Think Automation is hard? You probably haven’t tried Ansible

Ansible is an open-source software provisioning, configuration management, and application deployment tool. What makes it great is that it does not require installing an agent on automated hosts, instead it functions entirely uses SSH or Powershell.

No agent? Big deal. This flexibility makes it suitable for use on networking devices, embedded devices, and other platforms where you can’t install an agent. You’ll have to be careful to avoid configuration drift because there isn’t an agent ensuring consistency on your automated hosts but otherwise the world is your oyster.

Here’s a basic, albeit insecure, way to get started with Ansible.

 Install it:

apt-get install ansible

Configuration files are in /etc/ansible/

/etc/ansible/hosts is the main file. Group your hosts by name using square brackets and don’t be afraid to put a single host in several groups if it makes sense for you.  

    [librenms]

    192.168.0.1

    [ELK]

    192.168.0.2

     [linux]

    192.168.0.1

    192.168.0.2

    192.168.0.3:4222

    192.168.0.4:9002

Next make sure your sshkeys are setup on your Ansible server:

ssh-keygen

Now create a key for your Ansible node:

 ssh-copy-id root@192.168.0.1

Say you want to open a root shell on your automated hosts…. you can target just 1 host (the librenms box):

 ansible librenms -m shell -a "fortune | cowsay"

Or you can target a group of hosts (the linux group):

 ansible linux -m shell -a "fortune | cowsay"

Maybe you want to do some updates:
(Assuming you setup a group named “apt”. All your apt based servers are now updating themselves.)

ansible apt -m shell -a "apt-get update"

ansible apt -m shell -a "apt-get -y dist-upgrade"

Maybe you want to restrict ssh on your hosts to just your Ansible server?

 ansible linux -m shell -a "echo 'Match Address 192.168.1.1' >> /etc/ssh/sshd_config"

Once the sshd service is restarted your ssh access would be restricted to 192.168.1.1.

Imagine the possibilities with this product. You can build roles and use other modules to broaden your reach. There are a billion modules now. You can also write and run yaml books.

Here’s a basic Yaml to get you started:

name: Change the working directory to /scripts/ and run git pull

shell: git pull

args:

chdir: /scripts/Icarus

That’s really how simple it is. If you can already operate the shell and manage 1 server, you can immediately scale to N servers using Ansible.