ansible firewall iptables

Ansible – getting started with automation

Ansible

For those who still haven’t heard about ansible. Well you are in for a treat. This is in no means an expert lesson in ansible. I want more people to just know about it. And try using it.

Purpose

Ansible is a configuration management tool. This simply means that for every server you deploy, you need to follow a configuration. A CM tool will do that for you. I will introduce a new term too. IAC (Infrastructure As Code) – this is what allows you to make your deployments as a series of lines of code. For that purpose, ansible uses YAML (Yaml ain’t Markup Language). No ! YAML is not like HTML or the likes. YAML is not for the faint-hearted!

Installation

Ansible is installed under Ubuntu as any other packages.

sudo apt-get install ansible

Pro tip – If you already installed it, telling install to apt will actually upgrade the package. A lot of people don’t know that. If you did, good for you.

Warming up!

Command line arguments – Simple example

Ansible supports command line arguments or Ad-hoc commands. This means if you type ansible arg1 arg2 arg3, it will do something.

To remember such things, I personally use:

ansible [singlehost or hostgroup] -m [modulename]

If you think that’s complicated. Think again.

For simplicity’s sake, i’ll use our localhost as the host we’re trying to test.

ansible localhost -m ping

From this command, we ran a ping test on our own machine. And it responded with pong. The output is clear.

localhost | SUCCESS => { “changed”: false,

“ping”: “pong”

}

  1. A success means that our server replied.

2. Changed false means, since the last time we ran this command, did the state change?

3. Finally. pong is the response of the ping.

2nd example

In this second example, we will build on the first one.

ansible [singlehost or hostgroup] -m [modulename]  -a [argument]

Now, we have an additional argument that we pass to the module.

ansible localhost -m apt -a “name=python state=present”

Yep, this command won’t work. That’s the point. We want to know why it doesn’t work. The error message leaves a valuable clue. It says “Permission Denied”.

This means that we need to be a sudo user to do that operation.

Let’s work on our previous command.

We add our current user. (Make sure your user is a sudo user)

ansible localhost -u codax -m apt -a “name=python state=present”

Still a permission denied. We need to tell ansible to use this user but to run our command as sudo !

ansible localhost -u codax -b -m apt -a “name=python state=present”

where the ‘b’ means ‘become’ or ‘become user’ and it naturally defaults to sudo. Now, that still won’t work. You will get an error that says: “sudo: a password is required”

Running sudo without password

Yes, you can. To do that, first make sure that your current user is sudo capable. Fire up a terminal and type:

groups

You should see sudo as one of the groups that you belong to.

Next, we type:

sudo visudo

To modify the sudo file. It will open some kind of plain text. Locate %sudo in that text and replace it with:

%sudo ALL=(ALL) NOPASSWD:ALL

This will tell your system, that all sudo users require no password to launch a command.

Let’s type our command again:

ansible localhost -u codax -b -m apt -a “name=python state=present”

Yes it works. Now you can play around will all commands that come to mind. The next lesson will be a little more advanced.

Sources

Ansible Documentation

Facebook Comments