Table of Contents
Introduction
A step-by-step installation and configuration of Ansible on Rocky Linux. Numerous guides are available over the internet, however, installing on a Basic server will confuse some newbies. Hope this guide will help someone and save their day.
The Base OS we are about to use in this guide is
[root@ansible ~]# cat /etc/redhat-release
Rocky Linux release 8.4 (Green Obsidian)
[root@ansible ~]#
Installing Ansible
And a few of the packages required to set up an Ansible host.
# yum install -y ansible.noarch\
ansible-collection-ansible-posix.noarch\
ansible-collection-community-general.noarch\
ansible-collection-redhat-rhel_mgmt.noarch\
ansible-doc.noarch ansible-freeipa-tests.noarch\
vim-ansible.noarch\
ansible-freeipa.noarch
After installing Ansible, check for the installed version and configuration location.
[root@ansible ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, May 19 2021, 03:00:47) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
[root@ansible ~]#
While the server was set up I have created my required user “ansible”. Now make sure to add it under the SUDO.
# visudo
ansible ALL=(ALL) NOPASSWD: ALL
Installing Ansible manage to create the default location of host inventory under /etc/ansible/hosts
[root@ansible ~]# ls -lthr /etc/ansible/hosts
-rw-r--r--. 1 root root 1016 Oct 27 04:56 /etc/ansible/hosts
[root@ansible ~]#
Or else we can define our own inventory file as our wish in any location. Few of the host entries I have added to the default host inventory.
[root@ansible ~]# cat /etc/ansible/hosts | tail -n 4
[dev]
server1
[prod]
server2
[root@ansible ~]#
Ansible Configuration
The default ansible configuration location will be
[ansible@ansible ~]$ ls -lthr /etc/ansible/ansible.cfg
-rw-r--r--. 1 root root 20K Oct 27 04:56 /etc/ansible/ansible.cfg
[ansible@ansible ~]$
Or, we can create our own configuration under any location we prefer to run ansible playbooks from.
[ansible@ansible ~]$ cat ansible.cfg
[defaults]
inventory = /home/ansible/inventory
roles_path = /usr/share/ansible/roles
remote_user = ansible
[privilege_escalation]
become=True
become_method=sudo
become_user=ansible
become_ask_pass=False
[ansible@ansible ~]$
Passwordless Authentication
Generate SSH key from ansible host to copied under the clients.
[ansible@ansible ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa): Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IPnc+BreYt6x695f+m2SDqD+lK1EfyLtYv+x6p2Cbs8 ansible@ansible.linuxsysadmins.local
The key's randomart image is:
+---[RSA 3072]----+
| |
| . |
| o . |
| + + |
| + S o |
| . o * |
| . + =.* +. |
| .o* *==.Bo=.|
| o++O*=*E*Bo.|
+----[SHA256]-----+
[ansible@ansible ~]$
Copy the SSH key
$ ssh-copy-id ansible@server1
$ ssh-copy-id ansible@server2
Let’s verify the passwordless authentication from Ansible host to clients
[ansible@ansible ~]$ ssh server1 uptime
22:44:15 up 33 min, 0 users, load average: 0.04, 0.02, 0.00
[ansible@ansible ~]$
[ansible@ansible ~]$ ssh server2 uptime
22:44:24 up 33 min, 0 users, load average: 0.00, 0.00, 0.00
[ansible@ansible ~]$
Looks good.
Listing Inventory Hosts
[ansible@ansible ~]$ ansible --list-hosts all
hosts (2):
server1
server2
[ansible@ansible ~]$
[ansible@ansible ~]$ ansible --list-hosts dev
hosts (1):
server1
[ansible@ansible ~]$
[ansible@ansible ~]$ ansible --list-hosts prod
hosts (1):
server2
[ansible@ansible ~]$
Predefined Roles
By default, few roles are available to manage the system by installing a package
# yum install rhel-system-roles.noarch -y
Installed:
python3-netaddr-0.7.19-8.el8.noarch rhel-system-roles-1.7.3-2.el8.noarch
Complete!
[root@ansible ~]#
You can find them under
[root@ansible ~]# ls -lthr /usr/share/ansible/roles/
total 68K
lrwxrwxrwx. 1 root root 21 Nov 9 18:33 linux-system-roles.vpn -> rhel-system-roles.vpn
lrwxrwxrwx. 1 root root 22 Nov 9 18:33 linux-system-roles.tlog -> rhel-system-roles.tlog
lrwxrwxrwx. 1 root root 26 Nov 9 18:33 linux-system-roles.timesync -> rhel-system-roles.timesync
lrwxrwxrwx. 1 root root 25 Nov 9 18:33 linux-system-roles.storage -> rhel-system-roles.storage
lrwxrwxrwx. 1 root root 22 Nov 9 18:33 linux-system-roles.sshd -> rhel-system-roles.sshd
lrwxrwxrwx. 1 root root 21 Nov 9 18:33 linux-system-roles.ssh -> rhel-system-roles.ssh
lrwxrwxrwx. 1 root root 25 Nov 9 18:33 linux-system-roles.selinux -> rhel-system-roles.selinux
lrwxrwxrwx. 1 root root 25 Nov 9 18:33 linux-system-roles.postfix -> rhel-system-roles.postfix
lrwxrwxrwx. 1 root root 25 Nov 9 18:33 linux-system-roles.network -> rhel-system-roles.network
lrwxrwxrwx. 1 root root 29 Nov 9 18:33 linux-system-roles.nbde_server -> rhel-system-roles.nbde_server
lrwxrwxrwx. 1 root root 29 Nov 9 18:33 linux-system-roles.nbde_client -> rhel-system-roles.nbde_client
lrwxrwxrwx. 1 root root 25 Nov 9 18:33 linux-system-roles.metrics -> rhel-system-roles.metrics
lrwxrwxrwx. 1 root root 25 Nov 9 18:33 linux-system-roles.logging -> rhel-system-roles.logging
lrwxrwxrwx. 1 root root 33 Nov 9 18:33 linux-system-roles.kernel_settings -> rhel-system-roles.kernel_settings
lrwxrwxrwx. 1 root root 23 Nov 9 18:33 linux-system-roles.kdump -> rhel-system-roles.kdump
lrwxrwxrwx. 1 root root 28 Nov 9 18:33 linux-system-roles.ha_cluster -> rhel-system-roles.ha_cluster
lrwxrwxrwx. 1 root root 33 Nov 9 18:33 linux-system-roles.crypto_policies -> rhel-system-roles.crypto_policies
lrwxrwxrwx. 1 root root 29 Nov 9 18:33 linux-system-roles.certificate -> rhel-system-roles.certificate
drwxr-xr-x. 7 root root 91 Jan 27 22:27 ipabackup
drwxr-xr-x. 9 root root 133 Jan 27 22:27 ipaclient
drwxr-xr-x. 8 root root 111 Jan 27 22:27 ipareplica
drwxr-xr-x. 8 root root 111 Jan 27 22:27 ipaserver
drwxr-xr-x. 9 root root 4.0K Jan 27 22:30 rhel-system-roles.certificate
drwxr-xr-x. 8 root root 4.0K Jan 27 22:30 rhel-system-roles.crypto_policies
drwxr-xr-x. 9 root root 4.0K Jan 27 22:30 rhel-system-roles.ha_cluster
drwxr-xr-x. 9 root root 4.0K Jan 27 22:30 rhel-system-roles.kdump
drwxr-xr-x. 10 root root 4.0K Jan 27 22:30 rhel-system-roles.kernel_settings
drwxr-xr-x. 7 root root 4.0K Jan 27 22:30 rhel-system-roles.logging
drwxr-xr-x. 8 root root 4.0K Jan 27 22:30 rhel-system-roles.metrics
drwxr-xr-x. 9 root root 4.0K Jan 27 22:30 rhel-system-roles.nbde_client
drwxr-xr-x. 8 root root 4.0K Jan 27 22:30 rhel-system-roles.nbde_server
drwxr-xr-x. 9 root root 4.0K Jan 27 22:30 rhel-system-roles.network
drwxr-xr-x. 7 root root 4.0K Jan 27 22:30 rhel-system-roles.postfix
drwxr-xr-x. 9 root root 4.0K Jan 27 22:30 rhel-system-roles.selinux
drwxr-xr-x. 8 root root 4.0K Jan 27 22:30 rhel-system-roles.ssh
drwxr-xr-x. 9 root root 218 Jan 27 22:30 rhel-system-roles.sshd
drwxr-xr-x. 10 root root 4.0K Jan 27 22:30 rhel-system-roles.storage
drwxr-xr-x. 10 root root 4.0K Jan 27 22:30 rhel-system-roles.timesync
drwxr-xr-x. 9 root root 4.0K Jan 27 22:30 rhel-system-roles.tlog
drwxr-xr-x. 9 root root 4.0K Jan 27 22:30 rhel-system-roles.vpn
[root@ansible ~]#
Running Adhoc Commands
Quickly run a few of Adhoc commands to verify whether ansible works.
Checking Uptime.
[ansible@ansible ~]$ ansible -i inventory -m command -a "uptime" all
server1 | CHANGED | rc=0 >>
22:45:26 up 34 min, 1 user, load average: 0.23, 0.07, 0.02
server2 | CHANGED | rc=0 >>
22:45:25 up 34 min, 1 user, load average: 0.17, 0.08, 0.03
[ansible@ansible ~]$
Running the same command with the verbose option, Only use one “-v
” This will some the configuration file used, additionally we can use “-vv
” or “-vvv
” or “-vvvv
” for more debug outputs.
[ansible@ansible ~]$ ansible -i inventory -m command -a "uptime" all -v
Using /home/ansible/ansible.cfg as config file
server1 | CHANGED | rc=0 >>
22:45:55 up 35 min, 1 user, load average: 0.14, 0.06, 0.01
server2 | CHANGED | rc=0 >>
22:45:55 up 34 min, 1 user, load average: 0.10, 0.07, 0.02
[ansible@ansible ~]$
Installing package using yum module
[ansible@ansible ~]$ ansible -m yum -a "name=atop state=present" all -i inventory
BECOME password:
server1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: atop-2.7.1-1.el8.x86_64"
]
}
server2 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: atop-2.7.1-1.el8.x86_64"
]
}
[ansible@ansible ~]$
Similarly, we can write a playbook to do the above steps.
VIM for Writing Playbook
Before starting with writing a playbook, make sure to ease the work by doing the below vim configuration.
$ vim ~/.vimrc
Append the below to the newly created file
set ai ts=2 et
ai = auto-indentation
ts = Tab Space
2 = number of space for a single TAB press
et = Expand TAB
Save and exit using wq!
and source the file to make it effective.
$ source ~/.vimrc
Creating Simple Playbook
Create a playbook now.
$ vim simple_playbook.yml
--- - name: Install package using yum hosts: all tasks: - name: Install atop yum: name: atop state: present ...
Check for the Syntax errors.
[ansible@ansible ~]$ ansible-playbook --syntax-check simple_playbook.yml
playbook: simple_playbook.yml
[ansible@ansible ~]$
And run the playbook
[ansible@ansible ~]$ ansible-playbook simple_playbook.yml -K
BECOME password:
PLAY [Install package using yum] **********************************************************************************
TASK [Gathering Facts] ********************************************************************************************
ok: [server1]
ok: [server2]
TASK [Install atop] ***********************************************************************************************
ok: [server1]
ok: [server2]
PLAY RECAP ********************************************************************************************************
server1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
server2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[ansible@ansible ~]$
That’s it, we have completed with installing Ansible and basic setup is up and running on Rocky Linux 8. x
If you are looking for more admin tasks related to Ansible have a look into this.
Ansible tasks for Sysadmins with 25 examples
Conclusion:
We have gone through Installing Ansible on Rocky Linux, the above steps are applicable for most of all RHEL based operating systems.