Ansible Configuration And Inventory Files

Ansible is a tool that is managed by RedHat and is primarily used for configuration and orchestration. With the help of the tool, we can manage and deploy software on various Linux servers. Ansible doesn't support Windows system configuration

What makes it exceptionally good is that it is agentless, which essentially means it does not require the tool to be installed on managed nodes. So the question would be, won't it pose a security risk if any Linux server can be configured from outside? Here comes the SSH, which is used to generate keys, which are essentially public/private keys. Ansible is also idempotent, which means no matter how many times you run the playbook against the specified managed nodes, the results will be essentially the same.

Why does it matter?

Suppose out of 15 tasks, 10 are implemented and it fails at 11th, which may arise from a syntax error in the script to a network interrupt, and so after rectifying that, we again implement the script, but now the state differs for the first 10 tasks and fails. Hence, Ansible makes notice of all these changes and adjusts accordingly

Terminologies

1. Control Node: A system on which the tool is installed
2. Managed Node: A system that is controlled by a control node using Ansible
3. Playbook: A file written in YAML which is used to automate configuration
4. Inventory: A file where the managed nodes are grouped according to need and are important so that Ansible can essentially differentiate between the various systems.

Overview

We are going to use VirtualBox and Ubuntu Server and create two VMs, one as the managed node and the other as the control node.

Steps

1. Get ready, VMs: Make two VMs of Ubuntu Server
2. Change the network to a bridged adapter inside the virtual box for each of the VMs.
   
3. Note down the IP Address for each using VM using following command
   ifconfig
   Note that it would be under adapter name other than the network adapter name `lo` and woiuld be named as inet address
4. Generation of keys: It is required for agent-less architecture
   ssh-keygen -C "keyname"
   

   

5. Now we have to copy the public key to client so that the host can get to know the data sent by client.
   

   

   
   With that initial setup is done

Ansible Configuration

This allows for setting up the basic configuration of what nodes are included [IP Address] , roles path, key path etc. It is written in YAML.

According to RedHat it is stored at 4 locations:

• $ANSIBLE_CONFIG if the environment variable is set.
• ansible.cfg if it’s in the current directory. ---> is the one we can modify
• ~/.ansible.cfg if it’s in the user’s home directory.
• /etc/ansible/ansible.cfg, the default config file.
  Example

[defaults]
inventory = inventory
private_key_file = ~/.ssh/gfg
roles_path = roles
#remote_user = client

Here [defaults] section is where we set default configuration options for Ansible. These are used unless overridden by other configuration settings or command-line arguments.
- private_key_file points to the ssh-key created name gfg

- roles_path is for showing where roles created and their config is present.
Another example can be

[defaults]
inventory = /etc/ansible/hosts
remote_user = ansible
private_key_file = ~/.ssh/id_rsa
roles_path = /etc/ansible/roles
log_path = /var/log/ansible.log

[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False

become is the equivalent to act with permission level of other , this allows control node to run the playbook config on target node. For more tags according to your need refer this Ansible Configuration Settings

Inventory Files

It can be written in INI and YAML. Inventory Files are used because they contain details about servers, devices, and other resources managed by tools like Ansible, Terraform etc. They store IP Address and enable automation tools to execute tasks, deploy applications, and manage configurations across entire infrastructures, facilitating scalability, consistency, and reliability in IT operations and system administration workflows.

INI format

[webservers]
192.168.100.1
192.168.100.2

[dbservers]
192.168.100.3
192.168.100.4
192.168.100.5

we can use webservers and dbservers as tags to for modification to be done to a group of servers.
Ex: add mySQL DB to dbservers only

YAML format

webservers:
  - 192.168.100.1
  - 192.168.100.2

dbservers:
  - 192.168.100.3
  - 192.168.100.4
  - 192.168.100.5

These inventory files are declared inside the ansible.cfg or is used given at runtime using commands.

Sample Code

Following code runs and NGINX server and we copy html file from files dir to www dir

https://github.com/yeskaydee?tab=repositories, Feel free to commit any changes and improvement.

Output

ansible-playbook taskl.yml -u client -i hosts --ask-become-pass ; 

here
-u stands for user , -i stands for inventory file (not required if specified in ansible.cfg)
--ask-become-pass prompts to enter password of target nodes, so that become privileges are given

refer FAQ's 5.