Site icon CentLinux

Install Ansible Automation Platform on Rocky Linux 9

Share on Social Media

Discover how to install Ansible Automation Platform on Rocky Linux 9 with our comprehensive step-by-step guide. Simplify your IT automation and configuration management with Ansible today. #centlinux #linux #ansible

What is Ansible?

Ansible is a suite of software tools that enables infrastructure as code. It is open-source and the suite includes software provisioning, configuration management, and application deployment functionality.

Originally written by Michael DeHaan and acquired by Red Hat in 2015, Ansible is designed to configure both Unix-like systems as well as Microsoft Windows. Ansible is agentless, relying on temporary remote connections via SSH or Windows Remote Management which allows PowerShell execution

The Ansible control node runs on most Unix-like systems that are able to run Python, including Windows with WSL installed. System configuration is defined in part by using its own declarative language.(Source: Wikipedia)

What is Ansible Control Node?

The control node (master host) is intended to manage (orchestrate) target machines (nodes termed as “inventory”. Control nodes are only available for Linux and the like; Windows OSs are not supported. Multiple control nodes are allowed. Ansible does not require a single controlling machine for orchestration, ensuring that disaster recovery is simple. Nodes are managed by the controlling node over SSH.

Recommended Book: Ansible for DevOps (PAID LINK) by Jeff Geerling
Recommended Online Training: Complete Ansible Bootcamp: Go from zero to hero in Ansible

What is an Ansible Playbook?

An Ansible playbook is a YAML file used to automate IT tasks on managed hosts. It defines a series of instructions, called “plays,” that describe the desired state of a system. Key components include hosts (target machines), tasks (actions to perform), variables (dynamic values), handlers (triggered tasks), and modules (units of work). Playbooks are human-readable, idempotent (repeated runs yield the same result), and reusable. They simplify provisioning, configuration, and deployment without needing agents on target machines, making Ansible an efficient tool for consistent and scalable infrastructure management.

Ansible vs Terraform

Ansible and Terraform are both popular tools for managing IT infrastructure, but they serve different purposes and have unique strengths.

Ansible

Purpose: Configuration management and orchestration.

Key Features:

Use Cases:

Pros:

Cons:

Terraform

Purpose: Infrastructure as Code (IaC) and provisioning.

Key Features:

Use Cases:

Pros:

Cons:

Conclusion

Choosing between them often depends on the specific needs of your infrastructure management strategy. For comprehensive automation, many organizations use both tools together: Terraform for provisioning and Ansible for configuration management.

Environment Specification:

We are using a Rocky Linux 9 minimal installed virtual machine with following specifications.

Configure Hostname and Name Resolution

By using a ssh client, connect with control.centlinux.com as root user.

Set the hostname of your Rocky Linux server as follows.

# hostnamectl set-hostname control.centlinux.com

If you are not using a Private DNS Server, then you have to configure name resolution by using the Local DNS Resolver.

Execute following command at Linux bash prompt to add the name resolution directive in the /etc/hosts file.

# echo "192.168.116.131 control control.centlinux.com" >> /etc/hosts

Update your Rocky Linux OS

Refresh your yum cache by using following command.

# dnf makecache
Rocky Linux 9 - BaseOS                          277 kB/s | 1.7 MB     00:06
Rocky Linux 9 - AppStream                       437 kB/s | 6.0 MB     00:14
Rocky Linux 9 - Extras                          748  B/s | 3.4 kB     00:04
Metadata cache created.

Execute following dnf command to update all installed software packages on your Linux operating system.

# dnf update -y

If the above command updates your Linux Kernel, then you should reboot your operating system with the new Linux Kernel.

# reboot

Check the versions of Linux operating system and Kernel as follows.

# cat /etc/rocky-release
Rocky Linux release 9.0 (Blue Onyx)

# uname -r
5.14.0-70.17.1.el9_0.x86_64

Install Ansible Automation Platform on Rocky Linux 9

Unlike CentOS 8, Ansible is now available via standard yum repositories of Rocky Linux 9.

You can easily install Ansible software by using a dnf command.

# dnf install -y ansible-core

After successful installation, verify the version of Ansible software.

# ansible --version
ansible [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.10 (main, Feb  9 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]
  jinja version = 2.11.3
  libyaml = True

Create Linux User for Ansible Node Management

Create a Linux user for managing your Ansible control node and managed nodes.

You have to create this user on each managed node to grant access for executing Ansible plays and Adhoc commands.

Execute adduser command to create ansible user and passwd command to set a password.

# adduser ansible
# passwd ansible
Changing password for user ansible.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Ansible user requires sudo privileges to execute administrative commands on the managed hosts. Since, our Ansible control node is also a managed host therefore, grant the sudo privilege to ansible user as follows.

# echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible

For your convenience, you can setup the key-based authentication among Ansible control node and managed nodes.

Login as ansible user and generate a ssh key-pair as follows.

# su - ansible

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:4b/tm++yY5pgRgsNLhuNLg4qywXjxOiE0sHkLIlMdeU ansible@control.centlinux.com
The key's randomart image is:
+---[RSA 3072]----+
| .o. ... |
|+* . . |
|+.= .E. |
|+o . + + . |
|+*. + + S |
|* o. + o o |
|.o..o = . |
|+o.. o . ++. |
|+o. ++*Bo |
+----[SHA256]-----+

Now copy the generated ssh key to the target system, i.e. Ansible control node. For better manageability, you have to copy ssh key on every Ansible managed node.

$ ssh-copy-id ansible@control
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub"
The authenticity of host 'control (192.168.116.131)' can't be established.
ED25519 key fingerprint is SHA256:JoCfyRGNeBGu3tEQ74hTMaaErN1kU+cTr8+HuTBak3w.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ansible@control's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'ansible@control'"
and check to make sure that only the key(s) you wanted were added.

Create Ansible Project Directory

For better management of Ansible Inventory, playbooks and configurations. You should create a project directory as follows.

$ mkdir base

Create an Ansible Inventory file in base directory.

$ cd base
$ vi inventory

Add following hosts and host groups in this file.

control
ansible1
ansible2

[web]
ansible1

[db]
ansible2

Create a custom ansible.cfg file by using vim text editor.

$ vi ansible.cfg

Add following directives in this file.

[defaults]
remote_user = ansible
host_key_checking = false
inventory = inventory

[privilege_escalation]
become = True 
become_method = sudo 
become_user = root 
become_ask_pass = False 

Now, query your inventory file to check your configurations are working fine.
$ ansible-inventory --graph
@all:
  |--@db:
  |  |--ansible2
  |--@ungrouped:
  |  |--control
  |--@web:
  |  |--ansible1

Install Ansible Collections

Additionally, you can download and install Ansible collections (Set of Ansible Modules) that are available at Ansible Galaxy.

You can use ansible-galaxy command to install a Ansible collection.

$ ansible-galaxy collection install ansible.posix
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/download/ansible-posix-1.4.0.tar.gz to /home/ansible/.ansible/tmp/ansible-local-9129vnjemc0/tmpvez7op32/ansible-posix-1.4.0-91fegzol
Installing 'ansible.posix:1.4.0' to '/home/ansible/.ansible/collections/ansible_collections/ansible/posix'
ansible.posix:1.4.0 was installed successfully

Check the list of installed Ansible collections.

$ ansible-galaxy collection list

# /home/ansible/.ansible/collections/ansible_collections
Collection    Version
------------- -------
ansible.posix 1.4.0

Execute Ansible Adhoc Commands

By using Ping module, execute following Ansible adhoc command to check node manageability.

$ ansible all -m ping
control | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
ansible1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname ansible1: Name or service not known",
    "unreachable": true
}
ansible2 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname ansible2: Name or service not known",
    "unreachable": true
}

Definitely, ansible1 and ansible2 are non existent machines. Therefore, you are receiving UNREACHABLE error for them.

However, the control (Ansible control node) machine is returning a SUCCESS response.

Now, by using yum module, install bash-completion package on control node.

$ ansible control -m yum -a "name=bash-completion state=latest"
control | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Installed: bash-completion-1:2.11-4.el9.noarch",
        "Installed: pkgconf-pkg-config-1.7.3-9.el9.x86_64",
        "Installed: pkgconf-m4-1.7.3-9.el9.noarch",
        "Installed: pkgconf-1.7.3-9.el9.x86_64",
        "Installed: libpkgconf-1.7.3-9.el9.x86_64"
    ]
}

By using the firewalld module that was being installed with ansible.posix collection, you can easily configure the Linux firewall with Ansible.

$ ansible control -m firewalld -a "service=http state=enabled immediate=yes permanent=yes"
control | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}

Power Off the Ansible control node by using command module.

$ ansible control -a "poweroff"

Read Also:

How to install Ansible on Rocky Linux 8
How to install Ansible on CentOS 7

Final Thoughts

Thank you for following our guide on how to install Ansible on Rocky Linux 9. We hope this tutorial has made the installation process clear and straightforward. If you need further assistance or customized support for your Ansible setup, feel free to visit my Fiverr page here.

Exit mobile version