Thsi post will guide you how to install and configure Ansible Configuration Management system to control many different systems in an automated from one central system under CentOS or RHEL or Fedora Linux system. How do I install Ansible tool on CentOS 8 Linux system.
- What is Ansible?
- Step1: Installing Ansible Tool on Control System
- Step2: Configuring SSH Access to Client Hosts
- Step3: Creating Inventory File to Set Up Ansible Hosts
- Step4: Using Ansible Commands
- Step5: Creating Ansible Playbook to Manage Ansible Hosts
What is Ansible?
Ansible is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
Ansible is an open-source software provisioning, configuration management, and application-deployment tool. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows. It includes its own declarative language to describe system configuration.
Ansible is an extra-simple tool/framework/API for doing ‘remote things’. this command allows you to define and run a single task ‘playbook’ against a set of hosts.
Step1: Installing Ansible Tool on Control System
To Install Ansible Tool on your Control system, you just need to run the following command:
For Fedora Linux:
$ sudo dnf install ansible
For CentOS/RHEL 6/7 Linux:
$ sudo yum install ansible
Outputs:
[root@localhost yum.repos.d]# yum install ansible
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* centos-sclo-rh: mirrors.aliyun.com
* centos-sclo-sclo: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.8.4-1.el7 will be installed
--> Processing Dependency: python-httplib2 for package: ansible-2.8.4-1.el7.noarch
--> Processing Dependency: python-jinja2 for package: ansible-2.8.4-1.el7.noarch
--> Processing Dependency: python-paramiko for package: ansible-2.8.4-1.el7.noarch
--> Processing Dependency: python2-jmespath for package: ansible-2.8.4-1.el7.noarch
--> Processing Dependency: sshpass for package: ansible-2.8.4-1.el7.noarch
--> Running transaction check
---> Package python-httplib2.noarch 0:0.9.2-1.el7 will be installed
---> Package python-jinja2.noarch 0:2.7.2-4.el7 will be installed
--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-4.el7.noarch
--> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-4.el7.noarch
---> Package python-paramiko.noarch 0:2.1.1-9.el7 will be installed
---> Package python2-jmespath.noarch 0:0.9.0-3.el7 will be installed
---> Package sshpass.x86_64 0:1.06-2.el7 will be installed
--> Running transaction check
---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed
---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================
Installing:
ansible noarch 2.8.4-1.el7 epel 15 M
Installing for dependencies:
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-httplib2 noarch 0.9.2-1.el7 extras 115 k
python-jinja2 noarch 2.7.2-4.el7 base 519 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
python-paramiko noarch 2.1.1-9.el7 base 269 k
python2-jmespath noarch 0.9.0-3.el7 extras 39 k
sshpass x86_64 1.06-2.el7 extras 21 k
Transaction Summary
=================================================================================================================================================
Install 1 Package (+7 Dependent packages)
Total download size: 17 M
Installed size: 94 M
Is this ok [y/d/N]: y
For CentOS 8 Linux:
As PRMs for CentOS 8 is not available from the latest EPEL 8 , you can not run yum or dnf command directly to install it from the command line. And you can use pip3 tool which is a Python package Manager used to install Ansible on your CentOS 8 Linux. just run the following commands:
$ sudo dnf install python3-pip $ sudo pip3 install --upgrade pip $ sudo pip3 install ansible --user
Outputs:
[root@mydevops devops]# dnf install python3-pip
Last metadata expiration check: 0:05:02 ago on Wed 25 Sep 2019 02:58:18 AM EDT.
Package python3-pip-9.0.3-13.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@mydevops devops]# pip3 install --upgrade pip WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead. Collecting pip Downloading https://files.pythonhosted.org/packages/30/db/9e38760b32e3e7f40cce46dd5fb107b8c73840df38f0046d8e6514e675a1/pip-19.2.3-py2.py3-none-any.whl (1.4MB) 100% |████████████████████████████████| 1.4MB 401kB/s Installing collected packages: pip Successfully installed pip-19.2.3 [devops@mydevops ~]$ pip3 install ansible --user Collecting ansible Downloading https://files.pythonhosted.org/packages/04/25/48fee5f8048360d9375e01846fcf395dda58242ed1f25a2106b6794452eb/ansible-2.8.5.tar.gz (14.4MB) |████████████████████████████████| 14.4MB 771kB/s Collecting jinja2 (from ansible) Downloading https://files.pythonhosted.org/packages/1d/e7/fd8b501e7a6dfe492a433deb7b9d833d39ca74916fa8bc63dd1a4947a671/Jinja2-2.10.1-py2.py3-none-any.whl (124kB) |████████████████████████████████| 133kB 625kB/s Requirement already satisfied: PyYAML in /usr/lib64/python3.6/site-packages (from ansible) (3.12) Requirement already satisfied: cryptography in /usr/lib64/python3.6/site-packages (from ansible) (2.3) Collecting MarkupSafe>=0.23 (from jinja2->ansible) Downloading https://files.pythonhosted.org/packages/b2/5f/23e0023be6bb885d00ffbefad2942bc51a620328ee910f64abe5a8d18dd1/MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl Requirement already satisfied: idna>=2.1 in /usr/lib/python3.6/site-packages (from cryptography->ansible) (2.5) Requirement already satisfied: asn1crypto>=0.21.0 in /usr/lib/python3.6/site-packages (from cryptography->ansible) (0.24.0) Requirement already satisfied: six>=1.4.1 in /usr/lib/python3.6/site-packages (from cryptography->ansible) (1.11.0) Requirement already satisfied: cffi!=1.11.3,>=1.7 in /usr/lib64/python3.6/site-packages (from cryptography->ansible) (1.11.5) Requirement already satisfied: pycparser in /usr/lib/python3.6/site-packages (from cffi!=1.11.3,>=1.7->cryptography->ansible) (2.14) Installing collected packages: MarkupSafe, jinja2, ansible Running setup.py install for ansible ... done Successfully installed MarkupSafe-1.1.1 ansible-2.8.5 jinja2-2.10.1
Once Ansible Package is installed on your system, and you can verify the installation by running the following command:
$ ansible --version
outputs:
[devops@mydevops ~]$ ansible --version
ansible 2.8.5
config file = None
configured module search path = ['/home/devops/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/devops/.local/lib/python3.6/site-packages/ansible
executable location = /home/devops/.local/bin/ansible
python version = 3.6.8 (default, May 21 2019, 23:51:36) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)]
If you are using RHEL 7 or RHEL 8 Linux, and you can also enable the Ansible Engine repository for RHEL 8 or RHEL 7, just run the following command:
On RHEL 7:
$ sudo subscription-manager repos --enable rhel-7-server-ansible-2.8-rpms
On RHEL 8:
$ sudo subscription-manager repos --enable ansible-2.8-for-rhel-8-x86_64-rpms
Step2: Configuring SSH Access to Client Hosts
As Ansible communicates with client hosts through SSH, and you need to prepare SSH keys to all remote client hosts. Firstly, you need to generate ssh keys using the ssh-keygen command, then copy it to the remote ansible hosts. type:
$ ssh-keygen
or
$ ssh-keygen -t rsa -b 4096 -C "devops@192.168.3.58"
Outputs:
[devops@mydevops ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/devops/.ssh/id_rsa):
Created directory '/home/devops/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/devops/.ssh/id_rsa.
Your public key has been saved in /home/devops/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:6JNHVtSJ4AjoGmAabcg8JtRphd57HNvoUyV9WCpfsa4 devops@mydevops.com
The key's randomart image is:
+---[RSA 2048]----+
|++..=. ...o . |
|=*+= . o .. oo |
|*++ . . . o + o |
|o .. . o + = + |
| o + S = + |
|. o O o . . |
| * o . |
| = E |
| . |
+----[SHA256]-----+
Then you need to copy rsa ssh key to all remote host (client host: 192.168.3.43) by using ssh-copy-id command, type:
$ ssh-copy-id devops@192.168.3.43
Outputs:
[devops@mydevops ~]$ ssh-copy-id devops@192.168.3.43
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/devops/.ssh/id_rsa.pub"
The authenticity of host '192.168.3.43 (192.168.3.43)' can't be established.
ECDSA key fingerprint is SHA256:aHoVI48KN7LgRTWlesTASZ69+x2UyBL1bEZ/Tr04ECo.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
devops@192.168.3.43's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'devops@192.168.3.43'"
and check to make sure that only the key(s) you wanted were added.
After SSH key is copied to remote host, and you can try to perform a ssh connection to remote host, you should find that you do no need to enter password for authentication.
[devops@mydevops ~]$ ssh devops@192.168.3.43 Last login: Wed Sep 25 14:36:41 2019 from 192.168.3.54
Step3: Creating Inventory File to Set Up Ansible Hosts
If you have multiple Ansible hosts that need to be controled. and you can create an inventory file in your working directory with vi or vim text editor, type:
$ sudo vim hosts
then add the IP addresses of your all remote hosts to manage and add to Ansible inventory file.
$ echo "192.168.3.43" > hosts
Or you can also create a group of hosts like below:
[build] 192.168.3.43 [dev] 192.168.3.58 [it] 192.168.3.23 192.168.3.44
Step4: Using Ansible Commands
Now you can use ansible command to ping all of remote hosts from your control machine, type:
$ ansible -i hosts 192.168.3.43 -m ping
or
$ ansible -i hosts build -m ping
outputs:
[devops@mydevops ~]$ ansible -i hosts 192.168.3.43 -m ping 192.168.3.43 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [devops@mydevops ~]$ ansible -i hosts build -m ping 192.168.3.43 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
if you want to check kernel version for remote hosts, just running the following ansible command:
$ ansible -m command -a "uname -a " -i hosts build
Outputs:
[devops@mydevops ~]$ ansible -m command -a "uname -a " -i hosts build
192.168.3.43 | CHANGED | rc=0 >>
Linux localhost 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
You can type the following command to check the disk usage for remote hosts, type:
$ ansible -m command -a "df -h" -i hosts build
Outputs:
[devops@mydevops ~]$ ansible -m command -a "df -h" -i hosts build
192.168.3.43 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 37G 6.2G 31G 17% /
devtmpfs 479M 0 479M 0% /dev
tmpfs 496M 0 496M 0% /dev/shm
tmpfs 496M 7.7M 488M 2% /run
tmpfs 496M 0 496M 0% /sys/fs/cgroup
/dev/sda1 1014M 166M 849M 17% /boot
tmpfs 100M 40K 100M 1% /run/user/1000
tmpfs 100M 0 100M 0% /run/user/0
Step5: Creating Ansible Playbook to Manage Ansible Hosts
You can run Ansible playbooks to execute the defined tasks on the targetd hosts from your control machine. Playbooks are Ansible’s configuration, deployment, and orchestration language. They can describe a policy you want your remote systems to enforce, or a set of steps in a general IT process. Playbooks are expressed in YAML format and have a minimum of syntax, which intentionally tries to not be a programming language or script, but rather a model of a configuration or a process.
Let’s create a playbook file called mytask.yml using your vi or vim text editor, type:
$ sudo vim mytask.yml
Add the following lines into the file.
- hosts: build tasks: - name: copy file copy: src=/home/devops/testfile dest=/tmp/ owner=nobody group=nobody
Save and close the file.
[devops@mydevops ~]$ cat mytask.yml - hosts: build tasks: - name: copy file copy: src=/home/devops/testfile dest=/tmp/ owner=nobody group=nobody
Outputs:
[devops@mydevops ~]$ ansible-playbook mytask.yml -i hosts
PLAY [build] ******************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************
ok: [192.168.3.43]
TASK [copy file] **************************************************************************************************************************************************************
fatal: [192.168.3.43]: FAILED! => {"changed": false, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "gid": 1000, "group": "devops", "mode": "0664", "msg": "chown failed: [Errno 1] Operation not permitted: '/tmp/testfile'", "owner": "devops", "path": "/tmp/testfile", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 0, "state": "file", "uid": 1000}
PLAY RECAP ********************************************************************************************************************************************************************
192.168.3.43 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
[devops@mydevops ~]$
Then you can go to your remote host to verify if the file has been coped successfully.
[root@localhost yum.repos.d]# ifconfig enp0s3 | grep inet inet 192.168.3.43 netmask 255.255.255.0 broadcast 192.168.3.255 inet6 fe80::fe75:920a:4bce:e8d5 prefixlen 64 scopeid 0x20<link> [root@localhost yum.repos.d]# ls /tmp/testfile /tmp/testfile
Conclusion
You should know that how to install and configure Ansible tool to control remote hosts from central machine in CentOS or RHEL or Fedora Linux system.