Ansible is an IT Automation tool used for configuring systems, deploying software, cloud provisioning, and orchestrating advanced IT tasks such as continuous deployments or zero downtime rolling updates.

Ansible’s main objective is simplicity and ease of use while not compromising on security and reliability. It is designed for multi-tier deployments with the capability to model your IT infrastructure by describing how all your systems interrelate rather than managing your systems one at a time.

Ansible is easy to deploy since it doesn’t require any agents or additional security infrastructure, and it employs a simple language (YAML, in the form of Ansible Playbooks) to define your automation jobs in a style that’s close to plain English.

Ansible Works by connecting to your nodes and sending little programs known as “Ansible modules” to them. These programs are designed to be resource models of the system’s desired state. Ansible then runs these modules (through SSH by default) and removes them after they are finished.

The need for automation?

Automation is now at the core of many organizations’ technology strategies. With Ansible you can automate Infrastructure, Applications, Networks, Containers, Security, and Cloud.

Let’s briefly analyze the need for automation.

• The need to manage increasingly complex IT environments with limited resources.
• The need to accommodate new development approaches.
• The need to meet organisations financial objectives.
• The need to innovate faster with the change of Technology.
• The need to optimize processes calls for automation.
• The need to automate and integrate different security solutions that can investigate and respond to threats across the enterprise in a coordinated, unified way using a curated collection of modules, roles and playbooks as compared to the manually responding to attacks.
• Ansible’s cloud support module collection makes it simple to supply instances, networks, and entire cloud infrastructure wherever you need it. Ansible ensures your cloud deployments work seamlessly across public, private, or hybrid cloud as easily as you can build a single system.

Features of Ansible Automation Tool

• Ansible is more reliable and its less likely to make errors as compared to human intervention.
• Ansible uses YAML programming language which is a simple configuration language. No need to learn another programming language.
• Ansible is agentless making deployment very easy and quick.
• Ansible utilises Modules, with each module handling a specific task. Thus multiple repeatative tasks can be accomplished in a very short time.
• Ansible employs the pull and push configuration for easier communication between the host and the nodes.
• Ansible’s playbook makes it easy to define your architecture (network environment) as configuration instructions for nodes is defined in the playbook inventory.
• Ansible communicates to Nodes via SSH. There is therefore no limit to the number of nodes that can be connected at any one time remotely.
• Ansible’s Tower by Red Hat which utilises a GUI interface which makes it easy for system administrators who dont have to depend on command line interface to perform their daily roles.

Ansible Building blocks & Terminology.

The core building block for Ansible is the playbook. This is where instructions to configure the nodes are created to define the architecture of your hardware. A Playbook has a list of plays. Each play defines which host which user, which task, and additional attributes. A host is a target for the play. Each play has a list of tasks and each element in the list of tasks is given a name. The name is followed by instructions to execute a task.

Ansible Inventory – This is where we maintain the structure of our network environment. An inventory file classifies nodes into groups. The playbook and the inventory are written at the local machine. The local machine gathers the facts of each node. The facts indicate the state of the nodes. Nodes are the systems to be configured that are controlled by the local machine (Ansible). The local machine manages the inventory which contains the information about the nodes. Nodes are connected to the local machine remotely through SSH, the reason why Ansible is agentless.

Ansible works with Modules. These modules are pushed to the target server, they do their work and then get removed. Modules are very granular and very specific. Each module does a very specific task. To find a full list of modules visit Ansible Official Documentation here https://docs.ansible.com/. Ansible has more than 300 modules spanning hundreds of API endpoints in various public and private cloud technologies and vendors.

Ansible use cases

Ansible combines workflow orchestration, configuration management, provisioning, and application deployment into a single, simple-to-use and deploy platform.

The common use cases are highlighted below:

1. Provisioning : This is where your apps live.
2. Configuration Management : Ansible is frequently used to centralize configuration file management and deployment.
3. Application deployment : Teams can successfully manage the complete application lifecycle from development to production when they specify their application with Ansible and control the deployment with Ansible Tower.
4. Continous Delivery : Ansible Playbooks ensure that your applications are deployed (and managed) correctly throughout their full lifecycle.
5. Security Automation : When you establish your security policy in Ansible, scanning and remediation of site-wide security policy may be integrated into other automated processes, making it an intrinsic part of everything that is deployed rather than an afterthought.
6. Orchestration : Configurations by themselves do not determine your environment. You must specify how various configurations interact with one another and guarantee that the diverse components can be controlled as a whole.

Ansible Installation on Linux

oops, too much literature (:-) let’s turn our attention to Ansible installation.

Installation Pre-requisites

1. Control node requirements.

You may use any system with Python 3.8 or later installed as your control node i.e (the machine that runs Ansible).

2. Managed node requirements.

For most managed nodes, Ansible makes a connection over SSH. Ensure that your control node and your managed nodes can communicate via SSH.

Installation on Ubuntu / Debian Systems

This is the best practice before any installation.

sudo apt update -y

You can update your system with unsupported packages from the untrusted PPA by adding ppa:ansible/ansible to your system’s Software Sources. This software provides an abstraction of the used apt repositories. It allows you to easily manage your distribution and independent software vendor software sources.

Execute the commands below.

sudo apt install software-properties-common
sudo apt-add-repository --yes --update ppa:ansible/ansible

Finally, install Ansible in your system.

sudo apt update -y
sudo apt install ansible 

Debian Installation

Debian users may use the same source as the Ubuntu PPA (using the following table)

Debian		Ubuntu
Debian 12 (Bookworm)	->	Ubuntu 24.04 (Noble Numbat)
Debian 11 (Bullseye)	->	Ubuntu 22.04 (Focal Fossa)
Debian 10 (Buster)	->	Ubuntu 20.04 (Xenial)
Debian 9 (Stretch)	->	Ubuntu 18.04 (Trusty)

Add the following line to /etc/apt/sources.list or /etc/apt/sources.list.d/ansible.list

sudo deb http://ppa.launchpad.net/ansible/ansible/ubuntu MATCHING_UBUNTU_CODENAME_HERE main

Where MATCHING_UBUNTU_CODENAME_HERE will represent either Noble ,Focal, Bionic, Xenial.

For example: For Debian 11 (Bullseye) do the following.

deb http://ppa.launchpad.net/ansible/ansible/ubuntu focal main

After the configurations above, run the commands below to install Ansible on Debian.

sudo apt-key adv --keyserver kaeyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
sudo apt update
sudo apt install ansible

We now briefly look at how to install Ansible in Centos/Fedora

Ansible installation in Centos/Fedora

Fedora Installation.

Run the commands below.

sudo dnf install ansible

Ansible Installation on CentOS / Rocky / Fedora

For Centos installation, issue the commands below.

sudo yum install epel-release
sudo yum install ansible

Those are the steps you would follow to install Ansible in your system.

We now look at a demo to make us understand Ansible further.

Basic demo of how to use ansible ad-hoc commands

We will demonstrate with a simple creation of a user and add them to a group using Ansible.

Step 1 : Create a simple user.yml file

Using the text editor of your choice run the command below.

vim user.yml

Step 2 : Write yaml contents

Add the following contents to the YAML file:

---
- hosts: localhost #change to your hosts
  become: yes

  vars:
    # NOTICE!!!:
    # DO NOT PUT PLAIN TEXT PASSWORDS HERE!
    # use encrypted passwords or put them in Ansible vault
    # but this is just a demo
    vaulted_password: mySecret.

  tasks:
    - name: Add a simple user called philip
      user:
        name: philip
        comment: philip developer

    - name: Add user Essie with a password
      user:
        name: Essie
        password: "{{ vaulted_password | password_hash('sha512') }}"
        update_password: on_create

    - name: Add a group called developer
      group:
        name: developer
        state: present

    - name: Add a user philip and add them to a group developer
      user:
        name: philip
        groups: developer
        append: yes

    - name: Add user Naomi and generate for them an SSH key
      user:
        name: Naomi
        generate_ssh_key: yes
        ssh_key_bits: 2048
        ssh_key_file: .ssh/id_rsa

    - name: Add user Calvin with no home and set account to expire on certain date
      user:
        name: Calvin
        create_home: no
        expires: 1590155615

Once you have written your script, save it.

Step 3 : Run your playbook.

The command to run your playbook is as below.

ansible-playbook user.yml -K

My output is shown below.

[cloudspinx@rocky-linux ~]$ ansible-playbook user.yml -k
SSH password: 

Supply your password, and press enter.

This will execute as shown in the code below.

[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [localhost] *************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************
ok: [localhost]

TASK [Add a simple user called philip] ***************************************************************************************************************
changed: [localhost]

TASK [Add user Essie with a password] ****************************************************************************************************************
ok: [localhost]

TASK [Add a group called developer] ******************************************************************************************************************
ok: [localhost]

TASK [Add a user philip and add them to a group developer] *******************************************************************************************
ok: [localhost]

TASK [Add user Naomi and generate for them an SSH key] ***********************************************************************************************
ok: [localhost]

TASK [Add user Calvin with no home and set account to expire on certain date] ************************************************************************
changed: [localhost]

PLAY RECAP *******************************************************************************************************************************************
localhost                  : ok=7    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Do not worry about the warning as I am running the playbook to my Ansible master as a node.

Step 4 : Check users and groups

The users created above should be present in the /etc/passwd file as shown below.

We will tail our /etc/passwd as shown.

[cloudspinx@rocky-linux ~]$ tail -9 /etc/passwd
telegraf:x:972:970::/etc/telegraf:/bin/false
memcached:x:971:968:Memcached daemon:/run/memcached:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
nginx:x:970:967:Nginx web server:/var/lib/nginx:/sbin/nologin
philip:x:1001:1001:philip developer:/home/philip:/bin/bash
Essie:x:1002:1002::/home/Essie:/bin/bash
Naomi:x:1003:1004::/home/Naomi:/bin/bash
Mavin:x:1004:1005::/home/Mavin:/bin/bash
Calvin:x:1005:1006::/home/Calvin:/bin/bash

Checking the groups with the tail command.

[Jil@rocky-linux ~]$ tail -9 /etc/group
memcached:x:968:
apache:x:48:
nginx:x:967:
philip:x:1001:
Essie:x:1002:
developer:x:1003:philip
Naomi:x:1004:
Mavin:x:1005:
Calvin:x:1006:
[Jil@rocky-linux ~]$ 

From the output above, both our users and the assigned groups are created successfully.

Deleting / Removing users with Ansible.

Step 1 : Create a simple delete yml file.

Using the text editor of your choice, issue the following command.

vim user_delete.yml

The output is as below.

---
- hosts: localhost
  become: yes
  tasks:
    - name: Remove philip
      user:
        name: philip
        state: absent
        remove: yes

    - name: Remove Essie
      user:
        name: Essie
        state: absent
        remove: yes

    - name: Remove developer group
      group:
        name: developer
        state: absent

    - name: Remove Naomi
      user:
        name: Naomi
        state: absent
        remove: yes

    - name: Remove Calvin
      user:
        name: Calvin
        state: absent
        remove: yes

    - name: Remove Mavin
      user:
        name: Mavin
      user:
        name: Mavin
        state: absent
        remove: yes

Define the users to be deleted as shown above.

Step 2 : Run playbook.

Run the command below and supply the password to delete users and groups.

ansible-playbook user_delete.yml -K

The output.

[cloudspinx@rocky-linux ~]$ ansible-playbook user_delete.yml -K
BECOME password: 
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'

PLAY [localhost] ***************************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]

TASK [Remove philip] ***********************************************************
changed: [localhost]

TASK [Remove Essie] ************************************************************
changed: [localhost]

TASK [Remove developer group] **************************************************
changed: [localhost]

TASK [Remove Naomi] ************************************************************
changed: [localhost]

TASK [Remove Calvin] ***********************************************************
changed: [localhost]

TASK [Remove Mavin] ************************************************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=7    changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  

From the output, 6 records were changed. We can confirm the output by tailing the /etc/password file.

Next reading: Introduction to Ansible Inventory Management

Conclusion.

That sums up our article. Quite a long article but worth your time. We hope the article is helpful to you. Thank you.

See more Ansible-related articles below.

• How To Manage Docker Containers With Ansible
• Deploy Elasticsearch Cluster on Rocky Linux 8 Using Ansible