How to install Ansible on RHEL8 / CentOS8
In this article I am explaining Step-by-Step tutorial to install Ansible on RHEL/CentOS 8 Linux environment. We will setup a five-node environment with one controller node and two managed nodes. But before we start with the steps to install Ansible on RHEL8 or CentOS8, let us understand what is Ansible and how it works.
ANSIBLE
Ansible is the leading Open Source configuration
management system. It makes it easy for administrators and operations teams to
control thousands of servers from central machine without installing agents on
them.
Ansible is the simplest to use and manage when compared to other configuration management systems such as Puppet, Chef and Salt. It is easy to install, learn, and use. The only dependency required on the remote server is SSH service and Python.
Ansible is the simplest to use and manage when compared to other configuration management systems such as Puppet, Chef and Salt. It is easy to install, learn, and use. The only dependency required on the remote server is SSH service and Python.
Advantages of Ansible
- Free: Ansible is an open-source tool.
- Very simple to set up and use: No special coding skills are necessary to use Ansible’s playbooks (more on playbooks later).
- Powerful: Ansible lets you model even highly complex IT workflows.
- Flexible: You can orchestrate the entire application environment no matter where it’s deployed. You can also customize it based on your needs.
- Agentless: You don’t need to install any other software or firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure.
- Efficient: Because you don’t need to install any extra software, there’s more room for application resources on your server.
Update
/etc/hosts file with the hostname and IP details of your controller and managed
hosts in your setup.
I will share the steps to install Ansible on both RHEL8 and CentOS 8 using different methods:
Method1: Install Ansible on Red Hat Enterprise Linux 8
Register
your system to Red Hat Subscription Manager.
[redaix@controller ~]$ sudo subscription-manager register
Set a role for your system.
[redaix@controller ~]$ sudo subscription-manager role --set="Red Hat Enterprise Linux Server"
Attach your Red Hat Ansible Engine subscription. This command helps you find your Red
Hat Ansible Engine subscription:
[redaix@controller ~]$ sudo subscription-manager list –available
Use the pool ID of the subscription to attach the pool to the system.
[redaix@controller ~]$ sudo subscription-manager attach --pool=8a85f98d6XX60ce6016eXXXX1e6a41d1
Enable the Red Hat Ansible Engine repository.
[redaix@controller ~]$ sudo subscription-manager repos --enable ansible-2-for-rhel-8-x86_64-rpms
Install Red Hat Ansible Engine.
[redaix@controller ~]$ sudo yum install ansible
Check the version of Ansible installed on your RHEL 8 system.
Method2: Install Ansible using EPEL repo on CentOS 8
In
this method first manually Install EPEL repo on CentOS 8 Linux Machine
[root@redaix ~]# dnf -y install epel-release
Now once epel repo is installed you can search for ansible package
In the next method for CentOS8 / RHEL8 install
ansbile you can also use pip. To install ansible via pip install the below rpms
on your controller node:
[root@redaix
~]# dnf install python3 python3-pip -y
Note:
Step 3: Create normal user
Create normal user on all the servers managed
servers and controller server
In this article I am creating “redaix” user in controller node and managed nodes
Step 4: Create and distribute SSH keys to managed nodes
Now we must enable password less login
between our controller node and all the managed hosts. So, we can configure passphrase-based
login using ssh-keygenLogin or switch user to “redaix” and
execute ssh-keygen in the below format.
[redaix@controller ~]$ ssh-copy-id servera
Repeat the same procedure for other
managed nodes.
[redaix@controller
~]$ ssh servera date
So, we were able to connect to our servera
managed host without any password here.
Step 5: Configure privilege escalation using sudo
Since our redaix user would need
privilege escalation we will create a new rule for redaix user using a
new file under /etc/sudoers.d
[root@controller ~]# echo "redaix ALL=(ALL)
NOPASSWD: ALL" >> /etc/sudoers.d/redaix
Method2: Install Ansible using EPEL repo on CentOS 8
In
this method first manually Install EPEL repo on CentOS 8 Linux Machine[root@redaix ~]# dnf -y install epel-release
Now once epel repo is installed you can search for ansible package
So, you can now install ansible.noarch rpm on the
controller node using dnf or yum
[root@redaix
~]# dnf install -y ansible.noarch
Method 3: Install Ansible using pip on CentOS8 / RHEL8
Next install ansible using pip3 as a
normal user “redaix”
Note:
·
For python2, use : [redaix@redaix
~]$ pip2 install ansible --user
·
For python3, use : [redaix@redaix
~]$ pip3 install ansible –users
In this article I am creating “redaix” user in controller node and managed nodes
Step 4: Create and distribute SSH keys to managed nodes
This will create public and private key
pair in the home directory under ~/.ssh/. Now since we have a public and
private key pair, copy public key to target managed server. We use ssh-copy-id as
it saves time and performs all the tasks required to enable passphrase-based
login.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be
installed: "/home/redaix/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in
with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be
installed -- if you are prompted now it is to install the new keys
redaix@servera's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'servera'"
and check to make sure that only the key(s) you
wanted were added.
Verify password less SSH authentication
The ssh-copy-id command will copy the public key we just created to servera and serverb and append the content of the key to ansible user’s authorized_keys file under ~/.ssh.
You can perform a ssh to managed host to make
sure you can connect to the server without giving any password or passphrase.
Fri Apr
24 07:30:56 IST 2020
[root@controller ~]# cat /etc/sudoers.d/redaix
redaix ALL=(ALL) NOPASSWD: ALL
Add the
same rule on all your managed hosts
[root@servera ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix
[root@serverb ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix[root@serverc ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix[root@serverd ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaixStep 6: Deploying or Configure Ansible
Building an Ansible
Inventory:
An inventory defines a collection of hosts
that Ansible will manage. These hosts can also be assigned to groups, which can
be managed collectively. Groups can contain child groups, and hosts can be
members of multiple groups. The inventory can also set variables that apply to
the hosts and groups that it defines.
Managing Ansible Configuration file
We will create an ansible.cfg, In
this we identify how to connect remote hosts.
To list the matching hosts using our inventory file use below command.
You can use ping module to test Ansible
and after successful run you can see the below output.
Step 7: Running ad-hoc commands
Ad hoc commands in Ansible are used to
perform tasks or operations that are needed on an ad hoc basis, or only once,
based upon the requirement.
Congratulations...!! you have successfully installed Ansible, please comment below if you have any questions and quaries....!!!
You can view video here and subscribe to my channel.
https://youtu.be/Jv8qmxyvyZY
Nice ! ! A+ worked for me !
ReplyDeleteGreat!
DeleteGood !
ReplyDeleteThank you!
DeleteGreat
ReplyDelete