You are here: start » tools » ansible

Table of Contents

Ansible automation

Ansible is an automation tool, a secure shell frontend with expect like functionality. Due to it using SSH it's a very simple service to utilise and requires only python to be installed on each managed machine. SSH should be configured using authorized keys and is not documented here.

It is recommended to develop the process manually before implementing it in Ansible to allow understanding of any issues that may arise when using Ansible.

Setup

Ansible requires a minimum of Python2 version 2.7 or Python3 version 3.5. on the controller and hosts under control.

Python

Install python3 on the controller and all managed hosts.

Debian 

sudo -s
apt update
apt full-upgrade
apt install python3 python3-openssl python3-pip
exit

Red Hat / Oracle 

yum install python3 python3-pyOpenSSL
Login

The user must have ssh access to each host and root access via sudo.

Install

python3 -m venv ~/.venvs/ansible
source ~/.venvs/ansible/bin/activate.csh
python3 -m pip install ansible
(ansible) $ ansible --version
ansible [core 2.19.3]
  config file = /home/darron/.ansible.cfg
  configured module search path = ['/home/darron/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/darron/.venvs/ansible/lib/python3.13/site-packages/ansible
  ansible collection location = /home/darron/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/darron/.venvs/ansible/bin/ansible
  python version = 3.13.5 (main, Jun 25 2025, 18:55:22) [GCC 14.2.0] (/home/darron/.venvs/ansible/bin/python3)
  jinja version = 3.1.6
  pyyaml version = 6.0.3 (with libyaml v0.2.5)

Configuration

Generate default configuration 

mkdir -p ~/.ansible
touch ~/.ansible/hosts
ansible-config init --disabled -t all > ~/.ansible.cfg

Add some changes to the default configuration. 

inventory=.ansible/hosts
interpreter_python=auto_silent
ssh_common_args=-o SetEnv='TERM=ANSIBLE'

Add some machines to the hosts file. 

[home]
pi1
pi2
pi3

Test 

ansible --list-hosts home
  hosts (3):
    pi1
    pi2
    pi3

Ansible uses so-called “playbooks” which contain configuration parameters for the supported modules.

Here is one to update debian.

debian_update.yml 

---
- hosts: home
  become: yes
  tasks:
  - name: UPDATE
    ansible.builtin.apt:
      update_cache: yes
      upgrade: full

And, another to update REDHAT, Eg. Oracle Linux

redhat_update.yml 

---
- hosts: VM_REDHAT
  become: yes
  tasks:
  - name: UPDATE
    yum:
      name: '*'
      state: latest

Running the ruleset is accomplished with ansible-playbook. In the following example, the “junk” reported is the output from the TCSH time setting.

Ansible uses a regular ssh login terminal to perform the apt upgrade process. 

ansible-playbook ~/.ansible/debian_update.yml
PLAY [home] ***************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************
[WARNING]: Module invocation had junk after the JSON data: 0:02.07s
ok: [PiG]
[WARNING]: Module invocation had junk after the JSON data: 0:05.04s
ok: [PiD]
[WARNING]: Module invocation had junk after the JSON data: 0:05.12s
ok: [PiE]
[WARNING]: Module invocation had junk after the JSON data: 0:05.64s
ok: [PiH]
[WARNING]: Module invocation had junk after the JSON data: 0:04.10s
ok: [PiI]
[WARNING]: Module invocation had junk after the JSON data: 0:12.91s
ok: [PiF]

TASK [UPDATE] ************************************************************************************************************
[WARNING]: Module invocation had junk after the JSON data: 1:23.50s
changed: [PiH]
[WARNING]: Module invocation had junk after the JSON data: 0:26.67s
ok: [PiI]
[WARNING]: Module invocation had junk after the JSON data: 5:36.97s
changed: [PiE]
[WARNING]: Module invocation had junk after the JSON data: 6:02.16s
changed: [PiG]
[WARNING]: Module invocation had junk after the JSON data: 6:03.53s
changed: [PiD]
[WARNING]: Module invocation had junk after the JSON data: 17:49.68s
changed: [PiF]

PLAY RECAP ****************************************************************************************************************
PiD                        : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
PiE                        : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
PiF                        : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
PiG                        : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
PiH                        : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
PiI                        : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

18:09.41s

To fix the “junk” problem found above is we set the TERM variable to ANSIBLE as an SSH option but now we have to detect that in the profile at the remote end.

TCSH 

if ($TERM == "ANSIBLE") then
   unset time
else
   set time = ( 0 "%Es" )
endif

If you want to see the remote host environment, you can do something like this: 

ansible home -m command -a "env"

Resources

Ansible Inventory

Ansible Modules

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies