Blog

ansible logo

Let’s put the DevOps culture into practice? In this series of tutorials Rafael Poeyes demonstrates how to deploy one of the most powerful and currently used task automation tools: Ansible.

Introduction: What is Ansible

Ansible is an IT infrastructure automation system that enables centralized deployment, configuration, and application management.

If you have to perform any administration activity more than once, it can be automated with Ansible. So instead of having to access all the servers in your park to perform a security update or install a new package, you can ask Ansible to give that apt-get upgrade to all servers at once.

Personally, I prefer Ansible to the other options available in the market because it does the work without requiring an agent to be installed on each host, as well as being much lighter than its competitors. Only Python and SSH packages are required. SSH is a standard method to access servers and is probably already installed on your Linux distribution, but you need to enable it, which some may consider a greater security risk, although Ansible works by using keys, which are more secure.

1. Installing and Configuring Ansible

You can install Ansible with the following command:

# apt-get install ansible

You need to put all the hosts you want to manage with Ansible in the /etc/ansible/hosts file.

You will need to comment all the lines. Then go to the last line of the hosts file to create a category. Let’s say you have a cluster of web servers and a database cluster. You can create two separate categories: web and db.

[ansible]
localhost ansible_host=127.0.0.1

[web]
web1 ansible_host=192.168.1.2
web2 ansible_host=192.168.2.2

[db]
db1 ansible_host=192.168.1.3
db2 ansible_host=192.168.2.3
db3 ansible_host=192.168.1.4
db4 ansible_host=192.168.2.4

If you want to make a change on all database hosts, you can use db as the selection, so only those listed under this category are affected and not other hosts, such as those in the web category.

The lines of the /etc/ansible/hosts file follows the pattern below:

NomeHost ansible_host=IP

The HostName variable is just any name to refer to its host and the IP variable refers to the host’s network address.

In the example above, we are listing 2 web servers on IP addresses 192.168. [1-2] .2, and 4 database servers on IP addresses 192.168. [1-2] [3-4].

2. Configuring the SSH Keys

Ansible works with SSH keys and, of course, also works using passwords for authentication. As we do not recommend this last method of access, it will not be cited. If your SSH key is on all Ansible-managed hosts, just use Agent Forwarding and you’ll be fine, since Ansible allows the -A option of SSH.

In this tutorial, we will use a new and unique key for Ansible and so we will need to generate it with the command:

# ssh-keygen

Now add the generated SSH key to your hosts:

ssh-copy-id -i ~/.ssh/id_rsa.pub root@ip

3. Testing the Ansible

To verify that you can ping all hosts listed in the /etc/ansible/hosts file, type:

# ansible -m ping all

This confirms whether the hosts are online or not.

You can also run a command, such as date:

# ansible web -m command -a 'date'

In the example above, we ran the date command on all hosts in the web category.

4. Conclusion

At this point Ansible is configured and ready to use. Sounds pretty simple, right? Well, we have not yet covered Ansible’s most powerful feature: playbooks.

Next week, we’ll have a new tutorial with more details about them.

On the 22nd and 23rd October, Gleydson Mazioli participated in The Shellcode Lab, a renowned training course given annually at Black Hat USA since 2011.

Developed entirely by Threat Intelligence Pty Ltd, the course demonstrated how to develop payloads for Linux, Mac and Windows, integrate them into public exploits and the Metasploit exploration framework.

Participants were also enabled to create a wide range of backdoors ranging from command execution in 32-bit and tiny egg-hunting payloads to 64-bit port bind payloads.

Michelle Ribeiro was selected as one of the Alumni to be highlighted and her story is in the University of London magazine celebrating 150 years of female education. The campaign will also feature a photo exhibition at the renowned Senate House, one of the historic buildings of the English capital.