100-Day DevOps Journey Blog

Day 86 of 100 Days : Ansible Passwordless Authentication Setup

Munilakshmi G J's photo
Munilakshmi G J
·

3 min read

Introduction: In today’s post, we’ll explore how to set up passwordless authentication with Ansible, enabling seamless automation between a master EC2 instance and a slave EC2 instance. We’ll also look into Ansible inventory, understanding its structure, and some real-world scenarios where it can be applied.

What is Passwordless Authentication in Ansible?

Passwordless authentication allows Ansible to communicate with remote servers without the need for entering a password manually every time. This setup is done by configuring SSH key-based authentication. SSH keys are used to authenticate without requiring passwords, making automation processes more efficient and secure.

Steps to Set Up Passwordless Authentication on Ansible

  1. Create Two EC2 Instances (Master and Slave):

    • Launch two EC2 instances (let's call them the Master and the Slave) using Amazon EC2. You can choose any AMI (Ubuntu is commonly used for Ansible).

    • Ensure both instances are in the same security group and can communicate with each other over SSH.

  2. Install Ansible on the Master EC2 Instance:

    • SSH into your Master EC2 instance and install Ansible:
    sudo apt update
    sudo apt install ansible

  1. Generate SSH Key Pair on the Master EC2:

    • On the master instance, generate an SSH key pair using the following command:
    ssh-keygen -t rsa -b 2048

  • Press Enter when prompted for a file location, leaving it as the default.

  • This will create a public-private key pair.

  1. Copy the Public Key to the Slave EC2 Instance:

    • Now, copy the public key to the slave EC2 instance’s authorized keys file. Replace slave_ip with the actual IP address of your slave instance.
    ssh-copy-id -i ~/.ssh/id_rsa.pub ubuntu@slave_ip
  • This command will enable passwordless authentication from the master to the slave instance.

  1. Verify Passwordless SSH Connection:

    • Test if passwordless authentication is working:
    ssh ubuntu@slave_ip
  • You should be able to log in without entering a password.

Ansible Inventory: Understanding Hosts and Groups

Ansible uses an inventory file to manage and organize hosts. The inventory file is where you define your hosts (remote machines) and group them into categories. This makes it easier to manage and automate tasks for multiple machines at once.

Basic Inventory File Structure

Ansible inventories can be simple, static text files or dynamic files. Here's an example of a basic static inventory file (hosts.ini):

[master]
master_ip

[slave]
slave_ip

  • Groups: In the above example, master and slave are groups of hosts. You can run commands or playbooks targeting a specific group.

  • Hostnames/IPs: Replace master_ip and slave_ip with the actual IP addresses of your EC2 instances.

Running Ansible Commands with Passwordless Authentication

Now that we’ve set up the passwordless SSH connection, let’s run an Ansible command to interact with the slave EC2 instance.

ansible slave -m ping

This command checks if Ansible can successfully ping the slave node.

Real-World Use Case for Ansible Inventory

Ansible inventories are essential for managing multiple servers in production. In real-world scenarios:

  • You can group servers by role, such as web servers, database servers, etc.

  • You can also organize servers by their environment, such as development, staging, or production.

Example 1: Grouping by Role

[webservers]
webserver1
webserver2

[databases]
dbserver1
dbserver2

Example 2: Grouping by Environment

[dev]
devserver1
devserver2

[prod]
prodserver1
prodserver2

This setup allows you to target specific groups of servers with Ansible playbooks.

Conclusion

In this post, we learned how to set up passwordless SSH authentication using Ansible between two EC2 instances, streamlining automation and security. We also explored the Ansible inventory system, which helps organize and manage hosts by roles or environments, making it easier to scale automation efforts across multiple machines. Mastering these concepts is crucial for efficient infrastructure management, and passwordless authentication adds both security and ease to the process.

ansible passwordless authenansibleDevopsDevops articlesDevOps Journey#Devopscommunity#90daysofdevops#90daysofdevops chanllenge#90daysofdevopschallenge100daysofdevopsAWSec2ansible-playbook#Ansible #AWS #EC2 #automation #devops #ITOps #configurationmanagement #servermanagement #cloudcomputing #infrastructureascodeansible aws