BestHub
Sign in
Operations 11 min read

Master Ansible Inventory: Define Hosts, Groups, and Configurations Step‑by‑Step

This guide walks you through creating and organizing Ansible inventory files, defining hosts and host groups, using nested groups and wildcards, understanding configuration file priority, and setting up a devops user with password‑less sudo and SSH keys to verify the setup.

Raymond Ops
Raymond Ops
Raymond Ops
Master Ansible Inventory: Define Hosts, Groups, and Configurations Step‑by‑Step

Define Hosts and Groups

When using Ansible to manage hosts in bulk, you first define the hosts or host groups in an inventory file, typically /etc/ansible/hosts.

Host definition

Hosts can be defined by hostname, domain name, or IP address.

<code>node1
node2
node1.example.com
node2.example.com
192.168.200.100
192.168.200.200</code>

You can also define ranges, e.g.

<code>192.168.200.[1:10]</code>

Use

ansible all --list

to view defined hosts.

Host group definition

Groups are defined with a name in brackets.

<code>[webserver]
node1
node2</code>

List group members with

ansible webserver --list

.

Nested groups

Groups can contain other groups using the

:children

suffix.

<code>[MachineRoom:children]
webserver
sqlserver</code>

Now

ansible MachineRoom --list

returns all hosts in both groups.

Select Hosts and Groups

Match specific hosts or groups, use commas to combine, or use wildcards.

<code>ansible 192.168.1.1 --list
ansible webserver --list
ansible 192.168.1.1,webserver --list
ansible *.example.com --list
ansible '*.example.com,!node2*' --list</code>

Configuration file priority

Ansible reads configuration from four locations in order: ANSIBLE_CONFIG environment variable, ./ansible.cfg, ~/.ansible.cfg, /etc/ansible/ansible.cfg.

Configuration file details

Key sections include

[defaults]

,

[inventory]

,

[privilege_escalation]

, etc. Important parameters:

inventory = ./hosts

remote_user = root

ask_pass = false

become = true

become_method = sudo

become_user = root

become_ask_pass = false

Example setup

Create a regular user

devops

with password

123

and configure password‑less sudo:

<code># useradd devops
# echo 123|passwd --stdin devops
# echo "devops ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/devops</code>

Generate SSH keys for

devops

and copy them to managed nodes:

<code># su - devops
$ ssh-keygen
$ ssh-copy-id node1
$ ssh-copy-id node2</code>

Copy the Ansible configuration to the user’s home, adjust

ansible.cfg

to use the local

hosts

file and the

devops

sudo user:

<code># cp -r /etc/ansible/ .
# edit ansible.cfg:
[defaults]
inventory = ./hosts
sudo_user = devops
ask_sudo_pass = False
ask_pass = False
host_key_checking = False

[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False</code>

Write the host inventory:

<code>node1
node2</code>

Verify the setup with

ansible all --list

and run a test command:

<code>ansible all -m shell -a 'whoami'</code>

The output shows both nodes returning

root

, confirming that the configuration and privilege escalation work correctly.

OperationsInventoryconfigurationDevOpsAnsible
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment