The Nightmare of “SSH-ing Into Every Single Server”
If you only manage 2-3 VPS instances, SSH-ing into each machine to run dnf update or install Nginx is still manageable. But imagine that number jumping to 10, 20, or 50 servers. I once stayed up until 2 AM just to fix a single configuration line in an nginx.conf file across 15 different server clusters. One tiny typo on a single node and the whole system could crash instantly.
Having used Fedora as my primary OS for two years, I love its package update speed. However, as infrastructure grows, I realized that manual effort cannot scale with the number of servers. That was when I had to turn to automation to save my own time.
Why Manual Management is the Shortest Path to… Failure
The problem isn’t just that it’s time-consuming. When operating manually, you face three critical risks:
- Configuration Drift: After a few months, Server A is running Nginx 1.20, Server B has jumped to 1.24, and Server C… someone forgot to open the Firewall port. You can never be sure if your servers are consistent.
- Lack of Reproducibility: If a server crashes completely, how long does it take you to rebuild an identical one? Without a standard script, it’s like looking for a needle in a haystack.
- Fatigue-induced Errors: An extra space or a misplaced
rm -rfcommand is always lurking when Ops teams are overworked.
Choosing Shell Scripts, Puppet, or Ansible?
The simplest way is writing .sh files and copying them to each machine. However, pure scripts lack Idempotency. If you run a script twice, it might cause errors because a file already exists or a service is already running.
Tools like Puppet or Chef are too heavy. They require you to install an “Agent” (background software) on all client machines. This consumes RAM and increases the security attack surface of the system.
Ansible is the most balanced choice. It operates on an Agentless mechanism. You only need to install Ansible on the control machine (Control Node). It then pushes commands via SSH to the target machines. Other than Python, which is pre-installed on Fedora, you don’t need to install anything else on the target servers.
Getting Started with Ansible on Fedora
Assuming you have one Fedora Server acting as the control center and several other Linux servers to practice management on.
Step 1: Install Ansible Core
Fedora always prioritizes the latest packages, so installation is very fast. On the control machine, run the command:
sudo dnf install ansible-core -yTo make sure everything is correct, check the version:
ansible --versionStep 2: Set Up SSH Key-based Authentication
Ansible uses SSH for communication. Instead of the nightmare of manual password entry, you should use SSH Keys. Create a new key if you don’t have one:
ssh-keygen -t ed25519 -C "[email protected]"Then, push this key to the target servers:
ssh-copy-id [email protected]Step 3: Configure the Inventory (Server List)
Ansible needs to know who it’s managing. Create a hosts.ini file and group your servers clearly:
[webservers]
192.168.1.10
192.168.1.11
[dbservers]
192.168.1.20
[all:vars]
ansible_user=fedoraStep 4: Test Connection with an Ad-hoc Command
Let’s see if Ansible can “recognize” the machines using the ping module:
ansible all -i hosts.ini -m pingWhen the screen displays "ping": "pong" in green, it means the connection is established.
Writing a Playbook: Automating Web Server Configuration in a Snap
A Playbook is where you define the deployment scenario using YAML format. Create a setup-web.yml file to install Nginx and open the Firewall automatically.
---
- name: Bulk Web Server Configuration
hosts: webservers
become: yes
tasks:
- name: Install Nginx
dnf:
name: nginx
state: latest
- name: Enable Nginx
systemd:
name: nginx
state: started
enabled: yes
- name: Open HTTP port on Firewall
firewalld:
service: http
permanent: yes
state: enabled
notify: Reload Firewall
handlers:
- name: Reload Firewall
service:
name: firewalld
state: reloadedExecute the script with the command:
ansible-playbook -i hosts.ini setup-web.ymlThe beauty of Ansible is that if you run this command again, it will realize Nginx is already present and do nothing. The returned status will be ok instead of changed. This is the difference between a professional and someone just hacking scripts together.
Real-world Experience: Don’t Let SELinux Get in Your Way
During actual projects, I’ve gathered three important notes for Fedora users:
- Prioritize Dedicated Modules: Don’t abuse the
shellmodule. Usednf,copy, ortemplate. They make your commands much safer and easier to control. - Handling SELinux: Fedora has SELinux enabled by default and it’s quite strict. When using Ansible to copy configuration files, remember to use the
sefcontextmodule to assign the correct labels. Otherwise, Nginx will throw a “Permission denied” error even if you’ve used chmod 777. - Explore Ansible Galaxy: Don’t waste time “reinventing the wheel.” On Ansible Galaxy, there are thousands of ready-made Roles. I often download them and then customize them to save time.
Switching to Ansible might initially feel a bit confusing with YAML syntax. But believe me, it will save you dozens of hours of pointless typing. Instead of being preoccupied with SSH, you’ll have time to research system architecture or simply leave the office earlier than usual.
