Site icon CentLinux

How to Setup Ansible on CentOS 7

Alaric Bird
Share on Social Media

Discover how to set up Ansible on CentOS 7 with our detailed tutorial. Follow these easy steps to install and configure Ansible for efficient IT automation. #centlinux #linux #ansible

What is Ansible?

Ansible is an open-source software provisioning, configuration management, and application-deployment tool. Ansible uses its own declarative language, based on YAML (Yet Another Markup Language), to describe system configurations.

The main functionality that differs Ansible from other configuration management software is it’s agent-less architecture. And because of this agent-less architecture, installation and configuration of Ansible is very easy and straight-forward. We just need to configure the key-based ssh authentication on the nodes and Ansible will then uses the ssh to perform configurations on the nodes.

As compare to Puppet and Chef; Ansible is a new candidate in the domain of configuration management. But it is getting famous and converting the users from competitors’ technologies.

One major shift is the inclusion of Ansible by Red Hat in Industry’s most reputable certification i.e. RHCE (Red Hat Certified Engineer) specific to Red Hat Enterprise Linux 8.

In this article, we will setup Ansible on CentOS 7 and then write and execute Ansible playbooks to configure our Linux servers using our Ansible Control Node.

Recommended Training for You: Ansible Advanced – Hands-On – DevOps

Environment Specification

We are using three CentOS 7 virtual machines with following specifications.

Ansible Control Node:

Lighttpd Web Server:

MariaDB Database Server:

Here, we will configure ansible-01.example.com as Ansible Control Node and configure the other two servers as Ansible managed nodes.

Configure Name Resolution of Linux Servers

If you have configured a Authoritative DNS Server for you domain, then you can add the RR (Resource Records) of all three servers in it. Otherwise, you have to add the name resolution entries in Local DNS Resolver (/etc/hosts) file.

# cat >> /etc/hosts << EOF
> 192.168.116.201 ansible-01.example.com ansible-01
> 192.168.116.202 lighttpd-01.example.com lighttpd-01
> 192.168.116.203 mariadb-01.example.com mariadb-01
> EOF

Repeat the above command on lightttpd-01 and mariadb-01 machines.

Configure SSH key-based authentication

Generate a SSH Key on ansible-01.example.com server using ssh-keygen command.

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:r2CBUntEfwcot16lGdI2K8b1rli6UUmfdEfiifps3cw root@ansible-01.example.com
The key's randomart image is:
+---[RSA 2048]----+
|      .  o.   . .|
|     ...+ *..o + |
|    . .+.=oO+ + .|
|   . +  =o=*.o . |
|  . o ooSo+.o    |
|   . . ..o.o.. + |
|      o .+..+ . E|
|     . .oo..     |
|        o.       |
+----[SHA256]-----+

Copy SSH public key to lighttpd-01 and mariadb-01 servers.

# ssh-copy-id root@lighttpd-01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'lighttpd-01 (192.168.116.202)' can't be established.
ECDSA key fingerprint is SHA256:kzyCimDDwGPsfsuGXxdrcBqlxVQlU8FZTsYrwbPzZHM.
ECDSA key fingerprint is MD5:b4:3f:a2:86:30:7a:b7:d7:b3:b0:10:8f:a3:3e:8a:bc.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@lighttpd-01's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@lighttpd-01'"
and check to make sure that only the key(s) you wanted were added.

# ssh-copy-id root@mariadb-01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'mariadb-01 (192.168.116.203)' can't be established.
ECDSA key fingerprint is SHA256:kzyCimDDwGPsfsuGXxdrcBqlxVQlU8FZTsYrwbPzZHM.
ECDSA key fingerprint is MD5:b4:3f:a2:86:30:7a:b7:d7:b3:b0:10:8f:a3:3e:8a:bc.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@mariadb-01's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@mariadb-01'"
and check to make sure that only the key(s) you wanted were added.

Verify SSH authentication by connecting to each server.

# ssh root@lighttpd-01
Last login: Sun Sep  8 10:18:40 2019
# exit
logout
Connection to lighttpd-01 closed.
# ssh root@mariadb-01
Last login: Sun Sep  8 10:21:05 2019
# exit
logout
Connection to mariadb-01 closed.

Setup Ansible on CentOS 7

Connect with ansible-01.example.com using ssh as root user.

Ansible is available in extras yum repository, therefore, we can install it using yum command.

# yum install -y ansible

Check version of Ansible software.

# ansible --version
ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

Edit Ansible Inventory File

File /etc/ansible/hosts holds the inventory of Ansible managed nodes.

# vi /etc/ansible/hosts

Add lighttpd-01 and mariadb-01 nodes in this file.

[centos76-servers]
lighttpd-01.example.com
mariadb-01.example.com

[lighttpd-webservers]
lighttpd-01.example.com 

[mariadb-dbserver]
mariadb-01.example.com

We have created three groups here.

Here, we can create as many groups as we like, according to our requirement.

We have successfully installed Ansible on CentOS 7 and added two Linux servers in Ansible Inventory.

Configure Ansible Managed Nodes in Ad hoc mode

Now ping a group of servers using ansible command.

# ansible -m ping 'centos76-servers'
lighttpd-01.example.com | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
mariadb-01.example.com | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Similarly, we can execute any command using following syntax.

# ansible -m command -a 'cat /etc/redhat-release' 'centos76-servers'
192.168.116.203 | SUCCESS | rc=0 >>
CentOS Linux release 7.6.1810 (Core)

192.168.116.202 | SUCCESS | rc=0 >>
CentOS Linux release 7.6.1810 (Core)

Use Ansible Playbooks to configure Managed nodes

Although, we can execute commands in ad hoc mode, to configure our nodes. But, it violates the concept of configuration management. Therefore, we will write playbooks (YAML scripts) to perform consistent configurations on our nodes.

Now, we are writing a playbook that will perform some initial configurations like it creates user, install some packages, and perform some configurations on centos76-servers group.

# vi centos76_servers_initial_conf.yaml

and add following YAML script.

---
 - hosts: centos76-servers
   user: root
   tasks:
    - name: Installing Common Packages
      action: yum name=wget,bzip2 state=installed
   
    - name: Create an Admin User
      user:
       name: "ahmer"
       groups: "wheel"
       password: "{{ '123' | password_hash('sha512') }}"

Save and exit from vim editor.

Execute this playbook using ansible-playbook command.

# ansible-playbook centos76_servers_initial_conf.yaml

PLAY [centos76-servers] ********************************************************

TASK [Gathering Facts] *********************************************************
ok: [lighttpd-01.example.com]
ok: [mariadb-01.example.com]

TASK [Installing Common Packages] **********************************************
changed: [lighttpd-01.example.com]
changed: [mariadb-01.example.com]

TASK [Create an Admin User] ****************************************************
changed: [mariadb-01.example.com]
changed: [lighttpd-01.example.com]

PLAY RECAP *********************************************************************
lighttpd-01.example.com    : ok=3    changed=2    unreachable=0    failed=0
mariadb-01.example.com     : ok=3    changed=2    unreachable=0    failed=0

Our playbook is executed successfully without any error and the required configurations has been performed on both nodes.

Now create another playbook to install Lighttpd web server using ansible command.

# vi lighttpd_servers.yaml

Add following YAML script therein.

---
 - hosts: lighttpd-webservers
   user: root
   vars:
    myhomepage: '<html><h1>Apache installed using Ansible</h1></html>'
   tasks:
    - name: Installing EPEL yum Repository
      action: yum name=epel-release state=installed

    - name: Installing Lighttpd Server
      action: yum name=lighttpd state=installed

    - name: Configure Lighttpd Server
      replace:
       path: /etc/lighttpd/lighttpd.conf
       regexp: 'server.use-ipv6 = "enable"'
       replace: 'server.use-ipv6 = "disable"'
       backup: yes

    - name: Create Index.html File.
      copy:
       dest: /var/www/lighttpd/index.html
       content: '{{ myhomepage }}'
       backup: yes

    - name: Allow HTTPS Service in Linux Firewall
      firewalld:
       service: http
       permanent: yes
       state: enabled

    - name: Restart Lighttpd service
      service:
       name: lighttpd
       enabled: yes
       state: restarted

    - name: Restart Firewalld service
      service:
       name: firewalld
       state: restarted

Execute this playbook as follows:

# ansible-playbook lighttpd_servers.yaml

PLAY [lighttpd-webservers] *****************************************************

TASK [Gathering Facts] *********************************************************
ok: [lighttpd-01.example.com]

TASK [Installing EPEL yum Repository] ******************************************
ok: [lighttpd-01.example.com]

TASK [Installing Lighttpd Server] **********************************************
ok: [lighttpd-01.example.com]

TASK [Configure Lighttpd Server] ***********************************************
changed: [lighttpd-01.example.com]

TASK [Create Index.html File.] *************************************************
ok: [lighttpd-01.example.com]

TASK [Allow HTTPS Service in Linux Firewall] ***********************************
ok: [lighttpd-01.example.com]

TASK [Restart Lighttpd service] ************************************************
changed: [lighttpd-01.example.com]

TASK [Restart Firewalld service] ***********************************************
changed: [lighttpd-01.example.com]

PLAY RECAP *********************************************************************
lighttpd-01.example.com    : ok=8    changed=3    unreachable=0    failed=0

Verify our Lighttpd web server using curl command.

# curl http://lighttpd-01.example.com
<html><h1>Apache installed using Ansible</h1></html>

We have successfully write and executed two Ansible playbooks. If you want to write more advance Ansible playbooks, then you should refer to Ansible Documentation or get a copy of Ansible Quick Start Guide: Control and monitor infrastructures of any size, physical or virtual (PAID LINK) by Packt Publishing.

Final Thoughts

Congratulations on taking the first step towards mastering Ansible on CentOS 7! By following this guide, you’ve set the foundation for automating your IT infrastructure effectively and efficiently. With Ansible, you can streamline tasks, manage configurations, and scale your operations with ease.

If you need expert help or a customized setup for your specific needs, I’m here to assist you! Check out my Fiverr gig: DevOps Services for professional Ansible services, including:

Let’s work together to make your automation processes seamless and efficient! Feel free to reach out if you have any questions or need further support.

Exit mobile version