Hi, today we will look to a system management automation tool named Ansible. There is a lot of tool in this category but Ansible is different from being agent-less. Yes, you read it right it is client-less and developed in python language. Ansible architecture is very simple which made by a manager which must be Linux and the systems managed which maybe Linux, BSD, or Windows. There are some differences in windows but it is not a problem after setup Ansible. All systems managed in the same way. In Linux and BSD connection made over ssh but in windows RMI protocol.
Install Ansible
Firstly we use fedora for the manager and we should install ansible only on this system. Below command install ansible on the manager
Ubuntu, Debian, Mint, Kali
$ sudo apt install ansible
Fedora, CentOS, RHEL
$ sudo yum install ansible -yPassword-less Connection
And then create ssh-id if it doesn’t exist. We can skip key generation questions to enter without giving any value.
$ ssh-keygen
Then we will install the keys to the remotely managed system with ssh-id-copy command. Now we are ready to use ansible in a simple way.
$ ssh-copy-id ismail@192.168.122.165Inventory and Hosts
Ansible uses its host’s file which is named Inventory to get information about remote systems. We can group hosts in this inventory file. Add this host (192.168.122.165) to the Add host inventory. Here myex is a group name that covers hosts listed below. For now, I just add one host
$ sudo vim /etc/ansible/hosts
[myex]
192.168.122.165
Ping Hosts and Check Connectivity
Now we can use ansible. We use the ping module with -m option and by specifying the group name. We can use all for all inventory hosts.
$ ansible myex -m ping
Run Ad Hoc Command
We can specify pure commands to run on a remote system with -a option. Ad Hoc command provides us the ability to run a command on the remote systems. In this example, we will print the passwd file with cat command.
$ ansible myex -a "cat /etc/passwd"
Debug Ansible and Verbose Output
If we need to debug Ansible work we can use -vvv option where the count of v decides the debug level. As you can see below connection username and the remote module is specified and then the ssh connection is made with specified parameters if you have a problem with the ssh connection you can find detailed info about the problem here. There are Ansible verbs EXEC, PUT, etc.
$ ansible myex -a "cat /etc/passwd" -vvv
Run Sudo On Remote System
We can use sudo privileges on the remote system with --sudo and specify sudo user with –sudo-user .
$ ansible myex -a "/bin/cat /etc/passwd" --sudoAnsible Configuration
Because Ansible use ssh we can disable ssh host key checking by uncommenting below the line.
$ sudo vim /etc/ansible/ansible.cfg
# additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles
# uncomment this to disable SSH key host checking
host_key_checking = False
# change this for alternative sudo implementationsSometimes there are a lot of systems to manage and run commands. We can make ansible work parallel with -f option
$ ansible all -a "ls ~ismail" --sudo -f 10