Devnet
Ansible

Ansible Installation

Introduction

Configuration management systems streamline the process of controlling numerous servers for administrators and operations teams. They enable automated control over multiple systems from a central location.

While numerous configuration management tools are available for Linux systems, such as Chef and Puppet, many find them overly complex. Ansible provides a viable alternative with its architecture, requiring no special software on nodes and utilizing SSH for task execution along with YAML files for provisioning details.

This guide demonstrates how to install Ansible on an Ubuntu 22.04 server and covers basic usage. For a broader overview of Ansible as a configuration management tool, refer to "An Introduction to Configuration Management with Ansible."

Prerequisites

To follow this tutorial, you'll need:

  • One Ansible Control Node: An Ubuntu 22.04 system with a non-root user having sudo privileges and an associated SSH keypair.
  • One or more Ansible Hosts: Remote Ubuntu 22.04 servers with SSH access configured for the control node's user.

Step 1 — Installing Ansible

To begin managing your server infrastructure with Ansible, install the software on your designated control node:

sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible

Using pip

pip install ansible paramiko pylibssh

Step 2 — Setting Up the Inventory File

Edit the default Ansible inventory file /etc/ansible/hosts on your control node to include information about the hosts you want to manage:

sudo nano /etc/ansible/hosts

After making changes, save and close the file. You can list your inventory with:

ansible-inventory --list -y

Output:

all:
  children:
    servers:
      hosts:
        server1:
          ansible_host: 192.168.1.1
          ansible_python_interpreter: /usr/bin/python3
        server2:
          ansible_host: 192.168.1.2
          ansible_python_interpreter: /usr/bin/python3
        server3:
          ansible_host: 192.168.1.2
          ansible_python_interpreter: /usr/bin/python3
    ungrouped: {}

Step 3 — Testing Connection

Verify that Ansible can connect to your hosts and run commands via SSH:

ansible all -m ping -u root

Once connectivity is confirmed, you're ready to execute commands and playbooks.

Step 4 — Running Ad-Hoc Commands (Optional)

You can run ad-hoc commands on your servers using Ansible. For example, to check disk usage:

ansible all -a "df -h" -u root

You can also execute Ansible modules via ad-hoc commands. For instance, to install vim:

ansible all -m apt -a "name=vim state=latest" -u root

Conclusion

You've now installed Ansible and set up an inventory file on your control node. With this setup, you can execute commands and playbooks to manage your infrastructure efficiently. For further guidance on Ansible usage, refer to our Ansible Reference Guide (opens in a new tab).

Understanding Ansible for Infrastructure Automation

An Ansible workstation typically refers to a Linux host equipped with a Python interpreter and SSH functionality. Unlike some other configuration management tools, Ansible does not mandate the installation of an agent on remote devices. In networking contexts, Ansible runs Python modules locally and leverages SSH to interact with remote devices.

Versatility of Ansible in Infrastructure Automation

Ansible finds utility across various domains of infrastructure, enabling automation for diverse Cisco devices including service providers, virtual networking, cloud-managed switches, campus LAN, and data centers. Its adoption streamlines processes across these domains, allowing deployment of complete device stacks using a single tool. Moreover, Ansible supports multiple communication protocols, offering flexibility in device interaction, including console, Telnet, REST, or SNMP.

Initially conceived for automating Linux servers, Ansible's scope expanded over time. It gained prominence in the networking sector due to its accessibility. Ansible automation relies on modules, which can be authored by the community or individuals, facilitating logic execution on remote hosts. While modules can be written in any language, Python is predominant.

Engineers orchestrate automated tasks using Ansible playbooks, authored in YAML for readability and simplicity. Playbooks encapsulate workflow logic, enabling automation without necessitating extensive programming knowledge.

Core Components of Ansible

  1. Ansible Configuration File: Ansible provides a configuration file, ansible.cfg, for specifying deployment details. Though the default settings suffice for most environments, users may customize settings like SSH configuration or module paths in this file. The preferred location for the ansible.cfg file is the root of the project folder, allowing independent configurations for each project.

  2. Ansible Inventory File: The inventory file catalogs hosts managed by Ansible. When executing a playbook, Ansible requires information about target hosts, sourced from the inventory file. While the default location for the inventory file is /etc/ansible/hosts, users may customize the location or filename. Keeping the inventory file in the project root is recommended for organizational clarity.

Automating Networking Tasks

Ansible facilitates networking automation through two primary functions:

  • Managing Network Configurations: Ansible deploys configuration commands or files to remote devices, leveraging Jinja2 for template-based configuration generation.

  • Retrieving Network Configurations and Operational Data: Ansible verifies if current configurations align with desired states and rectifies deviations through dedicated modules.

Beyond these core tasks, Ansible supports automated reporting and continuous compliance, empowering users to create tailored applications for network automation.

Ansible for Enterprise Deployment

While the Ansible engine operates as a command-line utility, deploying Ansible for enterprise-scale projects often necessitates additional features such as role-based access control (RBAC) and LDAP integration for authentication.

Ansible AWX and Tower

  • Ansible AWX: An open-source project offering RBAC, API access, credential management, logging, Git integration, reporting, and a user-friendly interface for Ansible deployments.

  • Ansible Tower: An enterprise-grade version of Ansible AWX, analogous to the relationship between Fedora and Red Hat Enterprise Linux (RHEL).

Both AWX and Tower provide features like:

  • Dashboard: A graphical interface facilitating IT orchestration.

  • RBAC: Restricts network access based on user roles, enhancing security.

  • Reporting and Controls: Detailed logging and external log aggregation for monitoring and analysis.

  • Fully Documented REST API: Facilitates comprehensive management and automation through API endpoints.

Understanding Ansible Workflow

Automation for Linux Servers

Initially designed for Linux server automation, Ansible interacts with remote hosts via SSH, executing Python modules locally or remotely. Automation workflows are orchestrated through playbooks, simplifying task execution.

  1. Operations engineers deploy new playbooks or modules via platforms like GitHub. Ansible can be installed on multiple hosts, each serving as a "control host" for playbook execution.

  2. Ansible primarily utilizes SSH to establish connections with devices. It transfers Python modules to remote hosts and supports custom API integrations for cloud and network operations. While SSH is the default mode, Python modules can also run "locally" on the control host for tasks like file generation.

  3. Ansible executes tasks outlined in playbooks. It transfers small Python modules to devices for execution, removing them upon completion. Visual feedback on the control host includes verbose options for monitoring task statuses.

  4. This cycle repeats, enabling Ansible to continually execute playbooks.

Automation for Networks

When automating networking tasks, Ansible operates similarly to server automation, albeit with Python code executed locally on the control host. SSH or other protocols facilitate communication with network devices, enabling configuration changes or data retrieval across multiple devices simultaneously.

Getting Started with Ansible Playbooks

To begin automating with Ansible, two essential files are required: an Ansible playbook and an inventory file.

  • Inventory File: Lists devices targeted by Ansible, defining potential play hosts.

  • YAML: Playbooks, written in YAML, encapsulate automation workflows.

An Ansible playbook comprises:

  • Play Definition: Specifies the play name, target hosts, and connection type.

  • Tasks: Sequentially executed automation workflows.

  • Modules: Perform specific tasks on hosts, written in Python and parameterized for flexibility.

Executing Ansible Playbooks

To execute an Ansible playbook:

  1. Use the ansible-playbook command-line utility.
  2. Specify the inventory file using the -i flag.
  3. Execute the playbook, initiating automation workflows.

Note: Default inventory locations can be configured via environment variables or ansible.cfg settings.

Ansible offers a powerful yet accessible framework for infrastructure automation, streamlining operations across diverse environments.

Advancing with Ansible Playbooks

Anatomy of an Ansible Playbook

An Ansible playbook comprises:

  • Play Name: A descriptive label for the playbook, providing clarity on its purpose.

  • Hosts: Identifies the devices targeted by the playbook, typically defined in the inventory file.

  • Connection: Specifies the method (e.g., network_cli) for connecting to hosts.

  • Gather Facts: Optional task for collecting device information.

  • Tasks: Sequential list of automation tasks to be executed on hosts.

Understanding Ansible Modules

Modules serve as the building blocks of Ansible automation, offering predefined functionalities for various tasks. Key attributes of modules include:

  • Name: Descriptive identifier for the module.

  • Idempotence: Ensures that executing the module multiple times produces consistent results.

  • Parameters: Customizable settings influencing module behavior.

Example: Automating Network Configurations

Let's consider an example playbook, view_push_snmp.yml, designed to automate network configurations:

---
- name: Manage SNMP configurations
  hosts: iosxe
  connection: network_cli
  tasks:
    - name: Configure SNMP on devices
      ios_config:
        lines:
          - snmp-server community public RO
          - snmp-server contact Network_Admin
          - snmp-server location Data_Center

This playbook:

  • Targets devices listed under the iosxe group in the inventory.

  • Utilizes the network_cli connection plugin for network device communication.

  • Configures SNMP settings using the ios_config module.