HackyHour Giessen

Logo

Code - Tools - Science - Help - Social

View the Project on GitHub HackyHour/Giessen

Topic: Ansible

What is Ansible

Use cases

Premise
You have to take care of three or more computers. E.g servers, raspberry-pi fleet, family-sys-admin

Why Ansible

General advantages

Disadvantages

How to use it

Installation

python3 -m pip install --user ansible

How to use it

Inventory files are used to describe your server environment. Here we reference three servers by hostname (e.g.,gui.local) and IP-Address. The [gui] indicates a group with the name gui. All referenced servers under this indicator are part of the group. You can also create a group of groups; see, for example, the group multi.

# First group with name 'gui'
[gui]
gui.local ansible_host=192.168.60.4

[app]
app.local ansible_host=192.168.60.5

[db]
db.local ansible_host=192.168.60.6

# A group of groups with name 'multi'
[multi:children]
app
db
gui

# Variables that will be applied to all servers
[multi:vars]
# Ansible has a lot of reserved variables
# ansible_user is the user Ansible uses for the SSH connection.
ansible_user=vagrant
# this does as the name says and sets a specific private key.
ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key

How to use it

One way to use Ansible is through the command line via so-called “ad-hoc commands. With ad-hoc commands, you can send a command to all your servers, a group, or a single server. Ansible then returns the result to the command line.

Example that copies the /etc/hosts file to /tmp/hosts

ansible -i hosts.ini multi -m ansible.builtin.copy -a "src=/etc/hosts dest=/tmp/hosts"

-i path to inventory file
all a pattern to filter the inventory file
-m select a ansible module
-a pass arguments to the module
src= path to file that we want to copy
dest= path to new location

How to use it

If you want to execute more commands or group commands together, then a playbook becomes useful.

---
# First we filter our inventory, we want to run this playbook on all servers of the inventory.
- hosts: all
  # Gather facts is useful when you need facts about the controlled machine, like hostname, OS, OS-Version etc.
  gather_facts: false
  # Become indicates to Ansible that we need to escalate our privileges
  become: true
  # We use sudo for privilege escalation
  become_method: sudo
  # This section prompts the user who runs the playbook to input a username and password
  # The username is then stored in `new_user_name` and the password is in `my_password`
  vars_prompt:
    - name: new_user_name
      prompt: What is your username?
      private: false
    
    # The passwords need to be hashed (here sha512_crypt).
    - name: my_password
      prompt: Enter a new password(avoid %,{)
      private: true
      encrypt: sha512_crypt
      confirm: true
      salt_size: 7
  
  # Here begins the sequence of tasks
  tasks:
    # This is the first task
    - name: Add new sudo-user
      # It uses the Ansible module `user` to create a new user.
      ansible.builtin.user:
        # Ansible wants you to write variables like this.
        name: ""
        shell: /bin/bash
        create_home: true
        append: true
        groups: sudo, adm
        password: ""

How to use it

Playbooks

ansible-playbook -i hosts.ini --ask-become-pass add_admin_user.yml

–ask-become-pass prompt for sudo password

Sources and further readings

Visit the official documentation.

Some of the shown examples are based on examples by Jeff Geerling. His Youtube-Channel and books are a good starting point to learn more details about Ansible.