Ansible is a great tool for automation and configuration management. Maybe you heard already about Chef and Puppet. Ansible is in the same field, but with a much simpler approach. The big advantage of Ansible is that you don’t need a central master server for it and you don’t need to install an “Ansible” client on the servers at all. Ansible only needs to be installed on your local machine and it works completely via SSH. Although you don’t need to install a client on the server, Ansible makes a couple assumptions about the server. Ansible assumes that the server is accessible via SSH. That’s the only real requirement. In the Playbooks you can configure username and password to access the server.
However life becomes much easier if we can assume that you:
- have a user on the system with username “ubuntu”.
- have the ssh daemon up and running on the server.
- be able to login as user “ubuntu” to the server via ssh without password.
- be able to run
sudo suwithout password popup.
All this assumptions are default on AWS EC2 instances. If you setup a new server somewhere else you should take care of this. This blog post describes how to ensure this assumptions on Ubuntu 14.04.
If you create a new virtual machine make sure that the default user is
ubuntu. If you have already a linux instance up and running you can add a new user like this:
sudo adduser ubuntu
This command will return the status of the SSH daemon:
sudo service ssh status
If the feedback is that the service ssh is unknown you can install the SSH Server with this command:
sudo apt-get install openssh-server
Now try again the first command. It should response with status running.
Login without password
Assuming you have already a public/private key pair and the public key on your development machine is under .ssh/id_rsa.pub you can achieve login to the server without password with this 2 commands:
ssh ubuntu@IP_ADDRESS mkdir -p .ssh
cat .ssh/id_rsa.pub | ssh ubuntu@IP_ADDRESS 'cat >> .ssh/authorized_keys'
Replace “IP_ADDRESS” with the IP address of your server! The commands above will still require that you type in your password, but after that you should be able to login to the server without password. Try:
The full instructions can be found here.
sudo su without password
Simply run this command on the server:
And add this line to the bottom of the file:
ubuntu ALL=(ALL) NOPASSWD: ALL
Now logout and login again as user ubuntu to the server. Try:
Now you should be root on the server. For more questions check out this page.
If you executed the steps above your server is ready for Ansible. Now you can point Ansible Playbooks to your server and use it for provisioning. I’m using Ansible since 2 years together with Docker for the VersionEye Project and so far I really like it!
7 thoughts on “Setting up a Server for Ansible”
nice post – just two things: it is perfectly possible (though probably not desirable) to login using a password, using the *–ask-pass* flag. For example:
ansible-playbook -i my-hosts my-playbook.yml –ask-pass
Also, the user named *ubuntu* is not required, since you can use *remote_user: root* for example, to run a whole play as root (it is also possible to switch the user on a per-task basis).
This way, you can even further reduce the requirements towards the target machine and further reduce the manual intervention required.
Hi Alex. Thanks for the response. The –ask-pass flag is new to me. I know that you can set any other user, but most of the playbooks I found are using the user “ubuntu”. Just saying that it’s less hassle with “ubuntu”. I usually run my playbooks as ubuntu and for certain steps I switch to root.
To do that initial setup the Ansible way I use a specific playbook to bootstrap a server which is executed when a server it is initially set up to be part of the “farm” inventory.
I find that very convenient. The command to run the playbook looks like this (including –ask-pass as Alex mentioned):
ansible-playbook -i hosts playbooks/bootstrap.yml -e “target=myserver.example.com” –user root –ask-pass
I based my playbook on this post, which I found quite helpful to get started with Ansible:
That’s really useful 🙂
“Ansible is a great tool for automation and configuration management.”
No isn’t, because:
1. Ansible works only via SSH. Windows exists too. 🙂
2. Ansible configuration is very hard to manage. E.g. you have module X, eg. for apache configuration and two totally different machines with apache. You use variables to store apache configuration, use common variables and specific variables for specific host. If you modify apache configuration for host A you can break host B and you won’t know about that unles you run configuration against server B e.g. 3 months later. Then it may be too late.
3. Dry run doesn’t work in Ansible, e.g. my configuration creates directory A, put file in that directory and do some other stuf. During dry run ansible “create” directory A and fails next step, because directory A doesn;t exsit. Of course this directory doesn’t exist! I use dry run, it is expected!
4. Sudo without password? Sorry, it is a joke? Have you use account with passwordless sudo and key authentication in production? You must be a brave man. 🙂
Of couse ansible has a good features like vault.
Maybe this comment is to much emotional but I used ansbile and I can’t sleep when I thinking about this tool. Ansible is a good tool for machine provisioning (run playbook once), not for manage whole infrastructure and change configuration on existing machines…
Ps. I have 2 years experience with ansbile to manae my infrastructure (20 phisical machines) and I used it with docker.
Pps. I know, sorry for my english, I’m still learning, and I’m not native speaker.
I don’t run Windows servers at all, that’s why I don’t care that Ansible is only build for Linux/Unix. That’s fine for me. But since version 1.7 Ansible has support for the Windows PowerShell. See here: http://docs.ansible.com/ansible/intro_windows.html.
If you don’t like Ansible, what are you using instead?
Many thanks for a post about setting up a Server for Ansible, you helped me a lot.