Open In App

Ansible Configuration And Inventory Files

Last Updated : 11 Mar, 2024
Improve
Improve
Like Article
Like
Save
Share
Report

Ansible is a tool that is managed by RedHat and is primarily used for configuration and orchestration. With the help of the tool, we can manage and deploy software on various Linux servers. Ansible doesn’t support Windows system configuration

What makes it exceptionally good is that it is agentless, which essentially means it does not require the tool to be installed on managed nodes. So the question would be, won’t it pose a security risk if any Linux server can be configured from outside? Here comes the SSH, which is used to generate keys, which are essentially public/private keys. Ansible is also idempotent, which means no matter how many times you run the playbook against the specified managed nodes, the results will be essentially the same.

Why does it matter?

Suppose out of 15 tasks, 10 are implemented and it fails at 11th, which may arise from a syntax error in the script to a network interrupt, and so after rectifying that, we again implement the script, but now the state differs for the first 10 tasks and fails. Hence, Ansible makes notice of all these changes and adjusts accordingly

Terminologies

  1. Control Node: A system on which the tool is installed
  2. Managed Node: A system that is controlled by a control node using Ansible
  3. Playbook: A file written in YAML which is used to automate configuration
  4. Inventory: A file where the managed nodes are grouped according to need and are important so that Ansible can essentially differentiate between the various systems.

Overview

We are going to use VirtualBox and Ubuntu Server and create two VMs, one as the managed node and the other as the control node.

Steps

  1. Get ready, VMs: Make two VMs of Ubuntu Server
  2. Change the network to a bridged adapter inside the virtual box for each of the VMs.
    file
  3. Note down the IP Address for each using VM using following command
    ifconfig
    Note that it would be under adapter name other than the network adapter name `lo` and woiuld be named as inet address
  4. Generation of keys: It is required for agent-less architecture
    ssh-keygen -C “keyname”
    ssh-keygen -C "keyname" ; use -t tag for specifying encryption menthod

    ssh-keygen -C “keyname” ; use -t tag for specifying encryption menthod

  5. Now we have to copy the public key to client so that the host can get to know the data sent by client.
    ssh-copy-id targetnode@itsIPAddress

    ssh-copy-id targetnode@itsIPAddress


    With that initial setup is done

Ansible Configuration

This allows for setting up the basic configuration of what nodes are included [IP Address] , roles path, key path etc. It is written in YAML.

According to RedHat it is stored at 4 locations:

  • $ANSIBLE_CONFIG if the environment variable is set.
  • ansible.cfg if it’s in the current directory. —> is the one we can modify
  • ~/.ansible.cfg if it’s in the user’s home directory.
  • /etc/ansible/ansible.cfg, the default config file.
    Example
[defaults]
inventory = inventory
private_key_file = ~/.ssh/gfg
roles_path = roles
#remote_user = client

Here [defaults] section is where we set default configuration options for Ansible. These are used unless overridden by other configuration settings or command-line arguments.
– private_key_file points to the ssh-key created name gfg

– roles_path is for showing where roles created and their config is present.
Another example can be

[defaults]
inventory = /etc/ansible/hosts
remote_user = ansible
private_key_file = ~/.ssh/id_rsa
roles_path = /etc/ansible/roles
log_path = /var/log/ansible.log

[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False

become is the equivalent to act with permission level of other , this allows control node to run the playbook config on target node. For more tags according to your need refer this Ansible Configuration Settings

Inventory Files

It can be written in INI and YAML. Inventory Files are used because they contain details about servers, devices, and other resources managed by tools like Ansible, Terraform etc. They store IP Address and enable automation tools to execute tasks, deploy applications, and manage configurations across entire infrastructures, facilitating scalability, consistency, and reliability in IT operations and system administration workflows.

INI format

[webservers]
192.168.100.1
192.168.100.2

[dbservers]
192.168.100.3
192.168.100.4
192.168.100.5

we can use webservers and dbservers as tags to for modification to be done to a group of servers.
Ex: add mySQL DB to dbservers only

YAML format

webservers:
  - 192.168.100.1
  - 192.168.100.2

dbservers:
  - 192.168.100.3
  - 192.168.100.4
  - 192.168.100.5

These inventory files are declared inside the ansible.cfg or is used given at runtime using commands.

Sample Code

Following code runs and NGINX server and we copy html file from files dir to www dir

https://github.com/yeskaydee?tab=repositories, Feel free to commit any changes and improvement.

Output

ansible-playbook taskl.yml -u client -i hosts --ask-become-pass

ansible-playbook taskl.yml -u client -i hosts –ask-become-pass

ansible-playbook taskl.yml -u client -i hosts --ask-become-pass ;

here
-u stands for user , -i stands for inventory file (not required if specified in ansible.cfg)
–ask-become-pass prompts to enter password of target nodes, so that become privileges are given

refer FAQ’s 5.

Ansible Configuration and Inventory Files – FAQ’s

Risks of altering configuration files

Allowing Ansible to load a config file from a world-writable current working directory poses a severe security risk. Another user could place a malicious config file there, potentially executing harmful code with elevated privileges. To avoid this, Ansible avoids loading config files from world-writable directories.

Can I use YAML for Ansible inventory files?

Yes, Ansible supports both INI and YAML formats for inventory files, with YAML offering readability for complex structures.

What if i just want to run a specific part of ansible playbook ?

Yes, you can do it using tags (–tags) and compartmentalise the code using tags, and while running mention that tag like 

ansible-playbook playbook.yml -u client --ask-become-pass --tags addgroup

Can I specify a custom location for the ansible.cfg file?

Yes, you can specify a custom location for the ansible.cfg file using the ANSIBLE_CONFIG environment variable. Ansible will prioritise the configuration file specified by this variable over the default locations.

How to handle multiple users and also enter password simultaneously

Modify the inventory file for include username and password
Example:-

[webservers]
web1 ansible_user=user1 ansible_become_pass=password1
web2 ansible_user=user2 ansible_become_pass=password2

or use Ansible vault!
Note: It is not a best practice to post the passwords in the pipeline, so Ansible Vault is used.



Like Article
Suggest improvement
Next
Kubernetes Configuration File - Step by Step Tutorial
Share your thoughts in the comments

Similar Reads

What Is Ansible Inventory?
Ansible vs Ansible Core
How to Design ER Diagrams for Inventory and Warehouse Management
Microsoft Azure - Scaling Inventory Resources
Difference between Ansible and Puppet
Introduction to Ansible and its Architecture components
Difference Between Saltstack and Ansible
Variables And Templates In Ansible
What Is An Ansible Playbook And How To Write One On Your Own
How Can YAML Be Utilized In Ansible Playbooks For Automation And Orchestration ?

Y
yeskaydeecodes9
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox