How to install and configure Ansible on Redhat Enterprise Linux 8

This tutorial covers step by step installation and configuration of Ansible on Redhat Enterprise Linux 8.
Ansible is the leading Open Source configuration management system. It makes it easy for administrators and operations teams to control thousands of servers from central machine without installing agents on them.

In this tutorial you will learn:

  • Ansible Overview
  • Install and Configure Python
  • Set Password-less SSH
  • Install Ansible
  • Testing and Managing the Ansible

Ansible Architecture

Ansible Architecture.

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Red Hat Enterprise Linux 8
Software Python3, Ansible
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Ansible Overview

Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.



Designed for multi-tier deployments since day one, Ansible models your IT infrastructure by describing how all of your systems inter-relate, rather than just managing one system at a time.

It uses no agents and no additional custom security infrastructure, so it’s easy to deploy – and most importantly, it uses a very simple language (YAML, in the form of Ansible Playbooks) that allow you to describe your automation jobs in a way that approaches plain English. Ansible works by connecting to your nodes and pushing out small programs, called “Ansible modules” to them.
These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default), and removes them when finished.

Your library of modules can reside on any machine, and there are no servers, daemons, or databases required. Typically you’ll work with your favorite terminal program, a text editor, and probably a version control system to keep track of changes to your content.

Install and Configure Python

The default version of Python in RHEL 8 is Python 3.6. But Python 2 remains available in RHEL 8. If for any reason Python 3.6 is missing in the Red Hat Enterprise Linux 8 installation, you’ll need to install it manually.

Python 3.6 can be installed on RHEL 8 by running the command below on your terminal. Python need to be installed on both the Ansible Server and all the hosts/clients where it will connect.



# yum install python3
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Last metadata expiration check: 8:59:59 ago on Sun 03 Feb 2019 11:20:51 PM +04.
Dependencies resolved.
======================================================================================================================================================
 Package                 Arch                  Version                                     Repository                                            Size
======================================================================================================================================================
Installing:
 python36                x86_64                3.6.6-17.el8+2102+a4bbd900                  rhel-8-for-x86_64-appstream-beta-rpms                 22 k
Enabling module streams:
 python36                                      3.6                                                                                                   

Transaction Summary
======================================================================================================================================================
Install  1 Package

Total download size: 22 k
Installed size: 22 k
Is this ok [y/N]: y
Downloading Packages:
python36-3.6.6-17.el8+2102+a4bbd900.x86_64.rpm                                                                        6.0 kB/s |  22 kB     00:03    
------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                 6.0 kB/s |  22 kB     00:03     
warning: /var/cache/dnf/rhel-8-for-x86_64-appstream-beta-rpms-64aba9de5ea7e089/packages/python36-3.6.6-17.el8+2102+a4bbd900.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f21541eb: NOKEY
Red Hat Enterprise Linux 8 for x86_64 - AppStream Beta (RPMs)                                                         3.2 kB/s | 3.3 kB     00:01    
Importing GPG key 0xF21541EB:
 Userid     : "Red Hat, Inc. (beta key 2) <security@redhat.com>"
 Fingerprint: B08B 659E E86A F623 BC90 E8DB 938A 80CA F215 41EB
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
Is this ok [y/N]: y
...
Installed:
  python36-3.6.6-17.el8+2102+a4bbd900.x86_64                                                                                                          

Complete!

In order to use Python 3, just type python3 in the terminal.

You should have noted that to use Python 3, the command is python3 and python2 for Python 2. What if your applications are configured to refer to python which is not available system-wide. You will get the below bash error.

# python
-bash: python: command not found

You can use the alternatives mechanism to enable the unversioned python command system-wide, and set it to a specific version. To set Python 3 as default run the following command.



# alternatives --set python /usr/bin/python3

Running python -V should show default Python version configured:

#python -V
Python 3.6.6

or by starting Python a console:

# python
Python 3.6.6 (default, Oct 16 2018, 01:53:53) 
[GCC 8.2.1 20180905 (Red Hat 8.2.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> 

Set Password-less SSH

Create the user ansible on all hosts:

# useradd ansible ;  echo "" | passwd --stdin ansible

Make the necessary entry in sudoers file /etc/sudoersfor ansible user for password-less sudo access:

ansible ALL=(ALL) NOPASSWD: ALL

Now generate SSH key in Ansible Server:



$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa): 
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:wNt/uNePRkrV+Hhv/DJgteXK2BjOGvPbr9yNigXM2EM ansible@rhel8-ansible-server
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|     .           |
|      o   E    o |
|       + *    + o|
|      . S *  o * |
|         . += + +|
|          ==o@ +.|
|           OBoO+=|
|          +o++*BB|
+----[SHA256]-----+

Copy it to remote servers as ansible user:

$ ssh-copy-id ansible@rhel8-ansible-client
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub"
The authenticity of host 'rhel8-ansible-client (192.168.1.109)' can't be established.
ECDSA key fingerprint is SHA256:e+NfCeK/kvnignWDHgFvIkHjBWwghIIjJkfjygR7NkI.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ansible@rhel8-ansible-client's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'ansible@rhel8-ansible-client'"
and check to make sure that only the key(s) you wanted were added.


Install Ansible

Once the Python has been installed, proceed to install Pip which is a Python package manager we’ll use to install Ansible:

# yum -y install python3-pip
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Last metadata expiration check: 9:03:18 ago on Sun 03 Feb 2019 11:20:51 PM +04.
Package python3-pip-9.0.3-4.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!

Once we have pip3 installed, use it to get Ansible installed in the Ansible Management system as ansible user.

$ pip3 install ansible --user

You can see the Ansible installed using the following command:

$ ansible --version
ansible 2.7.6
  config file = None
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ansible/.local/lib/python3.6/site-packages/ansible
  executable location = /home/ansible/.local/bin/ansible
  python version = 3.6.6 (default, Oct 16 2018, 01:53:53) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)]

Testing and Managing

Create the Ansible inventory file, default is /etc/ansible/hosts but you can copy the hosts file in the home directory of the ansible user. You can also create a group of remote hosts like below in the hosts file.


[web]
192.168.1.105
[db]
192.168.1.107
[app]
192.168.1.108
192.168.1.109
192.168.1.110

You can use ping module to test Ansible and after successful run you can see the below output.

$ ansible -i hosts 192.168.1.109 -m ping
192.168.1.109 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}


The -i option is used to provide path to inventory file. You should get the same output for “app” group name.

$ ansible -i hosts app -m ping
192.168.1.108 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.1.109 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.1.110 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Conclusion

Ansible’s simplicity and ability to decrease the complexity of other tools has made it a reliable applicant for your environment. Its foremost concern is on security and reliability. It uses OpenSSH for transportation, and the language is designed around auditability by even those who are not familiar with the program. Ansible is suitable enough for managing both small setups with a handful of instances as well as the enterprise environments.