Ansible - How to start

From Linux - Help
Jump to navigation Jump to search


Install Virtualenv:

Before installing Ansible, we will prepare our Control Machine to use Virtualenv also called venv. We use this because it is easier to maintain and secure our distribution, in case of a miss use we will only break the venv and not the system.

First we check the python & pip version used on the system level:

 oswin@xps:~$ python --version
 Python 3.6.6
 oswin@xps:~$ pip --version
 pip 18.0

If it is not installed python or pip type the following:

 oswin@xps:~$ sudo apt install python pip

> If unsure please check this before installing python.

Now we can install the package virtualenv:

 oswin@xps:~$ sudo apt install virtualenv
 oswin@xps:~$ virtualenv --version

> If using fish shell, see this project to allow you to use it with fish

Create a virtual environment for a project:

 oswin@xps:~$ mkdir test_project
 oswin@xps:~$ virtualenv test_project

Activate the new virtual environment:

 oswin@xps:~$ source ~/test_project/bin/activate
 (test_project) oswin@xps:~/test_project$

Deactivate the new virtual environment:

 (test_project) oswin@xps:~/test_project$ deactivate

From here you have your own python environment for Ansible. Now we can install it in our new venv.


 (test_project) oswin@xps:~/test_project$ pip install ansible
 (test_project) oswin@xps:~/test_project$ ansible --version
 ansible 2.6.4

Configuring Ansible: The configuration files:

An example is available on Github.

Changes can be made and used in a configuration file which will be searched for in the following order:

  • ANSIBLE_CONFIG (environment variable if set)
  • ansible.cfg (in the current directory)
  • ~/.ansible.cfg (in the home directory)
  • /etc/ansible/ansible.cfg

> Ansible will process the above list and use the first file found, all others are ignored.

Example of configuration:

 inventory = $HOME/test_project/ansible/inventory
 log_path = $HOME/tmp/ansible.log
 roles_path = $HOME/test_project/ansible/roles
 vault_password_file = $HOME/Private/.vault_pass.txt
 callback_whitelist = profile_tasks
 forks = 8
 scp_if_ssh = True

Working with Inventory: Hosts and Groups:

 $ mkdir inventory
 $ vim inventory/hosts
 [webservers]  ansible_connection=ssh ansible_user=alice   ansible_connection=ssh ansible_user=bruce
 [raspberry] ansible_connection=ssh ansible_user=root
 [nas]   ansible_connection=ssh ansible_user=john

> ansible_ssh_private_key_file=~/.ssh/for_test_purpose this is not mandatory but I added here because I'm working with more than one ssh key. > ansible_connection=ssh and ansible_user=john are for example purpose if working with different users.

Your first command: Now that you’ve installed Ansible and configured some hosts, it’s time to get started with some basics.

We first will ping all the nodes:

 (test_project) oswin@xps:~/test_project$ ansible all -m ping | SUCCESS => {
     "changed": false,
     "ping": "pong"
 } | SUCCESS => {
     "changed": false,
     "ping": "pong"
 }| SUCCESS => {
     "changed": false,
     "ping": "pong"
 } | SUCCESS => {
     "changed": false,
     "ping": "pong"

> Ansible will attempt to remote connect to the machines using your current user name, just like SSH would. To override the remote user name, just use the -u parameter.

If you would like to access sudo mode, there are also flags to do that:

 ## as oswin, sudoing to root
 (test_project) oswin@xps:~/test_project$ ansible all -m ping -u oswin -b
 ## as bruce, sudoing to batman
 (test_project) oswin@xps:~/test_project$ ansible all -m ping -u oswin -b --become-user batman

> The sudo implementation is changeable in Ansible’s configuration file if you happen to want to use a sudo replacement. Flags passed to sudo (like -H) can also be set there.

Now run a live command on a specific node:

 (test_project) oswin@xps:~/test_project$ ansible webservers -l -a "/bin/echo hello" | SUCCESS | rc=0 >>
    1. Tips:

When running commands, you can specify the local server by using localhost or for the server name.


 (test_project) oswin@xps:~/test_project$ ansible localhost -m ping -e 'ansible_python_interpreter="/usr/bin/env python"'
 localhost | SUCCESS => {
     "changed": false,
     "ping": "pong"

You can specify localhost explicitly by adding this to your inventory file: localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"