is SHA256:...
   Are you sure you want to continue connecting (yes/no)?
Enter fullscreen mode Exit fullscreen mode

Type yes and press Enter.

  1. Enter the Password: You'll be prompted for the password of the user account on the Managed Node. After entering it, you’ll be logged in.

Step 6: Troubleshooting Tips

If you encounter any issues during your SSH setup, here are some common problems and how to resolve them:

  1. SSH Connection Refused: If you can't connect and receive a "Connection Refused" error, ensure that the SSH service is running on the Managed Node:
   sudo systemctl start ssh
Enter fullscreen mode Exit fullscreen mode
  1. Host Key Verification Failed: If you're receiving an error like "Host key verification failed," it's likely because the server’s SSH key has changed. To fix this:
   ssh-keygen -R 192.168.1.105
Enter fullscreen mode Exit fullscreen mode

This removes the old key from the ~/.ssh/known_hosts file. After that, try reconnecting and accept the new key.

  1. Firewall Blocking SSH: If you’re unable to connect due to firewall issues, you may need to allow SSH traffic through the firewall on the Managed Node:
   sudo ufw allow ssh
Enter fullscreen mode Exit fullscreen mode

If you're using a custom SSH port, make sure to allow the port specifically:

   sudo ufw allow 2222/tcp
Enter fullscreen mode Exit fullscreen mode

Replace 2222 with the port number you're using.


With these steps and troubleshooting tips, you should have no trouble setting up SSH between your Control Node and Managed Node, which will lay the groundwork for using Ansible to automate your systems.


Conclusion

This guide has covered the installation of Ansible on Ubuntu, the usage of environment variables for configuration, and a detailed explanation of the ansible.cfg file with a comprehensive example. By mastering these configurations, you can build a solid foundation for using Ansible in any environment.

Top comments (0)