Setting up a Server for Ansible

Ansible is a great tool for automation and configuration management. Maybe you heard already about Chef and Puppet. Ansible is in the same field, but with a much simpler approach. The big advantage of Ansible is that you don’t need a central master server for it and you don’t need to install an “Ansible” client on the servers at all. Ansible only needs to be installed on your local machine and it works completely via SSH. AnsibleLogo_transparent_web Although you don’t need to install a client on the server, Ansible makes a couple assumptions about the server. Ansible assumes that the server is accessible via SSH. That’s the only real requirement. In the Playbooks you can configure username and password to access the server.

However life becomes much easier if we can assume that you:

  • have a user on the system with username “ubuntu”.
  • have the ssh daemon up and running on the server.
  • be able to login as user “ubuntu” to the server via ssh without password.
  • be able to run sudo su without password popup.

All this assumptions are default on AWS EC2 instances. If you setup a new server somewhere else you should take care of this. This blog post describes how to ensure this assumptions on Ubuntu 14.04.

User ubuntu

If you create a new virtual machine make sure that the default user is ubuntu. If you have already a linux instance up and running you can add a new user like this:

sudo adduser ubuntu

SSH Daemon

This command will return the status of the SSH daemon:

sudo service ssh status

If the feedback is that the service ssh is unknown you can install the SSH Server with this command:

sudo apt-get install openssh-server

Now try again the first command. It should response with status running.

Login without password

Assuming you have already a public/private key pair and the public key on your development machine is under .ssh/id_rsa.pub you can achieve login to the server without password with this 2 commands:

ssh ubuntu@IP_ADDRESS mkdir -p .ssh
cat .ssh/id_rsa.pub | ssh ubuntu@IP_ADDRESS 'cat >> .ssh/authorized_keys'

Replace “IP_ADDRESS” with the IP address of your server! The commands above will still require that you type in your password, but after that you should be able to login to the server without password. Try:

ssh ubuntu@IP_ADDRESS

The full instructions can be found here.

sudo su without password

Simply run this command on the server:

sudo visudo

And add this line to the bottom of the file:

ubuntu ALL=(ALL) NOPASSWD: ALL

Now logout and login again as user ubuntu to the server. Try:

sudo su

Now you should be root on the server. For more questions check out this page.

Done

If you executed the steps above your server is ready for Ansible. Now you can point Ansible Playbooks to your server and use it for provisioning. I’m using Ansible since 2 years together with Docker for the VersionEye Project and so far I really like it!

7 thoughts on “Setting up a Server for Ansible

  1. Hi Robert,

    nice post – just two things: it is perfectly possible (though probably not desirable) to login using a password, using the *–ask-pass* flag. For example:

    ansible-playbook -i my-hosts my-playbook.yml –ask-pass

    Also, the user named *ubuntu* is not required, since you can use *remote_user: root* for example, to run a whole play as root (it is also possible to switch the user on a per-task basis).

    This way, you can even further reduce the requirements towards the target machine and further reduce the manual intervention required.

    Cheers,
    Alex

    1. Hi Alex. Thanks for the response. The –ask-pass flag is new to me. I know that you can set any other user, but most of the playbooks I found are using the user “ubuntu”. Just saying that it’s less hassle with “ubuntu”. I usually run my playbooks as ubuntu and for certain steps I switch to root.

  2. To do that initial setup the Ansible way I use a specific playbook to bootstrap a server which is executed when a server it is initially set up to be part of the “farm” inventory.

    I find that very convenient. The command to run the playbook looks like this (including –ask-pass as Alex mentioned):
    ansible-playbook -i hosts playbooks/bootstrap.yml -e “target=myserver.example.com” –user root –ask-pass

    I based my playbook on this post, which I found quite helpful to get started with Ansible:
    http://thornelabs.net/2014/03/08/install-ansible-create-your-inventory-file-and-run-an-ansible-playbook-and-some-ansible-commands.html

  3. “Ansible is a great tool for automation and configuration management.”

    No isn’t, because:
    1. Ansible works only via SSH. Windows exists too. 🙂
    2. Ansible configuration is very hard to manage. E.g. you have module X, eg. for apache configuration and two totally different machines with apache. You use variables to store apache configuration, use common variables and specific variables for specific host. If you modify apache configuration for host A you can break host B and you won’t know about that unles you run configuration against server B e.g. 3 months later. Then it may be too late.
    3. Dry run doesn’t work in Ansible, e.g. my configuration creates directory A, put file in that directory and do some other stuf. During dry run ansible “create” directory A and fails next step, because directory A doesn;t exsit. Of course this directory doesn’t exist! I use dry run, it is expected!
    4. Sudo without password? Sorry, it is a joke? Have you use account with passwordless sudo and key authentication in production? You must be a brave man. 🙂

    Of couse ansible has a good features like vault.

    Maybe this comment is to much emotional but I used ansbile and I can’t sleep when I thinking about this tool. Ansible is a good tool for machine provisioning (run playbook once), not for manage whole infrastructure and change configuration on existing machines…

    Ps. I have 2 years experience with ansbile to manae my infrastructure (20 phisical machines) and I used it with docker.

    Pps. I know, sorry for my english, I’m still learning, and I’m not native speaker.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s