Ansible
Steps to get started with Ansible
Key generation and installation
1. Enable your account to login with ssh (no password)
2. Create another ssh key for ansible:
ssh-keygen -t ed25519 -f ~/.ssh/ansible -C "ansible"
I like to use the newest algortihm ed25519 instead of the default RSA and give it a specific filename. Beware, that you might re-rewrite another key you have if you don’t give it unique name.
When prompted to protect our key with a password, we will just press enter (no key), so ansible can login without any prompt.
3. Copy your ansible ssh-key to your servers
ssh-copy-id -i ~/.ssh/ansible.pub myserver1
Repeat this command for all your servers.
4. To choose which key to use when you login you can specify it with the command
ssh -i ~/.ssh/ansible myserver1
5. Create a git repository to store your Ansible data
6. Install ansible
sudo apt install ansible
or
sudo pacman -S ansible
or
pip3 install ansible
7. Create invetory file on my ansible git repository
vim inventory
This inventory file should have the ips/names of the servers you will manage with a username if they require it.
Example:
testimonia.local
x6.local
pi@pi4.local
8. Run first Ansible command
ansible all --key-file ~/.ssh/ansible -i inventory -m ping
Other useful commands
ansible all --list-hosts
ansible all -m gather_facts
ansible all -m apt -a update_cache=true --become --ask-become-pass
ansible all -m apt -a name=vim --become --ask-become-pass
ansible home_servers -a "cat /etc/os-release"
ansible-playbook task.yml
Sidenote
If you get an error signing the commit with GPG:
export GPG_TTY=$(tty)
Ansible-Vault
Create a ~/.vault_key
file and do a chmod 600 ~/.vault_key
to protect it.
ansible-vault encrypt --vault-password-file ~/.vault_key myfile
ansible-vault decrypt --vault-password-file ~/.vault_key myfile
ansible-vault edit --vault-password-file ~/.vault_key myfile
ansible-vault view --vault-password-file ~/.vault_key myfile