Ansible Quick Start Guide
上QQ阅读APP看书,第一时间看更新

Linux client node configuration

The only important tool that is required to be installed and running on the client machine is  the OpenSSH-server. All new releases of Linux use SSH as the main remote access method by default.

To make sure that everything is in place, the SSH service should always be running and the system's firewall should allow a port for SSH to service through. By default, this is port 22. This can be changed, however, and this change should be also noted in the host Ansible inventory.

For Linux clients, any extra configuration for Ansible management is more aimed at following best practice guidelines than being strictly necessary. Extra configuration can be a way to make sure that the remote clients managed by Ansible are fully automated, securely accessible, and do not require an admin intervention when running automated tasks.

The following configuration is optional—you can choose what suits you. Add the configurations that you think will be useful and ignore the others.

Ansible can remotely manage a system using any privileged user when their credentials are at hand. However, mixing normal users, users with remote access, and management users can be messy. If a user is performing a task at the same time as Ansible is sending a task, traceback can be tricky. We recommend adding a new system user who has the sole purpose of being used by Ansible to control the host. We give this user superuser privileges and make their access passwordless to further enhance automation. This user can be the same on all the hosts of a certain inventory group to be configured at the inventory group level.

You can also create a shared folder via NFS and SMB between the hosts and the Ansible server to reduce the load when transferring data to the hosts. This task makes the hosts take the job of copying the data from the mounted shared folder, while Ansible takes care of other tasks, especially when the value of the forks is set to a high number.