Ansible is a remote administration tool for both Windows and Linux hosts but is more popular for managing hosts running Linux. A large benefit of Ansible versus bash scripts is the built-in error handling of the modules Ansible offers while also making it incredibly easy to organize and update hosts dynamically.
From a Windows System Admin view it is similar to SCCM but with the big difference being that the hosts do not need to live in the same domain, they can be anywhere since SSH is the driving protocol so all that is needed is the proper public/private key pair and a few dependencies installed on the remote linux host.
These dependencies include:
- Ansible [sudo apt-get install ansible]
- Python [sudo apt-get install python-minimal]
- Public key added to .ssh/authorized_keys file on remote host
Instead of scripts Ansible uses “playbooks” which are like install scripts but with advanced error handling that use their own syntax to accomplish common setup tasks for linux hosts such as updating the apt cache and upgrading the OS. A custom module with it’s own syntax exists for almost anything you can think of such as cronjobs, reboots, installing software, setting ufw rules, etc.
When a module does not exist for what you want to do you can just use the command or shell modules.
Playbooks use the YAML (YAML Ain’t Markup Language) syntax which can be a little confusing at first but is easy to pick up on after writing a few playbooks.
Here is a basic example of the syntax:
Each playbook starts with 3 hyphens at the start of the file followed by the name you are giving the playbook, what hosts you want the playbook to be run on, and “become” which as default tells the playbook to escalate privilege to root to run the following tasks defined.
All of the ansible modules are documented nicely with examples on https://docs.ansible.com
When your playbook is finished you run it on your local linux host with:
ansible-playbook -i example_hosts_inventory.txt -u ubuntu –private-key key.pem example_playbook.yaml
- the -i flag defines the inventory file the contains the host name(s) of the remote hosts you want to target. These can be either Ips or full DNS names. You can create inventory files really easy with just vim example_hosts_inventory.txt [press I to go into Insert Mode then type in your hosts with a new one on each line] press ESC to leave Insert Mode and save the file with :wq
- the -u flag is for name of the default user you want to run the commands under that do not need any privilege escalation
- –private-key flag is self-explanatory, defining location and name of private key for connecting to remote host(s) through SSH
As the command runs it will step through each task you have in the playbook and print out “changed”, “OK”, or an error message if something fails. Generally the error messages are pretty helpful for debugging. If you want to check for syntax errors in the playbook before running it, you can add the –syntax-check flag to your ansible-playbook command.