Skip to main content

Configure Ansible Managed Nodes

Hands-On Lab

 

Photo of Rob Marti

Rob Marti

Linux Training Architect I in Content

Length

00:30:00

Difficulty

Intermediate

The power of Ansible comes in being able to remotely manage a fleet of servers. For that to happen though we need to first configure our managed nodes. In this lab we'll practice configuring these nodes.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configure Ansible Managed Nodes

Introduction

The power of Ansible comes in being able to remotely manage a fleet of servers. For that to happen though we need to configure our managed nodes. In this lab we'll practice configuring these nodes.

The Scenario

We're in the midst of a proof of concept project. We have gotten approval for the combination of inventories and facts, software management, modules, playbooks, and variables in a single-server environment. Now we can move on to configuring this in a multi-server setup. We've been given three servers, and some tasks to set up for each: WebServer1, DBServer1, and AdminServer1.

We've got to set the three servers up so that Ansible can connect and run commands as root without entering a password.

Logging In

Use the credentials provided on the hands-on lab page to get into Server1 to begin with. Since we need root privileges, let's just run sudo -i right off and become root.

Set up the Ansible Inventory

We need to make sure Ansible has the new servers in its inventory so let's edit /etc/ansible/hosts and add lines similar to the following:

[webservers]
WebServer1

[dbservers]
DBServer1

[admins]
AdminServer1

Set up Passwordless SSH Between Nodes

If we take a look in /root/.ssh/, we'll see that there's already have an id.rsa file in there. Rather than create a new one, let's just re-use what we have.

Copy that key to one of the new servers:

ssh-copy-id ansible@WebServer1

Enter the password at the prompt, the key will be copied over. Repeat this with the other two servers, DBServer1 and AdminServer1. To test, we can just try logging into either of the other two servers with no password.

Configure Passwordless Privilege Escalation

Connect to WebServer1 as cloud_user. From there, use sudo to escalate and have root privileges.

As root, run visudo. Add ansible ALL=(ALL) NOPASSWD: ALL to the end of the file, then get out and repeat this process on the other two servers.

Ensure Correct Configuration

Make sure that everything was done correctly by running ansible all -m ping --become. This will have Ansible attempt to connect to all the other servers, and escalate privileges once it does.

Conclusion

We've done it. We set Ansible up so that it can get into any of the three servers, and have privileges to do whatever we need it to. Congratulations!