19 Ansible
Ansible is a configuration management tool that can be used to configure bare metal servers with the right software.
Ansible has fundametal differences to Terraform, a provisioning tool.
19.1 Preparation
Create user ansible.
sudo adduser \
--gecos ansible,,, \
ansiblesudo usermod -aG sudo ansiblesudo adduser \
--gecos ansible,,, \
ansiblesudo usermod -aG sudo ansibleCreate SSH key for user ansible:
su ansiblessh-keygen \
-t ed25519 \
-N '' \
-C "ansible@notebooks.gesis.org" \
-f ~/.ssh/id_ed25519ssh-copy-id ansible@194.95.75.9exitNothing to do here.
Disable password authentication for user ansible:
Add
Match User ansible
PasswordAuthentication noto /etc/ssh/sshd_config and restart the SSH server:
sudo systemctl restart sshAdd
Match User ansible
PasswordAuthentication noto /etc/ssh/sshd_config and restart the SSH server:
sudo systemctl restart ssh19.2 Installation
We will use GitLab CI to deploy changes to the machines.
19.3 Inventory
Ansible requires a list of servers that it can access. Edit ansible/inventories/production to be like
[notebooks_gesis_org]
194.95.75.9Check that your inventory is correct:
ansible \
-i ansible/inventories/production \
all --list-hosts hosts (1):
194.95.75.9Check that the servers are accessible:
ansible \
-i ansible/inventories/stage \
--user ansible \
--private-key ~/.ssh/id_ed25519 \
all -m ping194.95.75.9 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}19.4 Playbook
Playbook is the rules that Ansible uses to configure the servers. For example,
- name: My first play
hosts: notebooks_gesis_org
tasks:
- name: Ping my hosts
ansible.builtin.ping:
- name: Print message
ansible.builtin.debug:
msg: Hello worldThe instructions in the playbook can be executed by running
ansible-playbook playbook.yamlwhere playbook.yaml is the file storing the playbook.