Ansible installation setup

Note:
Disable selinux
Off iptables
set static IPAdress 10.59.60.192
Note: configure all nodes to access without password use ssh authentication key.
Configure SSH Server to manage a server from the remore computer. SSH uses 22/TCP.
SSHd is installed even if you installed CentOS with “Minimal Install”, so it’s not necessarry to install new packages. Furthermore, SSHd is set auto-start setting by default, so it’s possible to login without chainging ant settings. But it had better to change for security settings like follows.
vi /etc/ssh/sshd_config
line 42: uncomment and change ( prohibit root login remotely )
PermitRootLogin no
line 65: uncomment
PermitEmptyPasswords no
PasswordAuthentication yes
Configure SSH Client of CentOS.
Install SSH Client.
yum -y install openssh-clients
Connect to the SSH server with a common user
ssh root@web.kosecurity.in
The authenticity of host ‘web.kosecurity.in ()’ can’t be established.
ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:60:90:d8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘web.kosecurity.in’ (ECDSA) to the list of known hosts.
root@web.kosecurity.in’s password: password of the user
It’s possbile to execute commands on remote Host with adding commands to ssh command.
Install ansible
Install EPEL
yum –enablerepo=epel -y install ansible openssh-clients
Set clients for management as a basic setting of Ansible.
There are more details for settings in original file “/etc/ansible/hosts”, refer to it, too.
vi /etc/ansible/ansible.cfg
line 39: uncomment (not check host key)
host_key_checking = False
mv /etc/ansible/hosts /etc/ansible/hosts.org (Save configuration file backup)
vi /etc/ansible/hosts
write clients you manage
10.59.60.192
possible to group
define any group name you like
[target_servers]
write clients to be grouped
10.59.60.193
10.59.60.194
confirm setting
show all defined hosts
ansible all –list-hosts
10.59.60.192
10.59.60.193
10.59.60.194
show specific hosts in a group
ansible target_servers –list-hosts
10.59.60.193
10.59.60.194
how to use Ansible :
ansible [Target Hosts] [Option] -m [Module] -a [Arguments]
For the case which SSH servers on clients allow direct root login, (except “PermitRootLogin no”) + key-pair authentication (non-passphrase), it’s possible to use Ansible like follows. If passphrase is set in key-pair, it’s possible to use it after starting SSH-Agent.
ansible target_servers -m ping
10.59.60.193 | success >> {
“changed”: false,
“ping”: “pong”
}
10.59.60.194 | success >> {
“changed”: false,
“ping”: “pong”
}
ansible target_servers -k -m command -a “uptime”
SSH password:
10.59.60.194 | SUCCESS | rc=0 >>
17:19:37 up 1:38, 3 users, load average: 0.00, 0.00, 0.00
10.59.60.193 | SUCCESS | rc=0 >>
17:19:37 up 1:38, 3 users, load average: 0.00, 0.00, 0.00

Be the first to comment

Leave a Reply

Your email address will not be published.


*