📘 Overview: Why Ansible?

Imagine you're managing 10 (or 100) Linux servers, and you need to install updates, push config files, or install tools like Git and Nginx. Logging into each one manually would be a nightmare.

Enter Ansible — a powerful automation tool that lets you manage multiple servers from one place. You write simple YAML playbooks, and Ansible does the rest: connecting to your servers via SSH, running commands, and reporting back.

In this guide, you’ll learn to:

• Set up passwordless SSH so Ansible can connect securely.

• Write your first playbooks to install Git and Nginx.

• Troubleshoot common issues.

🧪 Real-World Use Case:
You're a DevOps engineer setting up web servers for a startup. You spin up two EC2 instances: one as the Ansible Control Node, the other as the target Workstation (web server). You’ll automate setting up these servers using Ansible.

---

✅ PART 1: Setting Up Passwordless SSH from Control Host ➜ Workstation

🎯 Goal:

Allow ansible@Control-Host to connect to ansible@Work-station without typing a password using SSH keys.

---

🔧 Setup Prerequisites: Create EC2 Instances for Ansible Lab

To follow this Ansible guide, you’ll need two Ubuntu-based EC2 instances on AWS:

• Control Host → This is where you’ll install and run Ansible.

• Work-station → This is the server you’ll manage with Ansible.

Here’s how to set up both from scratch:

---

🟢 Step 1: Log into AWS and Navigate to EC2

1. Go to the AWS Management Console.

2. From the IAM user home page, ensure you're signed in with an IAM user that has EC2 permissions.

3. In the Services menu (top left), search for and click on EC2.

---

🖥️ Step 2: Launch Instances

1. Click Launch Instance.

2. Under Number of instances, type 2 — we’re creating both the Control Host and Work-station at once.

3. Don’t give the instances names yet — we’ll name them later.

---

🧠 Step 3: Choose Ubuntu as the OS

1. Scroll to Application and OS Images (Amazon Machine Image).

2. Select Ubuntu (choose the latest Ubuntu Server 20.04 LTS or 22.04 LTS).

✅ Leave all other settings at default — instance type, storage, etc.

---

🔐 Step 4: Set Up SSH Access

1. Under Key pair (login), either select an existing key pair or create a new one — you'll need this .pem file to SSH into the servers.

2. In the Network Settings section:

   • Check the box for Allow SSH traffic from → select Anywhere.

---

🌐 Step 5: Create a Subnet (If You Don't Have One)

1. Scroll to Network Settings, and look for Subnet.

2. If no subnet exists, click Create new subnet:

   • Choose an existing VPC ID.

   • Give the subnet a name. For example: ansible-subnet.

   • Follow the prompts to complete subnet creation.

3. Repeat the steps to create a second subnet:

   • Name this one: ansible-subnet-2.

Once done, you’ll have two subnets — one for each instance.

---

🌍 Step 6: Enable Public IP Auto-Assign

Back on the EC2 creation page:

1. Under Network Settings, expand the Advanced section.

2. Turn on Auto-assign Public IP for both instances.

   • This ensures both machines get a public IP so you can SSH into them.

---

🚀 Step 7: Launch the Instances

1. Click Launch Instance at the bottom.

2. Wait a minute or two for AWS to provision them.

---

✏️ Step 8: Name the Instances

Once they appear in your EC2 Dashboard:

1. Select the first instance and click the pencil icon under the Name column.

   • Name it: control-host

2. Select the second one and name it: managed-host (or work-station if you prefer).

   

---

👥 Create ansible User on Both Machines

SSH into both EC2 instances (in separate terminals), and run:

sudo useradd -m -s /bin/bash ansible
sudo usermod -aG sudo ansible
sudo passwd ansible

Repeat these steps on both the Control Host and Work-station.

---

🧱 Step-by-Step Instructions

Step 1: Switch to ansible User

On both machines:

sudo su - ansible

---

Step 2: Generate SSH Key Pair on Control Host

On Control Host (as ansible):

ssh-keygen -t rsa -b 4096

• 

  Press Enter through all prompts.

• This creates:

  • ~/.ssh/id_rsa → Private key (keep this safe!)

  • ~/.ssh/id_rsa.pub → Public key (you’ll share this)

⚠️ Do not customize the key name or add a passphrase.

---

Step 3: Prepare .ssh Directory on Work-station

On the Work-station terminal (as ansible):

mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chown -R ansible:ansible ~/.ssh

---

Step 4: Copy the Public Key from Control Host

On the Control Host:

cat ~/.ssh/id_rsa.pub

Copy the entire line (starts with ssh-rsa AAAA...).

---

Step 5: Paste Public Key on Work-station

On the Work-station, open the authorized keys file:

vi ~/.ssh/authorized_keys

Paste the key, then:

• Press i to insert

• Paste the copied key

• Press Esc, then type :wq to save and exit

Double-check it:

cat ~/.ssh/authorized_keys

---

Step 6: Final Permission Fix (IMPORTANT)

Still on the Work-station, run:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R ansible:ansible ~/.ssh

---

Step 7: Test SSH Access

On the Control Host, try this:

ssh ansible@<workstation-private-ip>

You should log in without a password.

---

🧰 Step 8: Install Ansible on Control Host

Back on Control Host (as ansible or with sudo):

sudo apt update && sudo apt upgrade -y
sudo apt install -y software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install -y ansible

---

📁 Step 9: Create the Ansible Inventory File

If /etc/ansible doesn’t exist:

sudo mkdir -p /etc/ansible

Then create/edit the hosts file:

sudo vi /etc/ansible/hosts

Paste:

[web]
<your-workstation-public-ip> ansible_user=ansible

---

✅ Step 10: Test Ansible Connection

ansible all -m ping

If successful, you’ll get:

<workstation-ip> | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

---

🛠️ PART 2: Create an Ansible Playbook to Install Git

---

🔑 Prerequisite: Enable Passwordless Sudo on Work-station

SSH into the Work-station:

sudo visudo

Add this at the bottom:

ansible ALL=(ALL) NOPASSWD:ALL

Save and exit (Ctrl+X, then Y, then Enter OR :wq in vi).

---

📘 Create Your First Playbook — install_git.yml

On Control Host, as ansible:

vi install_git.yml

Paste:

---
- name: Install Git on managed-host
  hosts: web
  become: yes
  tasks:
    - name: Ensure Git is installed
      apt:
        name: git
        state: present
        update_cache: yes

---

▶️ Run the Playbook

ansible-playbook install_git.yml

---

✅ Verify Git Installation

SSH into the Work-station, then run:

git --version

You should see something like:

git version 2.34.1

---

🌐 PART 3: Playbook #2 – Install Nginx

---

📜 Create the Nginx Playbook

On Control Host:

vi install_nginx.yml

Paste:

---
- name: Install Nginx on managed-host
  hosts: web
  become: yes
  tasks:
    - name: Update APT cache
      apt:
        update_cache: yes

    - name: Install Nginx
      apt:
        name: nginx
        state: present

    - name: Ensure Nginx is running and enabled
      service:
        name: nginx
        state: started
        enabled: yes

---

▶️ Run the Playbook

ansible-playbook install_nginx.yml

---

🌍 View Nginx in Browser

Open:

http://<workstation-public-ip>

You should see the Nginx welcome page.

---

🚨 Troubleshooting Nginx Access

🔹 Step 1: Confirm Nginx Is Running

bashCopyEditsudo systemctl status nginx

Look for active (running).

---

🔹 Step 2: Check EC2 Security Group

Make sure port 80 is open:

---

🔹 Step 3: Test Locally

On Work-station, run:

curl http://localhost

If you see the HTML page, Nginx is working locally.

---

✅ Conclusion

You’ve now:

• Set up passwordless SSH

• Installed Ansible

• Automated the installation of Git and Nginx

• Learned to debug common issues

This is just the beginning. With Ansible, you can automate everything from Docker installs to full web app deployments.