How to install Ansible on RHEL8 / CentOS8



In this article I am explaining Step-by-Step tutorial to install Ansible on RHEL/CentOS 8 Linux environment. We will setup a five-node environment with one controller node and two managed nodes. But before we start with the steps to install Ansible on RHEL8 or CentOS8, let us understand what is Ansible and how it works.

ANSIBLE

Ansible is the leading Open Source configuration management system. It makes it easy for administrators and operations teams to control thousands of servers from central machine without installing agents on them.

Ansible is the simplest to use and manage when compared to other configuration management systems such as Puppet, Chef and Salt. It is easy to install, learn, and use. The only dependency required on the remote server is SSH service and Python.

Advantages of Ansible

  • Free: Ansible is an open-source tool.
  • Very simple to set up and use: No special coding skills are necessary to use Ansible’s playbooks (more on playbooks later).
  • Powerful: Ansible lets you model even highly complex IT workflows. 
  • Flexible: You can orchestrate the entire application environment no matter where it’s deployed. You can also customize it based on your needs.
  • Agentless: You don’t need to install any other software or firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure.
  • Efficient: Because you don’t need to install any extra software, there’s more room for application resources on your server.
Step 1: update /etc/hosts file
Update /etc/hosts file with the hostname and IP details of your controller and managed hosts in your setup.
ansible host file

Step 2: Install Ansible on RHEL8 & CentOS
I will share the steps to install Ansible on both RHEL8 and CentOS 8 using different methods:

Method1: Install Ansible on Red Hat Enterprise Linux 8

















Register your system to Red Hat Subscription Manager.
[redaix@controller ~]$ sudo subscription-manager register
Set a role for your system.
[redaix@controller ~]$ sudo subscription-manager role --set="Red Hat Enterprise Linux Server"
Attach your Red Hat Ansible Engine subscription. This command helps you find your Red
Hat Ansible Engine subscription:
[redaix@controller ~]$ sudo subscription-manager list –available
Use the pool ID of the subscription to attach the pool to the system.
[redaix@controller ~]$ sudo subscription-manager attach --pool=8a85f98d6XX60ce6016eXXXX1e6a41d1
Enable the Red Hat Ansible Engine repository.
[redaix@controller ~]$ sudo subscription-manager repos --enable ansible-2-for-rhel-8-x86_64-rpms
Install Red Hat Ansible Engine.
[redaix@controller ~]$ sudo yum install ansible

Check the version of Ansible installed on your RHEL 8 system.
ansible version

Method2: Install Ansible using EPEL repo on CentOS 8

In this method first manually Install EPEL repo on CentOS 8 Linux Machine
[root@redaix ~]# dnf -y install epel-release

Now once epel repo is installed you can search for ansible package
ansible search in repo

So, you can now install ansible.noarch rpm on the controller node using dnf or yum

[root@redaix ~]# dnf install -y ansible.noarch

Method 3: Install Ansible using pip on CentOS8 / RHEL8

In the next method for CentOS8 / RHEL8 install ansbile you can also use pip. To install ansible via pip install the below rpms on your controller node:

[root@redaix ~]# dnf install python3 python3-pip -y

Next install ansible using pip3 as a normal user “redaix”

ansible install with pip tool

Note:

·       For python2, use : [redaix@redaix ~]$ pip2 install ansible --user
·       For python3, use : [redaix@redaix ~]$ pip3 install ansible –users

 Step 3: Create normal user

Create normal user on all the servers managed servers and controller server
In this article I am creating “redaix” user in controller node and managed nodes
Step 4: Create and distribute SSH keys to managed nodes

Now we must enable password less login between our controller node and all the managed hosts. So, we can configure passphrase-based login using ssh-keygenLogin or switch user to “redaix” and execute ssh-keygen in the below format.

ssh key generation

This will create public and private key pair in the home directory under ~/.ssh/. Now since we have a public and private key pair, copy public key to target managed server. We use ssh-copy-id as it saves time and performs all the tasks required to enable passphrase-based login.

[redaix@controller ~]$ ssh-copy-id servera

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/redaix/.ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
redaix@servera's password:
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'servera'"
and check to make sure that only the key(s) you wanted were added.

Repeat the same procedure for other managed nodes.

Verify password less SSH authentication

The ssh-copy-id command will copy the public key we just created to servera and serverb and append the content of the key to ansible user’s authorized_keys file under ~/.ssh.
You can perform a ssh to managed host to make sure you can connect to the server without giving any password or passphrase.

[redaix@controller ~]$ ssh servera date
Fri Apr 24 07:30:56 IST 2020

So, we were able to connect to our servera managed host without any password here.
Step 5: Configure privilege escalation using sudo
Since our redaix user would need privilege escalation we will create a new rule for redaix user using a new file under /etc/sudoers.d
[root@controller ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix
[root@controller ~]# cat /etc/sudoers.d/redaix
redaix ALL=(ALL) NOPASSWD: ALL

Add the same rule on all your managed hosts
[root@servera ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix
[root@serverb ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix
[root@serverc ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix
[root@serverd ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix
Step 6: Deploying or Configure Ansible
Building an Ansible Inventory:
An inventory defines a collection of hosts that Ansible will manage. These hosts can also be assigned to groups, which can be managed collectively. Groups can contain child groups, and hosts can be members of multiple groups. The inventory can also set variables that apply to the hosts and groups that it defines.

Inventory image

Managing Ansible Configuration file

We will create an ansible.cfg, In this we identify how to connect remote hosts.


To list the matching hosts using our inventory file use below command.


You can use ping module to test Ansible and after successful run you can see the below output.


Step 7: Running ad-hoc commands

Ad hoc commands in Ansible are used to perform tasks or operations that are needed on an ad hoc basis, or only once, based upon the requirement.

Congratulations...!! you have successfully installed Ansible, please comment below if you have any questions and quaries....!!!

You can view video here and subscribe to my channel.
https://youtu.be/Jv8qmxyvyZY




Comments

Post a Comment

Popular posts from this blog

How to Install and Configure Kubernetes Cluster and Docker on CentOS8/RHEL8

How to install Ansible Tower on Red Hat / CentOS