Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Ansible Basics

Basic Ansible

This was done on a home lab running Debian 11. tesseract is my control-node.

  1. Add Ansible to Sources list
  2. Update the OS Sources
  3. Install Ansible
  4. Create SSH keys
  5. Tell Ansible to use ssh-agent so you don’t have to retype passwords
  6. Use Ansible to copy the controle node SSH key to the ansible hosts
  7. Use an Ansible playbook to ping the devices
  8. Use an Ansible playbook to upgrade the devices

Add Ansible to Sources list

echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" | sudo tee /etc/apt/sources.list.d/ansible.list
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
sudo apt update

Install Ansible

sudo apt install ansible

Define hosts, Create Host file

Do not put special characters (like -) into the group names. Hosts should be FQDNs.

ariadne@tesseract:~/ansible$ cat /etc/ansible/hosts 
[proxmox]
<hosts redacted>

[docker]
<hosts redacted>

[k8s]
<hosts redacted>

[linux]
<hosts redacted>

Define Defaults, Modify ansible.cfg

ariadne@tesseract:/etc/ansible$ cat ansible.cfg 

[output omitted]

[defaults]
host_key_checking = False
remote_user = ariadne

Create A Public SSH Key To Allow Passwordless Access

I’m using an internal linux host called tesseract. It doesn’t use a password, it’s a home lab.

ariadne@tesseract:~$ ssh-keygen -t rsa -b 4096 -C "ariadne@tesseract.haske.org"

Write A Playbook To Copy The SSH Keys

ariadne@tesseract:~/ansible$ cat copy_ssh_keys_test.yml 
---

- name: Copy SSH key to hosts
  hosts: all
  become: yes

  tasks:
  - name: Set authorized key taken from file
    authorized_key:
      user: ariadne
      state: present
      key: "{{ lookup(file, /home/ariadne/.ssh/id_rsa.pub) }}"

Run It

ariadne@tesseract:~/ansible$ ansible-playbook -k copy_ssh_keys.yml 
SSH password: 

PLAY [Copy SSH key to hosts] ***********************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************************************************************************************************
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]

TASK [Set authorized key taken from file] **********************************************************************************************************************************************************************************************************************
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
ok: [hosts-redacted]
changed: [hosts-redacted]
changed: [hosts-redacted]
changed: [hosts-redacted]
changed: [hosts-redacted]
changed: [hosts-redacted]
changed: [hosts-redacted]
changed: [hosts-redacted]
changed: [hosts-redacted]

PLAY RECAP *****************************************************************************************************************************************************************************************************************************************************
hosts.redacted    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
hosts.redacted    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Write a Playbook to Upgrade Everything

ariadne@tesseract:~/ansible$ cat upgrade-everything.yml 
---

- name: Update and upgrade apt packages
  hosts: all
  become: true
  tasks:
    - name: Update apt cache and upgrade all packages
      apt:
        upgrade: yes
        update_cache: yes
        cache_valid_time: 86400 #One day

Sources

Ansible Docs - Installing on Debian

Ansible Docs - Connection Details

Last Modified • Wednesday, May 27, 2026. 9:59 pm UTC+00:00 • Commit: 20aeb43