Getting Started with Ansible: Installation, Configuration, and Batch Management on CentOS 7

Introduction to Ansible

Ansible is an open-source automation tool for IT operations. It uses an agentless architecture, connecting to remote servers via SSH to perform batch configuration management, application deployment, and task execution. This tutorial will guide you through installing, configuring, and performing basic operations with Ansible on a CentOS 7 system.

Prerequisites

This tutorial is based on CentOS 7 64-bit. The Ansible control node must be able to connect via SSH to all managed nodes (target servers).

Installing Ansible

On CentOS 7, you can install Ansible from the EPEL repository.

yum install epel-release -y && yum install ansible -y

After installation, verify the version with:

ansible --version

Configuring the Ansible Inventory

Ansible uses an inventory file to define the servers it manages. The default file is located at /etc/ansible/hosts.

Open the file with a text editor (e.g., vi):

vi /etc/ansible/hosts

Inside, you can add server IP addresses or hostnames, optionally grouped.

Example Configuration

The following example defines a group named targets with localhost as a member, specifying a local connection.

[targets]
localhost ansible_connection=local

To manage multiple remote servers, add them like this:

[web_servers]
192.168.1.101
192.168.1.102

[db_servers]
192.168.1.201

Configuring SSH Key-Based Authentication

To enable seamless connections, configure SSH key pairs on the control node and distribute the public key to all managed nodes.

1. Generate an SSH Key Pair

On the control node, run this command to generate a key pair (skip if you already have one):

ssh-keygen -t rsa -b 4096

Follow the prompts. The default key location is ~/.ssh/id_rsa (private) and ~/.ssh/id_rsa.pub (public).

2. Distribute the Public Key

Use Ansible's authorized_key module to push the public key to all target servers. This command adds the control node's public key to the root user's authorized_keys file on all servers:

ansible all -m authorized_key -a "user=root key='{{ lookup('file', '~/.ssh/id_rsa.pub') }}'"

Note: Before running this command, ensure the control node can SSH to the targets using a password or another pre-configured authentication method.

Testing Connectivity

After configuration, test connectivity to all managed nodes using the ping module:

ansible all -m ping

A return of "pong" indicates success.

Executing Remote Commands

Use the shell module to run shell commands on remote servers.

Basic Syntax

ansible <host_or_group> -m shell -a "command_to_execute"

Example: System Update and Software Installation

This command updates the system and installs wget, curl, and git on all managed servers:

ansible all -m shell -a "yum update -y && yum install wget curl git -y"

Advanced Usage Notes

• Target Selection: The all keyword targets all hosts defined in /etc/ansible/hosts. Replace it with a specific group name (e.g., web_servers) to operate only on that group.
• Modular Operations: Ansible's power lies in its extensive modules (e.g., copy, file, yum, service). For complex automation, use Playbooks (YAML scripts) rather than relying solely on the shell module.
• Security Recommendations: In production, use a non-root user with sudo privileges and employ Ansible Vault to encrypt sensitive data.

With these steps, you have set up a basic Ansible environment and can begin using it for batch server management.