Configuration Management with Ansible on Rocky Linux 9

Configuration management systems are designed to make controlling large numbers of servers accessible for administrators and operations teams. They allow you to control many different systems in an automated way from one central location. While there are many popular configuration management systems available for Linux systems, such as Chef and Puppet, these are often more complex than many people want or need. Ansible is a great alternative to these options because it has a much smaller overhead to get started.

Introduction to Ansible

Ansible works by configuring client machines from a computer with Ansible components installed and configured. It communicates over normal SSH channels to retrieve information from remote machines, issue commands, and copy files. Because of this, an Ansible system does not require any additional software to be installed on the client computers. This is one way that Ansible facilitates the administration of servers. Any server that has an SSH port exposed can be brought under Ansible’s configuration umbrella, regardless of what stage it is at in its life cycle.

Ansible takes on a modular approach, making it possible to use the functionalities of the main system to deal with specific scenarios. Modules can be written in any language and communicated in standard JSON. Configuration files are mainly written in the YAML data serialization format due to its expressive nature and its similarity to popular markup languages. Ansible can interact with clients through either command-line tools or through its configuration scripts called Playbooks.

Installing and Configuring Ansible

Prerequisites

To follow this tutorial, you will need:

• One Ansible Control Node: The Ansible control node is the machine you’ll use to connect to and control the Ansible hosts over SSH. Your Ansible control node can either be your local machine or a server dedicated to running Ansible, though this guide assumes your control node is a Rocky Linux 9 system.
• A non-root user with sudo privileges.
• An SSH keypair associated with this user.
• One or more Ansible Hosts: An Ansible host is any machine that your Ansible control node is configured to automate.

Step 1 — Installing Ansible

To begin exploring Ansible as a means of managing your various servers, you first need to install the Ansible software on at least one machine.

To get Ansible for Rocky Linux 9, first ensure that the Rocky Linux 9 EPEL repository is installed using dnf:

sudo dnf install epel-release

Once the repository is installed, install Ansible:

sudo dnf install ansible

Now you have all of the software required to administer your servers through Ansible.

Step 2 — Configuring Ansible Hosts

Ansible keeps track of all of the servers that it knows about through a hosts file. You need to set up this file first before you can communicate with your other machines.

Open the file with root privileges as in the following:

sudo vi /etc/ansible/hosts

You will notice this file has a lot of example configurations commented out. Keep these examples in the file to help you learn Ansible’s configuration if you want to implement more complex scenarios in the future.

The hosts file is fairly flexible and can be configured in a few different ways. The syntax you are going to use is structured like the following:

Example hosts file

[group_name]
alias ansible_ssh_host=your_server_ip

The group_name is an organizational tag that lets you refer to any servers listed under it with one word. The alias is a name to refer to that server.

For example, imagine you have three servers you want to control with Ansible. Ansible communicates with client computers through SSH, so each server you want to manage will be accessible from the Ansible server. If you followed the One or more Ansible Hosts option in the prerequisites, your hosts will have the SSH keys set up and accessible by running the following:

ssh root@your_server_ip

You will not be prompted for a password. While Ansible certainly has the ability to handle password-based SSH authentication, SSH keys help keep things more streamlined.

With your file already open, you will use the following servers’ IP addresses as an example: 203.0.113.111, 203.0.113.112, and 203.0.113.113. Make sure to replace the IP addresses with your own. Next, set this up so that you can refer to each server individually as host1, host2, and host3, or as a group as servers. To configure this, you need to add the following block to your hosts file:

[servers]
host1 ansible_ssh_host=203.0.113.111
host2 ansible_ssh_host=203.0.113.112
host3 ansible_ssh_host=203.0.113.113

Once you’re done adding the block, save and exit the file. You can do this by writing :wq and then ENTER.

Hosts can be in multiple groups and groups can configure parameters for all of their members. You can try this by running the following command:

ansible -m ping host1

Ansible Connection Errors

Ansible will, by default, try to connect to remote hosts using your current username. This error shows that if the user doesn’t exist on the remote system, the connection will fail.

Therefore, let’s specifically tell Ansible to connect to servers in the servers group with the sammy user. Begin by creating a directory in the Ansible configuration structure called group_vars:

sudo mkdir /etc/ansible/group_vars

Within this folder, you can create YAML-formatted files for each group you want to configure. Previously, you edited the file using the vi text editor. Alternatively, you can edit the file using nano, but need to install it with the following command:

sudo dnf -y install nano

If you prefer to use nano, after you install it you will open the /etc/ansible/group_vars/servers file to edit the configuration:

sudo nano /etc/ansible/group_vars/servers

Add the following code to the file. YAML files start with ---, so don’t forget that part:

---
ansible_ssh_user: sammy

Once you’re finished, save and exit the file. In nano, you can do this by pressing CTRL + X and then Y and ENTER.

Now Ansible will always use the sammy user for the servers group, regardless of the current user.

Step 3 — Using Basic Ansible Commands

Now that you have your hosts set up and enough configuration details to allow you to successfully connect to your hosts, you can try out several commands.

First, ping all of the servers you configured. The -m ping portion of the command is an instruction to Ansible to use the ping module. These are general commands that you can run on your remote hosts:

ansible -m ping all

Ansible will return output like the following:

host3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
host1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
host2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}

You’ve now successfully run several of the basic Ansible commands among your various hosts.

Conclusion

Your Ansible server is now configured to communicate with the servers that you would like to control. You can verify that Ansible can communicate with each host by using the ansible command to execute basic tasks remotely.

You have configured a great foundation for working with your servers through Ansible, so your next step is to learn how to use Playbooks to do the heavy lifting for you.