Steps to get started with Ansible

Key generation and installation

1. Enable your account to login with ssh (no password)

2. Create another ssh key for ansible:

ssh-keygen -t ed25519 -f ~/.ssh/ansible -C "ansible"

I like to use the newest algortihm ed25519 instead of the default RSA and give it a specific filename. Beware, that you might re-rewrite another key you have if you don’t give it unique name.

When prompted to protect our key with a password, we will just press enter (no key), so ansible can login without any prompt.

3. Copy your ansible ssh-key to your servers

ssh-copy-id -i ~/.ssh/ansible.pub myserver1

Repeat this command for all your servers.

4. To choose which key to use when you login you can specify it with the command

ssh -i ~/.ssh/ansible myserver1

5. Create a git repository to store your Ansible data

6. Install ansible

sudo apt install ansible

or

sudo pacman -S ansible

or

pip3 install ansible

7. Create invetory file on my ansible git repository

vim inventory

This inventory file should have the ips/names of the servers you will manage with a username if they require it.

Example:

testimonia.local
x6.local
pi@pi4.local

8. Run first Ansible command

ansible all --key-file ~/.ssh/ansible -i inventory -m ping

Other useful commands

ansible all --list-hosts
ansible all -m gather_facts
ansible all -m apt -a update_cache=true --become --ask-become-pass
ansible all -m apt -a name=vim --become --ask-become-pass
ansible home_servers -a "cat /etc/os-release"
ansible-playbook task.yml

Sidenote

If you get an error signing the commit with GPG:

export GPG_TTY=$(tty)

Ansible-Vault

Create a ~/.vault_key file and do a chmod 600 ~/.vault_key to protect it.

ansible-vault encrypt --vault-password-file ~/.vault_key myfile
ansible-vault decrypt --vault-password-file ~/.vault_key myfile
ansible-vault edit --vault-password-file ~/.vault_key myfile
ansible-vault view --vault-password-file ~/.vault_key myfile