How to Install and Configure Ansible on Rocky/Alma Linux 8

Ansible is an open source IT automation engine that automates provisioning, configuration management, application deployment, orchestration, and many other IT processes. It enables infrastructure as code. Ansible automates and simplifies repetitive, complex, and tedious operations. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows.

Ansible itself is written in Python and has a fairly minimal learning curve. Ansible follows a simple setup procedure and does not depend on any additional software, servers or client daemons. It manages nodes over SSH and is parallel by default.

In this guide, we are going to learn how to Install and Configure Ansible on Rocky Linux/CentOS 8.

Ensure that the OS packages are up to date

Before proceeding, it is always recommended to have the system and the installed packages updated.

Use this command to ensure that the system packages are up to date:

1
sudo dnf -y update

Installing Python on Rocky Linux/Centos 8 Server

Ansible is written in Python. Since python programs are interpreted, they always need the python runtime available for them to run. Ansible is not an exception, we need Python to exist for us to run Ansible. Ansible works for both Python 2 and Python 3.

Use this to install python3 on the server:

1
sudo dnf install -y python3

Pip is a package manager for Python. We can use pip to manage python python packages and their dependencies. We will also need pip to Install ansible. Use these commands to install pip:

1
sudo dnf -y install python3-pip

It is also recommended to have the latest version of pip installed. Use this command to upgrade pip

1
sudo pip3 install --upgrade pip

Installing Ansible

There are two ways we can use to install Ansible in our system.

Install ansible Using EPEL repo

Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux. Add EPEL repository to your Rocky Linux/Centos 8 system using this command:

1
sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

We can then install ansible that is provided in the EPEL repo using this command:

1
sudo dnf install ansible

Check the version of Ansible installed on your system using this command:

1
2
3
4
5
6
7
8
$ ansible --version

ansible 2.9.25
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/rocky/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Sep 21 2021, 18:40:00) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]

Install ansible using pip

Pip can be used to install ansible on our system.

1
pip3 install ansible --user

Since I already installed ansible in my case, I get this

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
$ pip3 install ansible --user

Requirement already satisfied: ansible in /usr/lib/python3.6/site-packages (2.9.25)
Requirement already satisfied: jinja2 in /usr/lib/python3.6/site-packages (from ansible) (2.10.1)
Requirement already satisfied: PyYAML in /usr/lib64/python3.6/site-packages (from ansible) (3.12)
Requirement already satisfied: cryptography in /usr/lib64/python3.6/site-packages (from ansible) (3.2.1)
Requirement already satisfied: six>=1.4.1 in /usr/lib/python3.6/site-packages (from cryptography->ansible) (1.11.0)
Requirement already satisfied: cffi!=1.11.3,>=1.8 in /usr/lib64/python3.6/site-packages (from cryptography->ansible) (1.11.5)
Requirement already satisfied: MarkupSafe>=0.23 in /usr/lib64/python3.6/site-packages (from jinja2->ansible) (0.23)
Requirement already satisfied: pycparser in /usr/lib/python3.6/site-packages (from cffi!=1.11.3,>=1.8->cryptography->ansible) (2.14)

Testing Ansible installation

Ansible uses ssh to connect and execute commands on the remote server. So for Ansible to work, we need to ensure that we can connect to the remote server using ssh.

To perform password less ssh to the remote server, use this command to generate ssh key:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/rocky/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/rocky/.ssh/id_rsa.
Your public key has been saved in /home/rocky/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vRdPlegZg17H4aMt30jQsiTYe0Jnh0zErhnSnuUQj3g rocky@ip-10-2-40-54.us-west-2.compute.internal
The key's randomart image is:
+---[RSA 3072]----+
|           oo  . |
|         o.ooo+ o|
|        .o+*O=o*.|
|        ooE**=B..|
|        S++X+=o. |
|          =+.=o..|
|          . . o..|
|           .     |
|                 |
+----[SHA256]-----+

The copy the id to the remote server:

1
ssh-copy-id fedora@10.2.40.182

Now create an inventory file:

1
sudp vim hosts

With this content:

1
10.2.40.182 ansible_ssh_user=fedora

Use ping module to test ansible:

1
2
3
4
5
6
7
8
9
$ ansible  -i hosts 10.2.40.182 -m ping

10.2.40.182 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

For commands that need sudo, pass the option --ask-become-pass. This will ask for privilege escalation password. This may require installation of the sshpass program.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
$ ansible  -i hosts 10.2.40.182 -m command -a "sudo yum install vim"  --ask-become-pass

BECOME password:
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo

10.2.40.182 | CHANGED | rc=0 >>
Last metadata expiration check: 0:23:39 ago on Wed 03 Nov 2021 08:35:14 PM UTC.
Package vim-enhanced-2:8.2.3512-1.fc34.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

Conclusion

We have managed to install Ansible and test connection to a remote server in this guide.