Automation 101: Introduction to Ansible
If you’re looking to get started with Ansible, you’ve come to the right place! We’re diving into automation with Ansible for the introductory blog post.
Ansible is an automation tool that is relatively painless to get up to speed with, and it works well with MacStadium’s Orka, a cloud-native, Kubernetes-driven orchestration layer for Mac. Today, we’ll cover the basics of installing Ansible, connecting to your target servers, and getting your first Playbooks running.
Ansible is written in Python, so the simplest way to install it is with pip, the package manager for Python. The preferred means of installing Ansible on Mac is to simply run:
$ pip install ansible
Probably the single best part of Ansible is the fact that it only needs to be installed on your workstation or dedicated Ansible server, as opposed to needing to be installed on target servers as well.
Overview of Ansible
Controlling Server – The server or workstation on which you will run Ansible commands.
Target Server(s) – The server(s) that will be configured by the controlling Ansible server.
SSH – Ansible uses SSH to communicate with the target servers from your dedicated Ansible server or your workstation. You will need to enable SSH on all targeted servers. On Mac, this means enabling remote login. You can do this from the command line, like so:
$ sudo systemsetup -setremotelogin on
Inventory – Ansible looks for an inventory file, a simple text file that lists all of the IP addresses of the target servers so that it can apply your desired changes. This file will be more complex in production, but this will work for our testing today.
Playbook – Ansible commands can be run ad-hoc directly from the command line, but the real power of Ansible lies in its ability to execute complex jobs that are defined in a YAML file. We’ll cover the basics of a Playbook below.
But first, let’s make the connections that Ansible will require to work.
Setting up SSH
In order for Ansible to do its magic, it needs to make SSH connections from the controlling server to each of the target servers. To do this, we can generate SSH keys on the controlling server (which can very reasonably be your laptop). We can then copy the public key to each of our target servers, and we’ll be in business.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jeffdvincent/.ssh/id_rsa): ansible
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ansible.
Your public key has been saved in ansible.pub.
The key fingerprint is:
The key's randomart image is:
| . |
| ... |
| o.O+. |
| ..E.@+S |
| ooo.=. |
| *.*B . |
| + @XB* |
| . ==BO*o |
Notice that we named our key ansible. This isn’t at all required, but we’ll be using this key exclusively for this purpose, and explicit naming makes things easier later.
Next, we’ll need to copy our ansible.pub key to each of our target servers, like so:
$ ssh-copy-id -i ~/.ssh/ansible.pub <user>@<target_iaddress> -p <port></port></target_iaddress></user>
You’ll have to enter your password for each server you want to add the key to.
Running an Ad Hoc Ansible Command
We won’t be doing too much of this, but to check our connections and such, let’s use the Ansible module ping.
$ ansible all --key-file ~/.ssh/ansible -i inventory -m ping
Overview of Ansible Playbooks
Ansible Playbooks are written in YAML and consist of a series of named stages or “plays.” In the simple Playbook below, we begin by identifying which hosts from the inventory file that we want to run the following commands against.
Then, we have a single named play “Install mobile device package,” in which we use the generic installer to install MobileDevice.pkg. We set become to true, because we want the Ansible user to “become” the root user of the target servers.
- hosts: all
- name: Install mobile device package
installer -pkg <xcode_packages_location>/MobileDevice.pkg -target /</xcode_packages_location>
Running an Ansible Playbook
Finally, to run our Playbook against all of our target servers (as defined in line 4 above), we can run:
$ ansible-playbook --key-file ~/.ssh/ansible sample_playbook.yml
And, if things went to plan, we should see some output telling us that one change was made on each of the target servers described in our inventory.
- Check out Ansible’s excellent documentation to dive deeper into this automation powerhouse.
- Check out MacStadium’s docs for a detailed explanation of how to set up Ansible and use the Playbooks we provide.
Ansible is a user-friendly, Mac-compatible option for configuration automation. It only needs to be installed on a single, controlling server, which can control any number of target servers. Ansible communicates via SSH, which needs to be enabled on each of the target servers.