UnixArena

How to Install Ansible Engine on CentOS / RHEL

By 2 Comments

Installing the Ansible engine and set up the environment is pretty straightforward. Ansible engine can be installed on the majority of Linux flavors which includes CentOS, RHEL, Ubuntu, and Debian but it doesn’t support Windows, Solaris, and AIX. But there are no restrictions to participate as ansible clients. Ansible uses the SSH  protocol to manage the Unix and Linux servers. Windows Servers can be managed by using “WinRM”. In this lab environment, we will be using CentOS 7  to install ansible engine.

Environment: 

  • CentOS 7.5 / RHEL 7.5
  • Static IP
  • Internet Connection
  • Access to extra RPM’s
  • IPtables flushed out / Firewall service Stopped.  (only for LAB)
  • SELinux disabled.  (Only for LAB)

Note: In this article, I have demonstrated that disabling firewall/IPtables and SELinux. It’s only for Linux beginners and Lab environment.  If you are trying to deploy ansible engine on the enterprise environment, you must be aligned existing hardening process.

  • Ensure Port 22 is opened to the client in the Firewall/IPtables.

Thank you, Eric, for your valuable comment.

OS release:

[sysadmin@ansible-server ~]$ cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[sysadmin@ansible-server ~]$

 

Firewall:  (Only for LAB)

[root@ansible-server ~]# systemctl disable  firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@ansible-server ~]# systemctl stop  firewalld
[root@ansible-server ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Jul 03 08:01:11 ansible-server systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 03 08:01:14 ansible-server systemd[1]: Started firewalld - dynamic firewall daemon.
Jul 03 08:03:19 ansible-server systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jul 03 08:03:19 ansible-server systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@ansible-server ~]#

 

IPTables: (Only for LAB)

[root@ansible-server ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@ansible-server ~]#

 

SELinux: (Only for LAB)

[root@ansible-server ~]# getenforce
Permissive
[root@ansible-server ~]#
[root@ansible-server ~]# cat /etc/selinux/config |grep "SELINUX="
SELINUX=disabled
[root@ansible-server ~]#

 

REPO:

[root@ansible-server ~]# cd /etc/yum.repos.d/
[root@ansible-server yum.repos.d]# ls -lrt |grep -i base
-rw-r--r--. 1 root root 1664 May 17 06:53 CentOS-Base.repo
[root@ansible-server yum.repos.d]# 
[root@ansible-server yum.repos.d]# cat CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

 

Updating the OS & Installing Ansible: (Online Method)

1. Update the CentOS / RHEL using yum command. This will install the available fixes from the repository.

[sysadmin@ansible-server ~]$ sudo yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.fibergrid.in
 * extras: mirrors.fibergrid.in
 * updates: mirrors.fibergrid.in
Resolving Dependencies
--> Running transaction check
---> Package NetworkManager.x86_64 1:1.10.2-13.el7 will be updated
---> Package NetworkManager.x86_64 1:1.10.2-14.el7_5 will be an update
---> Package NetworkManager-libnm.x86_64 1:1.10.2-13.el7 will be updated
---> Package NetworkManager-libnm.x86_64 1:1.10.2-14.el7_5 will be an update
---> Package NetworkManager-team.x86_64 1:1.10.2-13.el7 will be updated
---> Package NetworkManager-team.x86_64 1:1.10.2-14.el7_5 will be an update
---> Package NetworkManager-tui.x86_64 1:1.10.2-13.el7 will be updated

Once the update is done, just reboot the server to boot with the updated kernel.

 

2. Install the Ansible engine from the CentOS repository.

[sysadmin@ansible-server ~]$ sudo yum install ansible
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.fibergrid.in
 * extras: mirrors.fibergrid.in
 * updates: mirrors.fibergrid.in
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.4.2.0-2.el7 will be installed
--> Processing Dependency: sshpass for package: ansible-2.4.2.0-2.el7.noarch
--> Processing Dependency: python2-jmespath for package: ansible-2.4.2.0-2.el7.noarch
--> Processing Dependency: python-six for package: ansible-2.4.2.0-2.el7.noarch
--> Processing Dependency: python-setuptools for package: ansible-2.4.2.0-2.el7.noarch
--> Processing Dependency: python-passlib for package: ansible-2.4.2.0-2.el7.noarch
--> Processing Dependency: python-paramiko for package: ansible-2.4.2.0-2.el7.noarch
--> Processing Dependency: python-jinja2 for package: ansible-2.4.2.0-2.el7.noarch
--> Processing Dependency: python-httplib2 for package: ansible-2.4.2.0-2.el7.noarch
--> Processing Dependency: python-cryptography for package: ansible-2.4.2.0-2.el7.noarch

Installed:
  ansible.noarch 0:2.4.2.0-2.el7

Dependency Installed:
  PyYAML.x86_64 0:3.10-11.el7                        libyaml.x86_64 0:0.1.4-11.el7_0                                     python-babel.noarch 0:0.9.6-8.el7
  python-backports.x86_64 0:1.0-8.el7                python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7          python-cffi.x86_64 0:1.6.0-5.el7
  python-enum34.noarch 0:1.0.4-1.el7                 python-httplib2.noarch 0:0.9.2-1.el7                                python-idna.noarch 0:2.4-1.el7
  python-ipaddress.noarch 0:1.0.16-2.el7             python-jinja2.noarch 0:2.7.2-2.el7                                  python-markupsafe.x86_64 0:0.11-10.el7
  python-paramiko.noarch 0:2.1.1-4.el7               python-passlib.noarch 0:1.6.5-2.el7                                 python-ply.noarch 0:3.4-11.el7
  python-pycparser.noarch 0:2.14-1.el7               python-setuptools.noarch 0:0.9.8-7.el7                              python-six.noarch 0:1.9.0-2.el7
  python2-cryptography.x86_64 0:1.7.2-2.el7          python2-jmespath.noarch 0:0.9.0-3.el7                               python2-pyasn1.noarch 0:0.1.9-7.el7
  sshpass.x86_64 0:1.06-2.el7

Complete!

 

3. Check the Ansible version.

[sysadmin@ansible-server ~]$ ansible --version
ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/sysadmin/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
[sysadmin@ansible-server ~]$

 

4. Validating the localhost by passing ping.

[sysadmin@ansible-server ~]$ ansible localhost -m ping
 [WARNING]: Could not match supplied host pattern, ignoring: all

 [WARNING]: provided hosts list is empty, only localhost is available

localhost | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
[sysadmin@ansible-server ~]$

It works. Here, we have got the response “pong” from localhost.

 

Offline Method:  (RHEL 7 / CentOS 7)

1. Configure the RHEL 7 / CentOS DVD local repo.

2. Download the following packages from Redhat portal.

-rwxr--r-- 1 root root 10471452 Aug  1 12:37 ansible-2.6.2-1.el7ae.noarch.rpm
-rwxr--r-- 1 root root   117768 Aug  1 12:37 python-httplib2-0.9.1-2.1.el7.noarch.rpm
-rwxr--r-- 1 root root   274600 Aug  1 12:37 python-paramiko-2.1.1-4.el7.noarch.rpm
-rwxr--r-- 1 root root   500080 Aug  1 12:37 python-passlib-1.6.5-1.1.el7.noarch.rpm
-rwxr--r-- 1 root root    39640 Aug  1 12:37 python2-jmespath-0.9.0-4.el7ae.noarch.rpm
-rwxr--r-- 1 root root    21900 Aug  1 12:37 sshpass-1.06-1.el7.x86_64.rpm

 

3. Execute the following command to install “Ansible engine” and dependencies

# yum install ansible-2.6.2-1.el7ae.noarch.rpm python-httplib2-0.9.1-2.1.el7.noarch.rpm python-paramiko-2.1.1-4.el7.noarch.rpm python-passlib-1.6.5-1.1.el7.noarch.rpm python2-jmespath-0.9.0-4.el7ae.noarch.rpm sshpass-1.06-1.el7.x86_64.rpm

Hope this article is informative to you. Share it! Comment it !! Be Sociable !!!

Reader Interactions

Comments

  1. Eric Yeoh says

    There is no good reason for you to disable SELinux nor pull down iptables just to get Ansible working. If you are an Ansible client node you need an account that can be sudo’ed to perfomed admin task, python and of of course SSH port ingress opened. No extra ports need to be opened if your are an Ansible Server.Control node. You also need to have a valid RH subscription to download Ansible Engine. Please correct your article.

    Reply

    • Lingeswaran R says

      I have updated the document and clarified to the users. Thank you Eric.

      This article is trying to simply for the process for beginners and members who don’t have RH subscription (On LAB).

      Thank you
      Lingesh

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *