Ansible
Ansible is a tool for managing a fleet of machines. There might be some tasks that you have to execute on every machine in your data center.
---
Ansible Without SSH Keys
Playbooks
Instead of logging in in every machine via SSH, we write an Ansible playbook that describes all tasks in a YAML file.
--- - name: Installing packages hosts: web become: yes gather_facts: no tasks: - name: Install git apt: name: git state: present update_cache: yes - name: Install ALSA apt: name: alsa state: present update_cache: yes - name: Install ALSA Dev apt: name: libasound2-dev state: present update_cache: yes - name: Install Jack apt: name: jackd2 state: latest update_cache: yes
By default Ansible logs into every machine via SSH. hosts: web tells ansible to execute following tasks on all machines in the inventory group web. Installing packages with APT requires superuser permissions. become: yes tells Ansible to become root. The default method for this is sudo.
The biggest benefit over shell scripts is that it is possible to describe the state of a machine. In the example four packages will be installed. Only jackd2 will be updated if it is already present.
---
Inventory
For executing our new playbook Ansible needs to know what machines are in our inventory. The inventory can be written in INI or YAML syntax.
The default location for your inventory file is /etc/ansible/hosts.
For more information for creating your inventory see the official user guide.
---
ansible.cfg
A separate inventory file can be set for your project in an Ansible configuration file ansible.cfg:
This file sets the location of your inventory file to ./hosts. Furthermore the default SSH user as well as the sudo user gets set to studio.
---
Executing a Playbook
Executing our playbook file install_basic.yml:
For this to work every machine in group web must have a user studio with the same password. The flag -k lets Ansible ask for a SSH password. -K is for the sudo password.
If there's a SSH key for user studio on all machines, no SSH password has to be typed, but the password for sudo is still necessary.