Master Ansible: Install, Configure, and Manage Inventory on CentOS

Ansible is a batch and automation deployment tool that communicates over SSH without requiring client installation.

1.1 Install Ansible

Installation methods include source compilation, git checkout, or RPM packages (requires EPEL repository).

cat <<eof>/etc/yum.repos.d/my.repo
[epel]
name=epel
baseurl=http://mirrors.aliyun.com/epel/7Server/x86_64/
enable=1
gpgcheck=0
eof

After installation, the following files are provided:

yum -y install ansible
/etc/ansible/ansible.cfg
/etc/ansible/hosts
/etc/ansible/roles
/usr/bin/ansible
/usr/bin/ansible-2
/usr/bin/ansible-2.6
/usr/bin/ansible-connection
/usr/bin/ansible-console
/usr/bin/ansible-console-2
/usr/bin/ansible-console-2.6
/usr/bin/ansible-doc
/usr/bin/ansible-doc-2
/usr/bin/ansible-doc-2.6
/usr/bin/ansible-galaxy
/usr/bin/ansible-galaxy-2
/usr/bin/ansible-galaxy-2.6
/usr/bin/ansible-playbook
/usr/bin/ansible-playbook-2
/usr/bin/ansible-playbook-2.6
/usr/bin/ansible-pull
/usr/bin/ansible-pull-2
/usr/bin/ansible-pull-2.6
/usr/bin/ansible-vault
/usr/bin/ansible-vault-2
/usr/bin/ansible-vault-2.6

Use ansible-doc -h to list help, -l to list modules, and -s for module snippets.

Example to install a package with the yum module:

ansible 192.168.100.60 -m yum -a "name=unix2dos state=present"

1.2 Configure Ansible

1.2.1 Environment configuration

Ansible reads configuration in INI order: ANSIBLE_CONFIG environment variable, ./ansible.cfg, ~/.ansible.cfg, /etc/ansible/ansible.cfg.

Environment variables prefixed with ANSIBLE_ can set parameters, e.g.

export ANSIBLE_SUDO_USER=root

Key ansible.cfg parameters include:

inventory = /etc/ansible/hosts
library = /usr/share/my_modules/
forks = 5
sudo_user = root
remote_port = 22
host_key_checking = False
timeout = 20
log_path = /var/log/ansible.log

1.2.2 SSH trust configuration

Generate SSH keys on the control node and copy them to managed hosts, or use Ansible’s authorized_key module. Example using ssh-keygen and ssh-copy-id for each host.

ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ''
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]

An expect script can automate non‑interactive ssh-copy-id for many hosts.

#!/usr/bin/expect
set timeout 10
set user_hostname [lindex $argv 0]
set password [lindex $argv 1]
spawn ssh-copy-id $user_hostname
expect {
    "(yes/no)?" { send "yes
"; expect "*password: " { send "$password
" } }
    "*password: " { send "$password
" }
}
expect eof

1.2.3 Simple test

Add target hosts to the default inventory /etc/ansible/hosts and verify connectivity with the ping module.

cat >>/etc/ansible/hosts<<eof
192.168.100.59
192.168.100.60
192.168.100.61
192.168.100.62
192.168.100.63
192.168.100.64
192.168.100.65
[centos6]
192.168.100.59
192.168.100.60
192.168.100.61
[centos7]
192.168.100.63
192.168.100.64
192.168.100.65
[centos:children]
centos6
centos7
eof

ansible 192.168.100.59 -m ping
ansible centos6 -m ping

Use --sudo or --become to run commands as a non‑root user.

ansible webservers -m ping -u ansible --sudo
ansible webservers -m ping -b --become-user=root --become-method=sudo

1.3 Inventory

The inventory file defines the hosts and groups Ansible manages. Variables such as ansible_ssh_host, ansible_ssh_port, ansible_ssh_user, and ansible_ssh_pass can be set per host or group.

cat -n /etc/ansible/hosts
1 192.168.100.59:22
2 192.168.100.60 ansible_ssh_pass='123456' ansible_ssh_port=22
3 [nginx]
4 192.168.100.57:59
5 [nginx:vars]
6 ansible_ssh_pass='123456'
7 [webservers:children]
8 nginx

Multiple inventory files can be referenced in ansible.cfg. Variables can also be set via remote_port, remote_user, private_key_file, and excutable in the configuration file.