Ansible is an open-source software provisioning and configuration management tool for Unix-like and Microsoft Windows operating systems.
Unlike, Puppet, Chef, and CFEngine, the server software is installed on one machine, and client machines are managed through the agent software. Wherein Ansible, the nodes are managed by controlling node (Ansible server) over SSH, so there won’t be any agent software running on managed node (Client Servers) machines.
Ansible can perform deployment, configuration management of software on 100s of nodes using SSH, the entire operation is normally executed by one single command ansible. But, in some cases, where you may require to execute multiple commands for deployment.
This guide will help you to install Ansible on CentOS 8 / RHEL 8.
Environment
Contents
Hostname | IP Address | OS | Purpose |
---|---|---|---|
server.itzgeek.local | 192.168.0.10 | CentOS 8 / RHEL 8 | Controlling Machine |
node1.itzgeek.local | 192.168.0.20 | CentOS 8 | Managed Node 1 |
node2.itzgeek.local | 192.168.0.30 | CentOS 7 | Managed Node 2 |
Install Ansible on CentOS 8 / RHEL 8
Setup Control Node
To install Ansible, we will have to enable EPEL and Ansible repository on CentOS 8 and RHEL 8, respectively.
### CentOS 8 ### yum install -y epel-release ### RHEL 8 ### subscription-manager repos --enable ansible-2.9-for-rhel-8-x86_64-rpms
Install Ansible with yum command.
yum install -y ansible
Once Ansible is installed, verify the version of Ansible by executing the below command.
ansible --version
Output:
ansible 2.8.5 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, May 21 2019, 23:51:36) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)]
Setup Managed Node
Client machines should at least have Python 2 (version 2.6 or later) or Python 3 (version 3.5 or later).
### CentOS 8 / RHEL 8 ### yum install -y platform-python ### CentOS 7 / RHEL 7 ### yum install -y python
SELinux
If you have SELinux enabled on managed nodes, you will have to install the below package on nodes before using any copy/file/template related functions in Ansible.
### CentOS 8 / RHEL 8 ### yum install -y python3-libselinux ### CentOS 7 / RHEL 7 ### yum install -y libselinux-python
SSH Authentication
As said earlier, Ansible uses native OpenSSH for remote communication. Ansible supports both passwordless and password authentication to execute commands on managed nodes.
Here, for this demo, I have used passwordless communication between ansible controlling node (root) and the managed nodes (root). However, I will show you how to use Ansible with password authentication.
SSH key authentication (Passwordless Authentication)
When it comes to ssh authentication, by default, it uses ssh keys (passwordless authentication) to authenticate with the remote machine.
READ: How To Setup SSH Passwordless Login on CentOS 8 / RHEL 8
READ: How To Setup SSH Passwordless Login on CentOS 7 / RHEL 7
As you are aware, software provisioning or configuration changes you perform on nodes require root privileges or root equivalent privileges (sudo). So, set up passwordless communication between the root user of the Ansible Server and the root user of nodes for easiness.
Password Authentication
Password authentication can also be used where needed by supplying the option –ask-pass. This option requires sshpass to the on controlling machine.
yum install -y sshpass
Create Ansible Inventory
The /etc/ansible/hosts file holds the inventory of remote hosts to which Ansible will connect through SSH/Winrm (Windows) for managing them. At this moment, we will only see how to manage the configurations of the remote Linux node.
Edit the inventory file.
vi /etc/ansible/hosts
Put one or more remote system’s IP address or hostname in it. You can group servers with [GROUP_NAME]. Here, I have added both machines to the demoservers group.
Groups are used to classifying systems for a particular use. If you do not specify any group, they will act as ungrouped hosts.
[demoservers] 192.168.0.20 192.168.0.30
Check Ansible Connectivity
Let us check the connectivity of nodes by using ping (module) from the controlling machine. To do that, we will use the command ansible with options -m (load module) and all (all servers) or demoservers (a group of nodes).
This ping module is often used to troubleshoot Ansible connectivity issues.
# All servers - If you use passwordless authentication. Current logged in user on Ansible server and remote node's user are same ansible -m ping all # All servers - If you use passwordless authentication and the remote user is different from logged in user on Ansible server ansible -m ping -u raj all # All servers - If you use password authentication and the remote user is different from logged in user on Ansible server ansible -m ping all -u raj --ask-pass # Only demoservers group - If you use passwordless authentication. Current logged in user on Ansible server and remote node's user are same ansible -m ping demoservers
Output:
192.168.1.20 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.1.30 | SUCCESS => { "changed": false, "ping": "pong" }
In the above example, we have seen how to use the ping module with ansible command to ping all or a group of remote hosts with passwordless and password authentication.
In the same way, we can use various modules with ansible command. You can find available modules here.
Execute Command On Nodes
This time, we will use the command module with ansible command to get remote machine information.
The below commands are written assuming that you have passwordless communication between the control node and the managed nodes. I am using a demoservers group to execute commands.
Check Hostname
In our first example, we will execute the hostname command with the command module to get the hostname name of remote nodes at one go.
ansible -m command -a "hostname" demoservers
Output:
192.168.1.30 | SUCCESS | rc=0 >> node2.itzgeek.local 192.168.1.20 | SUCCESS | rc=0 >> node1.itzgeek.local
Check Uptime
To check the uptime of nodes.
ansible -m command -a "uptime" demoservers
Output:
192.168.1.30 | SUCCESS | rc=0 >> 16:36:45 up 56 min, 3 users, load average: 0.00, 0.00, 0.00 192.168.1.20 | SUCCESS | rc=0 >> 16:36:45 up 1:09, 2 users, load average: 0.05, 0.04, 0.05
Read Remote Files
You can also view the content of a particular file.
ansible -m command -a "cat /etc/hosts" demoservers
Output:
192.168.1.30 | SUCCESS | rc=0 >> # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "systemd-resolve --status" to see details about the uplink DNS servers # currently in use. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 192.168.1.20 | SUCCESS | rc=0 >> # Generated by NetworkManager search itzgeek.local nameserver 8.8.8.8 nameserver 192.168.1.1
Redirect File Output
You can also save the output (on Ansible server) to any file by using the redirection.
ansible -m command -a "cat /etc/resolv.conf" demoservers > /tmp/ouput_file cat /tmp/ouput_file
Make Configuration Changes on Node
We can use lineinfile module to edit files on remote nodes. For example, to add additional name servers, we can use the below command.
ansible -m lineinfile -a "path=/etc/resolv.conf line=nameserver 8.8.4.4" demoservers
You can validate the changes using the below command.
ansible -m command -a "cat /etc/resolv.conf | grep -i nameserver" demoservers
Conclusion
That’s All. You now have successfully installed Ansible on CentOS 8 / RHEL 8. You can proceed to create Ansible playbooks for automating your tasks.