Ansible is an open-source software platform for configuring and managing computers. It combines multi-node software deployment, ad hoc task execution, and configuration management. Ansible works over SSH and requires no software or daemons to be installed on remote nodes. Extension modules can be written in any language; Node.js is currently the most popular choice.

Ansible models system state as a series of assertions about the desired state of devices, as defined by variables such as name, IP address, port number, etc. The program then executes “facts” about the system (such as which user accounts are present) to evaluate whether that state is true; if it is not true, something must be done to change the actual state of the system to match that of its model.

Ansible started in 2012 as an open-source alternative to Puppet and Chef, among other tools in the configuration management space. It was developed by Michael DeHaan, the creator of the provisioning infrastructure at Rackspace’s internal infrastructure cloud, which Red Hat later acquired under OpenStack. He said he created Ansible out of frustration with existing tools because they were too “clunky.” Rather than reinvent common shell commands like “ping” or “ls”, he wrote small modules that could be combined to do useful tasks without knowing much about how they worked inside. For example, when writing a module to manage MySQL databases, he did not have to implement security best practices; rather, it is included in a default module library that ships with Ansible.

One of the benefits of using Ansible is that it can manage a heterogeneous infrastructure. For example, your organization might have both Linux and Windows servers. Ansible can manage both systems without requiring separate configuration files or management tools.

This tutorial teaches you how to install and configure Ansible on Rocky Linux 9 for your network automation, provisioning and configuration management. We will also use a basic working example demonstrating how to use Ansible in practice.

Prerequisites

To follow this tutorial, you will need the following:

  • A computer running Rocky Linux 9
  • Root privileges or sudo access to the computer
  • Ansible version 2.0 or greater installed on your computer
  • OpenSSH server running and accepting connections on port 22

Updating your Rocky Linux 9 system

It’s always a good idea to keep your system updated. To update your Rocky Linux 8, run the following command. The commands will check for any available updates to your system, and the sudo dnf update will install them.

sudo dnf check-update
sudo dnf update -y

The update process may take a few minutes depending on your Internet connection’s speed and the server’s loads, so be patient.

Next, run the command below to install your system’s Extra Packages for Enterprise Linux (EPEL) repository. Once installed, you will need to update again because EPEL introduces its own package versions and numbering that may not match those of the official Rocky repositories.

sudo dnf install epel-release && sudo dnf update -y

Installing Ansible on Rocky Linux

Now that you have enabled the EPEL repository, you can install Ansible on your system. We will use the command below, which installs the current stable release of Ansible.

sudo dnf install ansible -y

Run the command below to verify that Ansible has been installed properly. This command will print the Ansible version number.

ansible --version

Sample output:

<img alt="Ansible version" data-ezsrc="https://kirelos.com/wp-content/uploads/2023/03/echo/word-image-19701-1.png" data-ez decoding="async" ezimgfmt="rs rscb10 src ng ngcb10 srcset" height="162" src="data:image/svg xml,” width=”636″>

Configuring SSH on Your Target Server

Your target server is not ready to use Ansible until you have configured SSH to accept connections from your computer. We will use the ssh-keygen utility to create a public/private keypair on your computer. The private key will be stored on your computer, and the public key will be copied to the target server.

This example will be using Ubuntu 22.04 LTS as the target server, but you can substitute your own target server. If your target server is a different OS, you must adapt the commands accordingly.

First, run the command below to install the OpenSSH server on your target server.

sudo apt install openssh-server -y

Next, run the command below to enable the ssh service.

sudo systemctl enable ssh

Finally, run the command below to open port 22 so ansible can connect.

sudo ufw allow 22

Configuring Your Local Computer to Work with the Target Server

Now that SSH is enabled, you need to generate a keypair on your local computer (your Rocky Linux). Run the command below to do this. ssh-keygen is a program that generates a pair of cryptographic keys, one public and one private. These keys are used to identify the computer when connecting over SSH.

ssh-keygen

You will be asked several questions after running the command. The default answers provided are fine for our purposes, so you can press Enter until the keys are generated.

<img alt="Generate SSH key pair" data-ezsrc="https://kirelos.com/wp-content/uploads/2023/03/echo/word-image-19701-2.png" data-ez decoding="async" ezimgfmt="rs rscb10 src ng ngcb10 srcset" height="335" loading="lazy" src="data:image/svg xml,” width=”634″>

Now, you need to copy the public key to the target server. You can do this with the ssh-copy-id command, included by default on most Linux distributions. You will need to specify the user account(root) you are using on the remote server, the remote hostname, or the remote IP address (11.22.33).

cd ~/.ssh
ssh-copy-id [email protected]

Provide the password for the user account on the target server when prompted, and the public key will be copied to your target server.

<img alt="Copy SSH key to target server" data-ezsrc="https://kirelos.com/wp-content/uploads/2023/03/echo/word-image-19701-3.png" data-ez decoding="async" ezimgfmt="rs rscb10 src ng ngcb10 srcset" height="168" loading="lazy" src="data:image/svg xml,” width=”643″>

Configuring Your Local Computer’s Hosts File

An extremely useful tool the ssh command provides is the ability to use a single SSH keypair for multiple servers. Ansible will look at your local computer’s /etc/hosts file and try resolving an IP address listed there whenever it encounters a hostname during its playbook runs. Since we copied our public key to the target server earlier, we will add that 11.22.33 address to our local computer’s /etc/hosts file so Ansible can resolve it properly.

sudo nano /etc/ansible/hosts

You will be adding 11.22.33 to the bottom of the webservers host group. Remember to replace 11.22.33 with your actual IP address.

A group in Ansible is simply a list of hosts that should be treated similarly.

For example, webservers is a group of hosts which all run the same web applications, db-servers is a group of hosts which all run the same database applications.

Suppose you have several different servers that will all have similar playbooks to run. In that case, you might consider placing them all into a single host group so every playbook run on those systems can take advantage of any variables or other features shared by the entire group.

<img alt="Ansible target server list" data-ezsrc="https://kirelos.com/wp-content/uploads/2023/03/echo/word-image-19701-4.png" data-ez decoding="async" ezimgfmt="rs rscb10 src ng ngcb10 srcset" height="94" loading="lazy" src="data:image/svg xml,” width=”558″>

Save and close the file when you are finished.

Testing Your Configuration

Now, we can test that Ansible is properly configured on your local computer by using the ping module against your target server. This will check to see if any syntax errors in your configuration files would prevent ansible from being able to connect to the target server.

ansible -m ping webservers

If everything is configured properly, ansible will return a list of all the hosts in your host group along with their corresponding pinged status.

The output should look something like this:

<img alt="Connect to target was successful" data-ezsrc="https://kirelos.com/wp-content/uploads/2023/03/echo/word-image-19701-5.png" data-ez decoding="async" ezimgfmt="rs rscb10 src ng ngcb10 srcset" height="116" loading="lazy" src="data:image/svg xml,” width=”633″>

SUCCESS indicates that the command was run successfully on the remote server. This output will differ depending on whether or not ansible can contact the target server, as well as what arguments you passed to ping(such as -m ping).

“ansible_facts”: { indicates that ansible was able to gather facts about the remote server.

“discovered_interpreter_python”: “/usr/bin/python3” indicates that ansible discovered which interpreter is available on your remote target server, in this case, /usr/bin/python3. Suppose you do not see any output after running the ping module. In that case, you likely have a typo in your hosts file or some other error in your configuration preventing ansible from connecting to the target server.

“changed”: false indicates that no changes were made on the remote server due to running this particular module.

“ping”: “pong” returns pong as expected. This is the response you should see if everything is configured properly and ansible can successfully reach the target server.

Conclusion

In this article, we have installed Ansible on our local Rocky Linux 9 machine and configured it to connect to a remote server. Ansible was then used to ping the remote server to ensure everything was configured correctly.

Now that you have installed and configured ansible, you can use it to manage your remote servers.

For more information on using Ansible, please see its official Ansible documentation.