Ansible

Ansible is a tool for managing a fleet of machines. There might be some tasks that you have to execute on every machine in your data center.

---

Ansible Without SSH Keys

apt-get install sshpass

Playbooks

Instead of logging in in every machine via SSH, we write an Ansible playbook that describes all tasks in a YAML file.

---
- name: Installing packages
  hosts: web
  become: yes
  gather_facts: no
  tasks:
    - name: Install git
      apt:
          name: git
          state: present
          update_cache: yes
    - name: Install ALSA
      apt:
          name: alsa
          state: present
          update_cache: yes
    - name: Install ALSA Dev
      apt:
          name: libasound2-dev
          state: present
          update_cache: yes
    - name: Install Jack
      apt:
          name: jackd2
          state: latest
          update_cache: yes

By default Ansible logs into every machine via SSH. hosts: web tells ansible to execute following tasks on all machines in the inventory group web. Installing packages with APT requires superuser permissions. become: yes tells Ansible to become root. The default method for this is sudo.

The biggest benefit over shell scripts is that it is possible to describe the state of a machine. In the example four packages will be installed. Only jackd2 will be updated if it is already present.

---

Inventory

For executing our new playbook Ansible needs to know what machines are in our inventory. The inventory can be written in INI or YAML syntax.

[local]
localhost

[web]
google.de
facebook.de

The default location for your inventory file is /etc/ansible/hosts.

For more information for creating your inventory see the official user guide.

---

ansible.cfg

A separate inventory file can be set for your project in an Ansible configuration file ansible.cfg:

[defaults]
inventory = hosts
ansible_ssh_user = studio
sudo_user = studio

This file sets the location of your inventory file to ./hosts. Furthermore the default SSH user as well as the sudo user gets set to studio.

---

Executing a Playbook

Executing our playbook file install_basic.yml:

ansible-playbook install_basic.yml -k -K

For this to work every machine in group web must have a user studio with the same password. The flag -k lets Ansible ask for a SSH password. -K is for the sudo password.

If there's a SSH key for user studio on all machines, no SSH password has to be typed, but the password for sudo is still necessary.