Discover how to set up Ansible on CentOS 7 with our detailed tutorial. Follow these easy steps to install and configure Ansible for efficient IT automation. #centlinux #linux #ansible
Table of Contents
What is Ansible?
Ansible is an open-source software provisioning, configuration management, and application-deployment tool. Ansible uses its own declarative language, based on YAML (Yet Another Markup Language), to describe system configurations.
The main functionality that differs Ansible from other configuration management software is it’s agent-less architecture. And because of this agent-less architecture, installation and configuration of Ansible is very easy and straight-forward. We just need to configure the key-based ssh authentication on the nodes and Ansible will then uses the ssh to perform configurations on the nodes.
As compare to Puppet and Chef; Ansible is a new candidate in the domain of configuration management. But it is getting famous and converting the users from competitors’ technologies.
One major shift is the inclusion of Ansible by Red Hat in Industry’s most reputable certification i.e. RHCE (Red Hat Certified Engineer) specific to Red Hat Enterprise Linux 8.
In this article, we will setup Ansible on CentOS 7 and then write and execute Ansible playbooks to configure our Linux servers using our Ansible Control Node.
Environment Specification
We are using three CentOS 7 virtual machines with following specifications.
Ansible Control Node:
- Hostname – ansible-01.example.com
- IP Address – 192.168.116.201 /24
- Operating System – CentOS 7.6
Lighttpd Web Server:
- Hostname – lighttpd-01.example.com
- IP Address – 192.168.116.202 /24
- Operating System – CentOS 7.6
MariaDB Database Server:
- Hostname – mariadb-01.example.com
- IP Address – 192.168.116.203 /24
- Operating System – CentOS 7.6
Here, we will configure ansible-01.example.com as Ansible Control Node and configure the other two servers as Ansible managed nodes.
Recommended Training: The Ultimate MySQL Bootcamp: Go from SQL Beginner to Expert from Colt Steele
Configure Name Resolution of Linux Servers
If you have configured a Authoritative DNS Server for you domain, then you can add the RR (Resource Records) of all three servers in it. Otherwise, you have to add the name resolution entries in Local DNS Resolver (/etc/hosts) file.
# cat >> /etc/hosts << EOF
> 192.168.116.201 ansible-01.example.com ansible-01
> 192.168.116.202 lighttpd-01.example.com lighttpd-01
> 192.168.116.203 mariadb-01.example.com mariadb-01
> EOFRepeat the above command on lightttpd-01 and mariadb-01 machines.
Configure SSH key-based authentication
Generate a SSH Key on ansible-01.example.com server using ssh-keygen command.
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:r2CBUntEfwcot16lGdI2K8b1rli6UUmfdEfiifps3cw root@ansible-01.example.com
The key's randomart image is:
+---[RSA 2048]----+
| . o. . .|
| ...+ *..o + |
| . .+.=oO+ + .|
| . + =o=*.o . |
| . o ooSo+.o |
| . . ..o.o.. + |
| o .+..+ . E|
| . .oo.. |
| o. |
+----[SHA256]-----+Copy SSH public key to lighttpd-01 and mariadb-01 servers.
# ssh-copy-id root@lighttpd-01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'lighttpd-01 (192.168.116.202)' can't be established.
ECDSA key fingerprint is SHA256:kzyCimDDwGPsfsuGXxdrcBqlxVQlU8FZTsYrwbPzZHM.
ECDSA key fingerprint is MD5:b4:3f:a2:86:30:7a:b7:d7:b3:b0:10:8f:a3:3e:8a:bc.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@lighttpd-01's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@lighttpd-01'"
and check to make sure that only the key(s) you wanted were added.
# ssh-copy-id root@mariadb-01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'mariadb-01 (192.168.116.203)' can't be established.
ECDSA key fingerprint is SHA256:kzyCimDDwGPsfsuGXxdrcBqlxVQlU8FZTsYrwbPzZHM.
ECDSA key fingerprint is MD5:b4:3f:a2:86:30:7a:b7:d7:b3:b0:10:8f:a3:3e:8a:bc.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@mariadb-01's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@mariadb-01'"
and check to make sure that only the key(s) you wanted were added.Verify SSH authentication by connecting to each server.
# ssh root@lighttpd-01
Last login: Sun Sep 8 10:18:40 2019
# exit
logout
Connection to lighttpd-01 closed.
# ssh root@mariadb-01
Last login: Sun Sep 8 10:21:05 2019
# exit
logout
Connection to mariadb-01 closed.
200 Pcs Funny Stickers for Adults (Dirty) Meme Water Bottles Stickers Pack Waterproof Cool Stickers for Laptop, Hard Hats, Sarcastic, Scrapbooking Decals
$13.99 (as of April 3, 2025 15:41 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Setup Ansible on CentOS 7
Connect with ansible-01.example.com using ssh as root user.
Ansible is available in extras yum repository, therefore, we can install it using yum command.
# yum install -y ansibleCheck version of Ansible software.
# ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]Edit Ansible Inventory File
File /etc/ansible/hosts holds the inventory of Ansible managed nodes.
# vi /etc/ansible/hostsAdd lighttpd-01 and mariadb-01 nodes in this file.
[centos76-servers]
lighttpd-01.example.com
mariadb-01.example.com
[lighttpd-webservers]
lighttpd-01.example.com
[mariadb-dbserver]
mariadb-01.example.com We have created three groups here.
- centos76-servers – group of CentOS 7.6 based servers, so we can configure all our CentOS 7.6 servers with a single command.
- lighttpd-servers – group of Lighttpd based web servers.
- mariadb-servers – group of MariaDB based database servers.
Here, we can create as many groups as we like, according to our requirement.
We have successfully installed Ansible on CentOS 7 and added two Linux servers in Ansible Inventory.
Configure Ansible Managed Nodes in Ad hoc mode
Now ping a group of servers using ansible command.
# ansible -m ping 'centos76-servers'
lighttpd-01.example.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
mariadb-01.example.com | SUCCESS => {
"changed": false,
"ping": "pong"
}Similarly, we can execute any command using following syntax.
# ansible -m command -a 'cat /etc/redhat-release' 'centos76-servers'
192.168.116.203 | SUCCESS | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
192.168.116.202 | SUCCESS | rc=0 >>
CentOS Linux release 7.6.1810 (Core)
Redragon M612 Predator RGB Gaming Mouse, 8000 DPI Wired Optical Mouse with 11 Programmable Buttons & 5 Backlit Modes, Software Supports DIY Keybinds Rapid Fire Button
$19.99 (as of April 3, 2025 15:57 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Use Ansible Playbooks to configure Managed nodes
Although, we can execute commands in ad hoc mode, to configure our nodes. But, it violates the concept of configuration management. Therefore, we will write playbooks (YAML scripts) to perform consistent configurations on our nodes.
Now, we are writing a playbook that will perform some initial configurations like it creates user, install some packages, and perform some configurations on centos76-servers group.
# vi centos76_servers_initial_conf.yamland add following YAML script.
---
- hosts: centos76-servers
user: root
tasks:
- name: Installing Common Packages
action: yum name=wget,bzip2 state=installed
- name: Create an Admin User
user:
name: "ahmer"
groups: "wheel"
password: "{{ '123' | password_hash('sha512') }}"Save and exit from vim editor.
Execute this playbook using ansible-playbook command.
# ansible-playbook centos76_servers_initial_conf.yaml
PLAY [centos76-servers] ********************************************************
TASK [Gathering Facts] *********************************************************
ok: [lighttpd-01.example.com]
ok: [mariadb-01.example.com]
TASK [Installing Common Packages] **********************************************
changed: [lighttpd-01.example.com]
changed: [mariadb-01.example.com]
TASK [Create an Admin User] ****************************************************
changed: [mariadb-01.example.com]
changed: [lighttpd-01.example.com]
PLAY RECAP *********************************************************************
lighttpd-01.example.com : ok=3 changed=2 unreachable=0 failed=0
mariadb-01.example.com : ok=3 changed=2 unreachable=0 failed=0Our playbook is executed successfully without any error and the required configurations has been performed on both nodes.
Now create another playbook to install Lighttpd web server using ansible command.
# vi lighttpd_servers.yamlAdd following YAML script therein.
---
- hosts: lighttpd-webservers
user: root
vars:
myhomepage: '<html><h1>Apache installed using Ansible</h1></html>'
tasks:
- name: Installing EPEL yum Repository
action: yum name=epel-release state=installed
- name: Installing Lighttpd Server
action: yum name=lighttpd state=installed
- name: Configure Lighttpd Server
replace:
path: /etc/lighttpd/lighttpd.conf
regexp: 'server.use-ipv6 = "enable"'
replace: 'server.use-ipv6 = "disable"'
backup: yes
- name: Create Index.html File.
copy:
dest: /var/www/lighttpd/index.html
content: '{{ myhomepage }}'
backup: yes
- name: Allow HTTPS Service in Linux Firewall
firewalld:
service: http
permanent: yes
state: enabled
- name: Restart Lighttpd service
service:
name: lighttpd
enabled: yes
state: restarted
- name: Restart Firewalld service
service:
name: firewalld
state: restartedExecute this playbook as follows:
# ansible-playbook lighttpd_servers.yaml
PLAY [lighttpd-webservers] *****************************************************
TASK [Gathering Facts] *********************************************************
ok: [lighttpd-01.example.com]
TASK [Installing EPEL yum Repository] ******************************************
ok: [lighttpd-01.example.com]
TASK [Installing Lighttpd Server] **********************************************
ok: [lighttpd-01.example.com]
TASK [Configure Lighttpd Server] ***********************************************
changed: [lighttpd-01.example.com]
TASK [Create Index.html File.] *************************************************
ok: [lighttpd-01.example.com]
TASK [Allow HTTPS Service in Linux Firewall] ***********************************
ok: [lighttpd-01.example.com]
TASK [Restart Lighttpd service] ************************************************
changed: [lighttpd-01.example.com]
TASK [Restart Firewalld service] ***********************************************
changed: [lighttpd-01.example.com]
PLAY RECAP *********************************************************************
lighttpd-01.example.com : ok=8 changed=3 unreachable=0 failed=0Verify our Lighttpd web server using curl command.
# curl http://lighttpd-01.example.com
<html><h1>Apache installed using Ansible</h1></html>We have successfully write and executed two Ansible playbooks.
Linux for Ethical Hacking: A Beginner’s Guide
$13.98 (as of April 2, 2025 15:06 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Final Thoughts
Congratulations on taking the first step towards mastering Ansible on CentOS 7! By following this guide, you’ve set the foundation for automating your IT infrastructure effectively and efficiently. With Ansible, you can streamline tasks, manage configurations, and scale your operations with ease.
Struggling with AWS or Linux server issues? I specialize in configuration, troubleshooting, and security to keep your systems performing at their best. Check out my Fiverr profile for details.
Let’s work together to make your automation processes seamless and efficient! Feel free to reach out if you have any questions or need further support.
Frequently Asked Questions (FAQs)
1. How do I install Ansible on CentOS 7?
Install Ansible using the following command:
sudo yum install epel-release -y sudo yum install ansible -y2. How do I verify that Ansible is installed?
Run the following command to check the installed version:
ansible --version3. Where is the Ansible configuration file located?
The default configuration file is located at: /etc/ansible/ansible.cfg
4. How do I set up an inventory file for Ansible?
Edit the inventory file located at /etc/ansible/hosts and add target server IPs or hostnames. Example: [webservers] 192.168.1.10 192.168.1.11
5. How do I test Ansible connectivity to remote hosts?
Use the following command to ping all managed hosts:
ansible all -m ping
Leave a Reply
You must be logged in to post a comment.