Network Topology
Here, ansible-pc is a Debian 10 machine where we will install Ansible.
The servers 6f7c2 and 6b219 are Debian 10 machines which we will configure for Ansible automation. I will simply call these servers Ansible hosts for the purpose of this article.
We can use Ansible from ansible-pc to automate different tasks in the 6f7c2 and 6b219 Debian servers.
Installing Ansible
In this section, I will show you how to install Ansible on ansible-pc.
You can install Ansible on Debian 10 from the official package repository of Debian.
First, update the APT package repository cache with the following command:
Now, install Ansible with the following command:
To confirm the installation, press Y and then press <Enter>.
Ansible should be installed.
Now, run the following command to check if Ansible is working correctly.
As you can see, the ansible command is available and is working correctly. Ansible 2.7.7 is the latest version of Ansible available in the Debian package repository at the time this article was written.
Generating SSH Key
On the Debian 10 machine (ansible-pc) where you have installed Ansible, you must first generate an SSH key.
To generate an SSH key, run the following command:
Now, press <Enter>.
Press <Enter>.
Press <Enter>.
An SSH key should be generated.
Configuring Debian Hosts for Ansible Automation
In this section, I will show you how to configure a Debian host for Ansible automation. If you have multiple hosts which you want to automate using Ansible, then repeat the same process for each of the hosts.
The hosts you would like to configure for Ansible automation must have the SSH server package pre-installed.
First, update the APT package repository cache with the following command:
Then, install the OpenSSH server with the following command:
In my case, the OpenSSH server package is already installed. If it is not installed in your case, then it should be installed prior to this step.
Now, check if the sshd service is running via the following command:
As you can see, the sshd service is active (running) and enabled (will automatically start on system boot).
If the sshd service is not active (running), start it manually with the following command:
If the sshd service is not enabled (not added to the system startup) in your case, add it to the system startup manually with the following command:
Now, create an ansible user and allow password-less sudo access to the ansible user.
To create an ansible user, run the following command:
Type in a password for the ansible user and press <Enter>.
Retype the password and press <Enter>.
An ansible user should be created.
Now, to allow password-less sudo access to the ansible user, edit the /etc/sudoers file with the following command:
Now, add the following line to the /etc/sudoers file.
Then, save the file by pressing <Ctrl> + X followed by Y, and then press <Enter>.
Now, find the IP address of the Ansible host 6f7c2 with the following command:
Here, the IP address in my case is 192.168.20.167. It will be different for you. So, make sure to replace this address with your own form now on.
Copying SSH Public Key to the Ansible Host
From the computer where you have installed Ansible (ansible-pc), copy the SSH public key to the Ansible host 6f7c2 as follows:
Type in yes and press <Enter>.
Next, type in the password for the ansible user and press <Enter>.
The public SSH key should be copied to Ansible host 6f7c2.
You should be able to SSH into the Ansible host 6f7c2 as the user ansible without any password, as you can see from the screenshot below:
You should also be able to run sudo commands without being prompted for any password.
Finally, close the SSH session as follows:
Securing Ansible Hosts
As the ansible user can run any sudo command without being prompted for a password, we have configured the SSH key based login for the Ansible hosts. But, you can still SSH into the Ansible hosts as ansible user using the password of the ansible user. So, this is not very secure.
To improve security, run the following command on the Ansible hosts to disable password-based login for the ansible user:
If you later decide to enable password-based login for the ansible user, run the following command on the Ansible host:
Testing Ansible
Create a new project directory ~/project/ in the Debian machine where you have installed Ansible (ansible-pc) using the following code:
Navigate to the ~/project/ directory using the following code:
Create a new hosts file in the project directory as follows:
Now, list the IP addresses or DNS names of the Ansible hosts (6f7c2 and 6b219 in my case) in the hosts file:
192.168.20.168
Once you are done, save the file by pressing <Ctrl> + X followed by Y and then hit <Enter>.
To test, try to ping all the hosts using Ansible with the following code:
NOTE: Here, the -u option is used to specify the username (ansible in this case) which Ansible will use to SSH into the hosts.
As you can see, Ansible can access all the hosts. So, the hosts are ready for Ansible automation.
So, that is how you install Ansible on Debian 10 and configure Debian hosts for Ansible automation. Thank you for reading this article.