In this Ansible tutorial for beginners, we’ll cover getting started with Ansible as a configuration management tool for setting up a bare CentOS, Debian, and Ubuntu server with more secure SSH settings and a few tools to make your life a little easier.
Our goals:
- Set up a non-root user
- Give the new user sudo access
- Disable password-based logins
- Disable root logins
- Use SSH keys for logins
Prerequisites for this Ansible configuration management tutorial
- A newly-provisioned or rebuilt server running any of our OS options—CentOS, Debian, or Ubuntu.
[cta_inline]
Step 1: Install Ansible on your local machine
To get started using Ansible for configuration management, you first need to install it on your local machine. Ansible's documenation gives installation instructions for a variety of platforms, including various *nix distributions and OS X.
Step 2: Edit the Ansible hosts file
To connect Ansible to your VPS, you need to specify its IP address within Ansible’s hosts file. On Linux and OS X machines, that can be found at /etc/ansible/hosts.
The beginning of the file should look like this:
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
To enable your VPS, simply add the IP address anywhere in this file underneath an [ssdnodes] grouping.
There should be no other symbols—like the # comment—in the line.
[ssdnodes]
123.45.67.89
Now, test out your configuration by pinging your VPS. For now, you have to use -u root to ensure you’re trying to connect via the root account.
$ ansible all -m ping -u root
If it’s successful, you’ll see the following output:
123.45.67.89 | SUCCESSby subscribing to our newsletter.
A note about tutorials: We encourage our users to try out tutorials, but they aren't fully supported by our team—we can't always provide support when things go wrong. Be sure to check which OS and version it was tested with before you proceed.
If you want a fully managed experience, with dedicated support for any application you might want to run, contact us for more information.
