Ansible, a free and open-source Python-based project by Red Hat, is a popular configuration management and IT automation platform.

It is multi-platform and can work with most modern operating systems, including Linux, Windows, and Mac. It supports a declarative language written in YAML or YAML Ain't Markup Language to describe system configuration.

Ansible, along with other modern configuration management platforms, has revolutionized IT automation and industry standards. Configuration management tools have become part of the DevOps toolset and are an inseparable part of any modern IT process lifecycle. This is applicable for any modern infrastructure environment, whether built on an on-premises, hybrid, or cloud environment. Not only for DevOps, but Ansible can also help automate many day-to-day tasks done by a System Administrator.

One of the advantages of using Ansible is that it is agent-less and doesn’t need much to get started besides SSH access to the target machine and the supported version of Python, which is already installed by default on most modern operating systems. Also, since it’s a lightweight tool, it can be deployed and used with a legacy to innovative systems.

Uses of Ansible

Orchestration

Ansible is a tool of choice for orchestrating various system administration and deployment tasks. Playbooks allow using the same orchestration workflows across different projects and YAML based configuration data allows storing and versioning your infrastructure on Git repository or any supported version control platform.

Application Deployment

Whether it’s a simple few lines code application or multi-tier heavy-weight deployment, Ansible makes it possible to automate the end-to-end application deployment lifecycle.

Security and Compliance

Ansible can also help ensure your systems are secured as per your organization’s guidelines and compliant with industry standards. It can run across thousands of servers, generate an audit, and fix those security holes, giving the administrator complete control of the environment.

Let’s now look at some of the common Sysadmin Tasks you can automate with Ansible.

Copy files from a local or remote system

As a System Administrator, it is common to copy files from one directory to another. Configuration files often need to be copied to remote servers, or sometimes we need to move files from one remote location to another.

Ansible copy module can help you do these tasks in a playbook.

It’s a routine task for a sysadmin to know the status of managed servers and perform predefined actions as per the organization’s policies. One such task is to know server uptime. With Ansible, we can easily fetch uptime values and print them together. An example to copy ntp configuration from local to a remote server using copy module is shown below:

---
- hosts: all
  gather_facts: no
  become: yes
  tasks:
    - name: Copy a new ntp configuration file and back up the original, if it differs
      copy:
        src: ./ntp.conf
        dest: /etc/ntp.conf
        owner: root
        group: root
        mode: '0644'
        backup: yes

Configure additional cron jobs

Setting up scheduled jobs to carry out routine tasks is part of managing any server. You can schedule automatic backups, patching, auditing, etc., during certain times of day or month automatically and leaving productive time for your use.

cron is one such tool in Linux that supports scheduling, and Ansible can help you add or modify those jobs. As an example, the below playbook demonstrates how you can set a rsync job as root on some or all of your servers easily using Ansible.

---
- hosts: all
  gather_facts: no
  become: yes
  tasks:
    - name: Deploy cron job
      cron:
        name: "Set rsync job"
        user: root
        minute: "5"
        hour: "4"
        job: "rsync -avz /path/to/folder1 /path/to/folder1 2>&1"

Manage disks and filesystems

Ansible can be used to manage disks, partition layouts, filesystems, and mounts, including /etc/fstab on Linux servers. Different Ansible module makes this possible. Here’s an example that creates a partition on a 100GB disk, formats it with ext4 filesystem creates a new directory for mounting the partition and finally mounts it on a given directory. An entry in /etc/fstab is also created through temporary or permanent mount depending on module options.

---
- hosts: all
  gather_facts: no
  become: yes
  tasks:
    - name: Create a partition
      parted:
        device: /dev/sdb
        number: 1
        part_end: "100%"
        state: present
    - name: Format new partition
      filesystem:
        fstype: ext4
        dev: /dev/sdb1
    - name: Create mount directory
      file:
        path: /data
        state: directory
    - name: Mount partition
      mount:
        path: /data
        src: /dev/sdb1
        fstype: ext4
        state: mounted

Collect server logs

Keeping logs in a convenient place is sometimes essential for security, audit as well as analysis. Ansible allows the collection of logs from different servers in your enterprise environment and keeps them in your defined location easily. Here’s the playbook to achieve this:

---
- hosts: all
  gather_facts: no
  become: yes
  tasks:
  
    - name: Find logs
      find:
        paths: /var/log/
        patterns: '*.log'
        recurse: yes
      register: _logs

    - name: Fetch logs
      fetch:
        src: "{{ item.path }}"
        dest: /tmp/logs
      with_items: "{{ _logs.files }}"

Install or remove packages and software

Packages are often required to be installed on user requests or as part of initial server builds. We may also need to remove certain packages which are no longer needed or have some critical bugs etc. Ansible allows you to easily install or remove packages without the hassle of going to each server and running manual commands. Here’s an example demonstrating the installation and removal of one package each for Ubuntu and RHEL/CentOS-based Linux servers.

---
- hosts: ubuntu
  gather_facts: no
  tasks:
    - name: Install lsof utility
      apt:
        pkg: lsof
        state: latest
      sudo: yes
    - name: Remove ARP Scan utility
      apt:
        pkg: arp-scan
        state: absent
      sudo: yes
      
 ---
- hosts: centos
  gather_facts: no
  tasks:
    - name: Install lsof utility
      yum:
        pkg: lsof
        state: latest
      sudo: yes
    - name: Remove ARP Scan utility
      yum:
        pkg: arp-scan
        state: absent
      sudo: yes

Managing users

Users and groups form the basic structure around which Unix/Linux-based systems manage access and permissions. In a big organization, managing users and groups can be a big challenge despite automation to support the environment.

With Ansible, the system administrator has an excellent tool to create, modify and delete users and groups with all different possibilities supported in the OS.

Here’s a simple example that shows the creation and deletion of users and groups using Ansible. After this playbook runs, target servers will have groupA and groupB created with given GIDs while user1 will be removed, if present. A new user without a shell will be created as user2 with given UID, groups assigned, and locked password.

---
- hosts: all
  gather_facts: no
  become: yes
  tasks:
    - group:
        gid: 12310
        name: groupA
        state: present
    - group:
        gid: 12311
        name: groupB
        state: present
    - user:
        name: user1
        state: absent
    - user:
        name: user2
        uid: 12427
        shell: /bin/false
        password_lock: yes
        groups: groupA, groupB

Managing services

Services are process daemons that run in the background and serve some service like sshd providing SSH connectivity etc. Using Ansible, you can manage system and user services, like starting, stopping, and restarting them. Here’s a sample playbook to demonstrate that:

---
- hosts: all
  gather_facts: no
  become: yes
  tasks:
    - name: Restart ssh daemon
      service:
        name: ssh
        state: restarted
    - name: Restart sssd daemon
      service:
        name: sssd
        state: stopped
    - name: Restart httpd daemon
      service:
        name: httpd
        state: started

In the above example, the SSH service will be restarted while stopping the SSSD service next. The httpd daemon is started towards the end. As Ansible is idempotent, any service which is already started or stopped will not be changed while restarting always changes service state. Do remember to check service name as different Linux distributions use other names even for the same service like ssh and sshd.

Summary 👨‍💻

Ansible makes the life of a system administrator easy by allowing you to execute repeated and time-consuming tasks in an automated way and reducing human errors and effort. Further, it will enable the storage of configuration data in a central code repository like Git, allowing multiple users to collaborate and review each activity.

To read more about Ansible and its extensive set of modules, refer to its documentation.