Ansible: Server Management on Linux

2 Comments / Linux / By

In the world of DevOps and server management, efficiency and automation are paramount. This is where Ansible comes into play. Ansible is an open-source automation tool that enables you to manage and configure servers, deploy applications, and orchestrate IT tasks with ease. In this post, we’ll dive into the basics of Ansible and explore how you can leverage its power to streamline management tasks on Linux servers.

What is Ansible?

Ansible is a configuration management and automation tool that allows you to define tasks and configurations as code. This code, written in YAML, is human-readable and provides a clear and concise way to describe the desired state of your servers and infrastructure, Ansible operates in an agentless manner, meaning it doesn’t require any software to be installed on the managed servers. Instead, it communicates via SSH, making it lightweight and easy to set up.

Note: YAML sucks. If you use YAML in daily basis, you know that most of the configuration for Ansible, Docker compose, Kubernetes declaration are in this format. It’s a language defined by spaces and tabs, and this created confusion and make errors

Key Concepts of Ansible

  1. Inventory: An inventory file lists the servers or hosts that Ansible will manage. It can be a simple text file or a dynamic source like AWS EC2 instances. This file defines the target systems for your automation tasks.
  2. Playbooks: Playbooks are YAML files that define a series of tasks to be executed on specific hosts. Each task is a module that carries out a particular action, such as installing packages, copying files, or restarting services.
  3. Modules: Modules are Ansible’s building blocks. They are responsible for executing specific actions on managed hosts. For instance, the yum module can be used to manage packages on a Red Hat-based Linux system, while the apt module does the same for Debian-based systems.
  4. Tasks: Tasks are individual units of work defined within a playbook. Each task specifies a module to execute and the necessary parameters.
  5. Play: A play is a combination of tasks applied to a specific set of hosts. Playbooks can contain one or more plays, allowing you to group related tasks together.

Using Ansible on Linux Servers

Installation: Ansible can be installed on your local machine (the control node) using package managers like apt or yum. On Debian-based systems, you can run:

$ sudo apt install ansible

Creating an Inventory: Create an inventory file (e.g., inventory.ini) listing the IP addresses or domain names of your Linux servers.

#Using ips
[web_servers]
web1 ansible_host=192.168.1.101
web2 ansible_host=192.168.1.102
#You can also use hostnames
[app_servers]
app1 ansible_host=app1server.matiasmercado.ar
app2 ansible_host=app2server.matiasmercado.ar

[web_servers] and [app_servers] are group names that you can reference in your playbooks to target specific sets of servers.
web1, web2, app1, and app2 are the hostnames you assign to each server.
ansible_host specifies the IP address or hostname of each server. This is the address Ansible will use to connect to the server.

Writing a Playbook: Develop a playbook (e.g., server-setup.yml) with the tasks you want to perform. This might include tasks like installing packages, creating users, or configuring services.

---
- name: Setup Web Servers
  hosts: web_servers
  become: yes #indicates that the tasks should be executed as sudo

  tasks:
    - name: Install Nginx
      apt:
        name: nginx
        state: present

    - name: Create user webadmin
      user:
        name: webadmin
        password: "{{ 'secret1234' | password_hash('sha512') }}"
        state: present

    - name: Copy configuration file
      copy:
        src: files/app.conf
        dest: /etc/app/app.conf

    - name: Ensure app service is started
      service:
        name: app-service
        state: started

In this playbook:

  • We specify that the playbook targets the web_servers group defined in for the inventory file.
  • The apt module is used to install Nginx on the web servers.
  • The user module creates a user named webadmin with the password secret1234.
  • The copy module copies the app.conf file from the files directory to /etc/app/app.conf on the servers.
  • The service module ensures that the app-service is started.

Running the Playbook: Execute the playbook using the ansible-playbook command, specifying the inventory file and playbook:

$ ansible-playbook -i inventory.ini server-setup.yml

Benefits of Ansible


Agentless: No need to install agents on managed servers, reducing complexity and potential security risks.

Idempotence: Ansible ensures that the desired state is achieved, regardless of the current state, making it safe to run playbooks multiple times.

Reusability: Playbooks and roles can be shared, reused, and customized to suit different environments.

Versatility: Ansible can manage various aspects of server configuration, from software installation to user management and more.

Using Ansible, daily tasks examples

Package Installation: Ansible makes installing software packages across multiple servers a breeze. Imagine you need to ensure that the same set of packages is installed on all your Linux servers. Instead of manually logging into each server and running installation commands, you can create an Ansible playbook. This playbook can use the appropriate package manager module (apt for Debian-based systems or yum for Red Hat-based systems) to install the desired packages on all servers simultaneously.

---
- name: Install packages on servers
  hosts: web_servers
  become: yes  # Run tasks with sudo privileges
  tasks:
    - name: Install required packages
      apt:
        name: "{{ packages_to_install }}"
        state: present
      vars:
        packages_to_install:
          - nginx
          - mysql-server
          - php-fpm

In this example, the playbook installs Nginx, MySQL, and PHP-FPM on the specified group of servers (web_servers) using the apt module.

User Management: Managing user accounts consistently across a fleet of servers can be time-consuming. With Ansible, you can define a playbook that adds or removes users, sets their passwords, and configures their access rights. This is particularly useful when onboarding new team members or when revoking access for departing employees. By running the playbook, you ensure that user accounts are set up uniformly across all servers, improving security and reducing manual effort.

---
- name: Manage user accounts
  hosts: all_servers
  become: yes
  tasks:
    - name: Add user accounts
      user:
        name: "{{ item.name }}"
        password: "{{ item.password | password_hash('sha512') }}"
        state: present
      loop:
        - { name: alice, password: secret123 }
        - { name: bob, password: password456 }

This playbook adds user accounts (Alice and Bob) to all servers, setting their passwords using the user module.

Configuration File Deployment: Keeping configuration files consistent across servers is crucial for maintaining a stable and secure environment. Ansible can help by automating the process of deploying configuration files to multiple servers. Let’s say you have a web server configuration file that needs to be updated. You can create a playbook that copies the new configuration file to all servers, restarts the web service if needed, and ensures that all servers are in sync with the latest configuration changes. This approach guarantees that your servers are correctly configured and reduces the risk of inconsistencies.

---
- name: Deploy configuration files
  hosts: app_servers
  become: yes
  tasks:
    - name: Copy configuration file
      copy:
        src: files/app.conf
        dest: /etc/app/app.conf
      notify: Restart app service

  handlers:
    - name: Restart app service
      service:
        name: app-service
        state: restarted

This playbook copies the app.conf configuration file from the local machine to the /etc/app directory on app servers. After copying, it triggers the handler to restart the app-service.

Calling another playbook: You can also call another playbook, this is key if you want to create a more organized environment.

server-setup.yml:

---
- name: Setup Web Servers
  hosts: web_servers
  become: yes #indicates that the tasks should be executed as sudo

  tasks:
    - name: Install Nginx
      apt:
        name: nginx
        state: present

    - name: Create user webadmin
      user:
        name: webadmin
        password: "{{ 'secret1234' | password_hash('sha512') }}"
        state: present

    - name: Copy configuration file
      copy:
        src: files/app.conf
        dest: /etc/app/app.conf

    - name: Ensure app service is started
      service:
        name: app-service
        state: started
  
    - name: Include open-ports playbook
      include_playbook: open-ports.yaml

open-ports.yaml:

---
- name: Open Port 80 using UFW
  hosts: web_servers
  become: yes

  tasks:
    - name: Open port 80
      ufw:
        rule: allow
        port: 80
        state: enabled

These examples showcase just a fraction of what Ansible can accomplish. Whether it’s deploying applications, managing infrastructure, or handling complex orchestration, Ansible empowers you to automate tasks effectively and maintain the desired state of your Linux servers with ease.

Conclusion:
Ansible simplifies the complexity of server management on Linux systems by offering a streamlined and efficient automation solution. By understanding its core concepts and starting with basic playbooks, you can gradually expand your Ansible skills to tackle more complex tasks and configurations. Embrace Ansible’s power to enhance your DevOps practices and improve the efficiency of your server management workflows.

2 thoughts on “Ansible: Server Management on Linux”

Leave a Comment

Your email address will not be published. Required fields are marked *