Using Ansible Playbooks to setup your server

If you are new to VM management, it is good to do certain things manually and to learn how the system works. However, once you know the basics you quickly realise there is much more utility in automating the mundane repetitive task. Ansible is the tool that enables us to automate server setup in a flexible, error-resistant way. It has certain benefits over writing your own scripts in POSIX Shell or Bash, and we will get to these benefits over the course of this tutorial.

Prerequisites

1. A Control Node where Ansible will be installed. This can be your desktop or another VPS. We will be using a VM running Ubuntu 20.04 LTS as our Control Node.
2. One or more Target or Hosts. We will be using another VM running Ubuntu 20.04 LTS as our Host, which, Ansible will configure for us.
3. A basic understanding of SSH and how to connect to a remote VPS and use it.

Goals

Before we get into the specific details, it is important to state what we are trying to accomplish, here. The playbook we are about to write will:

1. Add a public SSH Key for the root user, allowing us to login as the root user using our public-private SSH Key pair. Here's an introduction to SSH and SSH keys
2. Disable password-based authentication and allow only key-based logins which are much secure.
3. Update all the packages on the system. Equivalent to running apt update; apt upgrade on Ubuntu or dnf update on CentOS and Fedora.

So let's get started.

Ansible Installation and Basics

On your Control Node, Ansible can be installed using your system's package manager or Python's Package manager pip, since Ansible is written in Python. On macOS, it is recommended that you install it using pip or pip3:

$ pip install -U ansible

On Linux, you can get it straight from your system's package manager:

$ apt install ansible # For Debian or Ubuntu based systems
$ dnf install ansible # For RedHat, Fedora or CentOS based systems

On your Target Host no prior installation is necessary. As long as the Ansible Host has an SSH daemon running and, Python3 installed you are good. All the Linux VMs that you can get on SSDNodes (or any other cloud provider) would readily work with Ansible without any manual intervention. For this reason, Ansible is called an agentless automation engine. Because you don't have to install any specific software on the target.

So now we also know how Ansible works.

1. It uses SSH to authenticate and take control of a Host, which means using it is as secure as our SSH connection, and we don't have to worry about additional security threats.
2. It uses Python3 (Python2 works but is deprecated, and not recommended) to run all the automation, checks and data collection on the hosts.

Configuring Ansible

There are three key files needed on the control node:

1. Ansible Playbook(s) describing what automation to run on your hosts. This will be our main focus.
2. An inventory file listing all your hosts and grouping them together in logical ways. On most Linux distros this file is /etc/ansible/hosts
3. Ansible's configuration file. On most Linux distros this file is /etc/ansible/ansible.cfg

For the sake of consistency we would like to have everything, the configuration, the inventory and playbooks, in one folder. So we create a folder called playbooks and create the inventory and configuration files inside it:

$ mkdir playbooks
$ touch ansible.cfg inventory

Ansible will automatically pick the current directory's ansible.cfg file and override the main configuration with this one. Edit the ansible.cfg file and add the following contents to it:

[defaults]
inventory = ./inventory

This will set the current directory's inventory file to be the inventory for our playbooks. Because we are starting small, with just one VPS, we will add just one line to the inventory here, this will be the IP address (or Domain name) of your VPS. Make sure to use your actual IP address and not what is shown below:

127.0.0.1

The offical documentaion shows how you can create more complicated inventory capable of organizing hundreds of servers into dozens of categories.

We are targeting only one server, so we just added that one line here. If you want to save the playbooks to a git repo, make sure that you don't include the inventory file with it, especially if it contains sensitive information such as the IP Addresses of all your servers.

Writing the playbook

A playbook is essentially a description of how you desire the host system to be, also known as the desired state of the system. It is written in YAML, which, if you are unfamiliar, is language similar to JSON or XML but much more human readable while simulatenously being unambigious to a computer program. Think of it as a way of describing and structuring data, rather than writing a set of instructions like in a script or a program.

Create a file called