Ansible is a great tool for automation and configuration management. Maybe you heard already about Chef and Puppet. Ansible is in the same field, but with a much simpler approach. The big advantage of Ansible is that you don’t need a central master server for it and you don’t need to install an “Ansible” client on the servers at all. Ansible only needs to be installed on your local machine and it works completely via SSH.
Although you don’t need to install a client on the server, Ansible makes a couple assumptions about the server. Ansible assumes that the server is accessible via SSH. That’s the only real requirement. In the Playbooks you can configure username and password to access the server.
However life becomes much easier if we can assume that you:
- have a user on the system with username “ubuntu”.
- have the ssh daemon up and running on the server.
- be able to login as user “ubuntu” to the server via ssh without password.
- be able to run
sudo su
without password popup.
All this assumptions are default on AWS EC2 instances. If you setup a new server somewhere else you should take care of this. This blog post describes how to ensure this assumptions on Ubuntu 14.04.
User ubuntu
If you create a new virtual machine make sure that the default user is ubuntu
. If you have already a linux instance up and running you can add a new user like this:
sudo adduser ubuntu
SSH Daemon
This command will return the status of the SSH daemon:
sudo service ssh status
If the feedback is that the service ssh is unknown you can install the SSH Server with this command:
sudo apt-get install openssh-server
Now try again the first command. It should response with status running.
Login without password
Assuming you have already a public/private key pair and the public key on your development machine is under .ssh/id_rsa.pub you can achieve login to the server without password with this 2 commands:
ssh ubuntu@IP_ADDRESS mkdir -p .ssh
cat .ssh/id_rsa.pub | ssh ubuntu@IP_ADDRESS 'cat >> .ssh/authorized_keys'
Replace “IP_ADDRESS” with the IP address of your server! The commands above will still require that you type in your password, but after that you should be able to login to the server without password. Try:
ssh ubuntu@IP_ADDRESS
The full instructions can be found here.
sudo su without password
Simply run this command on the server:
sudo visudo
And add this line to the bottom of the file:
ubuntu ALL=(ALL) NOPASSWD: ALL
Now logout and login again as user ubuntu to the server. Try:
sudo su
Now you should be root on the server. For more questions check out this page.
Done
If you executed the steps above your server is ready for Ansible. Now you can point Ansible Playbooks to your server and use it for provisioning. I’m using Ansible since 2 years together with Docker for the VersionEye Project and so far I really like it!