Installing ansible on Debian

Ansible article picture

In order to automate the management of different servers, we will use ansible. Ansible is a tool that allows just that. It has a lot of modules you can use to perform the actions you want, and you can create your own set of tasks called playbooks.

In this tutorial we will show you how to install ansible on Debian and use the tool to upgrade various machine saving you time and updating the systems in a consistent way.

1. Install

Check the pip version. if you don't have pip yet, install it.:

pip3 --version

Upgrade pip tot the latest if not the latest:

pip install --upgrade

Install ansible. On Debian, we will use pip to install ansible. Create a directory where you will put your playbook files. Also create a directory for the virtual environment:

mkdir -p ansible/venv
cd ansible
python3.5 -m "venv" venv

Now activate the new environment and install ansible:

source venv/bin/activate
pip install ansible

Collecting ansible
    Downloading ansible-2.4.0.0.tar.gz (6.6MB)
...

Check if ansible was installed correctly:

ansible --version
ansible 2.4.0.0
    config file = None
...

2. Config ansible

Ansible uses/can use a hosts file with all the machines you want to manage. We will create the file, and add the hosts. Create an ansible directory:

mkdir /etc/ansible

Create a host file:

vi /etc/ansible/hosts
[infra ]
machine1

The machine machine1 should be reachable from the commandline via a ssh command. Edit the ~/.ssh/config file to allow this, and preferably use keys to do so:

ssh machine1

Test the ansible command line:

ansible all -m ping
...
machine1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
...

This command will try to ping all machines located in /etc/ansible/hosts. The -m option is used to load the ping module. Ansible has a lot of different modules you could use. A list of all available modules can be found here

3. Playbook

At this point, we installed ansible in a virtualenv, set-up the hosts file, and did an initial test with ping. Next, we are going to create a playbook to upgrade all our machines!

Create a simple playbook to install aptitude and upgrade the system. In a folder, create a file update.yml:

vi update.yml
---
- hosts: infra
  become: true
  become_user: root
  become_method: sudo
  tasks:
  - name: Install aptitude
    raw: apt-get install python-minimal aptitude -y
  - name: Update the system
    apt:
      update_cache: yes
      upgrade: yes
      cache_valid_time: 3600

The first line refers to the "[]" parts in the hosts file. It's used to put machines in logical groups. Next we want to use sudo to get the necessary permissions to install aptitude, and install the updates.

We define 2 tasks.

  1. We install aptitude using the raw module
  2. After aptitude is installed, we'll use the apt module to get and install updates.

Next, run the playbook. To run the playbook, we don't use ansible but ansible-playbook. The command will fail unless you specify to ask for the sudo password. More info on setting up sudo can be found elsewhere:

ansible-playbook update.yml --ask-sudo-pass

To connect to VM's from the host, you first need to setup your ssh config file to allow to connect to the vm through the host. You can do this by using ProxyCommand. An example ssh config:

Host machine1
    Hostname mail.domain.com
    Port 22
    User myuser
    IdentityFile /home/myuser/.ssh/id_machine1_machine
    ControlMaster auto
    ControlPath ~/.ssh/control:%h:%p:%r

Host vm_machine
    Hostname db.lan.domain.com
    Port 22
    User manager
    IdentityFile /home/myuser/.ssh/id_vm_machine_machine
    ProxyCommand /usr/bin/ssh -t -W %h:%p machine1

Check the connections beforehand. If they work and you're able to login, you can proceed to testing ansible:

ssh machine1
ssh vm_machine
...

If these work, ansible will be able to connect. Change the host file:

vi /etc/ansible/hosts
[infra ]
machine1

[vm]
vm_machine

An example playbook for updating the vm machines:

vi update_vm.yml
---
- hosts: vm
  become: true
  become_user: root
  become_method: sudo
  tasks:
  - name: Install aptitude
    raw: apt-get install python-minimal aptitude -y
  - name: Update the system
    apt:
      update_cache: yes
      upgrade: yes
      cache_valid_time: 3600

Run:

ansible-playbook update_vm.yml --ask-sudo-pass

A playbook to check the times of all vm machines:

vi check_time.yml
---
- hosts: vm
  tasks:
  - name: "Check time"
    raw: date

Run:

ansible-playbook -v check_time.yml

You could also use a command for this and thus use ansible instead of ansible-playbook:

ansible vm -a "date"

If you want to log the command output, enable a logfile in the ansible config file:

...
[defaults]
log_path=/path/to/logfile