If you are managing multiple hosts and finding a solution to automate installation and configuration management then Ansible is the best choice for you.
Ansible is the leading Open Source configuration management system to manage configuration changes across your on-prem and cloud resources.
Ansible uses SSH protocol so you don’t need to install an agent on the remote system that you want to manage. It is a simple and lightweight tool compared to other automation tools such as Puppet, Chef, and Salt.
Ansible is a modern automation tool that makes our lives easier that manage hundreds of servers from one centralized node. Ansible can do the following things:
- Install and configure software packages
- Deploy application
- Manage user and databases
- Execute commands on multiple remote systems
- Manage infrastructure as code
In this step-by-step guide, we will explain how to install and use Ansible on CentOS 8.
Step 1 - Install Ansible on Control Node
First, you will need to install the Ansible package on the control node. You can install Ansible via DNF or PIP command.
1. Install Ansible using DNF
By default, the Ansible package is not included in the CentOS default repo. So you will need to install it from the EPEL repository.
First, install the EPEL repository with the following command:
dnf install epel-release -y
After installing the EPEL, run the following command to install Ansible:
dnf install ansible -y
Once the Ansible is installed, verify the Ansible version using the following command:
ansible --version
You should get the following output:
ansible 2.9.25
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
2. Install Ansible using PIP
You can also install Ansible using the Python Package Manager (PIP). First, install the PIP using the following command:
dnf install python3-pip -y
Next, install Ansible using the PIP command as shown below:
pip3 install ansible
Once the Ansible is installed, you can proceed to the next step.
Step 2 - Setup SSH Passwordless Authentication
Ansible uses SSH for remote connection. By default, it supports both passwordless and password authentication to connect remote hosts. However, passwordless authentication is recommended way for security reasons. In passwordless authentication, Ansible uses an SSH key to authenticate with the remote machine.
First, create an SSH key on the Ansible control node:
ssh-keygen -t rsa
You will be asked to provide a passphrase as shown below:
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory 'https://net.cloudinfrastructureservices.co.uk/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Just press Enter without providing any passphrase. You should get the following output:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:VmmlRjS+/RM8s9j9y1mZu7iyg6KVvZ5US7s93mL20+k root@centos
The key's randomart image is:
+---[RSA 3072]----+
| .+ . |
| o = |
| B |
| + o . |
| S .o. = |
| .o o o+ *o|
| o o.o. =o=|
| ....ooo=++*|
| .. o+ oB=*E=|
+----[SHA256]-----+
Next, you need to copy generated SSH key to both remote hosts. First, copy the SSH key to the node1 using the following command:
ssh-copy-id root@192.168.100.111
You will be asked to provide the SSH password of node1 as shown below:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "https://net.cloudinfrastructureservices.co.uk/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.111 (192.168.100.111)' can't be established.
ECDSA key fingerprint is SHA256:oDRbACGbJ/woSHFn5dD4W/JnSV8Xbhg7Txy5rcTVw7E.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.111's password:
Provide your password and press Enter. You should see the following output:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.100.111'"
and check to make sure that only the key(s) you wanted were added.
Next, copy the SSH key to the node2 using the following command:
ssh-copy-id root@192.168.100.112
You will be asked to provide the SSH password of node2 as shown below:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "https://net.cloudinfrastructureservices.co.uk/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.112 (192.168.100.112)' can't be established.
ECDSA key fingerprint is SHA256:6H13jssKt3xU/adlLdcfJwyIS7oLuw0jPqw+s28O5FM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.112's password:
Provide your password and press Enter. You should see the following output:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.100.112'"
and check to make sure that only the key(s) you wanted were added.
Now, verify the SSH passwordless connection using the following command:
root@192.168.100.111
root@192.168.100.112
Step 3 - Create Ansible Inventory
Ansible inventory contains all configuration information of the remote hosts that you want to manage. The default Ansible inventory file is located at /etc/ansible/hosts.
Edit the /etc/ansible/hosts file and add your remote hosts IP address:
nano /etc/ansible/hosts
Add the following information:
[centos]
node1 ansible_host=192.168.100.111 ansible_user=root
[ubuntu]
node2 ansible_host=192.168.100.112 ansible_user=root
Save and close the file then verify the Ansible hosts using the following command:
ansible --list-hosts all
You should get the following output:
hosts (2):
node1
node2
You can also verify the Ansible inventory using the following command:
ansible-inventory --list
You should get the following output:
{
"_meta": {
"hostvars": {
"node1": {
"ansible_host": "192.168.100.111",
"ansible_user": "root"
},
"node2": {
"ansible_host": "192.168.100.112",
"ansible_user": "root"
}
}
},
"all": {
"children": [
"centos",
"ubuntu",
"ungrouped"
]
},
"centos": {
"hosts": [
"node1"
]
},
"ubuntu": {
"hosts": [
"node2"
]
}
}
Step 4 - Verify Ansible Connectivity
You can use the Ansible ping module to check the connectivity of nodes from the Ansible Control node. Run the following command to check the connectivity of both nodes:
ansible -m ping all
If everything is fine, you should get the following output:
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
Next, run the following command to verify the operating system version of node2:
ansible -m shell -a "lsb_release -a" ubuntu
You should get the following output:
node2 | CHANGED | rc=0 >>
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focalNo LSB modules are available.
Next, run the following command to verify the operating system version of node1:
ansible -m shell -a "cat /etc/centos-release" centos
You should get the following output:
node1 | CHANGED | rc=0 >>
CentOS Linux release 8.2.2004 (Core)
Step 5 - Create Ansible Playbook to Install LAMP Server on Remote Nodes
Ansible Playbook is a file where you can define all jobs through tasks using the YAML format. In this section, we will create a playbook.yaml file to install the LAMP server on node1.
On the Ansible Control Node, create a directory to hold the Playbook file:
mkdir Ansible
Next, create a playbook.yaml file using the following command:
nano Ansible/playbook.yaml
Add the following codes:
---
- name: Install LAMP Server
user: root
hosts: centos
become: yes
tasks:
- name: Install Apache, MariaDB and PHP
yum:
name:
- firewalld
- httpd
- mariadb-server
- php
- php-mysqlnd
state: latest
- name: start and enable filewalld
service:
name: firewalld
enabled: true
state: started
- name: allow http service via firewalld
firewalld:
service: http
permanent: true
state: enabled
immediate: yes
- name: allow ssh service via firewalld
firewalld:
service: ssh
permanent: true
state: enabled
immediate: yes
- name: start and enable httpd
service:
name: httpd
enabled: true
state: started
- name: start and enable mariadb
service:
name: mariadb
enabled: true
state: started
Save and close the file when you are finished.
The playbook.yaml file do the following things on Node1:
- Install Apache, MariaDB, Firewall, and PHP
- Start and enable firewalld service
- Allow HTTP and SSH service through firewalld
- Start and enable SSH service
- Start and enable Apache service
- Start and enable MariaDB service
Now, change the directory to Ansible and run the playbook using the following command:
cd Ansible
ansible-playbook playbook.yaml
After the successfull execution, you should get the following output:
PLAY [Install LAMP Server on CentOS] **********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************
ok: [node1]
TASK [Install all required packages] **********************************************************************************************************
ok: [node1]
TASK [start and enable filewalld] *************************************************************************************************************
ok: [node1]
TASK [allow http service via firewalld] *******************************************************************************************************
ok: [node1]
TASK [allow ssh service via firewalld] ********************************************************************************************************
ok: [node1]
TASK [start and enable httpd] *****************************************************************************************************************
ok: [node1]
TASK [start and enable mariadb] ***************************************************************************************************************
ok: [node1]
PLAY RECAP ************************************************************************************************************************************
node1 : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Step 6 - Working with Ansible AD HOC Commands
Ansible comes with a lot of modules that allows you to run command to get information from the remote hosts. You can use those commands to perform tasks on the fly without saving it for later use.
For example, run the following command to get the Apache LogLevel configuration information from the centos (node1) host.
ansible -m shell -a "grep -i LogLevel /etc/httpd/conf/httpd.conf" centos
You should get the following information:
node1 | CHANGED | rc=0 >>
# LogLevel: Control the number of messages logged to the error_log.
LogLevel warn
Ansible provides a copy module that allows you to copy a file to and from the remote hosts. For example, to copy a file /etc/fstab from the Ansible control host to both remote hosts, run the following command:
ansible -m copy -a "src=/etc/fstab dest=/opt/ owner=root group=root mode=0644" all
You should get the following output:
node2 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"checksum": "edb7819f241fd372eec0f0d65b71a91c699caba6",
"dest": "/opt/fstab",
"gid": 0,
"group": "root",
"md5sum": "427f73ddf0ca0710e055d9556ae07a6b",
"mode": "0644",
"owner": "root",
"size": 427,
"src": "/root/.ansible/tmp/ansible-tmp-1631720742.9505613-8606-75400016990760/source",
"state": "file",
"uid": 0
}
node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "edb7819f241fd372eec0f0d65b71a91c699caba6",
"dest": "/opt/fstab",
"gid": 0,
"group": "root",
"md5sum": "427f73ddf0ca0710e055d9556ae07a6b",
"mode": "0644",
"owner": "root",
"size": 427,
"src": "/root/.ansible/tmp/ansible-tmp-1631720742.6273675-8605-76318478298262/source",
"state": "file",
"uid": 0
}
Ansible provides an apt module that allows you to install packages on the Ubuntu and Debian distributions. For example, run the following command to install a net-tools package on the ubuntu (node2).
ansible -m ansible.builtin.apt -a "name=net-tools state=present" ubuntu
To verify the installed package on Ubuntu, run the following command:
ansible -m shell -a "dpkg -l | grep net-tools" ubuntu
You should get the package installation information in the following output:
node2 | CHANGED | rc=0 >>
ii net-tools 1.60+git20180626.aebd88e-1ubuntu1 amd64 NET-3 networking toolkit
Ansible provides a yum module to install packages on CentOS and RHEL distributions. For example, run the following command to install nload package on centos (node1):
ansible -m ansible.builtin.yum -a "name=nload state=present" centos
To verify the installed package on centos, run the following command:
ansible -m shell -a "yum list installed | grep nload" centos
You can use the shell module to run any command on the remote hosts. For example, run the following command on all nodes to get memory information:
ansible -m shell -a "free -m" all
You should get the following output:
node2 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 1987 76 1516 0 394 1766
Swap: 472 0 472
node1 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 1987 367 900 10 719 1451
Swap: 0 0 0
To get the IP address information of all nodes, run the following command:
ansible -m shell -a 'ip address show eth0' all
You should get the following output:
node2 | CHANGED | rc=0 >>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:00:2d:3a:2a:a6 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.112/24 brd 45.58.42.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::200:2dff:fe3a:2aa6/64 scope link
valid_lft forever preferred_lft forever
node1 | CHANGED | rc=0 >>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:00:2d:3a:2a:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.111/24 brd 45.58.42.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::200:2dff:fe3a:2ae4/64 scope link
valid_lft forever preferred_lft forever
Conclusion
That’s it for now. You have successfully installed Ansible on CentOS 8. You can now create your own Ansible playbooks to automate your configuration and management tasks. You can also use Ansible ad hoc commands to perform some tasks on an ad hoc basis.
