Linux Automation

How to Install and Configure Ansible on Rocky Linux and AlmaLinux 8 (Step-by-Step)

Install and configure Ansible on Rocky Linux 8 or AlmaLinux 8 (and CentOS 8). Use EPEL or pip, install Python 3, create an inventory, and test connectivity with the ping module and privilege escalation.

Ansible is an open-source automation engine for provisioning, configuration management, application deployment, and orchestration. It uses YAML playbooks and runs over SSH鈥攏o agents on target hosts. Ansible is written in Python, uses a simple push-based model, and works on Linux, macOS, and Windows (with the right setup). In this guide you install and configure Ansible on Rocky Linux 8, AlmaLinux 8, or CentOS 8, then test connectivity to a remote host.

In this guide you’ll:

  • Update the system and install Python 3 (and optionally pip)
  • Install Ansible from the EPEL repository (recommended) or via pip
  • Generate an SSH key and use ssh-copy-id for passwordless access to a target host
  • Create an inventory file and run the ping module, then run a command with privilege escalation (--ask-become-pass)

Related: Ansible on Rocky Linux/AlmaLinux 9Python 2 and 3 on Rocky Linux/CentOS 8Python on Fedora 35Ansible on Fedora 35

Prerequisites

  • A machine running Rocky Linux 8, AlmaLinux 8, or CentOS 8 (control node).
  • Root or sudo access.
  • Internet access to install packages and EPEL.
  • A remote host (Linux) reachable by SSH for testing (optional but recommended).
  • Basic familiarity with the Linux terminal and SSH.

Table of contents

  1. Ensure the system is up to date
  2. Install Python 3 (and pip)
  3. Install Ansible
  4. Test the Ansible installation

1. Ensure the system is up to date

Update installed packages:

1

sudo dnf -y update

2. Install Python 3 (and pip)

Ansible requires Python 3 (or Python 2 on older setups; Python 2 is end-of-life, so use Python 3). Rocky Linux 8 and AlmaLinux 8 ship with Python 3. Install it and pip (needed if you install Ansible via pip later):

1

sudo dnf install -y python3 python3-pip

Optional: upgrade pip for the current user only (avoids affecting system Python): python3 -m pip install --user --upgrade pip. Using sudo pip3 install --upgrade pip can interfere with system-managed packages.

3. Install Ansible

You can install Ansible from the EPEL repository (simplest) or with pip.

EPEL (Extra Packages for Enterprise Linux) provides additional packages for RHEL-based systems. Enable EPEL, then install Ansible:

1
2

sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf install -y ansible

Verify the installation:

1
2
3
4
5
6
7
8

$ ansible --version

ansible 2.9.25
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/rocky/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 ...

EPEL typically provides Ansible 2.9.x. For a newer ansible-core (Ansible 2.14+), you can use the official Ansible repository or pip.

Option B: Install Ansible with pip

To install the latest Ansible for the current user:

1

python3 -m pip install ansible --user

Ensure ~/.local/bin is in your PATH so the ansible command is found. Alternatively, use a virtual environment to isolate the install.

4. Test the Ansible installation

Ansible connects to hosts over SSH. For a smooth experience, set up passwordless SSH from the control node to the target host.

Generate an SSH key and copy it to the remote host

Generate a key (accept defaults or set a passphrase):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/rocky/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/rocky/.ssh/id_rsa.
Your public key has been saved in /home/rocky/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vRdPlegZg17H4aMt30jQsiTYe0Jnh0zErhnSnuUQj3g [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|           oo  . |
|         o.ooo+ o|
|        .o+*O=o*.|
|        ooE**=B..|
|        S++X+=o. |
|          =+.=o..|
|          . . o..|
|           .     |
|                 |
+----[SHA256]-----+

Copy your public key to the remote host (replace user and IP with yours):

1

ssh-copy-id [email protected]

Create an inventory file and run the ping module

Create a simple inventory file (e.g. hosts) listing the target host and the SSH user:

1

sudo vim hosts

Or use a path in your project directory and reference it with -i hosts. Example content (use ansible_user on newer Ansible; ansible_ssh_user is deprecated but still works):

1

10.2.40.182 ansible_user=fedora

Test connectivity with the ping module:

1
2
3
4
5
6
7
8
9

$ ansible  -i hosts 10.2.40.182 -m ping

10.2.40.182 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

SUCCESS and "ping": "pong" mean Ansible can reach the host.

Run a command with privilege escalation (sudo)

For tasks that need root on the remote host, use become (e.g. sudo). The --ask-become-pass option prompts for the remote user’s sudo password:

1

ansible -i hosts 10.2.40.182 -m command -a "yum install -y vim" -b --ask-become-pass

The -b flag enables privilege escalation (equivalent to become: yes in a playbook). Ansible may warn that you should use become, become_method, and become_user in playbooks instead of running sudo inside the command; for ad-hoc commands, -b --ask-become-pass is fine. If you use a password and don’t have sshpass installed, Ansible will prompt for the SSH password as well unless you use SSH keys.

Example output (target may already have the package):

1
2
3
4

BECOME password:
10.2.40.182 | CHANGED | rc=0 >>
...
Complete!

Frequently Asked Questions (FAQ)

What is Ansible?

Ansible is an automation tool that configures systems, deploys software, and orchestrates tasks using YAML playbooks. It connects to hosts over SSH (or WinRM on Windows) and does not require an agent on target machines.

Do I need Python on the control node only or on the targets too?

The control node (where you run ansible) needs Python and Ansible. Managed hosts (Linux) need Python 2.6+ or 3.5+ so Ansible can run modules there. Most current Linux distros already have Python 3 installed.

What is the difference between EPEL and pip for installing Ansible?

EPEL gives you a stable, distro-packaged version (often Ansible 2.9.x) that is easy to upgrade with dnf. pip lets you install a specific or newer version (e.g. ansible-core 2.14+) for the current user or in a virtual environment.

How do I specify the SSH user for a host in the inventory?

Use ansible_user=username (or the deprecated ansible_ssh_user=username) in the inventory next to the host, or set remote_user in a playbook. For privilege escalation, use ansible_become=true, ansible_become_method=sudo, and optionally ansible_become_pass (or prompt with --ask-become-pass).

Conclusion

You installed Ansible on Rocky Linux 8, AlmaLinux 8, or CentOS 8 using EPEL or pip, set up SSH key-based access to a remote host, created an inventory file, and tested connectivity with the ping module and a command using become (-b --ask-become-pass). For the same steps on Rocky Linux 9 / AlmaLinux 9, see How to Install and Configure Ansible on Rocky/Alma Linux 9. For configuration management with Puppet, see Puppet 7 on Rocky Linux/CentOS 8.

comments powered by Disqus
© 2020 - 2026 Citizix, Ltd.
Citizix Ltd
Built with Hugo
Theme Stack designed by Jimmy