A System Administrator's Guide To Getting Started With Ansible - FAST!
A System Administrator's Guide To Getting Started With Ansible - FAST!
BLOG MENU
Latest posts
By product
By channel
SHARE
Are you a typical system administrator with too much work and not enough time?
Does the prospect of making a simple DNS server change or adjusting kernel
parameters across your entire server farm make you cringe? Or worse, making
changes based on variable system characteristics such as installed memory or
release version? Are the developers in your organization speaking another
language to you with this whole DevOps thing?
Red Hat Ansible Automation is an agentless human readable automation tool that
uses
We use SSHon
cookies toour
orchestrate configuration
websites to deliver management,
our online services. application
Details about how we usedeployment,
cookies and howand
you
mayprovisioning
disable them are
inset out inor
a flat our Privacy Statement.
multi-tier By using It
environment. this
iswebsite
basedyouonagree to our use
the open of cookies.
source
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 1/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
Ansible technology, which has become one of the world’s most popular open
source IT automation technologies.
This blog post will help you understand the basics of Ansible and how it can be
used in your role as a system administrator to more efficiently manage your
systems.
Control node: the host on which you use Ansible to execute tasks on the
managed nodes
Module: code that performs a particular common task such as adding a user,
installing a package, etc.
Environment
The environment in this post consists of one control node (vm1) and four
managed nodes (vm2, vm3, vm4, vm5) all running in a virtual environment with a
minimal Red Hat Enterprise Linux 7.4 installation. For sake of simplicity, the
control node has the following entries in the /etc/hosts file:
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 2/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
For ease of use I'm going to give my system user passwordless sudo in this
demonstration, your security policy may vary, and Ansible can handle a wide
variety of privilege escalation use-cases. This user account has been configured
for privilege escalation via the following entry in the /etc/sudoers file:
This is only an example and you may wish to use your own sudo configuration
variant.
Finally, SSH public key authentication has been configured and tested for this
user account from the control node to each of the managed nodes.
Installation
Ansible for Red Hat Enterprise Linux 7 is located in the Extras channel. If you’re
using Red Hat Enterprise Linux 6, enable the EPEL repository. For Extra Packages
for Enterprise Linux (EPEL), this solution in the customer portal may also be
helpful. On Fedora systems you will find Ansible in the base repository.
Once the appropriate repository has been configured, it’s a quick and simple
install:
Note the default configuration file, and that python is required and present in our
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
minimal Red Hat Enterprise Linux 7.4 installation.
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 3/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
Configuration
Since we have already configured the managed nodes with a user account,
privilege escalation, and SSH public key authentication, we will continue by
configuring the control node.
Configuration file
As we have just discovered, the default configuration file is
/etc/ansible/ansible.cfg
You can modify this global configuration file or make a copy specific to a
particular directory. The order in which a configuration file is located is as follows:
/etc/ansible/ansible.cfg (global)
In this post, I will be using a minimal configuration file in the home directory of the
user account added previously:
Host inventory
The default host inventory file is /etc/ansible/hosts but can be changed via the
configuration
We use cookies on ourfile (as shown
websites above)
to deliver or services.
our online by using the about
Details -i option onuse
how we the ansible
cookies and how you
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
command. We will be using a simple static inventory file. Dynamic inventories are
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 4/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
[webservers]
vm2
vm3
[dbservers]
vm4
[logservers]
vm5
[lamp:children]
webservers
dbservers
We have defined four groups: webservers on vm2 and vm3, dbservers on vm4,
logservers on vm5 and lamp which consists of the webservers and dbservers
groups.
Let’s confirm that all hosts can be located using this configuration file:
Now that we have validated our host inventory, let’s do a quick check to make
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
maysure allthem
disable our are
hosts areinup
set out ourand running.
Privacy WeBy
Statement. will dothis
using thiswebsite
usingyou
anagree
ad-hoc command
to our use of cookies.
that uses the ping module:
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 5/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
We can see from the above output that all systems returned a successful result,
nothing changed, and the result of each "ping" was "pong".
The number of built-in modules continues to grow with each Ansible release:
The final setup task in our environment is to configure vm1 with Apache and a Red
Hatcookies
We use Enterprise Linux 7toyum
on our websites repository
deliver in orderDetails
our online services. for the managed
about nodes
how we use cookiesto install
and how you
mayadditional
disable thempackages:
are set out in our Privacy Statement. By using this website you agree to our use of cookies.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 6/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
Since the managed nodes will need to have some additional packages installed,
our first task is to configure a yum repository on each host using this
configuration file:
We can copy this file to each of the managed nodes using an ad-hoc command
with the copy module using the -m option and specify the required arguments
using the -a option as follows:
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 7/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
[...]
Additional output from the remaining hosts has been removed for sake of brevity.
1. Each node reports SUCCESS and "changed" : true meaning the module
execution was successful and the file was created/changed. If we run the
command again, the output will include "changed" : false meaning the file is
already present and configured as required. In other words, Ansible will only
make the required changes if they do not already exist. This is what is known as
"idempotence".
2. The -b option (see http://docs.ansible.com/ansible/latest/become.html)
causes the remote task to use privilege escalation (i.e. sudo) which is required
to copy files into the /etc/yum.repos.d directory
3. You can find out what arguments the copy module requires using:
[curtis@vm1
We use ~]$ ansible-doc
cookies on our websites to deliver our copy
online services. Details about how we use cookies and how you
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 8/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
Playbooks
While ad-hoc commands are useful for testing and simple one-off tasks,
playbooks can be used to capture a set of repeatable tasks to run in the future. A
playbook contains one or more plays which define a set of hosts to configure and
a list of tasks to be performed.
1. The httpd package is installed on the web servers, enabled, and started
2. Each web server has a default page with text "Welcome to <hostname> on <ip
address>"
3. Each web server has a user account with suitable access for content
management
6. Hosts in the webservers and dbservers groups send a copy of log messages to
the log server host
1. The user module requires a hash of the plaintext password (see "ansible-doc
user" for details). This can be achieved as follows
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 9/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
2. The default web page content is created using "facts" gathered from the host.
You can discover and use host facts using the setup module:
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 10/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
---
- hosts: webservers
become: yes
tasks:
- name: install Apache server
yum:
name: httpd
state: latest
state: directory
mode: u=rwx,g=rwx,o=rx,g+s
- hosts: dbservers
become: yes
tasks:
- name: install MariaDB server
yum:
name: mariadb-server
state: latest
- hosts: logservers
become: yes
tasks:
- name: configure rsyslog remote log reception over udp
lineinfile:
path: /etc/rsyslog.conf
line: "{{ item }}"
state: present
with_items:
- '$ModLoad imudp'
- '$UDPServerRun 514'
notify:
- restart rsyslogd
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 12/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
immediate: true
permanent: true
state: enabled
handlers:
- name: restart rsyslogd
service:
name: rsyslog
state: restarted
- hosts: lamp
become: yes
tasks:
- name: configure rsyslog
lineinfile:
path: /etc/rsyslog.conf
line: '*.* @192.168.102.215:514'
state: present
notify:
- restart rsyslogd
handlers:
- name: restart rsyslogd
service:
name: rsyslog
state: restarted
From the output below, we can see that the web server configuration occurs only
on vm2 and vm3 (play 1) while the database is installed on vm4 (play 2) and the
logserver (vm5) is configured with play 3. Finally, play 4 configures the
webservers and dbservers hosts via the "lamp" group for remote logging.
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 13/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
TASK
We use [install
cookies MariaDB
on our websites server]
to deliver ******************************************
our online services. Details about how we use cookies and how you
changed:
may disable [vm4]
them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 14/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 15/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
and remote logging using the logger command on the webservers and dbservers
hosts:
Using vim with syntax highlighting is helpful not only in learning yaml, but in
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
mayfinding syntax
disable them problems.
are set A quick
out in our Privacy way to enable
Statement. vimwebsite
By using this for yaml syntax
you agree is by
to our useadding
of cookies.
the following line to your ~/.vimrc file:
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 16/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
If you’d like something with a few more features, including color, one such plugin
can be found here.
If you prefer to use emacs instead of vim, enable the EPEL repository and install
the emacs-yaml-mode package.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 17/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
I hope this post has given you a better idea of how Ansible works and how it can
save you both time and effort using playbooks to document and repeat mundane
tasks with ease and accuracy. Be sure to continue learning at
http://docs.ansible.com and
https://www.redhat.com/en/technologies/management/ansible.
Happy automating!
A Red Hat Technical Account Manager (TAM) is a specialized product expert who
works collaboratively with IT organizations to strategically plan for successful
deployments and help realize optimal performance and growth. The TAM is part
of Red Hat’s world class Customer Experience and Engagement organization and
provides proactive advice and guidance to help you identify and address potential
problems before they occur. Should a problem arise, your TAM will own the issue
and engage the best resources to resolve it as quickly as possible with minimal
disruption to your business.
Connect with TAMs at a Red Hat Convergence event near you! Red Hat
Convergence is a free, invitation-only event offering technical users an
opportunity to deepen their Red Hat product knowledge and discover new ways
to apply open source technology to meet their business goals. These events
travel to cities around the world to provide you with a convenient, local one-day
experience to learn and connect with Red Hat experts and industry peers.
Open source is collaborative curiosity. Join us at Red Hat Summit, May 8-10, in
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
San Francisco to connect with TAMs and other Red Hat experts in person!
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
Register now for only US$1,100 using code CEE18.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 18/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
Red Hat Cloud Success is designed to help simplify your IT transformation and
accelerate your adoption of cloud technologies with deep product expertise,
guidance, and support. From the proof of concept stage to production, a highly
skilled cloud technical specialist will partner with you to provide continuity and
help ensure successful implementation of your cloud solution. Through this
limited time engagement, Red Hat Cloud Success can help you effectively plan
and deploy cloud solutions and strategically plan for the future.
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 19/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
Flying with a Safety Net: High Availability for SAP HANA in Public Clouds
OF INTEREST
RELATED WEBINAR
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
Red Hat Enterprise Linux for SAP Solutions
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 20/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
CUSTOMER STORY
ABOUT
We’re the world’s leading provider of enterprise open source solutions, using a community-powered approach to
deliver high-performing Linux, cloud, container, and Kubernetes technologies. We help you standardize across
environments, develop cloud-native applications, and integrate, automate, secure, and manage complex
environments with award-winning support, training, and consulting services.
Locations Blog
Events Jobs
FEATURED
TOOLS
My account
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
For customers
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
For partners
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 21/22
8/21/2019 A system administrator's guide to getting started with Ansible - FAST!
For developers
Hardware catalog
Resource library
PURCHASE
Contact sales
Contact training
Contact consulting
Find a partner
COMMUNICATE
Contact us
Feedback
Social
Privacy statement Terms of use All policies and guidelines Cookie Preferences
We use cookies on our websites to deliver our online services. Details about how we use cookies and how you
may disable them are set out in our Privacy Statement. By using this website you agree to our use of cookies.
https://www.redhat.com/en/blog/system-administrators-guide-getting-started-ansible-fast 22/22