Are you looking to run a simple update on all of your Linux VMs without having to SSH into each one? If that’s the case, you can use Ansible to perform types of interactions likes updates to a wide range of VMs on your Nutanix, VMware, or Cloud systems. But what is Ansible?
Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows.
Other software tools used for automation are Chef, Puppet, and Salt. Each of which is popular with different groups of Engineers. However, what sets Ansible apart is its ease of use and no need to install an agent on the host machine. By defining the state of an environment through a simple YAML file, you can run configurations on thousands of machines. I found a high level video of what Ansible is and does.
If you’re COMPLETELY new to Ansible, then obviously you’ll need to go through the installation process. Take a look at these instructions to get up and running.
This particular post is about running an update on your machines.
What you will need:
1. Ansible installed
2. Host IP address that you want to update
3. Terminal window
4. Some files as templates from my github.
First, we need to ensure that our Inventory or Hosts file is configured correctly. You’ll find the default hosts file in /etc/ansible/hosts in all Linux/MacOS distros.
Unless you specify in the CLI another Inventory file, Ansible will run the default hosts file for the pre-configured hosts you’ll be interacting with. So, let’s break the hosts file down.
#1 – This lists the variables that I want to use for my environment. Just like with coding in python, you can set a variable that can be called later.
‘{{ secret_password }}’ is telling this file to pull this password from an encrypted secret file in the same directory. The variable being secret_password.
#2 – Combination of both the name you want to give the VM, and the ip address associated with that VM.
#3 – The username I need to SSH into the VM to carry out my commands.
#4 – Generated SSH key that I am going to use for access into each VM.
You CAN specify an account password for SSH in this file, but it’ll be stored as plain text. Don’t do that. Use Ansible-vault to save your passwords in an encrypted file in the same directory as your playbooks.
Enter the command below in your terminal
$ ansible-vault create passwd.ymlFrom here, you’ll need to create a password to access this encrypted file. When a new vim screen appears, add the variable name and password you’ll use.
Now we need to ensure our playbook is in YAML format and is set to update all the packages.
For this to work, we need to define which hosts we want to run the update on. In this case, everything! Therefore, hosts is set to all. After defining the hosts, let’s get the tasks you want to run specified. Because we’re updating the entire cache, we want to set the apt to: update_cache=yes force_apt_get=yes cache_valid_time=3600.Upgrading the packages will require a new task with apt of:
upgrade=dist force_apt_get=yes
Let’s now ping our VMs to ensure they’re online before we run our playbook.
Success!
Now that everything is online and we have our files ready, let’s run our playbook.$ ansible-playbook -i inventory --ask-vault-pass --extra-vars '@passwd.yml' playbook.yaml
Here I selected a different inventory file in my same directory, required that ansible use a secret from passwd.yml, and run my playbook.yaml which will be updating all my hosts.
And now all my VMs are running updates.
In this post you learned:
1. What is Ansible
2. How to run a playbook
3. How to update all your linux VMs in Nutanix