Introduction
In the world of IT automation and orchestration, Ansible has emerged as a powerful tool for managing and deploying applications, infrastructure, and configurations. With its simplicity and efficiency, Ansible simplifies complex tasks, saving time and reducing human error. In this comprehensive guide, we’ll walk you through the process of how to install and configure Ansible on Rocky Linux 9, enabling you to streamline your IT operations seamlessly.
Table of Contents
Understanding Ansible
Ansible is an open-source automation platform that allows you to automate tasks such as configuration management, application deployment, and infrastructure provisioning. Ansible uses simple and human-readable YAML scripts, known as playbooks, to define tasks and workflows, making it easy to manage complex systems with minimal effort.
Prerequisites
Before you begin the process how to install and configure Ansible on Rocky Linux 9, , make sure you have the following prerequisites in place:
- A Rocky Linux 9 system with root or sudo access, to set this up, follow our guide Initial Setup Rocky Linux 9 Server: Secure and Efficient You can deploy this on a physical machine or a virtual environment like VMware or VirtualBox.
- CPU – 2 cores, Memory – 2 GB
- Storage – 30 GB
- Operating System – Rocky Linux release 9.2 (Blue Onyx)
- Hostname – ansible
- IP Address – 172.32.1.222/24
- Basic familiarity with the Linux command line
Installing Ansible on Rocky Linux 9
Follow these step-by-step instructions to install Ansible on your Rocky Linux 9 server:
Step 1: System Update
To update your Rocky Linux 9, run the following command. The commands will check for any available updates to your system, and the sudo dnf update will install them.
[[email protected] ~]$ sudo hostnamectl set-hostname ansible
[samm@ansible ~]$ sudo dnf check-update
[samm@ansible ~]$ sudo dnf update -y
Step 2: Install Ansible-Core from Appstream Repository
Ansible core is available in the default appstream package repository of Rocky Linux 9. So, we don’t need to enable EPEL repository anymore. Appstream repository maintains the latest and stable version of ansible.
Run following command to view the available ansible-core package,
[samm@ansible ~]$ sudo dnf list ansible-core
Last metadata expiration check: 0:20:27 ago on Wed 26 Jul 2023 12:29:39 AM EDT.
Available Packages
ansible-core.x86_64 2.14.2-5.el9_2 appstream
Now, you can easily install Ansible software by using a dnf command
[samm@ansible ~]$ sudo dnf install -y ansible-core
Last metadata expiration check: 0:33:12 ago on Wed 26 Jul 2023 12:29:39 AM EDT.
Dependencies resolved.
===================================================================================================================================================================================================================
Package Architecture Version Repository Size
===================================================================================================================================================================================================================
Installing:
ansible-core x86_64 2.14.2-5.el9_2 appstream 3.0 M
Installing dependencies:
libnsl2 x86_64 2.0.0-1.el9.0.1 appstream 30 k
mpdecimal x86_64 2.5.1-3.el9 appstream 85 k
python3.11 x86_64 3.11.2-2.el9_2.1 appstream 25 k
python3.11-cffi x86_64 1.15.1-1.el9 appstream 299 k
python3.11-cryptography x86_64 37.0.2-5.el9 appstream 1.1 M
python3.11-libs x86_64 3.11.2-2.el9_2.1 appstream 9.3 M
python3.11-pip-wheel noarch 22.3.1-2.el9 appstream 1.4 M
python3.11-ply noarch 3.11-1.el9 appstream 133 k
python3.11-pycparser noarch 2.20-1.el9 appstream 146 k
python3.11-pyyaml x86_64 6.0-1.el9 appstream 211 k
python3.11-setuptools-wheel noarch 65.5.1-2.el9 appstream 712 k
python3.11-six noarch 1.16.0-1.el9 appstream 42 k
sshpass x86_64 1.09-4.el9 appstream 27 k
Transaction Summary
===================================================================================================================================================================================================================
Install 14 Packages
Total download size: 17 M
Installed size: 69 M
Step 3: Verifying Ansible Installation
Once the installation is complete, you can verify Ansible’s version by running:
[samm@ansible ~]$ ansible --version
ansible [core 2.14.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/samm/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.11/site-packages/ansible
ansible collection location = /home/samm/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.11.2 (main, May 24 2023, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3.11)
jinja version = 3.1.2
libyaml = True
Whenever Ansible is installed with dnf or yum command then it’s default configuration file ‘ansible.cfg’ is created automatically under ‘/etc/ansible’ folder. But when we install it with pip then we have to create its configuration file manually.
Step 4: Create Linux User for Ansible Node Management
After installing Ansible on Rocky Linux, create a Linux user for managing your Ansible control node and managed nodes.
You have to create this user on each managed node to grant access for executing Ansible plays and Adhoc commands.
[samm@ansible ~]$ sudo adduser ansible
[samm@ansible ~]$ sudo passwd ansible
Changing password for user ansible.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Ansible user requires sudo privileges to execute administrative commands on the managed hosts. Since, our Ansible control node is also a managed host therefore, grant the sudo privilege to ansible user as follows.
[root@ansible ~]# echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible
Prepare Managed host, first generate the ssh keys of your user from ansible control node and share those keys to managed host so that password less authentication can be achieved. Login as ansible user and generate a ssh key-pair as follows.
[ansible@ansible ~]$ ssh-keygen -t rsa -b 4096 -C "ansible-controller"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:ztte1uK2Cb3uIisIm0nxUDHcaz5g+q+EYf/X5fumChI ansible-controller
The key's randomart image is:
+---[RSA 4096]----+
| .oo |
| o.. |
| . . |
| o o o |
| o* +E S |
| .++. o+ ... |
| ..*o...+..o= . |
| +.o...o+o=o+. |
| .oooo++*X*. |
+----[SHA256]-----+
Now copy the generated ssh key to the target system, i.e. Ansible control node. For better manageability, you have to copy ssh key on every Ansible managed node.
[ansible@ansible ~]$ ssh-copy-id [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub"
The authenticity of host '172.32.1.80 (172.32.1.80)' can't be established.
ED25519 key fingerprint is SHA256:aM9JI0/GLm/7n9SRtBcouXxcpo8nI6z1veb6uG74Q48.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
Step 5: Create Ansible Project Directory
It is recommended to create ansible.cfg for each project. For the demonstration purpose, I am creating an automation project.
[ansible@ansible ~]$ sudo mkdir -p /opt/ansible-project
[ansible@ansible ~]$ cd /opt/ansible-project
Now, let’s proceed to test the proper configuration of Ansible on your local computer/server by employing the ping module against your designated target server. This step will verify whether any syntax errors in your configuration files could potentially impede Ansible’s connectivity to the target server. Additionally, you may consider adjusting a few settings to align with your requirements.
Ansible’s main configuration file is located at /etc/ansible/ansible.cfg
. You can modify this file using a text editor like nano
or vim
.
Create a ansible.cfg file with following content
[samm@ansible ansible-project]$ sudo vi ansible.cfg
[defaults]
inventory = /opt/ansible-project/inventory
remote_user = ansible
host_key_checking = False
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False
Now create a inventory file under automation project (folder) with the following content.
[samm@ansible ansible-project]$ sudo vi inventory
[web_01]
172.32.1.80
Save & exit the file.
Note: 172.32.1.80 is a managed host. It is an Debian 11 system.
Next, change the ownership of the object storage directory ‘/opt/ansible-project/’ to the user and group ‘ansible’.
[ansible@ansible opt]$ sudo chown -R ansible:ansible ansible-project/
Now, query your inventory file to check your configurations are working fine.
[ansible@ansible ansible-project]$ ansible-inventory --graph
@all:
|--@ungrouped:
|--@web_01:
| |--172.32.1.80
Some configurations you might consider:
- Inventory File: The inventory file lists the hosts you want to manage with Ansible. By default, Ansible uses
/etc/ansible/hosts
as the inventory file. You can specify hosts using IP addresses or domain names. - Remote User: Ansible connects to remote hosts using SSH. You can specify the remote user by setting the
remote_user
parameter in the configuration file. - SSH Key: Ansible uses SSH keys for authentication. Make sure your public SSH key is present on the remote hosts’
~/.ssh/authorized_keys
file.
Step 6: Test Ansible Project
Now, let’s proceed to validate the accurate configuration of Ansible on your local computer/server. This can be achieved by employing the ping module against your designated target server. Through this test, any potential syntax errors present in your configuration files will be identified, which could otherwise hinder Ansible from establishing a connection to the target server.
[ansible@ansible ansible-project]$ ansible web_01 -m ping
172.32.1.80 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
The above output confirms that we are now able to connect to the remote managed host. Let’s proceed by creating a sample playbook to install and start the nginx service.
ansible@ansible ansible-project]$ vi nginx.yaml
Paste the following lines in the file.
---
- name: Playbook to Install Nginx Web Server
hosts: web_01
tasks:
- name: Install nginx
package:
name: nginx
state: present
- name: Start nginx Service
service:
name: nginx
state: started
save and close the file.
Run the playbook using following command,
[ansible@ansible ansible-project]$ ansible-playbook nginx.yaml
Ansible will execute the tasks defined in the playbook and display the results.
Output,
PLAY [Playbook to Install Nginx Web Server] ***********************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok: [172.32.1.80]
TASK [Install nginx] **********************************************************************************************************************************************************************************************
changed: [172.32.1.80]
TASK [Start nginx Service] ****************************************************************************************************************************************************************************************
ok: [172.32.1.80]
PLAY RECAP ********************************************************************************************************************************************************************************************************
172.32.1.80 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Above Output shows that playbook has been executed successfully. Let’s verify using following ad-hoc commands,
[ansible@ansible ansible-project]$ ansible web_01 -m shell -a 'apt list --installed | grep nginx'
172.32.1.80 | CHANGED | rc=0 >>
libnginx-mod-http-geoip/oldstable,oldstable-security,now 1.18.0-6.1+deb11u3 amd64 [installed,automatic]
libnginx-mod-http-image-filter/oldstable,oldstable-security,now 1.18.0-6.1+deb11u3 amd64 [installed,automatic]
libnginx-mod-http-xslt-filter/oldstable,oldstable-security,now 1.18.0-6.1+deb11u3 amd64 [installed,automatic]
libnginx-mod-mail/oldstable,oldstable-security,now 1.18.0-6.1+deb11u3 amd64 [installed,automatic]
libnginx-mod-stream-geoip/oldstable,oldstable-security,now 1.18.0-6.1+deb11u3 amd64 [installed,automatic]
libnginx-mod-stream/oldstable,oldstable-security,now 1.18.0-6.1+deb11u3 amd64 [installed,automatic]
nginx-common/oldstable,oldstable-security,now 1.18.0-6.1+deb11u3 all [installed,automatic]
nginx-core/oldstable,oldstable-security,now 1.18.0-6.1+deb11u3 amd64 [installed,automatic]
nginx/oldstable,oldstable-security,now 1.18.0-6.1+deb11u3 all [installed]
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
[ansible@ansible ansible-project]$ ansible web_01 -m shell -a 'systemctl status nginx'
172.32.1.80 | CHANGED | rc=0 >>
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-07-27 14:48:36 WIB; 45min ago
Docs: man:nginx(8)
Process: 36168 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 36169 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 36356 (nginx)
Tasks: 5 (limit: 17954)
Memory: 4.6M
CPU: 44ms
CGroup: /system.slice/nginx.service
├─36356 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─36358 nginx: worker process
├─36359 nginx: worker process
├─36360 nginx: worker process
└─36361 nginx: worker process
Jul 27 14:48:36 viva-mysql systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 27 14:48:36 viva-mysql systemd[1]: Started A high performance web server and a reverse proxy server.
Conclusion
Congratulations! You’ve successfully install and configured Ansible on Rocky Linux 9. Ansible’s simplicity and versatility make it a valuable tool for automating various tasks within your IT infrastructure. Whether you’re managing a small-scale environment or a large-scale deployment, Ansible’s automation capabilities will undoubtedly enhance your operational efficiency and reduce manual errors. With your newfound knowledge, you’re well on your way to streamlining your IT operations using Ansible.
Also Read Our Other Guides :
- How To Install and Configure Go (Golang) on Ubuntu 22.04
- How To Install and Configure NFS Server Client on Ubuntu 22.04
- How To Install Jenkins on Ubuntu 22.04
- How To Install Snipe-IT Asset Management on Ubuntu 22.04
Finally, now you have learned how to install and configure Ansible on Rocky Linux 9.