1 00:00:06,620 --> 00:00:09,470 - So, now that we have installed the control node 2 00:00:09,470 --> 00:00:12,970 let's get started with the managed assets 3 00:00:14,000 --> 00:00:16,240 and let's try to understand what is needed 4 00:00:16,240 --> 00:00:19,100 to manage anything with Ansible. 5 00:00:19,100 --> 00:00:21,150 So, here are the requirements. 6 00:00:21,150 --> 00:00:22,900 First, we have seen the control node. 7 00:00:22,900 --> 00:00:24,800 The control node is a node where the Ansible 8 00:00:24,800 --> 00:00:26,490 software is installed. 9 00:00:26,490 --> 00:00:29,810 The control node really isn't a big fancy server. 10 00:00:29,810 --> 00:00:32,030 It's more like an operator work station, 11 00:00:32,030 --> 00:00:35,550 where the operator is using the Ansible commands. 12 00:00:35,550 --> 00:00:37,700 Apart from the Ansible software, 13 00:00:37,700 --> 00:00:39,520 the control node needs Python 14 00:00:39,520 --> 00:00:42,080 and access to the Ansible playbooks 15 00:00:42,080 --> 00:00:43,810 which is typically provided through 16 00:00:43,810 --> 00:00:45,730 Git in a DevOps environment. 17 00:00:45,730 --> 00:00:48,340 Of course it's not necessary to provide playbooks 18 00:00:48,340 --> 00:00:52,040 through Git but if you want to develop playbooks 19 00:00:52,040 --> 00:00:54,510 where everybody can use the same playbooks 20 00:00:54,510 --> 00:00:56,960 throughout the company then really makes sense 21 00:00:56,960 --> 00:00:59,280 providing them through Git. 22 00:00:59,280 --> 00:01:00,818 And that allows you 23 00:01:00,818 --> 00:01:04,063 to work with the same versions throughout. 24 00:01:05,100 --> 00:01:06,800 Then there are the managed nodes 25 00:01:06,800 --> 00:01:10,240 and managed nodes are assets that are managed with Ansible 26 00:01:10,240 --> 00:01:13,010 and that can be computers that are running windows, 27 00:01:13,010 --> 00:01:14,810 or Linux, or Cloud instance, 28 00:01:14,810 --> 00:01:17,100 or virtual machines, or containers 29 00:01:17,100 --> 00:01:18,500 and much more. 30 00:01:18,500 --> 00:01:20,070 In the later lessons of this course, 31 00:01:20,070 --> 00:01:23,140 you will learn how to manage a wide range 32 00:01:23,140 --> 00:01:25,490 of different assets using Ansible. 33 00:01:25,490 --> 00:01:28,810 But, in the beginning we will focus on Linux and Linux only 34 00:01:28,810 --> 00:01:31,640 because that is what Ansible is used for a lot. 35 00:01:31,640 --> 00:01:34,850 And it's a good way to get familiar with Ansible. 36 00:01:34,850 --> 00:01:36,890 So, what are the requirements? 37 00:01:36,890 --> 00:01:39,380 Well first, a remote access 38 00:01:39,380 --> 00:01:41,760 where secure shell is the default 39 00:01:41,760 --> 00:01:44,770 but specific platforms will have other options. 40 00:01:44,770 --> 00:01:47,410 We'll discover these options later. 41 00:01:47,410 --> 00:01:50,010 You need a dedicated user account. 42 00:01:50,010 --> 00:01:51,880 For convenience, you should use 43 00:01:51,880 --> 00:01:53,980 the same user account throughout 44 00:01:53,980 --> 00:01:56,620 but it is possible to have a dedicated user account 45 00:01:56,620 --> 00:01:58,840 on every single machine that you are managing 46 00:01:58,840 --> 00:02:00,300 but that makes it very hard 47 00:02:00,300 --> 00:02:03,620 to manage a wide range of different machines. 48 00:02:03,620 --> 00:02:06,350 So, I would recommend against it. 49 00:02:06,350 --> 00:02:10,740 Also, you need privilege escalation to install software 50 00:02:10,740 --> 00:02:12,390 and change configuration files 51 00:02:12,390 --> 00:02:15,803 and more tasks that are requiring administrative privileges. 52 00:02:16,710 --> 00:02:19,250 You can imagine, if you want to install a package, 53 00:02:19,250 --> 00:02:21,250 normally you need to be ruled. 54 00:02:21,250 --> 00:02:23,660 If you want to install a package through Ansible, 55 00:02:23,660 --> 00:02:25,750 in Ansible you need to be ruled. 56 00:02:25,750 --> 00:02:28,353 And that's what a privilege escalation is all about. 57 00:02:29,740 --> 00:02:31,330 Now, when setting up Ansible, 58 00:02:31,330 --> 00:02:35,680 you need to think about convenience versus security. 59 00:02:35,680 --> 00:02:39,040 To start with, we go for the convenient management. 60 00:02:39,040 --> 00:02:41,590 The convenient management is what makes it easy, 61 00:02:41,590 --> 00:02:44,140 but not necessarily very secure. 62 00:02:44,140 --> 00:02:45,550 Later in this video course, 63 00:02:45,550 --> 00:02:47,500 you will learn how to set up Ansible 64 00:02:47,500 --> 00:02:49,440 for secure management as well, 65 00:02:49,440 --> 00:02:52,150 but it makes sense to have a little bit more knowledge 66 00:02:52,150 --> 00:02:54,940 about Ansible before we can discuss 67 00:02:54,940 --> 00:02:57,323 setting up Ansible in a secure way. 68 00:02:58,500 --> 00:03:00,330 So, what we going to do? 69 00:03:00,330 --> 00:03:02,470 We are going to configure SSH keys 70 00:03:02,470 --> 00:03:06,060 for passwordless connection to remote hosts. 71 00:03:06,060 --> 00:03:09,350 We are going to use passwordless privilege escalation. 72 00:03:09,350 --> 00:03:11,640 And yes, of course, that is very insecure 73 00:03:11,640 --> 00:03:13,460 because anyone who will be able 74 00:03:13,460 --> 00:03:17,100 to sit behind your Ansible control machine 75 00:03:17,100 --> 00:03:20,390 and log in with your account has a root access 76 00:03:20,390 --> 00:03:22,780 to all assets in an IT environment. 77 00:03:22,780 --> 00:03:25,570 That's really not a recommended situation. 78 00:03:25,570 --> 00:03:27,810 And that is why for secure management, 79 00:03:27,810 --> 00:03:30,000 you should go for a different approach. 80 00:03:30,000 --> 00:03:30,833 To start with, 81 00:03:30,833 --> 00:03:34,120 instead of doing the SSH keys for passwordless connection 82 00:03:34,120 --> 00:03:36,610 use minus lowercase K command line option 83 00:03:36,610 --> 00:03:38,670 to prompt for SSH password. 84 00:03:38,670 --> 00:03:41,010 That's not convenient because you will need 85 00:03:41,010 --> 00:03:43,610 to enter the password over and over again 86 00:03:43,610 --> 00:03:45,430 but it will make it secure. 87 00:03:45,430 --> 00:03:46,660 And likewise you would use 88 00:03:46,660 --> 00:03:49,120 minus uppercase K command line option 89 00:03:49,120 --> 00:03:51,743 to prompt for privilege escalation password. 90 00:03:52,870 --> 00:03:55,760 And for convenient and secure management, 91 00:03:55,760 --> 00:03:58,470 you should also consider using Ansible Tower 92 00:03:58,470 --> 00:04:01,140 which allows you to cache passwords 93 00:04:01,140 --> 00:04:04,010 but do have a look at lesson nine in this course, 94 00:04:04,010 --> 00:04:05,830 in which we will separately talk 95 00:04:05,830 --> 00:04:08,283 about setting up Ansible for security.