Ansible is the simplest to use and manage when compared to other configuration management systems such as Puppet, Chef and Salt. It is easy to install, learn, and use. The only dependency required on the remote server is SSH service and Python.
Advantages of Ansible
Free: Ansible is an open-source tool.
Very simple to set up and use: No special coding skills are necessary to use Ansible’s playbooks (more on playbooks later).
Powerful: Ansible lets you model even highly complex IT workflows.
Flexible: You can orchestrate the entire application environment no matter where it’s deployed. You can also customize it based on your needs.
Agentless: You don’t need to install any other software or firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure.
Efficient: Because you don’t need to install any extra software, there’s more room for application resources on your server.
Step 1: update /etc/hosts file
Step 2: Install Ansible on RHEL8 & CentOS
I will share the steps to install Ansible on both RHEL8 and CentOS 8 using different methods:
Method1: Install Ansible on Red Hat Enterprise Linux 8
[redaix@controller ~]$ sudo subscription-manager registerSet a role for your system. [redaix@controller ~]$ sudo subscription-manager role --set="Red Hat Enterprise Linux Server"
Attach your Red Hat Ansible Engine subscripton
[redaix@controller ~]$ sudo subscription-manager list –available
Use the pool ID of the subscription to attach the pool to the system.
[redaix@controller ~]$ sudo subscription-manager attach –pool=8a85f98d6XX60ce6016eXXXX1e6a41d1
Enable the Red Hat Ansible Engine repository.
[redaix@controller ~]$ sudo subscription-manager repos –enable ansible-2-for-rhel-8-x86_64-rpms
Install Red Hat Ansible Engine.
[redaix@controller ~]$ sudo yum install ansible
Method2: Install Ansible using EPEL repo on CentOS 8
In this method first manually Install EPEL repo on CentOS 8 Linux Machine
[root@redaix ~]# dnf -y install epel-release
Now once epel repo is installed you can search for ansiblepackage
Method 3: Install Ansible using pip on CentOS8 / RHEL8
In the next method for CentOS8 / RHEL8 install ansbile you can also use pip. To install ansible via pip install the below rpms on your controller node:
[root@redaix ~]# dnf install python3 python3-pip -y
Step 3: Create normal user
Create normal user on all the servers managed servers and controller server
In this article I am creating “redaix” user in controller node and managed nodes
Step 4: Create and distribute SSH keys to managed nodes
Now we must enable password less login between our controller node and all the managed hosts. So, we can configure passphrase-based login using ssh-keygenLogin or switch user to “redaix” and execute ssh-keygen in the below format.
[redaix@controller ~]$ ssh-copy-id servera/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/redaix/.ssh/id_rsa.pub”
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
Number of key(s) added: 1Now try logging into the machine, with: “ssh ‘servera'”and check to make sure that only the key(s) you wanted were added.
Repeat the same procedure for other managed nodes.
Verify password less SSH authentication
The ssh-copy-id command will copy the public key we just created to servera and serverb and append the content of the key to ansible user’s authorized_keys file under ~/.ssh.
[redaix@controller ~]$ ssh servera date
So, we were able to connect to our serveramanaged host without any password here.
Step 5: Configure privilege escalation using sudo
Since our redaix user would need privilege escalation we will create a new rule for redaix user using a new file under /etc/sudoers.d
[root@controller ~]# echo “redaix ALL=(ALL) NOPASSWD: ALL” >> /etc/sudoers.d/redaix
[root@servera ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix
[root@serverb ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix
[root@serverc ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix
[root@serverd ~]# echo "redaix ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/redaix
Managing Ansible Configuration file
To list the matching hosts using our inventoryfile use below command.
You can use ping module to test Ansible and after successful run you can see the below output.
Step 7: Running ad-hoc commands