Lab Ansible Beginner: discover Ansible hands-on with SSH, Playbooks, Apache and MariaDB

When we talk about automation, we often refer to AnsibleHowever, it can sometimes seem complex to understand at first glance, and it is not always easy to visualize its concrete usefulness in a computer environment.

Through this first discovery labI propose that you discover Ansible through practice, by carrying out several simple and concrete actions step by step on Linux servers.

You will learn, in particular, to:

configure an SSH connection using keys;
create an Ansible inventory;
test the connectivity of the machines;
run your first playbooks;
automate Debian updates;
deploy Apache;
Install and configure MariaDB.

The goal of this lab is to show you that Ansible is not just for large infrastructures, but that it can quickly become a simple, powerful and very useful tool for everyday use.

Lab Instructions

Objective

Discover the basics of Ansible by administering multiple Debian servers from a control server.

Environment available

You have:

1 control server Ansible was installed
2 Debian clients
- ansible-client1
- ansible-client2

Login information

User: root
Password: formation

What you will achieve

Generate an SSH key
Configure customer access
Install Ansible and create a YAML inventory
Test the connection with ansible ping
Create your first playbook
Update the Debian servers
Install Apache on a client
Install MariaDB on another client

Advice

Rerun the playbooks several times to observe idempotence.
Take the time to read the order reviews.
Check the YAML syntax (indentation is important).

Resources

1. Create a private/public key pair for the SSH connection; do not include a password (passphrase).

ssh-keygen -t ed25519 -C "ansible@control-serveur"

2. Locate the clients using the ping command and note their IP addresses; the clients are ansible-client1 and ansible-client2.

ping ansible-client1
ping ansible-client2

3. Connect to the clients and add the public key, the account to use is root and the password is formation.

# Pour le client1
ssh root@ansible-client1
# Dans le dossier .ssh ouvrir le fichier authorized_keys
nano .ssh/authorized_keys
# Coller ensuite le cle publique et repeter l'operation

4. Install Ansible and create the inventory file in YAML format. For simplicity, we will create a folder

apt update
apt install ansible
mkdir ansible
cd ansible
# Créer le fichier inventaire.yaml
nano inventaire.yaml

# inventaire.yaml
all:
  hosts:
    ansible-client1:
      ansible_host: <IP>
    ansible-client2:
      ansible_host: <IP>

5. Client testing with Ansible ping

ansible all -i /root/ansible/inventaire.yaml -m ping -vv

6. Transform ansible ping into playbook

# Créer le fichier playbook_ping.yaml dans le dossier ansible
nano playbook_ping.yaml

# playbook_ping.yaml
---
- name: Vérification de la connectivité des hôtes
  hosts: all
  tasks:
    - name: Envoyer un ping Ansible aux machines
      ping:

# Executer le playbook
ansible-playbook /root/ansible/playbook_ping.yaml -i /root/ansible/inventaire.yaml -v

7. Create a playbook to install updates on the Debian servers, in order to simulate a larger environment, first edit the inventory file to create a Debian group

# inventaire.yaml
all:
  hosts:
    ansible-client1:
      ansible_host: <IP>
    ansible-client2:
      ansible_host: <IP>
  children:
    debian:
      hosts:
        ansible-client1:
        ansible-client2:

# playbook_debian_update.yaml
---
- name: Mise à jour complète des serveurs Debian
  hosts: debian
  become: yes

  tasks:
    - name: Actualiser le cache apt et mettre à jour tous les paquets
      apt:
        update_cache: yes
        upgrade: dist

# Executer le playbook
ansible-playbook /root/ansible/playbook_debian_update.yaml -i /root/ansible/inventaire.yaml -v

8. Install Apache on client 1 using Ansible with a playbook, then MariaDB on client 2
We start by editing the inventory file to create two new groups

# inventaire.yaml
all:
  hosts:
    ansible-client1:
      ansible_host: <IP>
    ansible-client2:
      ansible_host: <IP>
  children:
    debian:
      hosts:
        ansible-client1:
        ansible-client2:
    webservers:
      hosts:
        ansible-client1:
    databases:
      hosts:
        ansible-client2:

Creation of the playbook to install Apache:

#playbook_apache_install.yaml
---
- name: Installer Apache
  hosts: webservers
  become: yes

  tasks:

    - name: Installer Apache2
      apt:
        name: apache2
        state: present
        update_cache: yes

    - name: Démarrer Apache
      service:
        name: apache2
        state: started
        enabled: yes

Creating the MariaDB playbook for installation and configuration

#playbook_mariadb_install.yaml
---
- name: Installer et configurer MariaDB
  hosts: databases
  become: yes

  vars:
    mysql_root_password: SuperRoot123!
    app_db: appdb
    app_user: appuser
    app_password: AppPass123!

  tasks:

    - name: Installer MariaDB
      apt:
        name:
          - mariadb-server
          - python3-pymysql
        state: present
        update_cache: yes

    - name: Démarrer MariaDB
      service:
        name: mariadb
        state: started
        enabled: yes

    - name: Définir mot de passe root
      community.mysql.mysql_user:
        name: root
        host: localhost
        password: "{{ mysql_root_password }}"
        login_unix_socket: /run/mysqld/mysqld.sock
        check_implicit_admin: true
        priv: "*.*:ALL,GRANT"

    - name: Supprimer base test
      community.mysql.mysql_db:
        name: test
        state: absent
        login_user: root
        login_password: "{{ mysql_root_password }}"

    - name: Créer base applicative
      community.mysql.mysql_db:
        name: "{{ app_db }}"
        state: present
        login_user: root
        login_password: "{{ mysql_root_password }}"

    - name: Créer utilisateur applicatif
      community.mysql.mysql_user:
        name: "{{ app_user }}"
        password: "{{ app_password }}"
        priv: "{{ app_db }}.*:ALL"
        host: "%"
        state: present
        login_user: root
        login_password: "{{ mysql_root_password }}"

Run the playbooks:

ansible-playbook /root/ansible/playbook_apache_install.yaml -i /root/ansible/inventaire.yaml -v
ansible-playbook /root/ansible/playbook_mariadb_install.yaml -i /root/ansible/inventaire.yaml -v