Main node where Ansible is installed and will have access via ssh to managed node
Very sensible machine (access to everything) ⇔ reinforced security

All nodes managed by Ansible. They have a user with privilege elevation and ssh connection ready for control node

Inventory of the machines in ini (flat) or yaml and variable files host_vars and group_vars folders it can be static or dynamic (python), it can uses patterns

We can regroup machines into groups (example nginx/db/debian …) this will classify machines in boxes and we can create a tree (origin == group “all”)

all varaibles for the same group

in opposition to group_vars, host_vars contains variable(s) to specific host. Has precedence on group_vars where the machine is included

one action (create user/use template/check var…) done by Ansible

define action to a specific action (postgresql: create user/db/roles…) can be used by a task

it's a group of actions specific to a deployment (install nginx/configure)
Has different tools to help: tasks, templates, handlers, variables, meta
Tons available on the galaxy hub
use git/versioning system

File that coordinate inventory/tasks/roles on infrastructure machine ⇔groups⇔ role

Improves Ansible ( tests/output/…)

 apt install ansible

 yum install ansible || dnf install ansible

Python is required

 apt install python

 yum install python || dnf install python

 ssh-keygen -t ecdsa

 ssh-copy-id -i ~/.ssh/id_ecdsa.yourkey user@host

Add in .ssh/authorized_keys in front of the key:

 from="192.168.1.80" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0xc3q73y8Upi1irKzRAQk...

Other values:

from="192.168.1.?,*.fortier-family.com",no-X11-forwarding ssh-<type> Key...

Host *
    User ansible
    IdentityFile /home/ansible/.ssh/id_rsa.ansible
    Compression yes
    ForwardAgent yes

  ServerAliveInterval 300
  TCPKeepAlive no
  ServerAliveCountMax 2
  IPQoS=throughput

useradd -m ansible

export EDITOR=vi
visudo
usermod -aG sudo ansible

We add user ansible to sudo OR wheel group

sudo -i
sudo -l # for a list

 ssh localhost # to create ~/.ssh folder 

echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5D93eG2AQnUysic1Pms1OPSUKxIr/opOcRaxSqKQsuD9BF401xChc2ydT7/2iXCiAvH4kecPiEhuQP++nKbxZeXR07ljAsXa70nK9EajmRORcBiDejLQ3NN0pi3PKpUdyb+xgh6IPblWCjcxENryrtWeOiqItXT5eegKh+dJ5W+evAOJI7qMp97me2vOiC23rwcKpXV7IptfK95ddvaXzYzRTB93qjrSyGedYtTApQxEd/s8GydAODpC70FdlY1d9z/J5teaF/eFSNy5k2TjH3N87P8luRohk+8apfavyM3Tqxb3Tn989V3Y5CWnMYnepTPRCHxLIvnw2rUmkL42JNOuxjqFno7YdVg+urtImGvmih5DOu6VpXq9/aYNNgBXVgv2wJse1vwzhX1j5BZ56tTAly//AbFATZwnj+DpmwbSHM/tFHrNAwPUDXyHy4AjAF3nTFOZFxbKEFKeaGWWgT/WlfqrsmcARvrWqUnZQFi0s6Y/MIwmtzAxDrC6Isbk= cc.fortier-family.com">> ~/.ssh/authorized_keys

from control node

ansible -i "HOST," all -u ansible -m ping

changing HOST by the managed host

 ansible -i "dns," all -u ansible -m command -a uptime --one-line

 ansible -i "dns," all -u ansible -b -K -m apt -a "name=pkg"

Gather fact from machine

 ansible -i "dns," all -u ansible -m setup

• tuto french - Commandes et sources
• official documentation
• Ansible Install Rocky/Alma Linux 8.X
• Mitogen