Establish a connection between Ansible server and two-node using SSH & ssh-keygen
Ansible is an open-source automation engine that automates software provisioning, configuration management, and application deployment.
Pro’s
Push-based configuration management tool.
Ansible is agentless. No need to install any services on nodes (client).
It is secure due to its agentless capabilities and open SSH Security Features.
Ansible does not need any System Administrator skills to install and use it.
Con’s
With an insufficient user interface, Ansible tower is GUI-based but still in an early development stage.
Cannot achieve full automation by ansible. Less limited support because it is a new tool.
Establish a connection between the Ansible server and two-node using ssh and ssh-keygen.
We can also read this simply as a connection between two VM’s using ssh.
Step-1=>
Create three instances one is for ansible server and two nodes i.e node1 and node2
Configurations:
Ansible Server:
node1:
node2:
Step-2 => go to Ansible server instances
Download the below package which consists of Ansible server files
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install epel-release-latest-7.noarch.rpm -y
yum update -yAlso, need to download some extra packages :
yum install git python python-level python-pip openssl ansible -y
To verify: Ansible — version
In ansible, there is a file named host file or Inventory file in which private IPs of the nodes are stored.
create a group and add the IP’s of node follow below syntax
command: vi /etc/ansible/hosts
[developers]
172.31.39.234
172.31.33.163
Now, to activate this inventory we need to configure ansible.cfg file.
Command: vi /etc/ansible/ansible.cfg
Uncomment the below configurations:
inventory = /etc/ansible/hosts
sudo-user = root
Also, still, we have not set up a link by which the nodes and server can’t communicate with each other.
Step-3=>
Now, first, let’s try connecting Ansible server to node1 using ssh.
It shows an error because we have not configured ssh.
Remember any configuration will be done in the root user as it is the superuser and permissions are given by root to the user.
The Below configuration will be done in all VMs i.e node1 and node2 and Ansible server.
go to sshd_config present in Ansible server/node1/node2 and configure it.
vi /etc/ssh/sshd_config
this same configuration will be done on both node1 and node2.
uncomment:
PermitRootLogin Yes
PasswordAuthentication yescomment:
PasswordAuthentication no
After successful connection, the Ansible server can access node1 and node2 using which any update can be done on nodes using the server.
Now, we will create a user in each machine because we do not want to share root user credentials. Access your VMs using the putty tool.
Note: must keep password same for each user of different machines to prevent errors. If we create a user with a different password in each machine it will show an error. So to prevent error we might create the same user with the same password on every machine
For ansible server: create a user by name “ansible” and password:
For node1: create a user by name “node1” and passwd:
For node2: create a user by name “node2” and passwd:
Since the user doesn’t have any root privileges it will say “ansible is not in the sudoers file” if we download any package or software inside the user.
Go to a “sudoers” directory using the command: visudo
Write the following to give the root privileges to all 3 ec2 machines i.e one ansible server and two nodes
ansible ALL=(ALL) NOPASSWD: ALL
// Here NOPASSWD: ALL means require no password when the user invokes sudo command
for ansible:
for node1: here we have taken a user with the same username with the same password
For node2: Here we have taken a user with a different name but the same password
Step-5=> As we will not work directly on root users because of security concerns, we created a user with root permissions in each machine. go to Ansible server machine -> go to Ansible user using “su — ansible” command and invoke the other node using their private IP. use command: ssh
now it will ask for the password. Here what issue comes if a password is different of the user of node machine from the root it will show an error and if a password is same of every user in every machine no error will be there. Also, if user names are also the same then chances of errors are reduced up to maximum.
if passwords are different, either type password of your server user or node user it will show an error.
Now, give the password as we keep the same password for each user. it will redirect you to the user of that password from that machine.
server (172.31.38.62) to node1(172.31.42.50)
server (172.31.38.62) to node2(172.31.32.33)
Step-6=> Now when we access another machine we have to give the password again and again.
for this, we can use ssh-keygen.
Go to Ansible server machine and redirect to Ansible user and follow the below command.
ssh-keygen
l
s -a //to see hidden directories
cd .ssh/
ls
ssh-copy-id <username>@<Private IP> //node1
ssh-copy-id <username>@<Private IP> //node2from server to node1
from server to node2
Now will try to log in to you your node. The below output shows successful login.
node2 [172–21–32–33]
node 1 [172–31–42–50]
