In this article, you will learn how to install Ansible Control Node on CentOS 8. Later, we will also configure an Ansible managed node and execute some adhoc commands on it. #centlinux #linux #ansible
Table of Contents
What is Ansible?:
Ansible is an open-source software provisioning, configuration management, and application deployment tool. Ansible is developed by Red Hat and available in free and commercial editions.
Unlike Puppet and Chef, Ansible is agent-less. Ansible uses declarative language to define system configurations and uses SSH service and Python scripts to apply configurations on the managed nodes.
The Ansible machine that is used for management and administration of nodes is called Ansible Control Node. Whereas, the controlled nodes are called Ansible Managed hosts.
The Ansible control node has the Inventory of managed nodes and the Ansible software to manage it.
Ansible vs Terraform
Ansible and Terraform are popular tools used in the field of DevOps for infrastructure management and automation. However, they serve different purposes and are best suited for different tasks. Here’s a comparison of Ansible and Terraform:
Overview
Ansible:
- Type: Configuration management tool
- Developed by: Red Hat
- Language: YAML for playbooks, Python for modules
- Use Case: Automating application deployment, configuration management, and orchestration
- Agentless: Does not require an agent to be installed on the nodes it manages
- Execution: Uses SSH for communication with nodes
Terraform:
- Type: Infrastructure as Code (IaC) tool
- Developed by: HashiCorp
- Language: HashiCorp Configuration Language (HCL) or JSON
- Use Case: Provisioning and managing cloud infrastructure and resources
- State Management: Maintains state of the infrastructure in a state file
- Execution: Uses APIs to interact with cloud providers and services
Key Differences
- Purpose and Focus:
- Ansible: Primarily focuses on configuration management, automating the setup, configuration, and management of servers and applications.
- Terraform: Focuses on infrastructure provisioning and management, allowing users to define and manage infrastructure as code.
- Language and Syntax:
- Ansible: Uses YAML for writing playbooks, which describe the desired state and configuration of systems.
- Terraform: Uses HCL (HashiCorp Configuration Language) or JSON to define infrastructure resources and their relationships.
- State Management:
- Ansible: Does not maintain a detailed state of the infrastructure. Each run is independent and idempotent, aiming to bring the system to the desired state.
- Terraform: Maintains a state file that keeps track of the current state of the infrastructure, enabling more complex dependency management and orchestration.
- Agent Requirement:
- Ansible: Agentless, communicates with nodes via SSH (or WinRM for Windows).
- Terraform: Also agentless, but interacts directly with cloud provider APIs.
- Execution Model:
- Ansible: Executes tasks sequentially, can be used for ad-hoc commands and is well-suited for orchestrating complex workflows.
- Terraform: Executes tasks in parallel where possible, optimizing the creation of resources based on dependencies.
- Learning Curve:
- Ansible: Generally considered easier to learn for those familiar with scripting and system administration, due to its use of YAML and straightforward playbook structure.
- Terraform: May have a steeper learning curve due to the need to understand its declarative syntax and the concepts of state management and resource dependencies.
When to Use Which?
- Use Ansible when:
- You need to manage and configure existing servers.
- You need to orchestrate complex deployment workflows.
- You prefer an agentless approach and want to leverage SSH for communication.
- You require a tool that integrates well with other configuration management systems and CI/CD pipelines.
- Use Terraform when:
- You need to provision and manage cloud infrastructure resources.
- You need to maintain the state of your infrastructure.
- You require detailed dependency management and want to ensure that the infrastructure is created in a specific order.
- You want to use a tool that integrates well with various cloud providers and services.
Conclusion
Ansible and Terraform are both powerful tools but are optimized for different aspects of infrastructure management. Ansible excels in configuration management and orchestration, while Terraform is designed for infrastructure provisioning and management. Many organizations use both tools in tandem to take advantage of their respective strengths.
Recommended Online Training: Ultimate Ansible Bootcamp by School of Devops
Environment Specification
We are using two minimal CentOS 8 virtual machine with following specification.
Ansible Control Node:
- CPU – 3.4 Ghz (2 cores)
- Memory – 4 GB
- Storage – 40 GB
- Operating System – CentOS 8.1
- Hostname – ansible-01.centlinux.com
- IP Address – 192.168.116.225 /24
Ansible Managed Node:
- CPU – 3.4 Ghz (2 cores)
- Memory – 2 GB
- Storage – 20 GB
- Operating System – CentOS 8.1
- Hostname – apache-01.centlinux.com
- IP Address – 192.168.116.206 /24
Update your Linux OS
Connect to ansible-01.centlinux.com as root user by using a ssh tool or you can configure a Jump Server to securely connect to your network servers from a web-based ssh interface.
It is a best practice to always update the Linux OS and installed software packages before initiating to install ansible control node.
We can update CentOS 8 software packages by using dnf command.
# dnf update -y CentOS-8 - AppStream 801 B/s | 4.3 kB 00:05 CentOS-8 - Base 3.1 kB/s | 3.9 kB 00:01 CentOS-8 - Extras 2.2 kB/s | 1.5 kB 00:00 Dependencies resolved. Nothing to do. Complete!
Since, we have recently updated our CentOS 8 software packages, therefore, there is nothing to upgrade at this time.
Installing Python on CentOS 8
To install Ansible Control Node, we require Python 2 (version 2.7) or Python 3 (version 3.5 or higher).
In CentOS 8 default yum repositories, we have Python 2.7 and Python 3.6 both are available. So we can install any of them to fulfill the Ansible requirements.
We are installing Python 3.6 on CentOS 8 as follows.
# dnf module install -y python36
Check version of Python to verify that it has been installed correctly.
# python3 --version Python 3.6.8
Installing EPEL Yum Repository
EPEL (Extra Packages for Enterprise Linux) is a free community supported yum repository from Fedora team. EPEL provides latest versions of Linux software that are not available in standard yum repositories.
We can enable EPEL yum repository on CentOS 8 by installing the epel-release package.
# dnf install -y epel-release
Build cache for EPEL yum repository.
# dnf makecache CentOS-8 - AppStream 6.1 kB/s | 4.3 kB 00:00 CentOS-8 - Base 6.1 kB/s | 3.9 kB 00:00 CentOS-8 - Extras 3.3 kB/s | 1.5 kB 00:00 Extra Packages for Enterprise Linux Modular 8 - 6.6 kB/s | 117 kB 00:17 Extra Packages for Enterprise Linux 8 - x86_64 496 kB/s | 6.6 MB 00:13 Metadata cache created.
EPEL yum repository has been installed and ready for use.
Install Ansible Control Node
We can install Ansible on CentOS 8, by one of the following three methods.
- Install the latest release of Ansible from EPEL yum repository
- Install Ansible by using pip (Python Package Manager)
- Install by compiling the Ansible source code available at GitHub
Here, we are installing Ansible by using EPEL yum repository.
First of all, check the available version of Ansible in EPEL repository.
# dnf info ansible --repo=epel Last metadata expiration check: 0:02:29 ago on Sat 16 May 2020 02:07:46 AM PKT. Available Packages Name : ansible Version : 2.9.7 Release : 1.el8 Architecture : noarch Size : 17 M Source : ansible-2.9.7-1.el8.src.rpm Repository : epel Summary : SSH-based configuration management, deployment, and task : execution system URL : http://ansible.com License : GPLv3+ Description : Ansible is a radically simple model-driven configuration : management, multi-node deployment, and remote task execution : system. Ansible works over SSH and does not require any software : or daemons to be installed on remote nodes. Extension modules can : be written in any language and are transferred to managed : machines automatically.
We have Ansible 2.9 available in EPEL yum repository. Therefore, We are installing it by using dnf command.
# dnf install -y ansible
Verify the Ansible installation by checking its version as follows.
# ansible --version ansible 2.9.7 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Nov 21 2019, 19:31:34) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)]
Enable Bash Completion for Ansible Commands
As of Ansible 2.9, shell completion of Ansible commands is available and provided through an optional dependency called argcomplete. argcomplete supports bash but has limited support for zsh and tcsh.
We are installing python3-argcomplete package to enable bash completion of Ansible commands.
# dnf install -y python3-argcomplete
Configure argcomplete to enable bash completion of Ansible commands.
# activate-global-python-argcomplete activate-global-python-argcomplete Installing bash completion script /etc/bash_completion.d/python-argcomplete.sh printf "33]0;%s@%s:%s07" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"
Generate SSH Key Pair for Ansible Control Node
We are generating a SSH key pair for our Ansible Control Node. This SSH key pair will be used to setup password-less authentication on Ansible Managed Nodes.
# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:4yfSptgQTPY9+1X+Qh0tJ3e9VDvPGz/KzlpBmm0qjmg root@ansible-01.centlinux.com The key's randomart image is: +---[RSA 3072]----+ | | | .| | o . =| | + . . = o=*| | o . S o +oB*| | . o + oooo+| | . . *....o. +| | E.+o+..+ .+.| | o.o. ...o=..o| +----[SHA256]-----+
Add an Ansible Managed Node
If we want to manage a CentOS 8 node, then we have perform some necessary configurations thereon.
If you are not using a DNS server for your network then you have to configure name resolution of managed nodes by using Local DNS Resolver.
Add the name resolution entry in hosts file of Ansible control node.
# echo "192.168.116.206 apache-01 apache-01.centlinux.com" >> /etc/hosts
There are only two software required to setup a Ansible Managed node.
- sshd with password less authentication
- Python
In CentOS 8 based systems, sshd is installed by default. So, we are only required to configure the password less authentication on it.
It is quiet easy, since we have already generated the SSH key pair. We now use the ssh-copy-id command to copy the public key to the managed node.
# ssh-copy-id root@apache-01.centlinux.com /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'apache-01.centlinux.com (192.168.116.206)' can't be established. ECDSA key fingerprint is SHA256:skGj4xg0w+jIQtrfF8AOdfItgcXUQQu+bWUFfvws1Hk. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@apache-01.centlinux.com's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@apache-01.centlinux.com'" and check to make sure that only the key(s) you wanted were added.
That’s all for the Ansible control node configurations. Now login to Ansible managed node (apache-01.centlinux.com) and install Python 3.6 thereon.
# dnf module install -y python36
Verify Python installation by checking its version.
# python3 --version Python 3.6.8
apache-01.centlinux.com node is ready to be managed by the Ansible. Now login to Ansible control node and add apache-01.centlinux.com node in Ansible Inventory.
Create a directory to store Ansible inventory files.
# mkdir ansible # cd ansible
Create the hosts file to define Ansible managed nodes.
# vi hosts
Add a section [webservers] and add apache-01.centlinux.com node in it.
[webservers] apache-01.centlinux.com
These configurations are quiet enough for executing Ansible adhoc commands. However, we can also write Ansible playbooks for orchestration of managed nodes.
List down the Ansible managed hosts from the Inventory.
# ansible -i hosts --list-hosts all hosts (1): apache-01.centlinux.com
Check connectivity by pinging Ansible managed nodes.
# ansible -i hosts -m ping all apache-01.centlinux.com | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }
By using Ansible execute a command to managed host. We are installing Apache HTTP server on all the nodes in webservers section.
# ansible -i hosts -m shell -a 'dnf install -y httpd' webservers
Recommended Book: Mastering Ansible – 3rd Edition (PAID LINK) by Packt Publishing
Final Thoughts
In conclusion, setting up an Ansible Control Node on CentOS 8 can significantly streamline your IT operations, enhancing efficiency and reliability across your infrastructure. Whether you’re managing a small network or a large-scale enterprise environment, Ansible provides the tools you need to automate and simplify your workflow.
If you’re ready to take the next step and want professional assistance, I offer a specialized service to install Ansible Control Node on Linux. By leveraging my expertise, you can ensure a smooth, hassle-free setup tailored to your specific needs.
Visit my Fiverr profile to learn more and book my service: DevOps Engineer
Thank you for reading, and I look forward to helping you optimize your IT management!
python 2 going to obsolete so using python 3 is better
Yes, indeed.
Whenever We tried to copy the ssh key to managed node, it will prompt for password, what is the root password I can use??
because without password, the ssh key will not copy on managed node
Hi, you can obtain the root password of your server from your System Administrator. or if you forget the root password then you have to reset it.