BestHub
Sign in
Operations 11 min read

Master Ansible Inventory: Define Hosts, Groups, and Configurations Step‑by‑Step

This guide walks you through creating and organizing Ansible inventory files, defining hosts and host groups, using nested groups and wildcards, understanding configuration file priority, and setting up a devops user with password‑less sudo and SSH keys to verify the setup.

Raymond Ops
Raymond Ops
Raymond Ops
Master Ansible Inventory: Define Hosts, Groups, and Configurations Step‑by‑Step

Define Hosts and Groups

When using Ansible to manage hosts in bulk, you first define the hosts or host groups in an inventory file, typically /etc/ansible/hosts.

Host definition

Hosts can be defined by hostname, domain name, or IP address.

node1
node2
node1.example.com
node2.example.com
192.168.200.100
192.168.200.200

You can also define ranges, e.g. 192.168.200.[1:10] Use ansible all --list to view defined hosts.

Host group definition

Groups are defined with a name in brackets.

[webserver]
node1
node2

List group members with ansible webserver --list.

Nested groups

Groups can contain other groups using the :children suffix.

[MachineRoom:children]
webserver
sqlserver

Now ansible MachineRoom --list returns all hosts in both groups.

Select Hosts and Groups

Match specific hosts or groups, use commas to combine, or use wildcards.

ansible 192.168.1.1 --list
ansible webserver --list
ansible 192.168.1.1,webserver --list
ansible *.example.com --list
ansible '*.example.com,!node2*' --list

Configuration file priority

Ansible reads configuration from four locations in order: ANSIBLE_CONFIG environment variable, ./ansible.cfg, ~/.ansible.cfg, /etc/ansible/ansible.cfg.

Configuration file details

Key sections include [defaults], [inventory], [privilege_escalation], etc. Important parameters:

inventory = ./hosts

remote_user = root

ask_pass = false

become = true

become_method = sudo

become_user = root

become_ask_pass = false

Example setup

Create a regular user devops with password 123 and configure password‑less sudo:

# useradd devops
# echo 123|passwd --stdin devops
# echo "devops ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/devops

Generate SSH keys for devops and copy them to managed nodes:

# su - devops
$ ssh-keygen
$ ssh-copy-id node1
$ ssh-copy-id node2

Copy the Ansible configuration to the user’s home, adjust ansible.cfg to use the local hosts file and the devops sudo user:

# cp -r /etc/ansible/ .
# edit ansible.cfg:
[defaults]
inventory = ./hosts
sudo_user = devops
ask_sudo_pass = False
ask_pass = False
host_key_checking = False

[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False

Write the host inventory:

node1
node2

Verify the setup with ansible all --list and run a test command: ansible all -m shell -a 'whoami' The output shows both nodes returning root, confirming that the configuration and privilege escalation work correctly.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

inventoryAnsible
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment