How to install Ansible on Fedora 29 for IT and server automation

ADVERTISEMENTS



Procedure to install Ansible on Fedora 29

Update your Fedora 29 system, run: sudo dnf update Install Ansible on Fedora 29, run: sudo dnf install ansible Upgrade Ansible in Fedora 29, run: sudo dnf upgrade ansible Set up ssh key-based authentication Test Ansible

Step 1. Fedora Linux install Ansible

How do I install Ansible on Fedora 29 workstation? How can I set up and test Ansible playbooks using my Fedora Linux desktop?Introduction – Ansible is a free and open source configuration management tool. It is similar to Chef or Puppet. It works over SSH based session and does not need any software or client/agent on remote servers. One can use Ansible to manage Linux, Unix, macOS, and *BSD family of operating systems. This page shows how to install ansible and set up your first Ansible playbook on Fedora Linux 29.

Type the following dnf command to update Fedora box:

$ sudo dnf update

$ dnf search ansible

Find out information about the Ansible package, run:

$ dnf info ansible

Sample outputs:

Available Packages Name : ansible Version : 2.7.5 Release : 1 .fc29 Arch : noarch Size : 11 M Source : ansible-2.7.5- 1 .fc29.src.rpm Repo : updates Summary : SSH-based configuration management, deployment, and task : execution system URL : http://ansible.com License : GPLv3+ Description : : : Ansible is a radically simple model-driven configuration : management, multi-node deployment, and remote task execution : system. Ansible works over SSH and does not require any software : or daemons to be installed on remote nodes. Extension modules : can be written in any language and are transferred to managed : machines automatically. : : This package installs versions of ansible that execute on : Python3. Available Packages Name : ansible Version : 2.7.5 Release : 1.fc29 Arch : noarch Size : 11 M Source : ansible-2.7.5-1.fc29.src.rpm Repo : updates Summary : SSH-based configuration management, deployment, and task : execution system URL : http://ansible.com License : GPLv3+ Description : : : Ansible is a radically simple model-driven configuration : management, multi-node deployment, and remote task execution : system. Ansible works over SSH and does not require any software : or daemons to be installed on remote nodes. Extension modules : can be written in any language and are transferred to managed : machines automatically. : : This package installs versions of ansible that execute on : Python3.

Installing Ansbile on Fedora Linux

Finally, type the following dnf command:

$ sudo dnf install ansible



We can verify the Ansible version by running the following command:

$ ansible --version

Sample outputs:

ansible 2.7.5 config file = /etc/ansible/ansible.cfg configured module search path = [ '/home/vivek/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules' ] ansible python module location = /usr/lib/python3.7/site-packages/ansible executable location = /usr/bin/ansible python version = 3.7.2 ( default, Jan 3 2019 , 09: 14 :01 ) [ GCC 8.2.1 20181215 ( Red Hat 8.2.1-6 ) ] ansible 2.7.5 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/vivek/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.7/site-packages/ansible executable location = /usr/bin/ansible python version = 3.7.2 (default, Jan 3 2019, 09:14:01) [GCC 8.2.1 20181215 (Red Hat 8.2.1-6)]

Step 2. Set up ssh keys on a Linux or Unix

First, create the key pair using the ssh-keygen command on your Fedora Linux desktop/workstation:

$ ssh-keygen -t ed25519 -C "Desktop ssh key"

Next, copy and install the public key in remote Linux/Unix/BSD servers using the ssh-copy-id command:

$ ssh-copy-id -i $HOME/.ssh/id_ed25519.pub user@ubuntu-server-ec2

$ ssh-copy-id -i $HOME/.ssh/id_ed25519.pub ec2-user@freebsd-server-lightsail

$ ssh-copy-id -i $HOME/.ssh/id_ed25519.pub vivek@centos-server-linode

Test password less log in using the ssh command:

$ ssh vivek@centos-server-linode

$ ssh ec2-user@freebsd-server-lightsail

Step 3. Test the Ansible

$ vi inventory

## my vms/server hosted locally ## [lanhosts] 192.168.2.203 192.168.2.207 ## my vms/servers hosted by AWS (EC2/Lightsail) ## [awshosts] vm1.cyberciti.biz ## my Linode VMs ## [linodehosts] vm2.cyberciti.biz

First create an inventory file as follows on a control machine:Add hostnames/IP address of all remote Linux/*BSD servers:

Next run the uptime command command and lsb_release command on two hosts located in my LAN i.e. lanhosts group as user vivek:

$ ansible -u vivek -i inventory -m raw -a 'uptime' lanhosts

$ ansible -u vivek -i inventory -m raw -a 'lsb_release -a' lanhosts



Step 4. Writing your first Ansible playbook to manage Linux/Unix servers

First, update your inventory file to indicate user name and method to become sudo on the remote server. Here is my updated hosts file displayed with the cat command:

cat inventory

Sample config file:

[ all:vars ] ansible_user = 'vivek' # Username for ssh connection ansible_become = 'yes' # Run commands as root user? ansible_become_pass = 'PasswordForVivekUser' # Password for sudo user i.e. ansible_user password ansible_become_method = 'sudo' # How do I become root user? Use sudo. ## my vms/server hosted locally ## [ lanhosts ] 192.168.2.203 ansible_python_interpreter = '/usr/bin/python2' 192.168.2.207 ansible_python_interpreter = '/usr/bin/python3' ## my vms/servers hosted by AWS ( EC2/Lightsail ) ## [ awshosts ] vm1.cyberciti.biz ## my Linode VMs ## [ linodehosts ] vm2.cyberciti.biz [all:vars] ansible_user='vivek' # Username for ssh connection ansible_become='yes' # Run commands as root user? ansible_become_pass='PasswordForVivekUser' # Password for sudo user i.e. ansible_user password ansible_become_method='sudo' # How do I become root user? Use sudo. ## my vms/server hosted locally ## [lanhosts] 192.168.2.203 ansible_python_interpreter='/usr/bin/python2' 192.168.2.207 ansible_python_interpreter='/usr/bin/python3' ## my vms/servers hosted by AWS (EC2/Lightsail) ## [awshosts] vm1.cyberciti.biz ## my Linode VMs ## [linodehosts] vm2.cyberciti.biz

A playbook is nothing but scripts/commands that executed on the remote box. Create a playbook named test.yml as follows using a text editor such as vim command/nano command:

vim test.yml

Append the following code:

--- - hosts: lanhosts tasks: - name: Get hostname for testing purpose command: /bin/hostname changed_when: False register: hostname - debug: var={{ item }} with_items: - hostname.stdout --- - hosts: lanhosts tasks: - name: Get hostname for testing purpose command: /bin/hostname changed_when: False register: hostname - debug: var={{ item }} with_items: - hostname.stdout

Playbooks in Ansible use Yaml. Next, run it as follows from Fedora Linux workstation/control machine:

$ ansible-playbook -i inventory test.yml



A note about password stored in an insecure format

Take a close look at the following config directory in inventory file:

ansible_become_pass='PasswordForVivekUser'

It is a bad idea to store password and other sensitive information in clear text format. Let us fix this:

$ vim inventory

Find:

ansible_become_pass='PasswordForVivekUser'

Replace:

ansible_become_pass='{{ my_user_password }}'

Save and close the file. Next create a new encrypted data file named passwords.yml, run the following command:

$ ansible-vault create passwords.yml

Set the password for vault. After providing a password, the tool will start whatever editor you have defined with $EDITOR. Append the following:

my_user_password: your_password_for_ansible_user

Save and close the file. Run it as follows:

$ ansible-playbook -i inventory --ask-vault-pass --extra-vars '@passwords.yml' test.yml



Adding user using the Ansible playbook

For more information read: How to set and use sudo password for Ansible Vault

Say you need to add a new user named wwwjobs all hosts in lanhosts group. Create a new playbook named add-user.yml:

--- - hosts: lanhosts tasks: - name: Add a new user to my Linux VMs with password disabled but allow ssh log in user: name: wwwjobs comment: "Account to run jobs for our web server" shell: /bin/bash groups: sudo append: yes password: * - name: Upload ssh key for user wwwjobs for log in purpose authorized_key: user: vivek state: present manage_dir: yes key: "{{ lookup('file', '/home/vivek/.ssh/id_ed25519.pub') }}" --- - hosts: lanhosts tasks: - name: Add a new user to my Linux VMs with password disabled but allow ssh log in user: name: wwwjobs comment: "Account to run jobs for our web server" shell: /bin/bash groups: sudo append: yes password: * - name: Upload ssh key for user wwwjobs for log in purpose authorized_key: user: vivek state: present manage_dir: yes key: "{{ lookup('file', '/home/vivek/.ssh/id_ed25519.pub') }}"

Run it as follows:

$ ansible-playbook -i inventory --ask-vault-pass --extra-vars '@passwords.yml' add-user.yml

How to add and remove packages

In this example, we are going to add and remove packages using the apt command for all hosts located in linodehosts group. Create a file named ubuntu-software.yml:

--- - hosts: linodehosts tasks: - name: Add a list of software on Linode VMs ... apt: name: "{{ packages }}" state: present vars: packages: - vim - unzip - htop - atop - iftop - nmon - sysstat - iotop - nicstat - vnstat - name: Delete a list of software from Linode VMs ... apt: name: "{{ packages }}" state: absent vars: packages: - nano --- - hosts: linodehosts tasks: - name: Add a list of software on Linode VMs ... apt: name: "{{ packages }}" state: present vars: packages: - vim - unzip - htop - atop - iftop - nmon - sysstat - iotop - nicstat - vnstat - name: Delete a list of software from Linode VMs ... apt: name: "{{ packages }}" state: absent vars: packages: - nano

Again run it as follows:

$ ansible-playbook -i inventory --ask-vault-pass --extra-vars '@passwords.yml' ubuntu-software.yml

Conclusion

And there you have it, Ansible set up and tested to manage Linux or Unix boxes. Ansible works very fast for repeated tasks such as adding users in bulk, installing software, configuring *BSD/Linux/Unix boxes. YAML takes a little time to master but easy to learn. See Ansible documentation for more info:

Ansible documents

Linux user module document

Debian/Ubuntu apt module document

How to use Ansible vault to keep sensitive data such as passwords or keys in encrypted files

Category List of Unix and Linux commands File Management cat Network Utilities dig • host • ip • nmap Package Manager apk • apt Processes Management bg • chroot • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time Searching grep • whereis • which User Information groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w