Discover how to install Ansible Automation Platform on Rocky Linux 9 with our comprehensive step-by-step guide. Simplify your IT automation and configuration management with Ansible today. #centlinux #linux #ansible
Table of Contents
What is Ansible?
Ansible is a suite of software tools that enables infrastructure as code. It is open-source and the suite includes software provisioning, configuration management, and application deployment functionality.
Originally written by Michael DeHaan and acquired by Red Hat in 2015, Ansible is designed to configure both Unix-like systems as well as Microsoft Windows. Ansible is agentless, relying on temporary remote connections via SSH or Windows Remote Management which allows PowerShell execution.
The Ansible control node runs on most Unix-like systems that are able to run Python, including Windows with WSL installed. System configuration is defined in part by using its own declarative language.(Source: Wikipedia)
What is Ansible Control Node?
The control node (master host) is intended to manage (orchestrate) target machines (nodes termed as “inventory”. Control nodes are only available for Linux and the like; Windows OSs are not supported. Multiple control nodes are allowed. Ansible does not require a single controlling machine for orchestration, ensuring that disaster recovery is simple. Nodes are managed by the controlling node over SSH.
Recommended Book: Ansible for DevOps (PAID LINK) by Jeff Geerling
Recommended Online Training: Complete Ansible Bootcamp: Go from zero to hero in Ansible
What is an Ansible Playbook?
An Ansible playbook is a YAML file used to automate IT tasks on managed hosts. It defines a series of instructions, called “plays,” that describe the desired state of a system. Key components include hosts (target machines), tasks (actions to perform), variables (dynamic values), handlers (triggered tasks), and modules (units of work). Playbooks are human-readable, idempotent (repeated runs yield the same result), and reusable. They simplify provisioning, configuration, and deployment without needing agents on target machines, making Ansible an efficient tool for consistent and scalable infrastructure management.
Ansible vs Terraform
Ansible and Terraform are both popular tools for managing IT infrastructure, but they serve different purposes and have unique strengths.
Ansible
Purpose: Configuration management and orchestration.
Key Features:
- Agentless: Uses SSH for communication, eliminating the need for agent software on managed hosts.
- Procedural: Describes the steps to achieve the desired state.
- Flexibility: Suitable for managing both the configuration of servers and deploying applications.
- Ad-Hoc Commands: Allows for executing commands across multiple machines without pre-defined playbooks.
- Modules: Supports a wide range of built-in modules for various tasks, making it highly versatile.
Use Cases:
- Automating software installation and configuration.
- Managing system states (e.g., ensuring services are running).
- Orchestrating complex deployment workflows.
Pros:
- Easy to learn with a simple, human-readable syntax (YAML).
- Quick to set up and start using without extensive pre-configuration.
- Strong community support and extensive documentation.
Cons:
- Procedural nature can make complex dependencies harder to manage.
- Not as strong in infrastructure provisioning compared to Terraform.
Terraform
Purpose: Infrastructure as Code (IaC) and provisioning.
Key Features:
- Declarative: Defines the desired end state of infrastructure, and Terraform determines the steps to achieve it.
- Provider Support: Supports a wide range of cloud providers (AWS, Azure, GCP) and on-premises solutions.
- State Management: Maintains a state file to track infrastructure changes, ensuring consistency.
- Modules: Promotes reuse and sharing of infrastructure code.
Use Cases:
- Provisioning and managing cloud resources (VMs, networks, databases).
- Defining and enforcing infrastructure policies.
- Automating infrastructure lifecycle (creation, updates, and deletion).
Pros:
- Strong focus on infrastructure provisioning and lifecycle management.
- Declarative syntax simplifies complex dependency management.
- Supports plan and apply workflows for previewing changes before applying them.
Cons:
- Requires managing state files, which can be complex in collaborative environments.
- Learning curve can be steeper compared to Ansible, especially for those new to IaC concepts.
Conclusion
- Ansible is ideal for configuration management, software deployment, and ad-hoc tasks, with its agentless and procedural approach.
- Terraform excels at infrastructure provisioning and managing the entire lifecycle of cloud resources with its declarative syntax and state management.
Choosing between them often depends on the specific needs of your infrastructure management strategy. For comprehensive automation, many organizations use both tools together: Terraform for provisioning and Ansible for configuration management.
Environment Specification:
We are using a Rocky Linux 9 minimal installed virtual machine with following specifications.
- CPU – 3.4 Ghz (2 cores)
- Memory – 2 GB
- Storage – 20 GB
- Operating System – Rocky Linux release 9.0 (Blue Onyx)
- Hostname – control.centlinux.com
- IP Address – 192.168.116.131 /24
Configure Hostname and Name Resolution
By using a ssh client, connect with control.centlinux.com as root user.
Set the hostname of your Rocky Linux server as follows.
# hostnamectl set-hostname control.centlinux.com
If you are not using a Private DNS Server, then you have to configure name resolution by using the Local DNS Resolver.
Execute following command at Linux bash prompt to add the name resolution directive in the /etc/hosts file.
# echo "192.168.116.131 control control.centlinux.com" >> /etc/hosts
Update your Rocky Linux OS
Refresh your yum cache by using following command.
# dnf makecache Rocky Linux 9 - BaseOS 277 kB/s | 1.7 MB 00:06 Rocky Linux 9 - AppStream 437 kB/s | 6.0 MB 00:14 Rocky Linux 9 - Extras 748 B/s | 3.4 kB 00:04 Metadata cache created.
Execute following dnf command to update all installed software packages on your Linux operating system.
# dnf update -y
If the above command updates your Linux Kernel, then you should reboot your operating system with the new Linux Kernel.
# reboot
Check the versions of Linux operating system and Kernel as follows.
# cat /etc/rocky-release Rocky Linux release 9.0 (Blue Onyx) # uname -r 5.14.0-70.17.1.el9_0.x86_64
Install Ansible Automation Platform on Rocky Linux 9
Unlike CentOS 8, Ansible is now available via standard yum repositories of Rocky Linux 9.
You can easily install Ansible software by using a dnf command.
# dnf install -y ansible-core
After successful installation, verify the version of Ansible software.
# ansible --version ansible [core 2.12.2] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible python version = 3.9.10 (main, Feb 9 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True
Create Linux User for Ansible Node Management
Create a Linux user for managing your Ansible control node and managed nodes.
You have to create this user on each managed node to grant access for executing Ansible plays and Adhoc commands.
Execute adduser command to create ansible user and passwd command to set a password.
# adduser ansible # passwd ansible Changing password for user ansible. New password: Retype new password: passwd: all authentication tokens updated successfully.
Ansible user requires sudo privileges to execute administrative commands on the managed hosts. Since, our Ansible control node is also a managed host therefore, grant the sudo privilege to ansible user as follows.
# echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible
For your convenience, you can setup the key-based authentication among Ansible control node and managed nodes.
Login as ansible user and generate a ssh key-pair as follows.
# su - ansible
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:4b/tm++yY5pgRgsNLhuNLg4qywXjxOiE0sHkLIlMdeU ansible@control.centlinux.com
The key's randomart image is:
+---[RSA 3072]----+
| .o. ... |
|+* . . |
|+.= .E. |
|+o . + + . |
|+*. + + S |
|* o. + o o |
|.o..o = . |
|+o.. o . ++. |
|+o. ++*Bo |
+----[SHA256]-----+
Now copy the generated ssh key to the target system, i.e. Ansible control node. For better manageability, you have to copy ssh key on every Ansible managed node.
$ ssh-copy-id ansible@control /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub" The authenticity of host 'control (192.168.116.131)' can't be established. ED25519 key fingerprint is SHA256:JoCfyRGNeBGu3tEQ74hTMaaErN1kU+cTr8+HuTBak3w. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys ansible@control's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'ansible@control'" and check to make sure that only the key(s) you wanted were added.
Create Ansible Project Directory
For better management of Ansible Inventory, playbooks and configurations. You should create a project directory as follows.
$ mkdir base
Create an Ansible Inventory file in base directory.
$ cd base $ vi inventory
Add following hosts and host groups in this file.
control ansible1 ansible2 [web] ansible1 [db] ansible2
Create a custom ansible.cfg file by using vim text editor.
$ vi ansible.cfg
Add following directives in this file.
[defaults] remote_user = ansible host_key_checking = false inventory = inventory [privilege_escalation] become = True become_method = sudo become_user = root become_ask_pass = False Now, query your inventory file to check your configurations are working fine.
$ ansible-inventory --graph @all: |--@db: | |--ansible2 |--@ungrouped: | |--control |--@web: | |--ansible1
Install Ansible Collections
Additionally, you can download and install Ansible collections (Set of Ansible Modules) that are available at Ansible Galaxy.
You can use ansible-galaxy command to install a Ansible collection.
$ ansible-galaxy collection install ansible.posix Starting galaxy collection install process Process install dependency map Starting collection install process Downloading https://galaxy.ansible.com/download/ansible-posix-1.4.0.tar.gz to /home/ansible/.ansible/tmp/ansible-local-9129vnjemc0/tmpvez7op32/ansible-posix-1.4.0-91fegzol Installing 'ansible.posix:1.4.0' to '/home/ansible/.ansible/collections/ansible_collections/ansible/posix' ansible.posix:1.4.0 was installed successfully
Check the list of installed Ansible collections.
$ ansible-galaxy collection list # /home/ansible/.ansible/collections/ansible_collections Collection Version ------------- ------- ansible.posix 1.4.0
Execute Ansible Adhoc Commands
By using Ping module, execute following Ansible adhoc command to check node manageability.
$ ansible all -m ping
control | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
ansible1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname ansible1: Name or service not known",
"unreachable": true
}
ansible2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname ansible2: Name or service not known",
"unreachable": true
}Definitely, ansible1 and ansible2 are non existent machines. Therefore, you are receiving UNREACHABLE error for them.
However, the control (Ansible control node) machine is returning a SUCCESS response.
Now, by using yum module, install bash-completion package on control node.
$ ansible control -m yum -a "name=bash-completion state=latest"
control | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: bash-completion-1:2.11-4.el9.noarch",
"Installed: pkgconf-pkg-config-1.7.3-9.el9.x86_64",
"Installed: pkgconf-m4-1.7.3-9.el9.noarch",
"Installed: pkgconf-1.7.3-9.el9.x86_64",
"Installed: libpkgconf-1.7.3-9.el9.x86_64"
]
}By using the firewalld module that was being installed with ansible.posix collection, you can easily configure the Linux firewall with Ansible.
$ ansible control -m firewalld -a "service=http state=enabled immediate=yes permanent=yes"
control | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}Power Off the Ansible control node by using command module.
$ ansible control -a "poweroff"
Read Also:
How to install Ansible on Rocky Linux 8
How to install Ansible on CentOS 7
Video: How to install Ansible on Rocky Linux 9
Final Thoughts
Thank you for following our guide on how to install Ansible on Rocky Linux 9. We hope this tutorial has made the installation process clear and straightforward. If you need further assistance or customized support for your Ansible setup, feel free to visit my Fiverr page here.