How to Install Ansible on CentOS 8 Server

If you are managing multiple hosts and finding a solution to automate installation and configuration management then Ansible is the best choice for you.

Ansible is the leading Open Source configuration management system to manage configuration changes across your on-prem and cloud resources.
Ansible uses SSH protocol so you don’t need to install an agent on the remote system that you want to manage. It is a simple and lightweight tool compared to other automation tools such as Puppet, Chef, and Salt.

Ansible vs Jenkins

Ansible is a modern automation tool that makes our lives easier that manage hundreds of servers from one centralized node. Ansible can do the following things:

  • Install and configure software packages
  • Deploy application
  • Manage user and databases
  • Execute commands on multiple remote systems
  • Manage infrastructure as code
ansible setup

In this step-by-step guide, we will explain how to install and use Ansible on CentOS 8.

Step 1 - Install Ansible on Control Node

First, you will need to install the Ansible package on the control node. You can install Ansible via DNF or PIP command.

1. Install Ansible using DNF

By default, the Ansible package is not included in the CentOS default repo. So you will need to install it from the EPEL repository.

First, install the EPEL repository with the following command:

				
					dnf install epel-release -y
				
			

After installing the EPEL, run the following command to install Ansible:

				
					dnf install ansible -y
				
			

Once the Ansible is installed, verify the Ansible version using the following command:

				
					ansible --version
				
			

You should get the following output:

				
					ansible 2.9.25
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
				
			

2. Install Ansible using PIP

You can also install Ansible using the Python Package Manager (PIP). First, install the PIP using the following command:

				
					dnf install python3-pip -y
				
			

Next, install Ansible using the PIP command as shown below:

				
					pip3 install ansible
				
			

Once the Ansible is installed, you can proceed to the next step.

Step 2 - Setup SSH Passwordless Authentication

Ansible uses SSH for remote connection. By default, it supports both passwordless and password authentication to connect remote hosts. However, passwordless authentication is recommended way for security reasons. In passwordless authentication, Ansible uses an SSH key to authenticate with the remote machine.

First, create an SSH key on the Ansible control node:

				
					ssh-keygen -t rsa
				
			

You will be asked to provide a passphrase as shown below:

				
					Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
				
			

Just press Enter without providing any passphrase. You should get the following output:

				
					Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:VmmlRjS+/RM8s9j9y1mZu7iyg6KVvZ5US7s93mL20+k root@centos
The key's randomart image is:
+---[RSA 3072]----+
| .+ . |
| o = |
| B |
| + o . |
| S .o. = |
| .o o o+ *o|
| o o.o. =o=|
| ....ooo=++*|
| .. o+ oB=*E=|
+----[SHA256]-----+
				
			

Next, you need to copy generated SSH key to both remote hosts. First, copy the SSH key to the node1 using the following command:

				
					ssh-copy-id root@192.168.100.111
				
			

You will be asked to provide the SSH password of node1 as shown below:

				
					/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.111 (192.168.100.111)' can't be established.
ECDSA key fingerprint is SHA256:oDRbACGbJ/woSHFn5dD4W/JnSV8Xbhg7Txy5rcTVw7E.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.111's password:
				
			

Provide your password and press Enter. You should see the following output:

				
					Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@192.168.100.111'"
and check to make sure that only the key(s) you wanted were added.
				
			

Next, copy the SSH key to the node2 using the following command:

				
					ssh-copy-id root@192.168.100.112
				
			

You will be asked to provide the SSH password of node2 as shown below:

				
					/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.112 (192.168.100.112)' can't be established.
ECDSA key fingerprint is SHA256:6H13jssKt3xU/adlLdcfJwyIS7oLuw0jPqw+s28O5FM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.112's password:
				
			

Provide your password and press Enter. You should see the following output:

				
					Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@192.168.100.112'"
and check to make sure that only the key(s) you wanted were added.
				
			

Now, verify the SSH passwordless connection using the following command:

				
					root@192.168.100.111
root@192.168.100.112
				
			

Step 3 - Create Ansible Inventory

Ansible inventory contains all configuration information of the remote hosts that you want to manage. The default Ansible inventory file is located at /etc/ansible/hosts.

Edit the /etc/ansible/hosts file and add your remote hosts IP address:

				
					nano /etc/ansible/hosts
				
			

Add the following information:

				
					[centos]
node1 ansible_host=192.168.100.111 ansible_user=root
[ubuntu]
node2 ansible_host=192.168.100.112 ansible_user=root

				
			

Save and close the file then verify the Ansible hosts using the following command:

				
					ansible --list-hosts all
				
			

You should get the following output:

				
					hosts (2):
node1
node2
				
			

You can also verify the Ansible inventory using the following command:

				
					ansible-inventory --list
				
			

You should get the following output:

				
					{
"_meta": {
"hostvars": {
"node1": {
"ansible_host": "192.168.100.111",
"ansible_user": "root"
},
"node2": {
"ansible_host": "192.168.100.112",
"ansible_user": "root"
}
}
},
"all": {
"children": [
"centos",
"ubuntu",
"ungrouped"
]
},
"centos": {
"hosts": [
"node1"
]
},
"ubuntu": {
"hosts": [
"node2"
]
}
}
				
			

Step 4 - Verify Ansible Connectivity

You can use the Ansible ping module to check the connectivity of nodes from the Ansible Control node. Run the following command to check the connectivity of both nodes:

				
					ansible -m ping all
				
			

If everything is fine, you should get the following output:

				
					node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
				
			

Next, run the following command to verify the operating system version of node2:

				
					ansible -m shell -a "lsb_release -a" ubuntu
				
			

You should get the following output:

				
					node2 | CHANGED | rc=0 >>
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focalNo LSB modules are available.
				
			

Next, run the following command to verify the operating system version of node1:

				
					ansible -m shell -a "cat /etc/centos-release" centos
				
			

You should get the following output:

				
					node1 | CHANGED | rc=0 >>
CentOS Linux release 8.2.2004 (Core)
				
			

Step 5 - Create Ansible Playbook to Install LAMP Server on Remote Nodes

Ansible Playbook is a file where you can define all jobs through tasks using the YAML format. In this section, we will create a playbook.yaml file to install the LAMP server on node1.

On the Ansible Control Node, create a directory to hold the Playbook file:

				
					mkdir Ansible
				
			

Next, create a playbook.yaml file using the following command:

				
					nano Ansible/playbook.yaml
				
			

Add the following codes:

				
					---
- name: Install LAMP Server
  user: root
  hosts: centos
  become: yes
  tasks:
    - name: Install Apache, MariaDB and PHP
      yum:
        name:
          - firewalld
          - httpd
          - mariadb-server
          - php
          - php-mysqlnd
        state: latest

    - name: start and enable filewalld
      service:
        name: firewalld
        enabled: true
        state: started

    - name: allow http service via firewalld
      firewalld:
        service: http
        permanent: true
        state: enabled
        immediate: yes

    - name: allow ssh service via firewalld
      firewalld:
        service: ssh
        permanent: true
        state: enabled
        immediate: yes


    - name: start and enable httpd
      service:
        name: httpd
        enabled: true
        state: started

    - name: start and enable mariadb
      service:
        name: mariadb
        enabled: true
        state: started

				
			

Save and close the file when you are finished.

The playbook.yaml file do the following things on Node1:

  • Install Apache, MariaDB, Firewall, and PHP
  • Start and enable firewalld service
  • Allow HTTP and SSH service through firewalld
  • Start and enable SSH service
  • Start and enable Apache service
  • Start and enable MariaDB service

Now, change the directory to Ansible and run the playbook using the following command:

				
					cd Ansible
ansible-playbook playbook.yaml
				
			

After the successfull execution, you should get the following output:

				
					PLAY [Install LAMP Server on CentOS] **********************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************
ok: [node1]

TASK [Install all required packages] **********************************************************************************************************
ok: [node1]

TASK [start and enable filewalld] *************************************************************************************************************
ok: [node1]

TASK [allow http service via firewalld] *******************************************************************************************************
ok: [node1]

TASK [allow ssh service via firewalld] ********************************************************************************************************
ok: [node1]

TASK [start and enable httpd] *****************************************************************************************************************
ok: [node1]

TASK [start and enable mariadb] ***************************************************************************************************************
ok: [node1]

PLAY RECAP ************************************************************************************************************************************
node1 : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
				
			

Step 6 - Working with Ansible AD HOC Commands

Ansible comes with a lot of modules that allows you to run command to get information from the remote hosts. You can use those commands to perform tasks on the fly without saving it for later use.

For example, run the following command to get the Apache LogLevel configuration information from the centos (node1) host.

				
					ansible -m shell -a "grep -i LogLevel /etc/httpd/conf/httpd.conf" centos
				
			

You should get the following information:

				
					node1 | CHANGED | rc=0 >>
# LogLevel: Control the number of messages logged to the error_log.
LogLevel warn
				
			

Ansible provides a copy module that allows you to copy a file to and from the remote hosts. For example, to copy a file /etc/fstab from the Ansible control host to both remote hosts, run the following command:

				
					ansible -m copy -a "src=/etc/fstab dest=/opt/ owner=root group=root mode=0644" all
				
			

You should get the following output:

				
					node2 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"checksum": "edb7819f241fd372eec0f0d65b71a91c699caba6",
"dest": "/opt/fstab",
"gid": 0,
"group": "root",
"md5sum": "427f73ddf0ca0710e055d9556ae07a6b",
"mode": "0644",
"owner": "root",
"size": 427,
"src": "/root/.ansible/tmp/ansible-tmp-1631720742.9505613-8606-75400016990760/source",
"state": "file",
"uid": 0
}
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "edb7819f241fd372eec0f0d65b71a91c699caba6",
"dest": "/opt/fstab",
"gid": 0,
"group": "root",
"md5sum": "427f73ddf0ca0710e055d9556ae07a6b",
"mode": "0644",
"owner": "root",
"size": 427,
"src": "/root/.ansible/tmp/ansible-tmp-1631720742.6273675-8605-76318478298262/source",
"state": "file",
"uid": 0
}
				
			

Ansible provides an apt module that allows you to install packages on the Ubuntu and Debian distributions. For example, run the following command to install a net-tools package on the ubuntu (node2).

				
					ansible -m ansible.builtin.apt -a "name=net-tools state=present" ubuntu
				
			

To verify the installed package on Ubuntu, run the following command:

				
					ansible -m shell -a "dpkg -l | grep net-tools" ubuntu
				
			

You should get the package installation information in the following output:

				
					node2 | CHANGED | rc=0 >>
ii net-tools 1.60+git20180626.aebd88e-1ubuntu1 amd64 NET-3 networking toolkit
				
			

Ansible provides a yum module to install packages on CentOS and RHEL distributions. For example, run the following command to install nload package on centos (node1):

				
					ansible -m ansible.builtin.yum -a "name=nload state=present" centos
				
			

To verify the installed package on centos, run the following command:

				
					ansible -m shell -a "yum list installed | grep nload" centos
				
			

You can use the shell module to run any command on the remote hosts. For example, run the following command on all nodes to get memory information:

				
					ansible -m shell -a "free -m" all
				
			

You should get the following output:

				
					node2 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 1987 76 1516 0 394 1766
Swap: 472 0 472
node1 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 1987 367 900 10 719 1451
Swap: 0 0 0
				
			

To get the IP address information of all nodes, run the following command:

				
					ansible -m shell -a 'ip address show eth0' all
				
			

You should get the following output:

				
					node2 | CHANGED | rc=0 >>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:00:2d:3a:2a:a6 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.112/24 brd 45.58.42.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::200:2dff:fe3a:2aa6/64 scope link
valid_lft forever preferred_lft forever
node1 | CHANGED | rc=0 >>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:00:2d:3a:2a:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.111/24 brd 45.58.42.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::200:2dff:fe3a:2ae4/64 scope link
valid_lft forever preferred_lft forever
				
			

Conclusion

That’s it for now. You have successfully installed Ansible on CentOS 8. You can now create your own Ansible playbooks to automate your configuration and management tasks. You can also use Ansible ad hoc commands to perform some tasks on an ad hoc basis.

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x