Latest

Sunday, 17 May 2020

How to Setup Ansible Control Node on CentOS 8

Install Ansible Control Node on CentOS 8

In this article, you will learn how to setup Ansible control node on CentOS/Rocky Linux 8. Later, we will also configure an Ansible managed node and execute some adhoc commands on it.

 

This Article Provides:

 

What is Ansible?:

Ansible is an open-source software provisioning, configuration management, and application deployment tool. Ansible is developed by Red Hat and available in free and commercial editions.

Unlike Puppet and Chef, Ansible is agent-less. Ansible uses declarative language to define system configurations and uses SSH service and Python scripts to apply configurations on the managed nodes.

The Ansible machine that is used for management and administration of nodes is called Ansible Control Node. Whereas, the controlled nodes are called Ansible Managed hosts.

The Ansible control node has the Inventory of managed nodes and the Ansible software to manage it.

Install Ansible Control Node on CentOS 8

Environment Specification:

We are using two minimal CentOS 8 virtual machine with following specification.

Ansible Control Node:

  • CPU - 3.4 Ghz (2 cores)
  • Memory - 4 GB
  • Storage - 40 GB
  • Operating System - CentOS 8.1
  • Hostname – ansible-01.centlinux.com
  • IP Address - 192.168.116.225 /24

Ansible Managed Node:

  • CPU - 3.4 Ghz (2 cores)
  • Memory - 2 GB
  • Storage - 20 GB
  • Operating System - CentOS 8.1
  • Hostname – apache-01.centlinux.com
  • IP Address - 192.168.116.206 /24

 

Update CentOS 8 Software Packages:

Connect to ansible-01.centlinux.com as root user by using a ssh tool or you can configure a Jump Server to securely connect to your network servers from a web-based ssh interface.

It is a best practice to always update the CentOS 8 installed software packages before installing or configuring a server software.

We can update CentOS 8 software packages by using dnf command.

# dnf update -y
CentOS-8 - AppStream                            801  B/s | 4.3 kB     00:05
CentOS-8 - Base                                 3.1 kB/s | 3.9 kB     00:01
CentOS-8 - Extras                               2.2 kB/s | 1.5 kB     00:00
Dependencies resolved.
Nothing to do.
Complete!

Since, we have recently updated our CentOS 8 software packages, therefore, there is nothing to upgrade at this time.

 

Install Python on CentOS 8:

Ansible requires Python 2 (version 2.7) or Python 3 (version 3.5 or higher).

In CentOS 8 default yum repositories, we have Python 2.7 and Python 3.6 both are available. So we can install any of them to fulfill the Ansible requirements.

We are installing Python 3.6 on CentOS 8 as follows.

# dnf module install -y python36

Check version of Python to verify that it has been installed correctly.

# python3 --version
Python 3.6.8

 

Install EPEL Yum Repository on CentOS 8:

EPEL (Extra Packages for Enterprise Linux) is a free community supported yum repository from Fedora team. EPEL provides latest versions of Linux software that are not available in standard yum repositories.

We can enable EPEL yum repository on CentOS 8 by installing the epel-release package.

# dnf install -y epel-release

Build cache for EPEL yum repository.

# dnf makecache
CentOS-8 - AppStream                            6.1 kB/s | 4.3 kB     00:00
CentOS-8 - Base                                 6.1 kB/s | 3.9 kB     00:00
CentOS-8 - Extras                               3.3 kB/s | 1.5 kB     00:00
Extra Packages for Enterprise Linux Modular 8 - 6.6 kB/s | 117 kB     00:17
Extra Packages for Enterprise Linux 8 - x86_64  496 kB/s | 6.6 MB     00:13
Metadata cache created.

EPEL yum repository has been installed and ready for use.

 

Install Ansible on CentOS 8:

We can install Ansible on CentOS 8, by one of the following three methods.

  1. Install the latest release of Ansible from EPEL yum repository
  2. Install Ansible by using pip (Python Package Manager)
  3. Install by compiling the Ansible source code available at GitHub

Here, we are installing Ansible by using EPEL yum repository.

First of all, check the available version of Ansible in EPEL repository.

# dnf info ansible --repo=epel
Last metadata expiration check: 0:02:29 ago on Sat 16 May 2020 02:07:46 AM PKT.
Available Packages
Name         : ansible
Version      : 2.9.7
Release      : 1.el8
Architecture : noarch
Size         : 17 M
Source       : ansible-2.9.7-1.el8.src.rpm
Repository   : epel
Summary      : SSH-based configuration management, deployment, and task
             : execution system
URL          : http://ansible.com
License      : GPLv3+
Description  : Ansible is a radically simple model-driven configuration
             : management, multi-node deployment, and remote task execution
             : system. Ansible works over SSH and does not require any software
             : or daemons to be installed on remote nodes. Extension modules can
             : be written in any language and are transferred to managed
             : machines automatically.

We have Ansible 2.9 available in EPEL yum repository. Therefore, We are installing it by using dnf command.

# dnf install -y ansible

Verify the Ansible installation by checking its version as follows.

# ansible --version
ansible 2.9.7
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Nov 21 2019, 19:31:34) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)]

 

Enable Bash Completion of Ansible Commands:

As of Ansible 2.9, shell completion of Ansible commands is available and provided through an optional dependency called argcomplete. argcomplete supports bash but has limited support for zsh and tcsh.

We are installing python3-argcomplete package to enable bash completion of Ansible commands.

# dnf install -y python3-argcomplete

Configure argcomplete to enable bash completion of Ansible commands.

# activate-global-python-argcomplete
activate-global-python-argcomplete
Installing bash completion script /etc/bash_completion.d/python-argcomplete.sh
printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"

 

Generate SSH Key Pair for Ansible Control Node:

We are generating a SSH key pair for our Ansible Control Node. This SSH key pair will be used to setup password-less authentication on Ansible Managed Nodes.

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:4yfSptgQTPY9+1X+Qh0tJ3e9VDvPGz/KzlpBmm0qjmg root@ansible-01.centlinux.com
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|                .|
|    o        .  =|
|   + . .    = o=*|
|    o . S  o +oB*|
|     . o +  oooo+|
|    . . *....o. +|
|     E.+o+..+ .+.|
|    o.o. ...o=..o|
+----[SHA256]-----+

 

Add a CentOS 8 based Ansible Managed Node:

If we want to manage a CentOS 8 node, then we have perform some necessary configurations thereon.

If you are not using a DNS server for your network then you have to configure name resolution of managed nodes by using Local DNS Resolver.

Add the name resolution entry in hosts file of Ansible control node.

# echo "192.168.116.206 apache-01 apache-01.centlinux.com" >> /etc/hosts

There are only two software required to setup a Ansible Managed node.

  1. sshd with password less authentication
  2. Python

In CentOS 8 based systems, sshd is installed by default. So, we are only required to configure the password less authentication on it.

It is quiet easy, since we have already generated the SSH key pair. We now use the ssh-copy-id command to copy the public key to the managed node.

# ssh-copy-id root@apache-01.centlinux.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'apache-01.centlinux.com (192.168.116.206)' can't be established.
ECDSA key fingerprint is SHA256:skGj4xg0w+jIQtrfF8AOdfItgcXUQQu+bWUFfvws1Hk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@apache-01.centlinux.com's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@apache-01.centlinux.com'"
and check to make sure that only the key(s) you wanted were added.

That's all for the Ansible control node configurations. Now login to Ansible managed node (apache-01.centlinux.com) and install Python 3.6 thereon.

# dnf module install -y python36

Verify Python installation by checking its version.

# python3 --version
Python 3.6.8

apache-01.centlinux.com node is ready to be managed by the Ansible. Now login to Ansible control node and add apache-01.centlinux.com node in Ansible Inventory.

Create a directory to store Ansible inventory files.

# mkdir ansible
# cd ansible

Create the hosts file to define Ansible managed nodes.

# vi hosts

Add a section [webservers] and add apache-01.centlinux.com node in it.

[webservers]
apache-01.centlinux.com

These configurations are quiet enough for executing Ansible adhoc commands. However, we can also write Ansible playbooks for orchestration of managed nodes.

List down the Ansible managed hosts from the Inventory.

# ansible -i hosts --list-hosts all
  hosts (1):
    apache-01.centlinux.com

Check connectivity by pinging Ansible managed nodes.

# ansible -i hosts -m ping all
apache-01.centlinux.com | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

By using Ansible execute a command to managed host. We are installing Apache HTTP server on all the nodes in webservers section.

# ansible -i hosts -m shell -a 'dnf install -y httpd' webservers

Ansible  control node has been installed on CentOS 8 and we have added a Linux based managed node. We advice you to enroll in Ansible: Ansible Automation Masterclass: 2-in-1 at Udemy or if you prefer self-study then Mastering Ansible - 3rd Edition by Packt Publishing must be a good read for you.

If you find this article useful? Don't you mind support us by Buy Me A Coffee


4 comments:

  1. python 2 going to obsolete so using python 3 is better

    ReplyDelete
  2. Whenever We tried to copy the ssh key to managed node, it will prompt for password, what is the root password I can use??

    because without password, the ssh key will not copy on managed node

    ReplyDelete
    Replies
    1. Hi, you can obtain the root password of your server from your System Administrator. or if you forget the root password then you have to reset it.

      Delete

© 2022 CentLinux. All Rights Reserved.