Ansible

CentOS Install


sudo dnf update

sudo dnf upgrade

sudo dnf install python3

dnf install ansible-core

dnf info ansible-core

sudo ansible-galaxy collection install f5networks.f5_modules



Ubuntu Install


#SERVER

sudo apt install python3-pip

pip3 install ansible

sudo apt install ansible

-----UPDATE-----

Ubuntu 20.04 LTS

sudo apt update

sudo apt install ansible

sudo ansible-galaxy collection install f5networks.f5_modules

#create dir linux_v1

#create ansible.cfg

#Example

[defaults]
timeout = 60
remote_user = donald
inventory = /home/donald/ansible/linux_v1/hosts

#create hosts

192.168.12.13

#test

ansible all -i ./hosts -u ansible -m ping

------*****

-----------------


ansible --version

ansible 2.10.5

config file = /etc/ansible/ansible.cfg

configured module search path = ['/home/donald/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

ansible python module location = /home/donald/.local/lib/python3.8/site-packages/ansible

executable location = /usr/bin/ansible

python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]

-----

donald@Ansible1:~/ansible/testv1/inventory$ ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/donald/.ssh/id_rsa): ansible1key

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in ansible1key

Your public key has been saved in ansible1key.pub


#CLIENT

sudo adduser ansible

#Now, configure password-less sudo access to the ansible user with the following command:

$ echo "ansible ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ansible

#Grab the IP

hostname -I

192.168.70.82


#SERVER

ssh-copy-id ansible@192.168.70.82

-

donald@Ansible1:~$ ssh-copy-id -i .ssh/ansible1key.pub ansible@192.168.70.82

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/ansible1key.pub"

The authenticity of host '192.168.70.82 (192.168.70.82)' can't be established.

ECDSA key fingerprint is SHA256:wPP8O0WemEV7ghKaEJQSTmzNiYqfh5fqazXGBNi5j40.

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

ansible@192.168.70.82's password:


Number of key(s) added: 1


Now try logging into the machine, with: "ssh 'ansible@192.168.70.82'"

and check to make sure that only the key(s) you wanted were added.


#CLIENT

Now, disable password-based login for the ansible user with the following command:

sudo usermod -L ansible

If for some reason, you want to allow password-based login for the ansible user again, run the following command

sudo usermod -U ansible


#SERVER

#check the connection

ssh -i .ssh/ansible1key ansible@192.168.70.82

#test ansible

mkdir /home/donald/ansible/linuxv1

#inside the above directory

nano hosts

192.168.70.82

#create ansible config file

nano ansible.cfg

[defaults]

private_key_file = /home/donald/.ssh/ansible1key.pub

donald@Ansible1:~/.ssh$ cp ansible1key.pub id_rsa.pub

donald@Ansible1:~/.ssh$ cp ansible1key id_rsa

#test Ansible

donald@Ansible1:~/ansible/linuxv1$ ansible all -i ./hosts -u ansible -m ping

192.168.70.82 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python3"

},

"changed": false,

"ping": "pong"

}


ansible all -i ./hosts -u ansible -m ping

ansible all -i ./hosts -u ansible -m shell -a 'echo "$(hostname) - $(hostname -I)"'

ansible all -i ./hosts -u ansible -m shell -a "df -h"

#this is how you would check the uptime of every host in the servers group:

ansible servers -a "uptime" -u root or ansible all -i ./hosts -u ansible -a "uptime"

#We can specify multiple hosts by separating them with colons:

ansible server1:server2 -m ping -u root

#As an example, this will use the apt module to install the package tree on server1:

ansible server1 -i inventory -m apt -a "name=tree"

#As an example, this will use the apt module to install the package tree (-b use sudo)

ansible all -i ./hosts -u ansible -m apt -a "name=tree" -b


Playbook Test

donald@Ansible1:~/ansible/linuxv1$ cat playbook1.yaml

- hosts: docker_servers

tasks:

- name: Ansible apt install packages example

become: true

# become_user: ansible

apt:

name:

- dnsutils

- speedtest-cli

state: present

update_cache: true

donald@Ansible1:~/ansible/linuxv1$ cat hosts

[docker_servers]

192.168.70.82

donald@Ansible1:~/ansible/linuxv1$ cat ansible.cfg

[defaults]

remote_user = ansible

inventory = /home/donald/ansible/linuxv1/hosts


donald@Ansible1:~/ansible/linuxv1$ ansible-playbook playbook1.yam


notes

How To Install and Configure Ansible on Ubuntu 20.04

https://linuxhint.com/install_ansible_ubuntu/

https://www.digitalocean.com/community/cheatsheets/how-to-use-ansible-cheat-sheet-guide

https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg


Click the button below for F5 nuggets

Vault

#encrypt file
ansible-vault encrypt foo.yml

#View
ansible-vault view foo.yml

#Decrypt
ansible-vault decrypt foo.yml

#use with playbook
ansible-playbook playbookname --ask-vault-pass