How to Install and Use Ansible on Debian 11
Ansible is a free, open-source, and one of the most popular configuration management tools. It is a cross-platform tool that simplifies cloud computing, configuration management, package installation, and service configuration. It uses a YAML file that contains the steps which the user wants to run on a particular machine. With Ansible, you can configure and manage more than hosts with a single command. Ansible is an alternative to the other configuration management tools like Chef and Puppet.
In this article, I will show you how to install and use Ansible configuration management tool on Debian 11.
Prerequisites
- Three servers running Debian 11.
- A root password is configured on each server.
For the purpose of this tutorial, we will use the following setup:
- Ansible Controler - 192.168.10.9
- Ansible Hosts - 192.168.10.10, 192.168.10.11
Install Ansible on Debian 11
By default, the Ansible package is not included in the Debian default repository. There are two ways to install Ansible on Debian 11.
- Using APT Command
- Using PIP Command
Install Ansible Using APT
First, you will need to install some dependencies in your system. You can install the required dependencies using the following command:
apt-get install gnupg2 curl wget -y
Once all the dependencies are installed, edit the APT source.list and add the Ansible repository:
nano /etc/apt/sources.list
Add the following line:
deb http://ppa.launchpad.net/ansible/ansible/ubuntu focal main
Save and close the file when you are done then add the Ansible GPG key using the following command:
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
You should see the following output:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). Executing: /tmp/apt-key-gpghome.lFEjztT9TY/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367 gpg: key 93C4A3FD7BB9C367: public key "Launchpad PPA for Ansible, Inc." imported gpg: Total number processed: 1 gpg: imported: 1
Now, update the repository and install the Ansible with the following command:
apt-get update
apt-get install ansible -y
Once the Ansible is installed, verify the Ansible version with the following command:
ansible --version
You should get the following output:
ansible 2.10.8 config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
Install Ansible Using PIP
First, you will need to install Python and PIP to your system. You can install it using the following command:
apt-get install python3 python3-pip -y
Once the installation is complete, use the pip command to install Ansible as shown below:
pip install ansible
Install sshpass
The sshpass is a command-line tool that allows you to provide passwords with SSH commands. Here, we will use sshpass on the Ansible controller node with Ansible to authenticate a remote host.
You can install the sshpass with the following command:
apt-get install sshpass -y
Next, connect to the first ansible remote host to add an SSH fingerprint to your known_hosts file:
ssh [email protected]
You will be asked to provide an SSH password as shown below:
The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established. ECDSA key fingerprint is SHA256:q3zMoJ6qdjYvAdL7/w4Z0gm0ZEgGOB+rNIPKEMdYS6o. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.10.10' (ECDSA) to the list of known hosts. Password:
Provide your password and hit Enter to add an SSH fingerprint.
Next, connect to the second ansible remote host to add an SSH fingerprint to your known_hosts file:
ssh [email protected]
You will be asked to provide an SSH password as shown below:
The authenticity of host '192.168.10.11 (192.168.10.11)' can't be established. ECDSA key fingerprint is SHA256:q3zMoJ6qdjYvAdL7/w4Z0gm0ZEgGOB+rNIPKEMdYS6o. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.10.11' (ECDSA) to the list of known hosts. Password:
Provide your password and hit Enter.
You can now use the sshpass command to verify the SSH connection:
sshpass -p yourpassword ssh [email protected]
Create Ansible Hosts Inventory File
Next, you will need to create an inventory file to define your remote hosts IP address, username, password and SSH port:
nano ~/.hosts
Add the following lines:
[servers] server1 ansible_host=192.168.10.10 ansible_user=root ansible_ssh_pass=password ansible_ssh_port=22 server2 ansible_host=192.168.10.11 ansible_user=root ansible_ssh_pass=password ansible_ssh_port=22
Save and close the file.
Note: In the above file, we will use remote hosts' IP, username, password, and SSH port.
Working with Ansible
Ansible provides a lot of modules that help you to manage remote hosts.
The basic syntax to run Ansible as shown below:
ansible -i [inventory_file] -m [module] [host]
Let's verify the ping connectivity to all hosts:
ansible -i ~/.hosts -m ping all
If everything is fine, you should get the following output:
server2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" } server1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" }
If you want to verify ping connectivity of the only server1, run the following command:
ansible -i ~/.hosts -m ping server1
You should get the following output:
server1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" }
You can use the shell module to run all commands on the remote hosts.
For example, to run "free -m" command on server2, run the following command:
ansible -i ~/.hosts -m shell -a "free -m" server2
You should see the following output:
server2 | CHANGED | rc=0 >> total used free shared buff/cache available Mem: 1982 128 491 2 1363 1669 Swap: 0 0 0
To run a "df -h" commad on server2, run the following command:
ansible -i ~/.hosts -m shell -a "df -h" server2
You should get the following output:
server2 | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on udev 976M 0 976M 0% /dev tmpfs 199M 404K 198M 1% /run /dev/sda1 50G 2.4G 45G 5% / tmpfs 992M 124K 992M 1% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 199M 0 199M 0% /run/user/0
Ansible provides an apt module to install any package to the remote hosts.
To install the Nginx package on server1, run the following command:
ansible -i ~/.hosts -m ansible.builtin.apt -a "name=nginx state=present" server1
You should get the following output:
server1 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "cache_update_time": 1631424599, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "Upgrading binary: nginx.", "Setting up nginx (1.18.0-6.1) ...", "Processing triggers for man-db (2.9.4-2) ...", "Processing triggers for libc-bin (2.31-13) ..." ] }
To check the status of the Nginx service on server1, run the following command:
ansible -i ~/.hosts -m shell -a "systemctl status nginx" server1
You should get the following output:
server1 | CHANGED | rc=0 >> ? nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2021-09-12 05:55:36 UTC; 49s ago Docs: man:nginx(8) Process: 10761 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Process: 10764 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Main PID: 10871 (nginx) Tasks: 2 (limit: 2341) Memory: 5.8M CPU: 54ms CGroup: /system.slice/nginx.service ??10871 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; ??10874 nginx: worker process Sep 12 05:55:36 ansible systemd[1]: Starting A high performance web server and a reverse proxy server... Sep 12 05:55:36 ansible systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument Sep 12 05:55:36 ansible systemd[1]: Started A high performance web server and a reverse proxy server.
Ansible provides a user module to create and manage users on the remote hosts.
To create a new user named user1 on server1, run the following command:
ansible -i ~/.hosts -m ansible.builtin.user -a "name=user1 password=yourpassword" server1
You should see the following output:
server1 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/user1", "name": "user1", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/sh", "state": "present", "system": false, "uid": 1000 }
Conclusion
In this article, you learned how to install Ansible with APT and PIP. You also learned how to use different Ansible modules to manage remote hosts. I hope you have now enough understanding of Ansible. Feel free to ask me if you have any questions.