Installation
apt update
apt upgrade -y
apt install ansible -y
Ansible configuration
ansible.cfg
[default]
inventory = nameOfInventoryFile
private_key_file = ~/.ssh/nameOfSSHKey
Ansible commands
ansible all --key-file ~/.ssh/nameOfSSHKey -i inventory -m ping
ansible all --list-hosts
ansible all -m gather_facts
ansible all -m gather_facts --limit ip.address.of.single.host
# sudo apt update to update package index
ansible all -i hosts -m apt -a update_cache=true --become --ask-become-pass
# install tmux
ansible all -i hosts -m apt -a name=tmux --become --ask-become-pass
ansible all -i hosts -m apt -a "name=tmux state=latest" --become --ask-become-pass
# sudo apt dist-upgrade
ansible all -i hosts -m apt -a upgrade=dist --become --ask-become-pass
ansible-playbook --ask-become-pass playbookFileName.yml
# List tags of a playbook
ansible-playbook -i nameOfInventory --list-tags playbookFileName.yml
ansible-playbook -i nameOfInventory --tags "tag1,tag2,tag3" --ask-become-pass playbookFileName.yml
# Syntax check
ansible-playbook --syntax-check <YAML>
# Ansoble Vaults
ansible-vault create secret.yml
ansible-vault edit secret.yml
# Ansoble Galaxy
ansible-galaxy install -r requirements.yml
SSH Key-Based Authentication
- Install OpenSSH on server
# Ubuntu
sudo apt install openssh-server
- Create an SSH key pair (with a passphrase) for your normal user account and copy it to target server
# -t ed25519 type of algorith
# -C comment to ssh key
ssh-keygen -t ed25519 -C "ansible tutorial key"
# following command will copy the public key to the host under the folder
# .ssh/authorized_keys
ssh-copy-id -i ~/.ssh/id_ed25519.pub 1p.address.of.host
- Create a specific SSH key for Ansible Control Node (without passphrase as ansible can not enter passphrase everytime connecting target servers) and copy it to target server
# with different name e.g. /home/username/.ssh/ansible
ssh-keygen -t ed25519 -C "ansible control node"
Adding SSH Key to SSH Agent
# Check if ssh-agent is running
eval "$(ssh-agent -s)"
# Add ssh key to ssh-agent
ssh-add ~/.ssh/nameOfSSHKey
# Verify Key is added to ssh-agent
ssh-add -l