Setup an Apache Reverse Proxy Server on Ubuntu 14.04


In my last post, I demonstrated how we can set up an Apache Forward Proxy Server on Ubuntu 14.04. So, this post will talk about everything you need to set up an Apache Reverse Proxy Server.

Difference between Forward and Reverse Proxy.

Before I start this tutorial, we must first understand the difference between Forward and Reverse Proxy. Since my blog is all about simple explanation, I will keep things simple & informative 🙂

Forward Proxy server is your more obvious kind of proxy where you access a remote server, like Google or Facebook or another remote server in your network such as Jenkins, via a proxy server. It means, data packets flow like this.

Client(aka you) –> Forward Proxy server –> Remote server(aka Google).

Forward implies that your proxy server sits in front of your remote server. You need to configure your client to use Forward Proxy server. Your remote server will see IP of your proxy server & knows nothing about client’s existence.

Reverse Proxy is a different concept. Here you also access your remote server via a proxy server but you don’t specify IP or hostname of your remote server. You enter IP/hostname of your Reverse proxy server which redirects your request to the remote server, based on its configuration. Data packets flow in the similar manner, but you only invoke your Reverse Proxy server here as opposed to invoking your remote server.

Suppose you have a Jenkins server running on port 8080. You want to access this server but you don’t want to expose its port. You setup an Apache Reverse Proxy Server & tell it to redirect all requests landing on port 80 (Apache’s default) to Jenkins server which is running on port 8080. Since its default port, you just enter IP/hostname of your Reverse Proxy server in your browser & you will end up seeing Jenkins GUI 😉 You don’t need to configure any client at all here because you are entering Reverse Proxy server’s IP/hostname only.

Armed with some information, lets begin this tutorial 🙂

Lab Description : –

  • Reverse Proxy Server – An Ubuntu 14.04 Server running Apache with IP 192.168.0.51
  • Client  – An Ubuntu 14.04 Server with IP 192.168.0.50
  • Remote Server – An Ubuntu 14.04 Server with IP 192.168.0.50. This server runs my Jenkins, so I will be accessing Jenkins from my client via proxy server. Note that I am using same host for client & remote server. This is because my request will go to Reverse Proxy Server only & it will redirect that request to Jenkins which runs on the same host.

Steps to Perform : –

Configure Reverse Proxy Server (192.168.0.51).

1. Install core product.

Install Apache, if not already done. It is as simple as issuing –

root@shashank-reverse-proxy-server:/home/shashank# apt-get install-y apache2 apache2-doc apache2-utils

2. Install necessary modules.

Issue below command to install modules required for proxy server.

root@shashank-reverse-proxy-server:/home/shashank# apt-get installlibapache2-mod-proxy-html libxml2-dev

3. Enable Apache modules.

Issue below command to enable all the required Apache modules.

root@shashank-reverse-proxy-server:/home/shashank# a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html

4. Configure proxy configuration file.

We will now create an Apache proxy configuration file that will hold information required for proxying. Start with creating a file like this.

root@shashank-reverse-proxy-server:/home/shashank# vim /etc/apache2/mods-available/mod_reverse_proxy.conf

Please check my GitHub gist to see the contents of this file. HTML tags are interfering with the tags in configuration file. You can see that nothing much is happening here except enabling the proxy.

If you want to run Apache on its default port, its alright. Otherwise you may wish to edit /etc/apache2/ports.conf file. Whatever port you define here will be used to access your remote server in the form of IP/hostname of Reverse Proxy server:port#.

5. Define a Virtual Host.

Its now time to define a Virtual Host which is a separate instance of your web-server(remember you can host multiple sites on a single Apache server). We are defining it to enable more fine-grained logs & redirection for remote server. Start with backing up the original default Virtual Host.

root@shashank-reverse-proxy-server:/home/shashank# cp -p /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/000-default.conf.orig

Now rename 000-default.conf to apache_reverse_proxy.conf to avoid confusion.

Now edit this /etc/apache2/sites-enabled/apache_reverse_proxy.conf file to define logs location & port. You can see that I am redirecting all incoming HTTP requests to my remote Jenkins server which is running on port 8080.

Please check my GitHub gist to see the contents of this file.

6. Enable the Virtual Host.

Time to enable our newly created Virtual Host.

root@shashank-reverse-proxy-server:/home/shashank# a2ensiteapache_reverse_proxy.conf Enabling site reverse-proxy. To activate the new configuration, you need to run: service apache2 reload root@shashank-reverse-proxy-server:/home/shashank# service apache2 reload * Reloading web server apache2 *

7. Restart Apache.

Configuration is now done & we must restart Apache to load these new settings.

If everything is configured correctly, you will now have a working Reverse Proxy Server.

To test it, log on to your client server 192.168.0.50 & open your browser. Now enter just the IP address of your Reverse Proxy server 192.168.0.51. You will see Jenkins GUI 🙂 Since I am running Apache on its default port 80, I only used192.168.0.51. If it was running on some other port, I would have used 192.168.0.51:port#. See the screenshot below to see Reverse Proxy in action 😉

Jenkins_behind_Reverse_Proxy_server.png

If you stop Apache service & retry opening Jenkins, you will see that its not loading & asks you to check Proxy configuration 😉

As always, you are most welcome if you have suggestions/feedback or you need more information 🙂

How To Setup An Apache Forward Proxy Server on Ubuntu 14.04


Introduction : –

A Forward Proxy Server is a server that sits between you, aka client, and your remote server. Lets put it in a simple way 🙂

Lets say you want to access Facebook from your laptop using your favorite browser. Your browser is a client here. Facebook obviously runs on a server 😉 Now, all HTTP requests made from your browser to Facebook will contain your laptop’s IP address as well. But you don’t want your IP address to be tracked. What you will do now?

Yes, the answer is setting up a Forward Proxy Server. This proxy server will sit between you & Facebook server. Whatever HTTP requests your browser will initiate will be relayed/proxied via this proxy server. Data packets flow like this. Your laptop –> proxy server –> Facebook server.

It means, Facebook will see that the request came from the proxy server & it will never know that it actually originated from your laptop.

It is just a simple explanation of Forward Proxy Server. There are many other uses & explanations. But I tend to keep things simple 😉

Lab Description : –

  • Forward Proxy Server – An Ubuntu 14.04 Server running Apache with IP 192.168.0.62
  • Client  – An Ubuntu 14.04 Server with IP 192.168.0.51
  • Remote Server : – An Ubuntu 14.04 Server with IP 192.168.0.50. This server runs my Jenkins, so I will be accessing Jenkins from my client via proxy server.

Steps to Perform : –

Configure Forward Proxy Server.

1. Install core product.

Install Apache, if not already done. It is as simple as issuing –

root@shashank-forward-proxy-server:/home/shashank# apt-get install-y apache2 apache2-doc apache2-utils

2. Install necessary modules.

Issue below command to install modules required for proxy server.

root@shashank-forward-proxy-server:/home/shashank# apt-get installlibapache2-mod-proxy-html libxml2-dev

3. Enable Apache modules.

Issue below command to enable all the required Apache modules.

root@shashank-forward-proxy-server:/home/shashank# a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html

4. Configure proxy configuration file.

We will now create an Apache proxy configuration file that will hold information required for proxying. Start with creating a file like this.

root@shashank-forward-proxy-server:/home/shashank# vim /etc/apache2/mods-available/proxy.conf

Please check my GitHub gist to see the contents of this file. HTML tags are interfering with the tags in configuration file. You can see that nothing much is happening here except enabling the proxy.

5. Define port for proxy server.

Now we need to define the port on which our proxy server must run. Issue this command after backing up the original file.

root@shashank-forward-proxy-server:/home/shashank# sed -i -e 's/80/8889/g' /etc/apache2/ports.conf

You can see that I have replaced default port 80 with 8889. Choose any port that you like & is available.

6. Define a Virtual Host.

Its now time to define a Virtual Host which is a separate instance of your web-server(remember you can host multiple sites on a single Apache server). We are defining it to enable more fine-grained logs & port. Start with backing up the original default Virtual Host.

root@shashank-forward-proxy-server:/home/shashank# cp -p /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/000-default.conf.orig

Now edit this /etc/apache2/sites-enabled/000-default.conf file to define logs location & port. Here, I am running it on the same port 8889 as this is my only instance.

Please check my GitHub gist to see the contents of this file.

As you can see, we have defined the location for logs specific to proxy.

7. Enable the Virtual Host.

Time to enable our newly created Virtual Host.

root@shashank-forward-proxy-server:/home/shashank# a2ensite 000-default.conf

8. Restart Apache.

Configuration is now done & we must restart Apache to load these new settings.

root@shashank-forward-proxy-server:/home/shashank# service apache2 restart
 * Restarting web server apache2 [Fri Jun 23 09:09:32.982307 2017] [proxy_html:notice] [pid 2940:tid 140143966525312] AH01425: I18n support in mod_proxy_html requires mod_xml2enc. Without it, non-ASCII characters in proxied pages are likely to display incorrectly.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using node2.shashank.com. Set the 'ServerName' directive globally to suppress this message

With a success message, you are confident that your Apache configuration is correct 🙂 Above is just a warning & not an error, so no need to worry 😉

Lets move on to client-side configuration.

Client Side Configuration : –

With a working Apache Forward Proxy Server configuration, lets move on to our client machine & configure it to use our proxy server. For this, log-in to the machine & go to System Settings. Then select Network & then Proxy.

Enter your HTTP proxy server IP or FQDN or hostname & the port. Remember we configured our proxy server to run on port 8889.

Configuring_Client_to_use_Apache_Forward_Proxy_Server-Shashank_Srivastava.png

Test proxy connections.

You are all set now 🙂 Time to test the settings. Lets now open our browser & try to access Facebook & also Jenkins on a remote server (IP 192.168.0.50. See Introduction) in the same network. If your configuration is correct, you will be able to browse Facebook or internet without any issue. You will also be able to access your Jenkins server. You can check your proxy in action in below logs. Remember we had configured log location in step # above. You need to log-in to your proxy server & check the log file which happens to be /var/log/apache2/access_forward_proxy.log . If your location is different, make sure you check that file.

You can see that requests made from client 192.168.0.51 to remote server 192.168.0.50 are proxying through our proxy server.

192.168.0.51 - - [23/Jun/2017:09:33:17 +0530] "GET http://192.168.0.50:8080/static/50cbf35e/images/16x16/warning.png HTTP/1.1" 200 761 "http://192.168.0.50:8080/static/50cbf35e/css/style.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36"
192.168.0.51 - - [23/Jun/2017:09:33:17 +0530] "GET http://192.168.0.50:8080/static/50cbf35e/images/16x16/error.png HTTP/1.1" 200 817 "http://192.168.0.50:8080/static/50cbf35e/css/style.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36"
192.168.0.51 - - [23/Jun/2017:09:33:17 +0530] "GET http://192.168.0.50:8080/static/50cbf35e/images/top-sticker-bottom-edge.png HTTP/1.1" 200 605 "http://192.168.0.50:8080/static/50cbf35e/css/style.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36"
192.168.0.51 - - [23/Jun/2017:09:33:03 +0530] "CONNECT fonts.gstatic.com:443 HTTP/1.1" 200 4806 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36"
192.168.0.51 - - [23/Jun/2017:09:33:17 +0530] "GET http://192.168.0.50:8080/opensearch.xml HTTP/1.1" 200 6997 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36"

I hope you found this post interesting, informative & easy 🙂 Do let me know if it needs improvements or you have suggestions 🙂

Bash Shell Script To Create A Rich, Colorful Server Health Report(in HTML)


As you know,  my previous shell script produces an HTML Server Health Report displaying all vital stats in a plain format & I thought its magical to have a shell script create an HTML report even though it was a rather simple looking report 😉 Then I wrote a web-app that helps you track how much money you have saved & came up with the idea to enhance my script to output a rich, vibrant, vividly colored HTML report that has interactive 3D charts & other colorful visual elements 🙂 Sneak a peek below!

You can grab the script from my GitHub gist page.

Server-Health-Report-Shashank_Srivastava.png

So, I modified my script & made it fetch more server data and display that data in different tables & panels. These tables & panels include : –

Directories that eat up most of your disk space.

Server-Health-Report-Shashank_Srivastava.png

Dynamic table showing the directories that take up most of your disk-space.

Top Memory consuming processes.

Server-Health-Report-Shashank_Srivastava.png

Dynamic table displaying Top Memory consuming processes.

Top CPU consuming processes.

Server-Health-Report-Shashank_Srivastava.png

Dynamic table displaying Top CPU consuming processes.

2 Speedometers displaying # of processes running & # of logged in users.

Server-Health-Report-Shashank_Srivastava.png

Speedometer 🙂

A bars system that displays the resources utilisation (RAM/CPU/Filesystem/INodes) & these bars change their color to red if threshold is crossed 🙂

Server-Health-Report-Shashank_Srivastava.png

Bars displaying vital system stats.

3D interactive pie-chart showing the break-up of filesystem utilisation.

Server-Health-Report-Shashank_Srivastava.png

3D chart with break-up of filesystem usage.

Install & Setup SonarQube on Ubuntu for Code Analysis


SonarQube is Code Quality testing solution which lets you analyse the quality of your code, detect bugs and much more to improve overall health of your code.

SonarQube comes in 2 variants. It can be accessed online using the URL https://sonarqube.com/ and it can also be hosted on your own server. In this tutorial, I am demonstrating how you can install & setup SonarQube on your own Ubuntu server to check your code’s quality 🙂

Lets start!

Lab Description : –

Ubuntu 14.04 64 bit server with 2 GB RAM.

MySQL version 5.6.33 with InnoDB storage engine.

SonarQube version 6.2.

My PHP project located at DocumentRoot. You can choose any location for code analysis.

Please note that SonarQube needs atleast 2 GB of RAM, so please make sure you have enough of it.

Steps to be followed : –

SonarQube by default uses its internal H2 database but we will be using MySQL for this. Choose any database of your choice.

1. Download SonarQube & SonarQube Scanner.

Use the links provided to download both the products.

2. Unpack them.

Unpack both of them to any location where you can locate them easily. I chose my home-directory for it. It will create 2 directories sonarqube-6.2 & sonar-scanner-2.8.

root@shashank-dbserver:/home/shashank# unzip Downloads/sonarqube-6.2.zip

root@shashank-dbserver:/home/shashank# unzip Downloads/sonar-scanner-2.8.zip

It will be good if you create aliases for above 2 directories or add them to your PATH.

3. Create MySQL Database & User.

Create a new database called sonar in MySQL (or any other DBMS of your choice). Then create a user sonarqube & grant it all privileges for sonar database.

mysql> create database sonar;
Query OK, 1 row affected (0,01 sec)

mysql> use sonar;
Database changed
mysql> CREATE USER 'sonarqube'@'localhost' IDENTIFIED BY 'sonarqube';
Query OK, 0 rows affected (0,02 sec)

mysql> GRANT ALL PRIVILEGES ON sonar.* to 'sonarqube'@'localhost';
Query OK, 0 rows affected (0,00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0,00 sec)

4. Edit sonar.properties file.

Edit this file inside sonarqube-6.2/conf directory to enter database details. Make sure to put user-name & password you created in last step. Below is the snippet. Edit values accordingly.

# DATABASE
#
# IMPORTANT: the embedded H2 database is used by default. It is recommended for tests but not for
# production use. Supported databases are MySQL, Oracle, PostgreSQL and Microsoft SQLServer.

# User credentials.
# Permissions to create tables, indices and triggers must be granted to JDBC user.
# The schema must be created first.
sonar.jdbc.username=sonarqube
sonar.jdbc.password=sonarqube

#----- Embedded Database (default)
# H2 embedded database server listening port, defaults to 9092
#sonar.embeddedDatabase.port=9092
#----- MySQL 5.6 or greater
# Only InnoDB storage engine is supported (not myISAM).
# Only the bundled driver is supported. It can not be changed.
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance

5. Create & Edit sonar-project.properties file.

Create this file inside your code’s project & enter values accordingly. See below snippet. Give your project a unique Project Key for SonarQube to uniquely identify it.

# must be unique in a given SonarQube instance
sonar.projectKey=exclaimadeasy
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=ExClaiMadEasy
sonar.projectVersion=1.0

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# Since SonarQube 4.2, this property is optional if sonar.modules is set.
# If not set, SonarQube starts looking for source code from the directory containing
# the sonar-project.properties file.
sonar.sources=.

# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8

6. Start SonarQube.

Start it by executing sonarqube-6.2/bin/sonar.sh start command.

root@shashank-dbserver:/home/shashank/sonarqube-6.2/bin/linux-x86-64# ./sonar.sh start
Starting SonarQube...
Started SonarQube.

7. Access SonarQube via browser.

Open your browser & enter localhost:9000. Then click login at the top-right corner. Credentials are admin/admin.

8. Start SonarQube Scanner to analyse your code.

Execute below command to start SonarQube scanner from within your project directory.

root@shashank-dbserver:/var/www/bills/html/CabBIlls# /home/shashank/sonar-scanner-2.8/bin/sonar-scanner

It will start scanning your project’s code. Once its done scanning, you will see output similar to below. Click the link provided there to see your report.

INFO: Analysis report uploaded in 240ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/exclaimadeasy
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AVqskPfd6DjWymbXBiOQ
INFO: Task total time: 18.806 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------

Video Tutorial : –

I have also posted a video on my YouTube channel to demonstrate all the steps. You can watch it below.

Caveats : –

Video shown above only demonstrates the basic code analysis, even though my project is PHP based. For PHP projects (or any other non-default languages), please download the plugin(s) and place that in SonarQube_HOME/extensions/plugins directory. After that restart SonarQube by executing sonar.sh restart command. PHP plugin can be downloaded from https://docs.sonarqube.org/display/PLUG/SonarPHP

Also, in the video above, I missed to uncomment MySQL jdbc conncection URL but same can be seen uncommented in snippet I pasted in step 3 😉

I hope you liked this post. See you later 🙂

Create a Server Health Report (HTML) Using Shell Script


Shell scripts are insanely powerful & convenient. We all know it 😉 Much of the beauty in shell scripts lies in the way they can be used to automate many aspects of System Administration. As a SysAdmin, you might have been asked to prepare health-reports on a regular basis. Today, I wrote one such script that will generate an HTML health-report containing some vital system information. Lets see how it works 🙂

Lab Description : –

Ubuntu 14.04 Server. Environment : – Bash shell

Instructions : –

Download or clone my GitHub repository from below location.

https://github.com/shashank-ssriva/Linux-Server-HTML-Health-Report-Using-Shell-Script

Place the syshealth.sh file anywhere you want. I prefer keeping it under my home-directory but you may keep it anywhere.

Make it executable (if not already).

You may either run/execute it manually or you may also put it in a CRON job. I have chosen to generate the report twice a day, but its entirely upto you 🙂

Video Tutorial : –

To see the script in action, watch the video below on my YouTube Channel.

Additional Notes : –

I have kept the script & report minimal since I wrote it today only. You may customize it further so as to suit your needs. Sky is the limit 😉

Set Up A Centralised Log Server On Linux (Ubuntu 14.04)


Server Logs are wealth of useful information. Every SysAdmin knows it. Logs act as our only mean to troubleshoot critical issues. Logs are so important that they must be backed up properly & efficiently. While every Linux distribution has this facility built-in, its always good to have a centralised log server that captures the logs from all other client nodes. It servers many purposes. It acts as a central point of contact whenever we need to check the logs. No need to login to individual servers. It also reduces the load on storage media of individual servers since all the logging is recorded on one central server with huge storage 🙂 Lets learn how to setup our own Centralised Log Server on Linux. I have shown using Ubuntu but same applies to Red Hat based servers as well.

Lab Description : – 

Log Server – 192.168.0.50 Ubuntu 14.04

Log Client Node – 192.168.0.51 Ubuntu 14.04

Server Configuration : –

Enable UDP/TCP port. Edit /etc/rsyslog.conf file. There are properties for UDP & TCP under MODULES directive. Uncomment both of them. It looks like below after uncommenting. 514 is the port. This will enable UDP/TCP communication from clients to server.

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Define template for the logs. Template defines the filename & location of the logs. Just above GLOBAL directive, add below lines to define a template.

$template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" *
*.* ?RemoteLogs
& ~

1st line is self-explanatory. It defines what will be the name & location of log-file. 2nd line tells rsyslog daemon to apply this template to all the log-files. 3rd line stops the older logging & enables this new logging.

Restart rsyslog daemon.

service rsyslog restart

Client Configuration.

Ensure your client nodes can communicate with server. Adjust firewall to allow UDP/TCP port 514 if needed.

Edit configuration file. We only need to define the IP address or FQDN of our log server in the /etc/rsyslog.conf file. So open the file & add below line to the end. No explanation needed here, right? 😉 Its the IP of log server & UDP/TCP port.

#Defining the Central Log Server
*.* @192.168.0.50:514

After this, restart rsyslog daemon.

service rsyslog restart

You will see new directories inside /var/log with names of your client(s). Inside these, there will be many log files with their respective program names like sudo.log.

drwx------  2 syslog            syslog     4096 jul  6 09:48 shashank-server/
drwx------  2 syslog            syslog     4096 jul  6 09:47 shashank-client/
root@shashank-server:/var/log# ll shashank-server/
50mounted-tests.log           avahi-autoipd(eth0).log       gnome-keyring-daemon.log      pkexec.log                    sudo.log
accounts-daemon.log           avahi-daemon.log              jenkins.log                   polkitd(authority=local).log  su.log
acpid.log                     colord.log                    kernel.log                    polkitd.log                   udisksd.log
anacron.log                   cracklib.log                  lightdm.log                   postfix.log                   useradd.log
AptDaemon.log                 cron.log                      ModemManager.log              pulseaudio.log                whoopsie.log
AptDaemon.PackageKit.log      CRON.log                      mtp-probe.log                 rsyslogd-2207.log             xinetd.log
AptDaemon.Trans.log           crontab.log                   NetworkManager.log            rsyslogd-2307.log             
AptDaemon.Worker.log          dbus.log                      ntpdate.log                   rsyslogd.log                  
audispd.log                   dhclient.log                  os-prober.log                 rtkit-daemon.log              
auditd.log                    failsafe.log                  passwd.log                    sshd.log

Setup Ansible Nodes on Linux (Ubuntu 14.04)


In my last post, you learnt about Ansible & how to install it. Now, lets take one step forward and setup the nodes that Ansible will manage. As we know, Ansible is agent-less hence it doesn’t need any client package to be installed on the nodes it will manage. So, we only need to define the nodes in its inventory file on Ansible server itself located at /etc/ansible/hosts

Backup this file & edit it with below contents.

[web-servers]
192.168.0.51
192.168.0.61

You can see I have defined a group called web-servers that contains IP address of 2 nodes. You can also use FQDN if you have DNS setup or entries in /etc/hosts file

Save this file & issue below command to test if Ansible server is able to ping the nodes or not.

shashank@shashank-server:~$ ansible -m ping web --ask-pass
SSH password:
192.168.0.61 | FAILED! => {
"failed": true,
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
192.168.0.51 | SUCCESS => {
"changed": false,
"ping": "pong"
}

You can see, it results in an error for one node. Because Ansible server’s fingerprint was not in known_hosts file of that node. For this, you need to add that manually or by first trying to SSH into node. That way it will ask to save the fingerprint & above command will work.

shashank@shashank-server:~$ ansible -m ping web --ask-pass
SSH password:
192.168.0.51 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.0.61 | SUCCESS => {
"changed": false,
"ping": "pong"
}

So, you can see now that Ansbile is able to ping its nodes & hence it can manage these 🙂

One thing to note is that Ansible will SSH into the nodes using the user with which it was run. I ran Ansible using shashank user which is a user with root access. So, make sure you have enough privileges to run Ansible. You can get away with using --ask-pass if you use keys instead of password. You can follow this link to know how to setup password-less SSH

shashank@shashank-server:~$ ansible -m ping web
192.168.0.61 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.0.51 | SUCCESS => {
"changed": false,
"ping": "pong"
}

You can see above that, since I have password-less SSH setup, I don’t need to use --ask-pass option.