Configuring Ansible: Control Node and Managed Nodes #
In a previous article, we covered Red Hat Ansible basics and installed Ansible, creating one control node named RHEL8 and four managed nodes (node1, node2, node3, and node4), all running Red Hat Enterprise Linux.
For Ansible to communicate with managed nodes, the control node and managed nodes need a user account with privilege escalation to run commands without entering a password.
User Account Configuration #
To keep things simple, we’ll create an ansible user account, add it to the wheel group, and configure SSH authentication.
Create the Ansible User #
# Create user account
sudo useradd ansible
# Add the user to the wheel group
sudo usermod -aG wheel ansible
# Set a password for the ansible user
sudo passwd ansible
Configure Passwordless Privilege Escalation #
Edit the /etc/sudoers file to allow passwordless sudo:
%wheel ALL=(ALL) NOPASSWD: ALL
Generate and Copy SSH Keys #
- Generate an SSH Key on the control node:
sudo su - ansible
ssh-keygen
- Copy the SSH Public Key to all managed nodes:
ssh-copy-id [email protected]
Repeat for all managed nodes (node2, node3, node4).
Ansible Configuration Files #
Ansible’s default configuration file is located at:
/etc/ansible/ansible.cfg
Ansible Searches for Config Files in This Order: #
- $ANSIBLE_CONFIG environment variable (if set)
- ansible.cfg in the current directory
- ~/.ansible.cfg in the user’s home directory
- /etc/ansible/ansible.cfg (default)
Inventory File Example (/etc/ansible/hosts) #
[nodes]
node1.example.com
node2.example.com
node3.example.com
node4.example.com
[webservers]
node2.example.com
node3.example.com
Ansible Ad-Hoc Commands #
Common Command-Line Options #
| Option | Description |
|---|---|
-b, --become |
Run command with privileges (no password prompt) |
-m |
Specify the module to use |
-a, --args |
Provide module arguments |
-u |
Connect as a different user |
-h, --help |
Display help content |
-v, --verbose |
Run commands in verbose mode |
Checking Connectivity with Ad-Hoc Commands #
ansible all -m ping
Expected Output:
node2.example.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
Managing Packages with Ad-Hoc Commands #
Install Apache httpd server on webservers managed hosts:
ansible webservers -m yum -a "name=httpd state=present" -b
Managing Services with Ad-Hoc Commands #
Enable and start Apache httpd service:
# Enable service
ansible webservers -b -m service -a "name=httpd enabled=yes"
# Start service
ansible webservers -b -m service -a "name=httpd state=started"
Ansible Playbooks #
Unlike ad-hoc commands, playbooks are repeatable and reusable. They are defined using YAML Ain’t Markup Language (YAML).
Example: Simple Playbook to Install Apache (httpd.yaml)
#
---
- hosts: webservers
remote_user: ansible
tasks:
- name: Ensure apache is installed and updated
yum:
name: httpd
state: latest
become: yes
Run the Playbook #
ansible-playbook httpd.yaml
Example: Advanced Playbook for Multi-Task Automation #
---
- hosts: webservers
remote_user: ansible
become: yes
tasks:
- name: Installing apache
yum:
name: httpd
state: latest
- name: Enabling httpd service
service:
name: httpd
enabled: yes
notify:
- name: restart httpd
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
- hosts: all
remote_user: ansible
become: yes
tasks:
- name: Installing git
yum:
name: git
state: latest
Conclusion #
Ansible is a simple, agentless, and powerful tool for automation. Its ease of use allows sysadmins of all experience levels to quickly automate infrastructure tasks. Whether running quick ad-hoc commands or executing complex playbooks, Ansible is an essential platform for efficient IT management.
For more in-depth information, check out the Ansible documentation.
Happy Automating!