Loading...

VONDS ©

Lab 98: Installing, Configuring, and Managing Ansible

Back to Lab Index

Install Ansible, build a small inventory, validate connectivity with an ad-hoc ping, and run a playbook to configure web hosts. Prove idempotency by re-running the playbook and confirming no unnecessary changes occur.

ansible automation inventory playbooks

Scenario

You need to deploy Ansible to automate routine server tasks. Your starting point is a small fleet: one web host and one database host, both reachable on a private network.

Operator context

The goal is repeatability. Define targets, validate connectivity, apply a change via playbook, and confirm re-runs do not introduce unnecessary changes.

Objective

  • Install Ansible and verify the runtime and config path.
  • Create an inventory with web and db groups.
  • Validate connectivity with an ad-hoc ping module run.
  • Run a playbook to install and manage nginx on web hosts.
  • Gather facts using the setup module.
  • Clean up by removing nginx from the web group.

Concepts

  • Inventory-driven targeting: groups, host lists, and scoped execution.
  • Ad-hoc modules for fast validation (ping, setup).
  • Playbooks as declarative state: “what should be true” rather than “run these steps.”
  • Privilege escalation with become and one-off escalation with -b.
  • Idempotency: re-runs should converge with minimal or zero changes.
  • Common module abstractions: package for installs/removals and service for runtime state.

Walkthrough

Step 1 : Install Ansible.
Command 
sudo dnf install ansible -y

Install from the distro repositories so you get predictable paths and a supported runtime. This reduces “works on my laptop” drift when you move between environments.

Step 2 : Verify the runtime and config path.
Command 
ansible --version

Confirm the reported config file location and Python runtime. If behavior differs between systems, this is your first sanity check. 

# Expected patterns:
# ansible [core ...]
# config file = /etc/ansible/ansible.cfg (or similar)
Step 3 : Create a basic inventory.
Command 
nano ~/inventory
# OR
vim ~/inventory
~/inventory (example) 
[web]
192.168.122.10

[db]
192.168.122.11

Keep this minimal for day-one ops. In a real environment you would add connection variables (user, key, port) or define defaults in ansible.cfg.

Step 4 : Validate connectivity with an ad-hoc ping.
Command 
ansible all -i ~/inventory -m ping

This checks whether Ansible can reach the hosts and execute a module. Do not move to playbooks until this returns clean success on your targets. 

# Expected patterns:
# 192.168.122.10 | SUCCESS => {"changed": false, "ping": "pong"}
Step 5 : Create a playbook to install nginx on web hosts.
Command 
nano install_nginx.yml
# OR
vim install_nginx.yml
install_nginx.yml (initial) 
- name: Install nginx
  hosts: web
  become: yes
  tasks:
    - name: Install nginx
      package:
        name: nginx
        state: present

This is a clean starter because package abstracts the underlying package manager. You declare the desired state and let the module handle the mechanics.

Step 6 : Run the playbook.
Command 
ansible-playbook -i ~/inventory install_nginx.yml

The first run should report changed for tasks that apply new state. That is expected when the package is not present yet.

Step 7 : Ensure nginx is enabled and running.
Command 
nano install_nginx.yml
# OR
vim install_nginx.yml
install_nginx.yml (updated) 
- name: Install nginx
  hosts: web
  become: yes
  tasks:
    - name: Install nginx
      package:
        name: nginx
        state: present

    - name: Ensure nginx is running
      service:
        name: nginx
        state: started
        enabled: yes

This is the operational baseline: install the package, ensure the service is started, and ensure it persists across reboot.

Step 8 : Re-run to confirm idempotency.
Command 
ansible-playbook -i ~/inventory install_nginx.yml

A clean re-run should show mostly ok. You only want changed when something actually needed correction.

Step 9 : Gather facts from hosts.
Command 
ansible all -i ~/inventory -m setup

Facts output is large. In real playbooks, you use facts to branch logic (OS family, interfaces, storage, and system metadata) without hardcoding assumptions.

Step 10 : Remove nginx from web hosts.
Command 
ansible web -i ~/inventory -m package -a "name=nginx state=absent" -b

This resets the environment for repetition. Treat cleanup as part of the workflow, not an afterthought.

Common breakpoints

ping module fails for one or more hosts

If ad-hoc ping fails, fix connectivity first. Confirm DNS/IP reachability, SSH access, and privilege escalation behavior before running playbooks.

inventory targets are not being selected

Confirm you are pointing to the right inventory file with -i and that the group names match exactly. A typo in hosts: web will silently target nothing.

playbook prompts for credentials or fails with permission denied

Ensure SSH authentication is set up and that escalation works for the remote user. If become requires a password, you may need to configure sudo policy or supply the correct authentication method.

nginx installs but service will not start

Validate the unit and logs on the target host. Common causes include port conflicts, missing dependencies, or SELinux and firewall policy.

Cleanup checklist

This lab leaves only package and service state changes on the web hosts. Cleanup is removing nginx and confirming the playbook converges cleanly afterward.

Commands 
ansible web -i ~/inventory -m package -a "name=nginx state=absent" -b
ansible web -i ~/inventory -m service -a "name=nginx state=stopped" -b
Success signal

The package is absent on the web group and a re-run of the playbook reports predictable results without repeated changes.

Reference

  • dnf install ansible -y : Installs Ansible from distro repositories.
    • -y : Automatically answers yes to prompts.
  • ansible --version : Shows Ansible version, config file path, and runtime details.
  • nano <file> : Opens a file for editing.
  • vim <file> : Opens a file for editing.
  • ansible all -i <inventory> -m ping : Validates Ansible connectivity to target hosts.
    • -i <inventory> : Specifies the inventory file to use.
    • -m ping : Runs the ping module (connectivity check).
  • ansible-playbook -i <inventory> <playbook> : Runs a playbook against targets defined in the inventory.
    • -i <inventory> : Specifies the inventory file to use.
  • ansible all -i <inventory> -m setup : Gathers system facts from target hosts.
    • -m setup : Runs the setup module (facts gathering).
  • ansible <group> -i <inventory> -m package -a "<args>" -b : Manages packages on a target group using the package module.
    • -a "<args>" : Supplies module arguments (for example name=nginx state=present).
    • -b : Enables privilege escalation (become).
  • ansible <group> -i <inventory> -m service -a "<args>" -b : Manages service state on a target group using the service module.
    • -a "<args>" : Supplies module arguments (for example name=nginx state=started enabled=yes).
    • -b : Enables privilege escalation (become).