Setup Ansible Control Node on Rocky Linux 9

In this tutorial, you will learn how to setup an Ansible control node on Rocky Linux 9 and execute some adhoc commands through it.

 

Table of Contents:

• What is Ansible?
• What is Ansible Control Node?
• Environment Specification
• Configure Hostname and Name Resolution
• Update your Linux Operating System
• Installing Ansible on Rocky Linux 9
• Create Linux User for Ansible Node Management
• Create Ansible Project Directory
• Installing Ansible Collection
• Execute Ansible Adhoc Commands
• Conclusion

 

What is Ansible? :

Ansible is a suite of software tools that enables infrastructure as code. It is open-source and the suite includes software provisioning, configuration management, and application deployment functionality.

Originally written by Michael DeHaan and acquired by Red Hat in 2015, Ansible is designed to configure both Unix-like systems as well as Microsoft Windows. Ansible is agentless, relying on temporary remote connections via SSH or Windows Remote Management which allows PowerShell execution. 

The Ansible control node runs on most Unix-like systems that are able to run Python, including Windows with WSL installed. System configuration is defined in part by using its own declarative language.(Source: Wikipedia)

 

What is Ansible Control Node? :

The control node (master host) is intended to manage (orchestrate) target machines (nodes termed as "inventory". Control nodes are only available for Linux and the like; Windows OSs are not supported. Multiple control nodes are allowed. Ansible does not require a single controlling machine for orchestration, ensuring that disaster recovery is simple. Nodes are managed by the controlling node over SSH.

Recommended Book: Ansible for DevOps by Jeff Geerling
Recommended Online Training: Automation with Ansible Playbooks - Hands On!

  

Environment Specification:

We are using a Rocky Linux 9 minimal installed virtual machine with following specifications.

• CPU - 3.4 Ghz (2 cores)
• Memory - 2 GB
• Storage - 20 GB
• Operating System - Rocky Linux release 9.0 (Blue Onyx)
• Hostname – control.centlinux.com
• IP Address - 192.168.116.131 /24

 

Configure Hostname and Name Resolution:

By using a ssh client, connect with control.centlinux.com as root user.

Set the hostname of your Rocky Linux server as follows.

# hostnamectl set-hostname control.centlinux.com

If you are not using a Private DNS Server, then you have to configure name resolution by using the Local DNS Resolver.

Execute following command at Linux bash prompt to add the name resolution directive in the /etc/hosts file.

# echo "192.168.116.131 control control.centlinux.com" >> /etc/hosts

 

Update your Linux Operating System:

Refresh your yum cache by using following command.

# dnf makecache
Rocky Linux 9 - BaseOS                          277 kB/s | 1.7 MB     00:06
Rocky Linux 9 - AppStream                       437 kB/s | 6.0 MB     00:14
Rocky Linux 9 - Extras                          748  B/s | 3.4 kB     00:04
Metadata cache created.

Execute following dnf command to update all installed software packages on your Linux operating system.

# dnf update -y

If the above command updates your Linux Kernel, then you should reboot your operating system with the new Linux Kernel.

# reboot

Check the versions of Linux operating system and Kernel as follows.

# cat /etc/rocky-release
Rocky Linux release 9.0 (Blue Onyx)

# uname -r
5.14.0-70.17.1.el9_0.x86_64

 

Installing Ansible on Rocky Linux 9:

Unlike Rocky Linux 8 / CentOS 8, Ansible is now available via standard yum repositories of Rocky Linux 9.

You can easily install Ansible software by using a dnf command.

# dnf install -y ansible-core

After successful installation, verify the version of Ansible software.

# ansible --version
ansible [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.10 (main, Feb  9 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]
  jinja version = 2.11.3
  libyaml = True

 

Create Linux User for Ansible Node Management:

Create a Linux user for managing your Ansible control node and managed nodes.

You have to create this user on each managed node to grant access for executing Ansible plays and Adhoc commands.

Execute adduser command to create ansible user and passwd command to set a password.

# adduser ansible
# passwd ansible
Changing password for user ansible.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Ansible user requires sudo privileges to execute administrative commands on the managed hosts. Since, our Ansible control node is also a managed host therefore, grant the sudo privilege to ansible user as follows.

# echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible

For your convenience, you can setup the key-based authentication among Ansible control node and managed nodes.

Login as ansible user and generate a ssh key-pair as follows.

# su - ansible

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:4b/tm++yY5pgRgsNLhuNLg4qywXjxOiE0sHkLIlMdeU ansible@control.centlinux.com
The key's randomart image is:
+---[RSA 3072]----+
| .o. ...         |
|+*  . .          |
|+.=   .E.        |
|+o . + + .       |
|+*. + + S        |
|* o. + o o       |
|.o..o   = .      |
|+o..   o . ++.   |
|+o.       ++*Bo  |
+----[SHA256]-----+

Now copy the generated ssh key to the target system, i.e. Ansible control node. For better manageability, you have to copy ssh key on every Ansible managed node.

$ ssh-copy-id ansible@control
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub"
The authenticity of host 'control (192.168.116.131)' can't be established.
ED25519 key fingerprint is SHA256:JoCfyRGNeBGu3tEQ74hTMaaErN1kU+cTr8+HuTBak3w.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ansible@control's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'ansible@control'"
and check to make sure that only the key(s) you wanted were added.

 

Create Ansible Project Directory:

For better management of Ansible Inventory, playbooks and configurations. You should create a project directory as follows.

$ mkdir base

Create an Ansible Inventory file in base directory.

$ cd base
$ vi inventory

Add following hosts and host groups in this file.

control
ansible1
ansible2

[web]
ansible1

[db]
ansible2

Create a custom ansible.cfg file by using vim text editor.

$ vi ansible.cfg

Add following directives in this file.

[defaults]
remote_user = ansible
host_key_checking = false
inventory = inventory

[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False

Now, query your inventory file to check your configurations are working fine.

$ ansible-inventory --graph
@all:
  |--@db:
  |  |--ansible2
  |--@ungrouped:
  |  |--control
  |--@web:
  |  |--ansible1

 

Installing Ansible Collection:

Additionally, you can download and install Ansible collections (Set of Ansible Modules) that are available at Ansible Galaxy.

You can use ansible-galaxy command to install a Ansible collection.

$ ansible-galaxy collection install ansible.posix
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/download/ansible-posix-1.4.0.tar.gz to /home/ansible/.ansible/tmp/ansible-local-9129vnjemc0/tmpvez7op32/ansible-posix-1.4.0-91fegzol
Installing 'ansible.posix:1.4.0' to '/home/ansible/.ansible/collections/ansible_collections/ansible/posix'
ansible.posix:1.4.0 was installed successfully

Check the list of installed Ansible collections.

$ ansible-galaxy collection list

# /home/ansible/.ansible/collections/ansible_collections
Collection    Version
------------- -------
ansible.posix 1.4.0

 

Execute Ansible Adhoc Commands:

By using Ping module, execute following Ansible adhoc command to check node manageability.

$ ansible all -m ping
control | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
ansible1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname ansible1: Name or service not known",
    "unreachable": true
}
ansible2 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname ansible2: Name or service not known",
    "unreachable": true
}

Definitely, ansible1 and ansible2 are non existent machines. Therefore, you are receiving UNREACHABLE error for them.

However, the control (Ansible control node) machine is returning a SUCCESS response.

Now, by using yum module, install bash-completion package on control node.

$ ansible control -m yum -a "name=bash-completion state=latest"
control | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Installed: bash-completion-1:2.11-4.el9.noarch",
        "Installed: pkgconf-pkg-config-1.7.3-9.el9.x86_64",
        "Installed: pkgconf-m4-1.7.3-9.el9.noarch",
        "Installed: pkgconf-1.7.3-9.el9.x86_64",
        "Installed: libpkgconf-1.7.3-9.el9.x86_64"
    ]
}

By using the firewalld module that was being installed with ansible.posix collection, you can easily configure the Linux firewall with Ansible.

$ ansible control -m firewalld -a "service=http state=enabled immediate=yes permanent=yes"
control | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "msg": "Permanent and Non-Permanent(immediate) operation, Changed service http to enabled"
}

Power Off the Ansible control node by using command module.

$ ansible control -a "poweroff"

Read Also:

How to install Ansible on Rocky Linux 8
How to install Ansible on CentOS 7

Conclusion:

In this tutorial, you have successfully setup an Ansible Control Node on Rocky Linux 9 and also tested the configuration by executing some Ansible adhoc commands.