Table of Contents
After installing ansible now in this section we will setup our Ansible environment and configure our controller and managed nodes.
Create normal user
This is important as we will use this
user to perform all ansible related tasks. For the sake of this article I will create a user "
[root@controller ~]# useradd ansible
Assign a password to this user
[root@controller ~]# passwd ansible
Repeat the same on managed nodes i.e. create the same user on all your managed hosts:
[root@server1 ~]# useradd ansible [root@server1 ~]# passwd ansible [root@server2 ~]# useradd ansible [root@server2 ~]# passwd ansible
Configure password less authentication
We will set up password less authentication for our ansible user from controller to all the managed nodes. This is to ensure that the controller can connect to all the managed nodes without any password prompt.
Login as ansible user on the controller node and generate private public key pair using ssh-keygen. We have pre-defined a blank password using
-P “” in this example
This step will create private and public key pair inside
[ansible@controller ~]$ ls -al ~/.ssh/ total 20 drwx------ 2 ansible ansible 4096 Sep 19 13:17 . drwx------ 4 ansible ansible 4096 Jan 29 2020 .. -rw------- 1 ansible ansible 412 Jan 29 2020 authorized_keys -rw------- 1 ansible ansible 2622 Sep 19 13:17 id_rsa -rw-r--r-- 1 ansible ansible 584 Sep 19 13:17 id_rsa.pub
We will use
ssh-copy-id to copy the keys to remote managed server and add it to
[ansible@controller ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub server1 [ansible@controller ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub server2
There was no need to use
-i ~/.ssh/id_rsa.pub as there is a single public key file so
ssh-copy-id would have automatically picked it but for the sake of simplicity I have added this argument.
Verify password less SSH authentication
ssh-copy-id command will copy the public key we just created to
server2 and append the content of the key to ansible user's
authorized_keys file under
Once the public key is copied to managed nodes, you can try to do ssh as
ansible user and make sure you don’t get any password prompt
[ansible@controller ~]$ ssh server1 [ansible@controller ~]$ ssh server2
Configure privilege escalation using sudo
ansible user would need privilege escalation we will create a new rule for
ansible user using a new file under
[root@controller ~]# cat /etc/sudoers.d/ansible ansible ALL=(ALL) NOPASSWD: ALL
Add the same rule on all your managed hosts
[root@server1 ~]# echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible [root@server2 ~]# echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
Verify ansible connectivity
Next, we need to make sure that our controller is able to communicate all the managed nodes. To achieve this, we would need an inventory file. Since we have installed ansible using package manager, we will have our default ansible configuration files under
[root@controller ~]# ls -l /etc/ansible/ total 28 -rw-r--r-- 1 root root 19985 Sep 4 04:01 ansible.cfg -rw-r--r-- 1 root root 1016 Sep 4 04:01 hosts drwxr-xr-x 2 root root 4096 Sep 4 04:01 roles
root user add the hostname or IP address of your managed nodes in
[root@controller ~]# head -n 2 /etc/ansible/hosts server1 server2
Next try to
ping your managed nodes using the controller node as
ansible user with
ansible all -m ping command:
Look out for
“ping”: “pong” which means that our controller node was able to communicate with the managed nodes using "
/usr/libexec/platform-python" as the interpreter.