Configuring Ansible on Ubuntu

&

Automating Nginx Installation

Initiation à l’automatisation
4ArcTIC

2024-2025
Introduction :

Nginx and Ansible are both widely used tools in the world of IT. Nginx is known for its
exceptional performance and scalability as an open-source web server, while Ansible is a
powerful configuration management tool, valued for its agentless architecture that doesn’t
require additional software on nodes and uses SSH to execute automation tasks, with YAML
files to define configuration details. In this lab, we will explain how to install Ansible on Ubuntu
and how to deploy Nginx using an Ansible playbook.

Prerequisites :

• Two virtual machines running Ubuntu 22.04 with OpenSSH server installed : one is the
master node, and the other is the worker node.
• Both machines are accessible via public IP addresses.
• A non-root user with sudo privileges is set up on both machines.

Goals :
1- The configuration and setup of Ansible on a control machine include setting up SSH and
preparing the inventory file to define the managed hosts.

2- The installation of Nginx using an Ansible playbook.

The architecture of this lab is clearly presented in the figure below.

1
Step 1 - Installing Ansible
To begin using Ansible as a means of managing your server infrastructure, you need to install
the Ansible software on the machine that will serve as the Ansible control node.

1.1 From your control node, run the following command to include the official project’s PPA
(personal package archive) in your system’s list of sources :

$ sudo apt-add-repository ppa:ansible/ansible

Press ENTER when prompted to accept the PPA addition.

1.2 Next, refresh your system’s package index so that it is aware of the packages available in
the newly included PPA.

$ sudo apt update

Following this update, you can install the Ansible software with :

$ sudo apt install ansible

After installation, verify that Ansible is installed correctly:

$ ansible --version

➔ Your Ansible control node now has all of the software required to administer your hosts.
Next, we will go over how to add your hosts to the control node’s inventory file so that it can
control them.

2
Step 2 - Set Up SSH Keys
The first step is to create a key pair on the Control machine :

$ ssh-keygen

After entering the command, you should see the following output :

Press enter to save the key pair into the .ssh/ subdirectory in your home directory, or specify an
alternate path.

Here you optionally may enter a secure passphrase, which is highly recommended.(But we
suggest without passphrase for learning purpose) A passphrase adds an additional layer of
security to prevent unauthorized users from logging in.

You should then see the output similar to the following :

Step 3 - Copying the Public Key to worker node machine

It is necessary for the OpenSSH service to be installed and running on the worker machine
before you can copy a public key to it. The openssh-server package allows the system to receive
SSH connections, which is essential for transferring your public key.

3.1 To install openssh-server on worker machine, use the following command :

$ sudo apt update

$ sudo apt install openssh-server

3
3.2 Before copying your public key to the worker machine, check that the firewall is disabled
on both machines, if it is not, disable it with the following commands :

$ sudo systemctl stop ufw

$ sudo systemctl disable ufw

3.3 Once openssh-server is installed and the service is running, you can copy your public key
to the worker machine using the ssh-copy-id command.

$ ssh-copy-id username@remote_host

You may see the following message, answer yes to accept and add this key to the list of known
hosts (~/.ssh/known_hosts).

And once you enter the worker node password, key is added.

Step 4 - Authenticating to the worker node Using SSH Keys

If you have successfully completed the procedures above, you should be able to log into the
remote host without providing the remote account’s password.

4
If you were able to log into your account using SSH without a password, you have successfully
configured SSH-key-based authentication to your account. However, your password-based
authentication mechanism is still active on your worker node.

To disable it follow the steps.

$ sudo gedit /etc/ssh/sshd_config /// (line n° 57 - uncomment and change to no.)

To actually activate these changes, we need to restart the sshd service :

$ sudo systemctl restart ssh

Step 5 - Setting Up the Inventory File

Ansible uses the standard SSH protocol to communicate with the nodes it manages. However,
these nodes need to be declared in an inventory file. The default inventory file is located at
/etc/ansible/hosts, but you are free to create inventory files in any location that suits your needs,
in either INI or YAML format.
In this case, you’ll need to provide the path to your custom inventory file with the -i parameter
when running Ansible commands and playbooks. Using per-project inventory files is a good
practice to minimize the risk of running a playbook on the wrong group of servers.

5. Create your own inventory file in the /etc/ansible directory and add the IP addresses of the
worker node to this inventory file.

Step 6 - Setting Up the Playbook File to Deploy an Nginx

Server with a Test HTML Page
6. Write Ansible playbook « nginx_setup.yml » designed to automate the setup of a basic Nginx
web server with a customized webpage.

5
In the same directory as your « nginx_setup.yml » playbook, create a subdirectory named
« templates ». Then, in this directory, create the file « index.html.j2 » with the following
customized content :

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title> Welcome to Nginx </title>
</head>
<body>
<h1> Welcome to Nginx ! </h1>
<p> Congratulations, the Nginx web server has been installed and is running correctly on your
worker node.</p>
</body>
</html>

Note : This file will be used as the source for a task that employs the template module to create
the /var/www/html/index.html file on the worker machine from the index.html.j2 template.

- The playbook should include four main tasks:

Updating the system.

Installing Nginx.

Creating the configuration file /var/www/html/index.html.

Enabling the Nginx service to start at boot.

- Handler "Restart nginx" executes only if index.html is modified.

- All tasks should run with root permissions (become: yes).

Step 7 - Running the playbook & test

By default, Ansible uses the local machine's username to connect to remote machines. However,
the user on the worker machine is different from the one on the master machine, which causes
a connection failure.

To fix this issue, you need to explicitly specify the remote user in the execution command using
the -u option, followed by the username on the remote machine.

6
For example, to run the playbook as the worker user on the remote machine, use the following
command :

After successfully running your playbook, open the web browser on the worker node, enter the
IP address, and verify that the customized Nginx web page is displayed.