Ansible is an agentless Orchestrator and an Automation tool that makes Linux/Windows applications and systems easier to provision, deploy, and do configuration management tasks. In this blog, we will focus on installing Ansible on our Redhat 9 and this install will form the base for our Aria Automation stack we will build on later during our journey.
During the tour, we will install Ansible Tower on our RHEL 9 System which takes Ansible to the next level by introducing a web-based infrastructure automation platform for centrally managing and configuring all our Linux/Microsoft Windows Servers via the UI. Ansbile tower is free for usage for up to 10 nodes so we can deploy with just a trial subscription from Redhat.
Note: With Redhat 9 and above, the Ansible Core package is by default included in the AppStream repository so there is no longer a requirement to add an EPEL repository that was very commonly used with previous RHEL 8 and below versions.
Components of Ansible Engine
- Control Node – Also known as the brain of the system that has Ansible installed.
- Managed Node – These are the clients in simple terms.
- Host Inventory – List of all hosts that can be managed with Ansible eg: Webservers
- PlayBooks – are a set of group-related tasks that are to be executed on a managed node eg; Prod Dev, etc
- Modules – ready-to-use codes that help in package installation, file manipulation and service management that are run when a playbook is run. Modules are stored in the /lib/ansible/modules.
Ansible Tower (AWX) Deployment Prerequisites
With Redhat 9 and above, the Ansible Core package is by default included in the AppStream repository so there is no longer a requirement to add an EPEL repository that was very commonly used with previous RHEL 8 and below versions.
Installing Ansible on Red Hat 9
Refresh the yum cache by running the following command;
[root@aap ~]# dnf makecache
Updating Subscription Management repositories.
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 2.7 MB/s | 17 MB 00:06
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs) 3.5 MB/s | 29 MB 00:08
Metadata cache created.
Update all software packages on the system using dnf update –y
[root@aap ~]# dnf update -y
Updating Subscription Management repositories.
Last metadata expiration check: 0:09:30 ago on Sun 25 Feb 2024 19:23:57 GMT.
Dependencies resolved.
========================================================================================================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================================================================================================
Installing:
kernel x86_64 5.14.0-362.18.1.el9_3 rhel-9-for-x86_64-baseos-rpms 4.9 M
Upgrading:
NetworkManager x86_64 1:1.44.0-4.el9_3 rhel-9-for-x86_64-baseos-rpms 2.3 M
NetworkManager-libnm x86_64 1:1.44.0-4.el9_3 rhel-9-for-x86_64-baseos-rpms 1.8 M
NetworkManager-team x86_64 1:1.44.0-4.el9_3 rhel-9-for-x86_64-baseos-rpms 43 k
NetworkManager-tui x86_64 1:1.44.0-4.el9_3 To list all repositories on the VM, run dnf repolist . Ansible Core package is by default included in the AppStream repository in RHEL9
[root@aap ~]# dnf repolist
Updating Subscription Management repositories.
repo id repo name
rhel-9-for-x86_64-appstream-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)
rhel-9-for-x86_64-baseos-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)
Install Ansible with dnf command
[root@aap ~]# dnf install -y ansible-core
Updating Subscription Management repositories.
Last metadata expiration check: 0:19:40 ago on Sun 25 Feb 2024 19:38:59 GMT.
Dependencies resolved.
========================================================================================================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================================================================================================
Installing:
ansible-core x86_64 1:2.14.9-1.el9 rhel-9-for-x86_64-appstream-rpms 2.6 M
Installing dependencies:
python3-cffi x86_64 1.14.5-5.el9 rhel-9-for-x86_64-baseos-rpms 257 k
python3-cryptography x86_64 36.0.1-4.el9 rhel-9-for-x86_64-baseos-rpms 1.2 M
python3-packaging noarch 20.9-5.el9 rhel-9-for-x86_64-appstream-rpms 81 k
python3-ply noarch 3.11-14.el9 rhel-9-for-x86_64-baseos-rpms 111 k
python3-pycparser noarch 2.20-6.el9 rhel-9-for-x86_64-baseos-rpms 139 k
python3-pyparsing noarch 2.4.7-9.el9 rhel-9-for-x86_64-baseos-rpms 154 k
python3-resolvelib noarch 0.5.4-5.el9 rhel-9-for-x86_64-appstream-rpms 38 k
sshpass x86_64 1.09-4.el9 rhel-9-for-x86_64-appstream-rpms 30 k
Verify the Ansible version
[root@aap ~]# ansible --version
ansible [core 2.14.9]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.9.18 (main, Jan 4 2024, 00:00:00) [GCC 11.4.1 20230605 (Red Hat 11.4.1-2)] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = TrueVerify the Python version
[root@aap ~]# python --version
Python 3.9.18
[root@aap ~]#We will need to create a normal Linux user for Ansible Node Management. In this example, i’ve choosen ariaadm.
[root@aap ~]# useradd ariaadm
[root@aap ~]# passwd ariaadm
Changing password for user ariaadm.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
We will allow Linux users to run any commands anywhere by adding an entry in /etc/sudoers, this entry should be an all-managed server as well for Ansible to execute commands as a admin user if necessary.
## Allow root to run any commands anywhere without prompting for password
ariaadm ALL=(ALL) NOPASSWD:ALLThe below option can be used in case we wish to input a password following the execution of an Ansible command
## Allow root to run any commands anywhere without prompting for password
ariaadm ALL=(ALL) PASSWD:ALLGenerate SSH keys for the ariaadm user
[ariaadm@aap root]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ariaadm/.ssh/id_rsa):
Created directory '/home/ariaadm/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ariaadm/.ssh/id_rsa
Your public key has been saved in /home/ariaadm/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:jecHW7K35a4a+s3JVwdNW5G/X9YdpGkNjNGX2fhnp4k ariaadm@aap
The key's randomart image is:
+---[RSA 3072]----+
| .= o*|
| . +.*+|
| B++|
| o +.+B|
| S = o. =B|
| o *E o.B|
| = o .o+|
| . B =. .|
| ..o.B+o |
+----[SHA256]-----+
[ariaadm@aap root]$Copy the ssh key on every Ansible-managed node for us to do password-less login to all servers managed with Ansible via SSH.
[ariaadm@aap root]$ ssh-copy-id ariaadm@webserver01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ariaadm/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ariaadm@webserver01's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ariaadm@webserver01'"
and check to make sure that only the key(s) you wanted were added.
The main configuration files on ansible are under /etc/ansible. The two important files in here are the /etc/ansible/hosts (also known as inventory file), etc/ansible/ansible.cfg ( also known as config file). Update lists of hosts to be managed by ansible into an inventory file or the host’s file below.The default location for the host inventory file is /etc/ansible/hosts.
Create an inventory file and add all the hosts that are managed by Ansible in this format.
## All the hosts managed by Ansible Automation
[database]
db
[webs]
webserver02
webserver01
[elb]
haproxy
Tweak the following parameter in Ansible config file /etc/ansible.cfg to enable privilege escalation that will enable us to run commands as root
[privilege_escalation]
become=true
become_method=sudo
become_user=root
become_ask_pass=False
host_key_checking=false
remote_user = ariaadm
ask_pass = False
Run the following Ansible command to perform an Ansible check from the control node to the managed node
## Syntax of command -m - stands for module, command - module name , -a append , command to run, target group
[ariaadm@aap ansible]$ ansible -m command -a "uptime" webs
webserver02 | CHANGED | rc=0 >>
16:26:00 up 2:09, 1 user, load average: 0.10, 0.30, 0.20
webserver01 | CHANGED | rc=0 >>
16:26:00 up 2:09, 1 user, load average: 0.07, 0.30, 0.21
[ariaadm@aap ansible]$
Prefix the above Ansible command with –become to perform an Ansible check from the control node to the managed node elevating us as a root user.
[ariaadm@aap ansible]$ ansible -m command -a "lvs" webs --become
webserver02 | CHANGED | rc=0 >>
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root rhel_unknown -wi-ao---- 11.91g
swap rhel_unknown -wi-ao---- 1.50g
webserver01 | CHANGED | rc=0 >>
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root rhel_unknown -wi-ao---- 11.91g
swap rhel_unknown -wi-ao---- 1.50g If we wish to type a password following the execution of a command we use the option K
[ariaadm@aap ansible]$ ansible -m command -a "lvs" webs --become -K
BECOME password:
webserver01 | CHANGED | rc=0 >>
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root rhel_unknown -wi-ao---- 11.91g
swap rhel_unknown -wi-ao---- 1.50g
webserver02 | CHANGED | rc=0 >>
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root rhel_unknown -wi-ao---- 11.91g
swap rhel_unknown -wi-ao---- 1.50g
[ariaadm@aap ansible]$