Installing Ansible on Rocky Linux 8.x

Introduction

A step-by-step installation and configuration of Ansible on Rocky Linux. Numerous guides are available over the internet, however, installing on a Basic server will confuse some newbies. Hope this guide will help someone and save their day.

The Base OS we are about to use in this guide is

[root@ansible ~]# cat /etc/redhat-release 
Rocky Linux release 8.4 (Green Obsidian)
[root@ansible ~]#

Installing Ansible

And a few of the packages required to set up an Ansible host.

# yum install -y ansible.noarch\
                 ansible-collection-ansible-posix.noarch\
                 ansible-collection-community-general.noarch\
                 ansible-collection-redhat-rhel_mgmt.noarch\
                 ansible-doc.noarch ansible-freeipa-tests.noarch\
                 vim-ansible.noarch\
                 ansible-freeipa.noarch

After installing Ansible, check for the installed version and configuration location.

[root@ansible ~]# ansible --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, May 19 2021, 03:00:47) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
[root@ansible ~]# 

While the server was set up I have created my required user “ansible”. Now make sure to add it under the SUDO.

# visudo
ansible ALL=(ALL)       NOPASSWD: ALL

Installing Ansible manage to create the default location of host inventory under /etc/ansible/hosts

[root@ansible ~]# ls -lthr /etc/ansible/hosts 
-rw-r--r--. 1 root root 1016 Oct 27 04:56 /etc/ansible/hosts
[root@ansible ~]# 

Or else we can define our own inventory file as our wish in any location. Few of the host entries I have added to the default host inventory.

[root@ansible ~]# cat /etc/ansible/hosts | tail -n 4
[dev]
server1
[prod]
server2
[root@ansible ~]#

Ansible Configuration

The default ansible configuration location will be

[ansible@ansible ~]$ ls -lthr /etc/ansible/ansible.cfg 
-rw-r--r--. 1 root root 20K Oct 27 04:56 /etc/ansible/ansible.cfg
[ansible@ansible ~]$ 

Or, we can create our own configuration under any location we prefer to run ansible playbooks from.

[ansible@ansible ~]$ cat ansible.cfg 
[defaults]
inventory   =   /home/ansible/inventory
roles_path  = /usr/share/ansible/roles
remote_user = ansible

[privilege_escalation]
become=True
become_method=sudo
become_user=ansible
become_ask_pass=False
[ansible@ansible ~]$

Passwordless Authentication

Generate SSH key from ansible host to copied under the clients.

[ansible@ansible ~]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa): Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IPnc+BreYt6x695f+m2SDqD+lK1EfyLtYv+x6p2Cbs8 ansible@ansible.linuxsysadmins.local
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|     .           |
|    o .          |
|     + +         |
|      + S o      |
|       . o *     |
|      . + =.* +. |
|     .o* *==.Bo=.|
|     o++O*=*E*Bo.|
+----[SHA256]-----+
[ansible@ansible ~]$ 

Copy the SSH key

$ ssh-copy-id ansible@server1
$ ssh-copy-id ansible@server2

Let’s verify the passwordless authentication from Ansible host to clients

[ansible@ansible ~]$ ssh server1 uptime
 22:44:15 up 33 min,  0 users,  load average: 0.04, 0.02, 0.00
[ansible@ansible ~]$ 
[ansible@ansible ~]$ ssh server2 uptime
 22:44:24 up 33 min,  0 users,  load average: 0.00, 0.00, 0.00
[ansible@ansible ~]$

Looks good.

Listing Inventory Hosts

[ansible@ansible ~]$ ansible --list-hosts all
  hosts (2):
    server1
    server2
[ansible@ansible ~]$ 
[ansible@ansible ~]$ ansible --list-hosts dev
  hosts (1):
    server1
[ansible@ansible ~]$ 
[ansible@ansible ~]$ ansible --list-hosts prod
  hosts (1):
    server2
[ansible@ansible ~]$ 

Predefined Roles

By default, few roles are available to manage the system by installing a package

# yum install rhel-system-roles.noarch -y
Installed:
  python3-netaddr-0.7.19-8.el8.noarch                                                                                           rhel-system-roles-1.7.3-2.el8.noarch                                                                                          

Complete!
[root@ansible ~]#

You can find them under

[root@ansible ~]# ls -lthr /usr/share/ansible/roles/
total 68K
lrwxrwxrwx.  1 root root   21 Nov  9 18:33 linux-system-roles.vpn -> rhel-system-roles.vpn
lrwxrwxrwx.  1 root root   22 Nov  9 18:33 linux-system-roles.tlog -> rhel-system-roles.tlog
lrwxrwxrwx.  1 root root   26 Nov  9 18:33 linux-system-roles.timesync -> rhel-system-roles.timesync
lrwxrwxrwx.  1 root root   25 Nov  9 18:33 linux-system-roles.storage -> rhel-system-roles.storage
lrwxrwxrwx.  1 root root   22 Nov  9 18:33 linux-system-roles.sshd -> rhel-system-roles.sshd
lrwxrwxrwx.  1 root root   21 Nov  9 18:33 linux-system-roles.ssh -> rhel-system-roles.ssh
lrwxrwxrwx.  1 root root   25 Nov  9 18:33 linux-system-roles.selinux -> rhel-system-roles.selinux
lrwxrwxrwx.  1 root root   25 Nov  9 18:33 linux-system-roles.postfix -> rhel-system-roles.postfix
lrwxrwxrwx.  1 root root   25 Nov  9 18:33 linux-system-roles.network -> rhel-system-roles.network
lrwxrwxrwx.  1 root root   29 Nov  9 18:33 linux-system-roles.nbde_server -> rhel-system-roles.nbde_server
lrwxrwxrwx.  1 root root   29 Nov  9 18:33 linux-system-roles.nbde_client -> rhel-system-roles.nbde_client
lrwxrwxrwx.  1 root root   25 Nov  9 18:33 linux-system-roles.metrics -> rhel-system-roles.metrics
lrwxrwxrwx.  1 root root   25 Nov  9 18:33 linux-system-roles.logging -> rhel-system-roles.logging
lrwxrwxrwx.  1 root root   33 Nov  9 18:33 linux-system-roles.kernel_settings -> rhel-system-roles.kernel_settings
lrwxrwxrwx.  1 root root   23 Nov  9 18:33 linux-system-roles.kdump -> rhel-system-roles.kdump
lrwxrwxrwx.  1 root root   28 Nov  9 18:33 linux-system-roles.ha_cluster -> rhel-system-roles.ha_cluster
lrwxrwxrwx.  1 root root   33 Nov  9 18:33 linux-system-roles.crypto_policies -> rhel-system-roles.crypto_policies
lrwxrwxrwx.  1 root root   29 Nov  9 18:33 linux-system-roles.certificate -> rhel-system-roles.certificate
drwxr-xr-x.  7 root root   91 Jan 27 22:27 ipabackup
drwxr-xr-x.  9 root root  133 Jan 27 22:27 ipaclient
drwxr-xr-x.  8 root root  111 Jan 27 22:27 ipareplica
drwxr-xr-x.  8 root root  111 Jan 27 22:27 ipaserver
drwxr-xr-x.  9 root root 4.0K Jan 27 22:30 rhel-system-roles.certificate
drwxr-xr-x.  8 root root 4.0K Jan 27 22:30 rhel-system-roles.crypto_policies
drwxr-xr-x.  9 root root 4.0K Jan 27 22:30 rhel-system-roles.ha_cluster
drwxr-xr-x.  9 root root 4.0K Jan 27 22:30 rhel-system-roles.kdump
drwxr-xr-x. 10 root root 4.0K Jan 27 22:30 rhel-system-roles.kernel_settings
drwxr-xr-x.  7 root root 4.0K Jan 27 22:30 rhel-system-roles.logging
drwxr-xr-x.  8 root root 4.0K Jan 27 22:30 rhel-system-roles.metrics
drwxr-xr-x.  9 root root 4.0K Jan 27 22:30 rhel-system-roles.nbde_client
drwxr-xr-x.  8 root root 4.0K Jan 27 22:30 rhel-system-roles.nbde_server
drwxr-xr-x.  9 root root 4.0K Jan 27 22:30 rhel-system-roles.network
drwxr-xr-x.  7 root root 4.0K Jan 27 22:30 rhel-system-roles.postfix
drwxr-xr-x.  9 root root 4.0K Jan 27 22:30 rhel-system-roles.selinux
drwxr-xr-x.  8 root root 4.0K Jan 27 22:30 rhel-system-roles.ssh
drwxr-xr-x.  9 root root  218 Jan 27 22:30 rhel-system-roles.sshd
drwxr-xr-x. 10 root root 4.0K Jan 27 22:30 rhel-system-roles.storage
drwxr-xr-x. 10 root root 4.0K Jan 27 22:30 rhel-system-roles.timesync
drwxr-xr-x.  9 root root 4.0K Jan 27 22:30 rhel-system-roles.tlog
drwxr-xr-x.  9 root root 4.0K Jan 27 22:30 rhel-system-roles.vpn
[root@ansible ~]# 

Running Adhoc Commands

Quickly run a few of Adhoc commands to verify whether ansible works.

Checking Uptime.

[ansible@ansible ~]$ ansible -i inventory -m command -a "uptime" all
server1 | CHANGED | rc=0 >>
 22:45:26 up 34 min,  1 user,  load average: 0.23, 0.07, 0.02
server2 | CHANGED | rc=0 >>
 22:45:25 up 34 min,  1 user,  load average: 0.17, 0.08, 0.03
[ansible@ansible ~]$ 

Running the same command with the verbose option, Only use one “-v” This will some the configuration file used, additionally we can use “-vv” or “-vvv” or “-vvvv” for more debug outputs.

[ansible@ansible ~]$ ansible -i inventory -m command -a "uptime" all -v
Using /home/ansible/ansible.cfg as config file
server1 | CHANGED | rc=0 >>
 22:45:55 up 35 min,  1 user,  load average: 0.14, 0.06, 0.01
server2 | CHANGED | rc=0 >>
 22:45:55 up 34 min,  1 user,  load average: 0.10, 0.07, 0.02
[ansible@ansible ~]$ 

Installing package using yum module

[ansible@ansible ~]$ ansible -m yum -a "name=atop state=present" all -i inventory
BECOME password: 
server1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Installed: atop-2.7.1-1.el8.x86_64"
    ]
}
server2 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Installed: atop-2.7.1-1.el8.x86_64"
    ]
}
[ansible@ansible ~]$

Similarly, we can write a playbook to do the above steps.

VIM for Writing Playbook

Before starting with writing a playbook, make sure to ease the work by doing the below vim configuration.

$ vim ~/.vimrc

Append the below to the newly created file

set ai ts=2 et

ai = auto-indentation
ts = Tab Space
2 = number of space for a single TAB press
et = Expand TAB

Save and exit using wq! and source the file to make it effective.

$ source ~/.vimrc

Creating Simple Playbook

Create a playbook now.

$ vim simple_playbook.yml
---
- name: Install package using yum
  hosts: all
  tasks:
    - name: Install atop
      yum:
        name: atop
        state: present
...

Check for the Syntax errors.

[ansible@ansible ~]$ ansible-playbook --syntax-check simple_playbook.yml 

playbook: simple_playbook.yml
[ansible@ansible ~]$ 

And run the playbook

[ansible@ansible ~]$ ansible-playbook simple_playbook.yml -K
BECOME password: 

PLAY [Install package using yum] **********************************************************************************

TASK [Gathering Facts] ********************************************************************************************
ok: [server1]
ok: [server2]

TASK [Install atop] ***********************************************************************************************
ok: [server1]
ok: [server2]

PLAY RECAP ********************************************************************************************************
server1                    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
server2                    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[ansible@ansible ~]$ 

That’s it, we have completed with installing Ansible and basic setup is up and running on Rocky Linux 8. x

If you are looking for more admin tasks related to Ansible have a look into this.

Ansible tasks for Sysadmins with 25 examples

Conclusion:

We have gone through Installing Ansible on Rocky Linux, the above steps are applicable for most of all RHEL based operating systems.