Skip to main content
Ansible Configuration
CHAPTER 02

Installing and Configuring Ansible

Updated: May 15, 2026
20 min read

# CHAPTER 2

Installing and Configuring Ansible

1. Introduction

In the previous chapter, we installed the Ansible package on our local machine. However, software installation is only step one. Ansible's power lies in its ability to securely communicate with fleets of remote servers. To do this seamlessly, we must configure our Control Node to bypass password prompts using SSH Key-Based Authentication. Furthermore, we must introduce the foundational configuration file: ansible.cfg. In this chapter, we will prepare our Control Node for seamless, passwordless orchestration.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Generate an SSH Keypair on the Ansible Control Node.
  • Distribute SSH public keys to remote Managed Nodes using ssh-copy-id.
  • Understand the role of the ansible.cfg file.
  • Configure fundamental Ansible settings (disabling host key checking, setting default users).
  • Verify basic connectivity to a remote server.

3. Beginner-Friendly Explanation

Imagine you are the CEO (Control Node) of a company with 10 locked branch offices (Managed Nodes).
  • The Password Way: Every time you want to visit a branch, you have to knock on the door, wait for a security guard, state your name, and type in a 16-character password. If you want to visit 100 branches in a day, you will spend all your time typing passwords.
  • The SSH Key Way: You forge a magical Master Key (Private Key) that stays in your pocket. You mail a copy of the lock (Public Key) to every branch. Now, when you walk up to any branch, the door recognizes your Master Key in your pocket and opens instantly. No knocking, no passwords.

Ansible requires this Master Key to automate hundreds of servers at lightning speed.

4. Setting up Passwordless SSH

Ansible uses the SSH protocol. If you have to type a password every time Ansible connects to a server, automation is impossible. We must set up SSH keys.

Step 1: Generate the Keypair (On the Control Node) Open your terminal and run:

bash
1 
ssh-keygen -t rsa -b 4096

*(Press 'Enter' to accept all default locations and leave the passphrase empty for true automation).* This creates two files:

  • ~/.ssh/idrsa (Your Private Key - KEEP THIS SECRET)
  • ~/.ssh/idrsa.pub (Your Public Key - Give this to the servers)

Step 2: Copy the Public Key to the Managed Node Assuming your remote server's IP is 192.168.1.50, and the user is ubuntu:

bash
1 
ssh-copy-id ubuntu@192.168.1.50

*(You will be asked for the server password one last time).*

Step 3: Verify Now, try to log in:

bash
1 
ssh ubuntu@192.168.1.50

If you are logged into the remote server instantly without typing a password, your Control Node is perfectly prepared for Ansible!

5. The ansible.cfg File

By default, Ansible behaves according to a master configuration file. While there is a global file located at /etc/ansible/ansible.cfg, it is a best practice to create a localized ansible.cfg file in the specific directory where you keep your project code.

Create a new directory for your project and add the file:

bash
123 
mkdir ansible-project
cd ansible-project
touch ansible.cfg

Add the following standard configurations:

ini
12345678910111213 
[defaults]
# Define where your list of servers is located
inventory = ./inventory.ini 

# Define the default user Ansible should use to log into the remote servers
remote_user = ubuntu 

# SECURITY WARNING: Disabling host key checking is great for local testing 
# and ephemeral cloud servers, but should be used cautiously in strict production environments.
host_key_checking = False 

# Suppress annoying warning messages
deprecation_warnings = False

6. Mini Project: Configure Ansible Control Node

Let's test our configuration by asking Ansible to reach out and touch our remote server using the simplest command possible.

Step-by-Step Walkthrough:

  1. 1. Ensure your ansible.cfg is set up as shown above.
  1. 2. Create the inventory file: touch inventory.ini
  1. 3. Add your remote server's IP to the inventory file:

ini
12 
[webservers]
192.168.1.50
  1. 4. Run your very first Ansible command (the Ping Module):
bash
1 
ansible all -m ping

Expected Output:

json
1234567 
192.168.1.50 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}

*Success! Ansible successfully bypassed the password prompt, translated the "ping" module into Python, executed it on the remote server, and reported back.*

7. Real-World Scenarios

A new DevOps engineer was tasked with running an Ansible playbook against an auto-scaling group of 50 newly created AWS EC2 instances. The playbook hung indefinitely. The engineer realized that the first time you SSH into a new server, Linux asks: *"The authenticity of host 'X' can't be established. Are you sure you want to continue connecting (yes/no)?"* Because Ansible was running in the background, it couldn't type "yes." It was stuck waiting for a human. The engineer added hostkeychecking = False to their ansible.cfg, completely eliminating this manual bottleneck and allowing the automation to proceed.

8. Best Practices

  • Project-Level Configuration: Never edit the global /etc/ansible/ansible.cfg unless absolutely necessary. Different projects often require different SSH users, timeout limits, or inventory paths. Always keep a localized ansible.cfg inside your project's Git repository. Ansible will automatically prioritize the file in your current working directory.

9. Security Recommendations

  • SSH Key Passphrases: In step 1, we created an SSH key without a passphrase for seamless automation. This means if a hacker steals your laptop, they instantly own all your servers. In enterprise environments, you should use SSH keys *with* passphrases, and utilize ssh-agent to hold the decrypted key in your laptop's RAM temporarily while you run Ansible commands.

10. Troubleshooting Tips

  • Permissions Errors: If you get a "Permission Denied (publickey)" error when running the ping command, it means Ansible is trying to use the wrong SSH key, or the wrong username. Explicitly specify the username using the -u flag to test: ansible all -m ping -u root.

11. Exercises

  1. 1. What is the operational purpose of the ssh-copy-id command in preparing a new Linux server for Ansible management?
  1. 2. Why is setting hostkeychecking = False in ansible.cfg highly recommended when orchestrating ephemeral, rapidly scaling cloud environments (like AWS Auto Scaling Groups)?

12. FAQs

Q: Can I use Ansible if my company strictly forbids SSH keys and requires passwords? A: Yes, though it is highly discouraged. You can install the sshpass package on your Control Node and add the --ask-pass flag to your Ansible commands, which will prompt you to type the password once before executing across the fleet.

13. Interview Questions

  • Q: Explain the hierarchy of how Ansible locates its configuration file (ansible.cfg). Why is relying on the global /etc/ configuration considered an anti-pattern in collaborative DevOps environments?
  • Q: Detail the underlying SSH mechanisms Ansible relies upon to achieve passwordless authentication to Managed Nodes. What specific files must exist on the Control Node and the Managed Node?

14. Summary

In Chapter 2, we eliminated the greatest bottleneck to automation: manual authentication. By generating RSA keypairs and establishing passwordless SSH trusts, we empowered Ansible to access our fleet instantly and silently. We architected a localized project structure, utilizing ansible.cfg to define default behaviors and bypass interactive host-key checking prompts. With a successful pong response from our remote server, our Control Node is now fully operational and ready to command at scale.

15. Next Chapter Recommendation

We just pinged one server. But what if we have 50 Web Servers, 10 Database Servers, and 5 Load Balancers? How do we tell Ansible which servers to target? Proceed to Chapter 3: Understanding Inventories and Hosts.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Introduction to Ansible and Configuration Management
Next Chapter Understanding Inventories and Hosts

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 4

Related Quizzes 5