Remote Hosts
Ansible was born with the idea to be an agentless automation platform. Ansible relies on SSH the connection to remote hosts, meaning that, you can connect to remote hosts as SSH does. We briefly explain two (2) of these methods below.
Note
We recommend the use of Using passwords method, this avoid you share your public SSH Key among several hosts.
Using passwords
Ansible does most of the work via SSH, SSH share their authentication mechanisms with Ansible, so, in order to establish a connection with remote hosts, a user/password must be supplied. The following is a description of some useful options to use for SSH authentication:
-u <user> Set the connection user.
-k Ask the password of the connection user.
-b Execute task and operations with a privilege user.
-K Ask for sudo password, intended for privilege escalation.
You can use the above args as follows:
ansible -m setup all -u foo -k -b -K
This will set the connection user as foo
. Also, it will ask for the connection user password and privileged user password.
Windows authentication
Windows hosts use a different mechanism to perform authentication. Please refer to Authentication Options in order to setup the adequate option.
Using SSH key-pairing
You can setup a SSH key-pairing to provide a silent auth mechanism, first create a OpenSSH key-pair:
$ ssh-keygen
To improve security on this setup, please ensure you provide a password for this key.
Enter passphrase (empty for no passphrase): ************
Enter same passphrase again: ************
Using ssh-agent, avoid asking the key password over and over again on every Ansible deploy. Ssh-agent will cached your key to be use in further actions, until you logout.
Installing public key
After creating the Control machine key, you need to install the public key into every remote hosts, copy the content of .ssh/id_rsa.pub
of Control machine to .ssh/authorized_keys
on your host. Make sure you know the user to store authorized_keys
, this will be the user you use for any action via Ansible.
Set the correct permissions:
$ chmod 600 .ssh/authorized_keys
Add hosts to control
Adding hosts is easy, just put the hostname or IP Address on /etc/ansible/hosts
.
$ cat /etc/ansible/hosts
hosts1.example.net
hosts2.example.net
Also, you can group hosts. This could be useful to execute tasks and roles to several hosts at once:
$ cat /etc/ansible/hosts
[wazuh-elasticsearch]
hosts1.example.net
hosts2.example.net
Note
You can see the Ansible inventory documentation for more info regarding hosts and groups.
Test connection
This will attempt a connection with the remote hosts using ping
module.
$ ansible all -m ping
You will get a output like this.
hosts1.example.net | SUCCESS => {
"changed": false,
"ping": "pong"
}
hosts2.example.net | SUCCESS => {
"changed": false,
"ping": "pong"
}
If you see the above, then Ansible is fully usable.