How to Install and Use Ansible on Debian 11

Ansible is a free, open-source, and one of the most popular configuration management tools. It is a cross-platform tool that simplifies cloud computing, configuration management, package installation, and service configuration. It uses a YAML file that contains the steps which the user wants to run on a particular machine. With Ansible, you can configure and manage more than hosts with a single command. Ansible is an alternative to the other configuration management tools like Chef and Puppet.

In this article, I will show you how to install and use Ansible configuration management tool on Debian 11.

Prerequisites

  • Three servers running Debian 11.
  • A root password is configured on each server.

For the purpose of this tutorial, we will use the following setup:

  • Ansible Controler - 192.168.10.9
  • Ansible Hosts - 192.168.10.10, 192.168.10.11

Install Ansible on Debian 11

By default, the Ansible package is not included in the Debian default repository. There are two ways to install Ansible on Debian 11.

  1. Using APT Command
  2. Using PIP Command

Install Ansible Using APT

First, you will need to install some dependencies in your system. You can install the required dependencies using the following command:

apt-get install gnupg2 curl wget -y

Once all the dependencies are installed, edit the APT source.list and add the Ansible repository:

nano /etc/apt/sources.list

Add the following line:

deb http://ppa.launchpad.net/ansible/ansible/ubuntu focal main

Save and close the file when you are done then add the Ansible GPG key using the following command:

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367

You should see the following output:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.lFEjztT9TY/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
gpg: key 93C4A3FD7BB9C367: public key "Launchpad PPA for Ansible, Inc." imported
gpg: Total number processed: 1
gpg:               imported: 1

Now, update the repository and install the Ansible with the following command:

apt-get update
apt-get install ansible -y

Once the Ansible is installed, verify the Ansible version with the following command:

ansible --version

You should get the following output:

ansible 2.10.8
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]

Install Ansible Using PIP

First, you will need to install Python and PIP to your system. You can install it using the following command:

apt-get install python3 python3-pip -y

Once the installation is complete, use the pip command to install Ansible as shown below:

pip install ansible

Install sshpass

The sshpass is a command-line tool that allows you to provide passwords with SSH commands. Here, we will use sshpass on the Ansible controller node with Ansible to authenticate a remote host.

You can install the sshpass with the following command:

apt-get install sshpass -y

Next, connect to the first ansible remote host to add an SSH fingerprint to your known_hosts file:

ssh [email protected]

You will be asked to provide an SSH password as shown below:

The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established.
ECDSA key fingerprint is SHA256:q3zMoJ6qdjYvAdL7/w4Z0gm0ZEgGOB+rNIPKEMdYS6o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.10.10' (ECDSA) to the list of known hosts.
Password: 

Provide your password and hit Enter to add an SSH fingerprint.

Next, connect to the second ansible remote host to add an SSH fingerprint to your known_hosts file:

ssh [email protected]

You will be asked to provide an SSH password as shown below:

The authenticity of host '192.168.10.11 (192.168.10.11)' can't be established.
ECDSA key fingerprint is SHA256:q3zMoJ6qdjYvAdL7/w4Z0gm0ZEgGOB+rNIPKEMdYS6o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.10.11' (ECDSA) to the list of known hosts.
Password: 

Provide your password and hit Enter.

You can now use the sshpass command to verify the SSH connection:

sshpass -p yourpassword ssh [email protected]

Create Ansible Hosts Inventory File

Next, you will need to create an inventory file to define your remote hosts IP address, username, password and SSH port:

nano ~/.hosts

Add the following lines:

[servers]
server1 ansible_host=192.168.10.10 ansible_user=root ansible_ssh_pass=password ansible_ssh_port=22
server2 ansible_host=192.168.10.11 ansible_user=root ansible_ssh_pass=password ansible_ssh_port=22

Save and close the file.

Note: In the above file, we will use remote hosts' IP, username, password, and SSH port.

Working with Ansible

Ansible provides a lot of modules that help you to manage remote hosts.

The basic syntax to run Ansible as shown below:

ansible -i [inventory_file] -m [module] [host]

Let's verify the ping connectivity to all hosts:

ansible -i ~/.hosts -m ping all

If everything is fine, you should get the following output:

server2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
server1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}

If you want to verify ping connectivity of the only server1, run the following command:

ansible -i ~/.hosts -m ping server1

You should get the following output:

server1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}

You can use the shell module to run all commands on the remote hosts.

For example, to run "free -m" command on server2, run the following command:

ansible -i ~/.hosts -m shell -a "free -m" server2

You should see the following output:

server2 | CHANGED | rc=0 >>
               total        used        free      shared  buff/cache   available
Mem:            1982         128         491           2        1363        1669
Swap:              0           0           0

To run a "df -h" commad on server2, run the following command:

ansible -i ~/.hosts -m shell -a "df -h" server2

You should get the following output:

server2 | CHANGED | rc=0 >>
Filesystem      Size  Used Avail Use% Mounted on
udev            976M     0  976M   0% /dev
tmpfs           199M  404K  198M   1% /run
/dev/sda1        50G  2.4G   45G   5% /
tmpfs           992M  124K  992M   1% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           199M     0  199M   0% /run/user/0

Ansible provides an apt module to install any package to the remote hosts.

To install the Nginx package on server1, run the following command:

ansible -i ~/.hosts -m ansible.builtin.apt -a "name=nginx state=present" server1

You should get the following output:

server1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "cache_update_time": 1631424599,
    "cache_updated": false,
    "changed": true,
    "stderr": "",
    "stderr_lines": [],
        "Upgrading binary: nginx.",
        "Setting up nginx (1.18.0-6.1) ...",
        "Processing triggers for man-db (2.9.4-2) ...",
        "Processing triggers for libc-bin (2.31-13) ..."
    ]
}

To check the status of the Nginx service on server1, run the following command:

ansible -i ~/.hosts -m shell -a "systemctl status nginx" server1

You should get the following output:

server1 | CHANGED | rc=0 >>
? nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2021-09-12 05:55:36 UTC; 49s ago
       Docs: man:nginx(8)
    Process: 10761 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 10764 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 10871 (nginx)
      Tasks: 2 (limit: 2341)
     Memory: 5.8M
        CPU: 54ms
     CGroup: /system.slice/nginx.service
             ??10871 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
             ??10874 nginx: worker process

Sep 12 05:55:36 ansible systemd[1]: Starting A high performance web server and a reverse proxy server...
Sep 12 05:55:36 ansible systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Sep 12 05:55:36 ansible systemd[1]: Started A high performance web server and a reverse proxy server.

Ansible provides a user module to create and manage users on the remote hosts.

To create a new user named user1 on server1, run the following command:

ansible -i ~/.hosts -m ansible.builtin.user -a "name=user1 password=yourpassword" server1

You should see the following output:

server1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "comment": "",
    "create_home": true,
    "group": 1000,
    "home": "/home/user1",
    "name": "user1",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/sh",
    "state": "present",
    "system": false,
    "uid": 1000
}

Conclusion

In this article, you learned how to install Ansible with APT and PIP. You also learned how to use different Ansible modules to manage remote hosts. I hope you have now enough understanding of Ansible. Feel free to ask me if you have any questions.

Share this page:

1 Comment(s)