How to Install Ansible on CentOS 8

You are here:
← All Topics

Tutorial on how to install Ansible on CentOS 8

What is Ansible

Ansible is simple open source IT engine which automates application deployment, intra service orchestration, cloud provisioning and many other IT tools completely Agentless, as Ansible will connect to your node via SSH (Linux) or WinRM (Windows) and push out small programs, called Ansible Modules.

Ansible uses playbook to describe automation jobs, and playbook uses very simple language i.e. YAML

Install Ansible on CentOS 8

Enable EPEL Repository and install Ansible

$ sudo dnf install -y epel-release
$ sudo dnf update
$ sudo dnf install ansible -y

Verify Ansible is installed successfully

$ ansible --version
ansible 2.9.14
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/kwyong/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]

Create a new user called ansible and assign it to sudo group

 $ adduser ansible
 $ passwd ansible
 $ usermod -aG wheeel ansible

Preparing Debian 10 Remote Machine

Create a new user called ansible and assign it to sudo group

$ sudo adduser ansible
$ sudo usermod -aG sudo ansible #add to sudo group
$ getent group sudo #check the member of sudo group
sudo:x:27:kwyong,ansible

Login as ansible and allow sudo access without password for the login user in Remote Machine for Ansible to run any root commands

$ su ansible
$ echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/$(whoami)

Preparing CentOS 8 Remote Machine

Create a new user called ansible and assign it to sudo group

 $ adduser ansible
 $ passwd ansible
 $ usermod -aG wheeel ansible

Login as ansible and allow sudo access without password for the login user in Remote Machine for Ansible to run any root commands

$ su ansible
$ echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/$(whoami)

Ansible with Windows Server

Configure Ansible to connect to Remote Windows Server using Kerberos Authentication via WinRM by following Ansible with Kerberos Authentication

Prepare SSH Key

Stitch to ansible and generate a new SSH key to be deployed to remote machine

$ su ansible
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:9CgSaEZP67ek/RgSozaX65ootiTR6Ho/bEUyerGc3Ws [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|  . .            |
| . + .           |
|  + +   .        |
| = .+... o       |
|o .o=O+.S .      |
|....=Xoo.        |
|.o+o=.+  .       |
|=+.++o +E        |
|=o+=+....        |
+----[SHA256]-----+

Copy the public key to remote machine called debian.aventis.dev

$ ssh-copy-id [email protected]

Configure SSH-Agent to avoid to enter password for private key when you are connecting to remote machine

# SSH Agent to avoid typing password for private key file
$ ssh-agent $SHELL
$ ssh-add #Enter your password for Private Key
$ ssh [email protected] # no password is required now

Ansible Inventory File

Create an Ansible Inventory File in /home/ansible

$ nano hosts

[debian]
debian.aventis.dev ansible_user=ansible
[centos]
192.168.1.114 ansible_user=ansible

List all hosts defined

$ ansible -i hosts --list-hosts all
  hosts (2):
    debian.aventis.dev
    192.168.1.114

Run Command on Remote Server

Verify the hosts are active with PING

$ ansible -i hosts -m ping all
[WARNING]: Platform linux on host debian.aventis.dev is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
debian.aventis.dev | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
192.168.1.114 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

Run "ip address show" on a single CentOS host (192.168.1.114)

$ ansible -i hosts -b --become-method=sudo -m shell -a 'ip address show' centos

192.168.1.114 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:fe:e8:38 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.114/24 brd 192.168.1.255 scope global dynamic noprefixroute ens33
       valid_lft 603842sec preferred_lft 603842sec
    inet6 fe80::c9f:fbac:1579:5c1f/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
Contents

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top