After installing ansible now in this section we will setup our Ansible environment and configure our controller and managed nodes.
Create normal user
This is important as we will use this user
to perform all ansible related tasks. For the sake of this article I will create a user "ansible
"
[root@controller ~]# useradd ansible
Assign a password to this user
[root@controller ~]# passwd ansible
Repeat the same on managed nodes i.e. create the same user on all your managed hosts:
[root@server1 ~]# useradd ansible [root@server1 ~]# passwd ansible [root@server2 ~]# useradd ansible [root@server2 ~]# passwd ansible
Configure password less authentication
We will set up password less authentication for our ansible user from controller to all the managed nodes. This is to ensure that the controller can connect to all the managed nodes without any password prompt.
Login as ansible user on the controller node and generate private public key pair using ssh-keygen. We have pre-defined a blank password using -P “”
in this example
This step will create private and public key pair inside ~/.ssh
[ansible@controller ~]$ ls -al ~/.ssh/ total 20 drwx------ 2 ansible ansible 4096 Sep 19 13:17 . drwx------ 4 ansible ansible 4096 Jan 29 2020 .. -rw------- 1 ansible ansible 412 Jan 29 2020 authorized_keys -rw------- 1 ansible ansible 2622 Sep 19 13:17 id_rsa -rw-r--r-- 1 ansible ansible 584 Sep 19 13:17 id_rsa.pub
We will use ssh-copy-id
to copy the keys to remote managed server and add it to authorized_keys
.
[ansible@controller ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub server1 [ansible@controller ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub server2
There was no need to use -i ~/.ssh/id_rsa.pub
as there is a single public key file so ssh-copy-id
would have automatically picked it but for the sake of simplicity I have added this argument.
Verify password less SSH authentication
The ssh-copy-id
command will copy the public key we just created to server1
and server2
and append the content of the key to ansible user's authorized_keys
file under ~/.ssh
Once the public key is copied to managed nodes, you can try to do ssh as ansible
user and make sure you don’t get any password prompt
[ansible@controller ~]$ ssh server1 [ansible@controller ~]$ ssh server2
Configure privilege escalation using sudo
Since our ansible
user would need privilege escalation we will create a new rule for ansible
user using a new file under /etc/sudoers.d
[root@controller ~]# cat /etc/sudoers.d/ansible
ansible ALL=(ALL) NOPASSWD: ALL
Add the same rule on all your managed hosts
[root@server1 ~]# echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible [root@server2 ~]# echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
Verify ansible connectivity
Next, we need to make sure that our controller is able to communicate all the managed nodes. To achieve this, we would need an inventory file. Since we have installed ansible using package manager, we will have our default ansible configuration files under /etc/ansible
.
[root@controller ~]# ls -l /etc/ansible/ total 28 -rw-r--r-- 1 root root 19985 Sep 4 04:01 ansible.cfg -rw-r--r-- 1 root root 1016 Sep 4 04:01 hosts drwxr-xr-x 2 root root 4096 Sep 4 04:01 roles
Here as root
user add the hostname or IP address of your managed nodes in /etc/ansible/hosts
file.
[root@controller ~]# head -n 2 /etc/ansible/hosts
server1
server2
Next try to ping
your managed nodes using the controller node as ansible
user with ansible all -m ping
command:
Look out for “ping”: “pong”
which means that our controller node was able to communicate with the managed nodes using "/usr/libexec/platform-python
" as the interpreter.
What's Next
Now we are all done with the Ansible Installation and Configuration in our Ansible Tutorial, next we will learn more about ansible configuration file i.e. ansible.cfg
Does the method to copy the SSH key between AWS instances still work?
When trying to do this i get a permission denied error
[ansible@ip-172-31-35-111 ec2-user]$ ssh-copy-id -i ~/.ssh/id_rsa.pub ansible@server2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/ansible/.ssh/id_rsa.pub”
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
ansible@server2: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).