How to configure Ansible on controller and managed node


Ansible Tutorial

After installing ansible now in this section we will setup our Ansible environment and configure our controller and managed nodes.

 

Create normal user

This is important as we will use this user to perform all ansible related tasks. For the sake of this article I will create a user "ansible"

[root@controller ~]# useradd ansible

Assign a password to this user

[root@controller ~]# passwd ansible

Repeat the same on managed nodes i.e. create the same user on all your managed hosts:

[root@server1 ~]# useradd ansible
[root@server1 ~]# passwd ansible

[root@server2 ~]# useradd ansible
[root@server2 ~]# passwd ansible

 

Configure password less authentication

We will set up password less authentication for our ansible user from controller to all the managed nodes. This is to ensure that the controller can connect to all the managed nodes without any password prompt.

Login as ansible user on the controller node and generate private public key pair using ssh-keygen. We have pre-defined a blank password using -P “” in this example

How to configure Ansible on controller and managed node

This step will create private and public key pair inside ~/.ssh

[ansible@controller ~]$ ls -al ~/.ssh/
total 20
drwx------ 2 ansible ansible 4096 Sep 19 13:17 .
drwx------ 4 ansible ansible 4096 Jan 29  2020 ..
-rw------- 1 ansible ansible  412 Jan 29  2020 authorized_keys
-rw------- 1 ansible ansible 2622 Sep 19 13:17 id_rsa
-rw-r--r-- 1 ansible ansible  584 Sep 19 13:17 id_rsa.pub

We will use ssh-copy-id to copy the keys to remote managed server and add it to authorized_keys.

[ansible@controller ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub server1
[ansible@controller ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub server2

There was no need to use -i ~/.ssh/id_rsa.pub as there is a single public key file so ssh-copy-id would have automatically picked it but for the sake of simplicity I have added this argument.

 

Verify password less SSH authentication

The ssh-copy-id command will copy the public key we just created to server1 and server2 and append the content of the key to ansible user's authorized_keys file under ~/.ssh

Once the public key is copied to managed nodes, you can try to do ssh as ansible user and make sure you don’t get any password prompt

[ansible@controller ~]$ ssh server1
[ansible@controller ~]$ ssh server2

 

Configure privilege escalation using sudo

Since our ansible user would need privilege escalation we will create a new rule for ansible user using a new file under /etc/sudoers.d

[root@controller ~]# cat /etc/sudoers.d/ansible
ansible ALL=(ALL) NOPASSWD: ALL

Add the same rule on all your managed hosts

[root@server1 ~]# echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
[root@server2 ~]# echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible

 

Verify ansible connectivity

Next, we need to make sure that our controller is able to communicate all the managed nodes. To achieve this, we would need an inventory file. Since we have installed ansible using package manager, we will have our default ansible configuration files under /etc/ansible.

[root@controller ~]# ls -l /etc/ansible/
total 28
-rw-r--r-- 1 root root 19985 Sep  4 04:01 ansible.cfg
-rw-r--r-- 1 root root  1016 Sep  4 04:01 hosts
drwxr-xr-x 2 root root  4096 Sep  4 04:01 roles

Here as root user add the hostname or IP address of your managed nodes in /etc/ansible/hosts file.

[root@controller ~]# head -n 2 /etc/ansible/hosts
server1
server2

Next try to ping your managed nodes using the controller node as ansible user with ansible all -m ping command:

How to configure Ansible on controller and managed node

Look out for “ping”: “pong” which means that our controller node was able to communicate with the managed nodes using "/usr/libexec/platform-python" as the interpreter.

 

What's Next

Now we are all done with the Ansible Installation and Configuration in our Ansible Tutorial, next we will learn more about ansible configuration file i.e. ansible.cfg

Deepak Prasad

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

1 thought on “How to configure Ansible on controller and managed node”

  1. Does the method to copy the SSH key between AWS instances still work?
    When trying to do this i get a permission denied error

    [ansible@ip-172-31-35-111 ec2-user]$ ssh-copy-id -i ~/.ssh/id_rsa.pub ansible@server2
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/ansible/.ssh/id_rsa.pub”
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
    ansible@server2: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

    Reply

Leave a Comment