This tutorial covers step by step installation and configuration of Ansible on Redhat Enterprise Linux 8.
Ansible is the leading Open Source configuration management system. It makes it easy for administrators and operations teams to control thousands of servers from central machine without installing agents on them.
In this tutorial you will learn:
- Ansible Overview
- Install and Configure Python
- Set Password-less SSH
- Install Ansible
- Testing and Managing the Ansible
Software Requirements and Conventions Used
Category | Requirements, Conventions or Software Version Used |
---|---|
System | Red Hat Enterprise Linux 8 |
Software | Python3, Ansible |
Other | Privileged access to your Linux system as root or via the sudo command. |
Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Ansible Overview
Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.
Designed for multi-tier deployments since day one, Ansible models your IT infrastructure by describing how all of your systems inter-relate, rather than just managing one system at a time.
It uses no agents and no additional custom security infrastructure, so it’s easy to deploy – and most importantly, it uses a very simple language (YAML, in the form of Ansible Playbooks) that allow you to describe your automation jobs in a way that approaches plain English. Ansible works by connecting to your nodes and pushing out small programs, called “Ansible modules” to them.
These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default), and removes them when finished.
Your library of modules can reside on any machine, and there are no servers, daemons, or databases required. Typically you’ll work with your favorite terminal program, a text editor, and probably a version control system to keep track of changes to your content.
Install and Configure Python
The default version of Python in RHEL 8 is Python 3.6. But Python 2 remains available in RHEL 8. If for any reason Python 3.6 is missing in the Red Hat Enterprise Linux 8 installation, you’ll need to install it manually.
Python 3.6 can be installed on RHEL 8 by running the command below on your terminal. Python need to be installed on both the Ansible Server and all the hosts/clients where it will connect.
# yum install python3 Updating Subscription Management repositories. Updating Subscription Management repositories. Last metadata expiration check: 8:59:59 ago on Sun 03 Feb 2019 11:20:51 PM +04. Dependencies resolved. ====================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================== Installing: python36 x86_64 3.6.6-17.el8+2102+a4bbd900 rhel-8-for-x86_64-appstream-beta-rpms 22 k Enabling module streams: python36 3.6 Transaction Summary ====================================================================================================================================================== Install 1 Package Total download size: 22 k Installed size: 22 k Is this ok [y/N]: y Downloading Packages: python36-3.6.6-17.el8+2102+a4bbd900.x86_64.rpm 6.0 kB/s | 22 kB 00:03 ------------------------------------------------------------------------------------------------------------------------------------------------------ Total 6.0 kB/s | 22 kB 00:03 warning: /var/cache/dnf/rhel-8-for-x86_64-appstream-beta-rpms-64aba9de5ea7e089/packages/python36-3.6.6-17.el8+2102+a4bbd900.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f21541eb: NOKEY Red Hat Enterprise Linux 8 for x86_64 - AppStream Beta (RPMs) 3.2 kB/s | 3.3 kB 00:01 Importing GPG key 0xF21541EB: Userid : "Red Hat, Inc. (beta key 2) <security@redhat.com>" Fingerprint: B08B 659E E86A F623 BC90 E8DB 938A 80CA F215 41EB From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta Is this ok [y/N]: y ... Installed: python36-3.6.6-17.el8+2102+a4bbd900.x86_64 Complete!
In order to use Python 3, just type python3
in the terminal.
You should have noted that to use Python 3, the command is python3 and python2 for Python 2. What if your applications are configured to refer to python which is not available system-wide. You will get the below bash error.
# python -bash: python: command not found
You can use the alternatives mechanism to enable the unversioned python command system-wide, and set it to a specific version. To set Python 3 as default run the following command.
# alternatives --set python /usr/bin/python3
Running python -V should show default Python version configured:
#python -V Python 3.6.6
or by starting Python a console:
# python Python 3.6.6 (default, Oct 16 2018, 01:53:53) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)] on linux Type "help", "copyright", "credits" or "license" for more information. >>>
Set Password-less SSH
Create the user ansible
on all hosts:
# useradd ansible ; echo "" | passwd --stdin ansible
Make the necessary entry in sudoers file /etc/sudoers
for ansible user for password-less sudo access:
ansible ALL=(ALL) NOPASSWD: ALL
Now generate SSH key in Ansible Server:
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/ansible/.ssh/id_rsa): Created directory '/home/ansible/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ansible/.ssh/id_rsa. Your public key has been saved in /home/ansible/.ssh/id_rsa.pub. The key fingerprint is: SHA256:wNt/uNePRkrV+Hhv/DJgteXK2BjOGvPbr9yNigXM2EM ansible@rhel8-ansible-server The key's randomart image is: +---[RSA 2048]----+ | | | . | | o E o | | + * + o| | . S * o * | | . += + +| | ==o@ +.| | OBoO+=| | +o++*BB| +----[SHA256]-----+
Copy it to remote servers as ansible user:
$ ssh-copy-id ansible@rhel8-ansible-client /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub" The authenticity of host 'rhel8-ansible-client (192.168.1.109)' can't be established. ECDSA key fingerprint is SHA256:e+NfCeK/kvnignWDHgFvIkHjBWwghIIjJkfjygR7NkI. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys ansible@rhel8-ansible-client's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'ansible@rhel8-ansible-client'" and check to make sure that only the key(s) you wanted were added.
Install Ansible
Once the Python has been installed, proceed to install Pip which is a Python package manager we’ll use to install Ansible:
# yum -y install python3-pip Updating Subscription Management repositories. Updating Subscription Management repositories. Last metadata expiration check: 9:03:18 ago on Sun 03 Feb 2019 11:20:51 PM +04. Package python3-pip-9.0.3-4.el8.noarch is already installed. Dependencies resolved. Nothing to do. Complete!
Once we have pip3
installed, use it to get Ansible installed in the Ansible Management system as ansible user.
$ pip3 install ansible --user
You can see the Ansible installed using the following command:
$ ansible --version ansible 2.7.6 config file = None configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/ansible/.local/lib/python3.6/site-packages/ansible executable location = /home/ansible/.local/bin/ansible python version = 3.6.6 (default, Oct 16 2018, 01:53:53) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)]
Testing and Managing
Create the Ansible inventory file, default is /etc/ansible/hosts
but you can copy the hosts file in the home directory of the ansible user. You can also create a group of remote hosts like below in the hosts file.
[web]
192.168.1.105
[db]
192.168.1.107
[app]
192.168.1.108
192.168.1.109
192.168.1.110
You can use ping module to test Ansible and after successful run you can see the below output.
$ ansible -i hosts 192.168.1.109 -m ping 192.168.1.109 | SUCCESS => { "changed": false, "ping": "pong" }
The -i option is used to provide path to inventory file. You should get the same output for “app” group name.
$ ansible -i hosts app -m ping 192.168.1.108 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.1.109 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.1.110 | SUCCESS => { "changed": false, "ping": "pong" }
Conclusion
Ansible’s simplicity and ability to decrease the complexity of other tools has made it a reliable applicant for your environment. Its foremost concern is on security and reliability. It uses OpenSSH for transportation, and the language is designed around auditability by even those who are not familiar with the program. Ansible is suitable enough for managing both small setups with a handful of instances as well as the enterprise environments.