- Works without installing an agent on managed hosts
- Uses SSH to connect to managed hosts
- Performs changes using Python modules that run on managed hosts
- Can perform actions locally on the management host
- Uses YAML to describe scenarios
- Contains many modules (their number is constantly growing)
- Easy to write your own modules
Terminology Ansible
Control machine – control host. Ansible server from which it originates managing other hosts
Manage node – managed hosts
Inventory – this file describes hosts, groups of hosts, and also variables can be created
Playbook – script file
Play – script (set of tasks). Associates tasks with hosts for which these tasks to be completed
Task is calls the module with the specified parameters and variables
Module – implements certain functions
Ansible inventory file
An inventory file is a file that describes the devices that Ansible will connect to.
Hosts and groups in ansible
Devices can be listed in the inventory file using IP addresses or hostnames. Devices can be listed one at a time or divided into groups. The file is described in INI format.
File example:
[cisco-switches]
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
[cisco-leaf-switches]
192.168.0.1
192.168.0.2
The name, which is indicated in square brackets, is the name of the group. In this case, two groups of devices are created: cisco-leaf-switches and cisco-switches.
Please note that the addresses 192.168.0.1 and 192.168.0.2 are in two groups. This is a normal situation, the same address or hostname can be placed in different groups.
Thus, you can apply some policies separately for the cisco-leaf-switches group, but at the same time, when you need to configure something that applies to all switches, you can use the cisco-switches group.
The division into groups must be approached carefully. Ansible is also, to some extent, an infrastructure description system.
By default, the file is located in /etc/ansible/hosts.
But you can create your own inventory file and use it. To do this, either specify it when starting ansible using the -i <path> option, or specify the file in the Ansible configuration file.
Often the inventory file is placed in the inventories directory, which is created at the root of the playbook directory. This makes it possible to store information about hosts along with other information in the version control system.
If the infrastructure is large and there are many hosts, then it makes sense to split the inventory file into several parts:
inventories/
├── floor-1
│ ├── cisco-routers
│ └── cisco-switches
├── floor-2
│ ├── cisco-routers
│ └── cisco-switches
└── floor-3
├── cisco-routers
├── cisco-switches
└── juniper-routers
If a device is using a non-standard SSH port, the port can be specified after the device name or address, separated by a colon (an example is shown below).
[cisco-switches]
192.168.0.1:2222
192.168.0.2:2222
192.168.0.3:2222
192.168.0.4:2222
[cisco-leaf-switches]
192.168.1.1
192.168.1.2If you need to add several devices with the same name to the group, you can use this recording option:
[cisco-switches]
192.168.0.[1:4]
Group of groups in ansible
Ansible also allows you to combine groups of devices into a common group. For this, a special syntax is used:
[cisco-switches]
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
[cisco-leaf-switches]
192.168.1.1
192.168.1.2
[cisco-devices:children]
cisco-switches
cisco-leaf-switchesBy default, Ansible has two groups: all and ungrouped. The first includes all hosts, and the second, respectively, hosts that do not belong to any of the groups.
Default groups of ansible
By default, Ansible has two groups: all and ungrouped. The first includes all hosts, and the second, respectively, hosts that do not belong to any of the groups.