Installing the Ansible engine and set up the environment is pretty straightforward. Ansible engine can be installed on the majority of Linux flavors which includes CentOS, RHEL, Ubuntu, and Debian but it doesn’t support Windows, Solaris, and AIX. But there are no restrictions to participate as ansible clients. Ansible uses the SSH protocol to manage the Unix and Linux servers. Windows Servers can be managed by using “WinRM”. In this lab environment, we will be using CentOS 7 to install ansible engine.
Environment:
- CentOS 7.5 / RHEL 7.5
- Static IP
- Internet Connection
- Access to extra RPM’s
- IPtables flushed out / Firewall service Stopped. (only for LAB)
- SELinux disabled. (Only for LAB)
Note: In this article, I have demonstrated that disabling firewall/IPtables and SELinux. It’s only for Linux beginners and Lab environment. If you are trying to deploy ansible engine on the enterprise environment, you must be aligned existing hardening process.
- Ensure Port 22 is opened to the client in the Firewall/IPtables.
Thank you, Eric, for your valuable comment.
OS release:
[sysadmin@ansible-server ~]$ cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) [sysadmin@ansible-server ~]$
Firewall: (Only for LAB)
[root@ansible-server ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@ansible-server ~]# systemctl stop firewalld [root@ansible-server ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) Jul 03 08:01:11 ansible-server systemd[1]: Starting firewalld - dynamic firewall daemon... Jul 03 08:01:14 ansible-server systemd[1]: Started firewalld - dynamic firewall daemon. Jul 03 08:03:19 ansible-server systemd[1]: Stopping firewalld - dynamic firewall daemon... Jul 03 08:03:19 ansible-server systemd[1]: Stopped firewalld - dynamic firewall daemon. [root@ansible-server ~]#
IPTables: (Only for LAB)
[root@ansible-server ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@ansible-server ~]#
SELinux: (Only for LAB)
[root@ansible-server ~]# getenforce Permissive [root@ansible-server ~]# [root@ansible-server ~]# cat /etc/selinux/config |grep "SELINUX=" SELINUX=disabled [root@ansible-server ~]#
REPO:
[root@ansible-server ~]# cd /etc/yum.repos.d/ [root@ansible-server yum.repos.d]# ls -lrt |grep -i base -rw-r--r--. 1 root root 1664 May 17 06:53 CentOS-Base.repo [root@ansible-server yum.repos.d]# [root@ansible-server yum.repos.d]# cat CentOS-Base.repo [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Updating the OS & Installing Ansible: (Online Method)
1. Update the CentOS / RHEL using yum command. This will install the available fixes from the repository.
[sysadmin@ansible-server ~]$ sudo yum update Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.fibergrid.in * extras: mirrors.fibergrid.in * updates: mirrors.fibergrid.in Resolving Dependencies --> Running transaction check ---> Package NetworkManager.x86_64 1:1.10.2-13.el7 will be updated ---> Package NetworkManager.x86_64 1:1.10.2-14.el7_5 will be an update ---> Package NetworkManager-libnm.x86_64 1:1.10.2-13.el7 will be updated ---> Package NetworkManager-libnm.x86_64 1:1.10.2-14.el7_5 will be an update ---> Package NetworkManager-team.x86_64 1:1.10.2-13.el7 will be updated ---> Package NetworkManager-team.x86_64 1:1.10.2-14.el7_5 will be an update ---> Package NetworkManager-tui.x86_64 1:1.10.2-13.el7 will be updated
Once the update is done, just reboot the server to boot with the updated kernel.
2. Install the Ansible engine from the CentOS repository.
[sysadmin@ansible-server ~]$ sudo yum install ansible Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.fibergrid.in * extras: mirrors.fibergrid.in * updates: mirrors.fibergrid.in Resolving Dependencies --> Running transaction check ---> Package ansible.noarch 0:2.4.2.0-2.el7 will be installed --> Processing Dependency: sshpass for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python2-jmespath for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-six for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-setuptools for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-passlib for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-paramiko for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-jinja2 for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-httplib2 for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-cryptography for package: ansible-2.4.2.0-2.el7.noarch Installed: ansible.noarch 0:2.4.2.0-2.el7 Dependency Installed: PyYAML.x86_64 0:3.10-11.el7 libyaml.x86_64 0:0.1.4-11.el7_0 python-babel.noarch 0:0.9.6-8.el7 python-backports.x86_64 0:1.0-8.el7 python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7 python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7 python-httplib2.noarch 0:0.9.2-1.el7 python-idna.noarch 0:2.4-1.el7 python-ipaddress.noarch 0:1.0.16-2.el7 python-jinja2.noarch 0:2.7.2-2.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-paramiko.noarch 0:2.1.1-4.el7 python-passlib.noarch 0:1.6.5-2.el7 python-ply.noarch 0:3.4-11.el7 python-pycparser.noarch 0:2.14-1.el7 python-setuptools.noarch 0:0.9.8-7.el7 python-six.noarch 0:1.9.0-2.el7 python2-cryptography.x86_64 0:1.7.2-2.el7 python2-jmespath.noarch 0:0.9.0-3.el7 python2-pyasn1.noarch 0:0.1.9-7.el7 sshpass.x86_64 0:1.06-2.el7 Complete!
3. Check the Ansible version.
[sysadmin@ansible-server ~]$ ansible --version ansible 2.4.2.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/home/sysadmin/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] [sysadmin@ansible-server ~]$
4. Validating the localhost by passing ping.
[sysadmin@ansible-server ~]$ ansible localhost -m ping [WARNING]: Could not match supplied host pattern, ignoring: all [WARNING]: provided hosts list is empty, only localhost is available localhost | SUCCESS => { "changed": false, "ping": "pong" } [sysadmin@ansible-server ~]$
It works. Here, we have got the response “pong” from localhost.
Offline Method: (RHEL 7 / CentOS 7)
1. Configure the RHEL 7 / CentOS DVD local repo.
2. Download the following packages from Redhat portal.
-rwxr--r-- 1 root root 10471452 Aug 1 12:37 ansible-2.6.2-1.el7ae.noarch.rpm -rwxr--r-- 1 root root 117768 Aug 1 12:37 python-httplib2-0.9.1-2.1.el7.noarch.rpm -rwxr--r-- 1 root root 274600 Aug 1 12:37 python-paramiko-2.1.1-4.el7.noarch.rpm -rwxr--r-- 1 root root 500080 Aug 1 12:37 python-passlib-1.6.5-1.1.el7.noarch.rpm -rwxr--r-- 1 root root 39640 Aug 1 12:37 python2-jmespath-0.9.0-4.el7ae.noarch.rpm -rwxr--r-- 1 root root 21900 Aug 1 12:37 sshpass-1.06-1.el7.x86_64.rpm
3. Execute the following command to install “Ansible engine” and dependencies
# yum install ansible-2.6.2-1.el7ae.noarch.rpm python-httplib2-0.9.1-2.1.el7.noarch.rpm python-paramiko-2.1.1-4.el7.noarch.rpm python-passlib-1.6.5-1.1.el7.noarch.rpm python2-jmespath-0.9.0-4.el7ae.noarch.rpm sshpass-1.06-1.el7.x86_64.rpm
Hope this article is informative to you. Share it! Comment it !! Be Sociable !!!
Eric Yeoh says
There is no good reason for you to disable SELinux nor pull down iptables just to get Ansible working. If you are an Ansible client node you need an account that can be sudo’ed to perfomed admin task, python and of of course SSH port ingress opened. No extra ports need to be opened if your are an Ansible Server.Control node. You also need to have a valid RH subscription to download Ansible Engine. Please correct your article.
Lingeswaran R says
I have updated the document and clarified to the users. Thank you Eric.
This article is trying to simply for the process for beginners and members who don’t have RH subscription (On LAB).
Thank you
Lingesh