Install Ansible on Debian for Automation

Network Topology

Here, ansible-pc is a Debian 10 machine where we will install Ansible.

The servers 6f7c2 and 6b219 are Debian 10 machines which we will configure for Ansible automation. I will simply call these servers Ansible hosts for the purpose of this article.

We can use Ansible from ansible-pc to automate different tasks in the 6f7c2 and 6b219 Debian servers.

Installing Ansible

In this section, I will show you how to install Ansible on ansible-pc.

You can install Ansible on Debian 10 from the official package repository of Debian.

First, update the APT package repository cache with the following command:

$ sudo apt update

Now, install Ansible with the following command:

$ sudo apt install ansible

To confirm the installation, press Y and then press <Enter>.

Ansible should be installed.

Now, run the following command to check if Ansible is working correctly.

$ ansible --version

As you can see, the ansible command is available and is working correctly. Ansible 2.7.7 is the latest version of Ansible available in the Debian package repository at the time this article was written.

Generating SSH Key

On the Debian 10 machine (ansible-pc) where you have installed Ansible, you must first generate an SSH key.

To generate an SSH key, run the following command:

$ ssh-keygen

Now, press <Enter>.

Press <Enter>.

An SSH key should be generated.

Configuring Debian Hosts for Ansible Automation

In this section, I will show you how to configure a Debian host for Ansible automation. If you have multiple hosts which you want to automate using Ansible, then repeat the same process for each of the hosts.

The hosts you would like to configure for Ansible automation must have the SSH server package pre-installed.

First, update the APT package repository cache with the following command:

$ sudo apt update

Then, install the OpenSSH server with the following command:

$ sudo apt install openssh-server -y

In my case, the OpenSSH server package is already installed. If it is not installed in your case, then it should be installed prior to this step.

Now, check if the sshd service is running via the following command:

$ sudo systemctl status sshd

As you can see, the sshd service is active (running) and enabled (will automatically start on system boot).

If the sshd service is not active (running), start it manually with the following command:

$ sudo systemctl start sshd

If the sshd service is not enabled (not added to the system startup) in your case, add it to the system startup manually with the following command:

$ sudo systemctl enable sshd

Now, create an ansible user and allow password-less sudo access to the ansible user.

To create an ansible user, run the following command:

$ sudo adduser --shell /bin/bash --gecos "" ansible

Type in a password for the ansible user and press <Enter>.

Retype the password and press <Enter>.

An ansible user should be created.

Now, to allow password-less sudo access to the ansible user, edit the /etc/sudoers file with the following command:

$ sudo visudo

Now, add the following line to the /etc/sudoers file.

ansible ALL=(ALL) NOPASSWD:ALL

Then, save the file by pressing <Ctrl> + X followed by Y, and then press <Enter>.

Now, find the IP address of the Ansible host 6f7c2 with the following command:

$ hostname -I

Here, the IP address in my case is 192.168.20.167. It will be different for you. So, make sure to replace this address with your own form now on.

Copying SSH Public Key to the Ansible Host

From the computer where you have installed Ansible (ansible-pc), copy the SSH public key to the Ansible host 6f7c2 as follows:

$ ssh-copy-id ansible@192.168.20.167

Type in yes and press <Enter>.

Next, type in the password for the ansible user and press <Enter>.

The public SSH key should be copied to Ansible host 6f7c2.

You should be able to SSH into the Ansible host 6f7c2 as the user ansible without any password, as you can see from the screenshot below:

$ ssh ansible@192.168.20.167

You should also be able to run sudo commands without being prompted for any password.

$ sudo ls /

Finally, close the SSH session as follows:

$ exit

Securing Ansible Hosts

As the ansible user can run any sudo command without being prompted for a password, we have configured the SSH key based login for the Ansible hosts. But, you can still SSH into the Ansible hosts as ansible user using the password of the ansible user. So, this is not very secure.

To improve security, run the following command on the Ansible hosts to disable password-based login for the ansible user:

$ sudo usermod -L ansible

If you later decide to enable password-based login for the ansible user, run the following command on the Ansible host:

$ sudo usermod -U ansible

Testing Ansible

Create a new project directory ~/project/ in the Debian machine where you have installed Ansible (ansible-pc) using the following code:

$ mkdir ~/project

Navigate to the ~/project/ directory using the following code:

$ cd ~/project/

Create a new hosts file in the project directory as follows:

$ nano hosts

Now, list the IP addresses or DNS names of the Ansible hosts (6f7c2 and 6b219 in my case) in the hosts file:

192.168.20.167
192.168.20.168

Once you are done, save the file by pressing <Ctrl> + X followed by Y and then hit <Enter>.

To test, try to ping all the hosts using Ansible with the following code:

$ ansible -i ./hosts all -u ansible -m ping

NOTE: Here, the -u option is used to specify the username (ansible in this case) which Ansible will use to SSH into the hosts.

As you can see, Ansible can access all the hosts. So, the hosts are ready for Ansible automation.

So, that is how you install Ansible on Debian 10 and configure Debian hosts for Ansible automation. Thank you for reading this article.