Install Ansible on CentOS 7

For an overview of what is Ansible – Getting started with Ansible

For this tutorial we are using 3 VMs, with IPs and hostnames – one Ansible controller/manager (ansible-controller) which will be doing the provisioning on the two remote servers i.e. ansible-node1 and ansible-node2:
192.168.40.192 ansible-controller
192.168.40.193 ansible-node1
192.168.40.194 ansible-node2
ansible-controller‘ is the manger node, the one performing the provisioning on the rest of the hosts i.e. on ansible-controller we’ll be installing and configuring Ansible.


Step 0 – preliminary steps

Disbale SELinux

$ sudo set enforce 0
The above command will disable SELinux for the session i.e. until next reboot – to permanently disable it set SELINUX=disabled in /etc/selinux/config file.

Stop Firewalld

As ansible controller needs to access the remote host (via ssh – default port 22)
$ sudo systemctl stop firewalld

Step 1- Installation

Unlike other main configuration management tools, like Chef and Puppet, which require you to install the tool on all the nodes i.e. the contoller/manager node, as well as the managed nodes. Whereas, to use Ansible you’ll be required to install it only on the master/controller/manager node, the one which ‘ll be performing provisioning on all the other nodes.

Install EPEL repo

EPEL (Extra Packages for Enterprise Linux) is an open-source and free community based repository maintained by Fedora team – lists a lot of open-source packages for Fedora, RHEL (Red Hat Enterprise Linux), CentOS, and Scientific Linux. Ansible is also available via EPEL repo.
sudo yum -y install epel-release

Install Ansible

 sudo yum -y install ansible

Step 2 – Generate and share the SSH key

To perform any deployment or management from the Ansible controller to the remote hosts first we need to create and copy the ssh keys to all the remote hosts.
For password-less access you need to share the Ansible controller’s public key i.e. copy the key to all the remote hosts, where you need to perform provisioning.

Generate SSH key

$ ssh-keygen -t rsa -b 4096
Ansible ssh-keygen

Copy the public key

Once the private-public key pair is generated, next is to place the public key on the remote servers that we want to use (for a password-less and secure authentication). It is required to add the public key (content of id_rsa.pub) in the remote host’s $HOME/.ssh/authorized_keys. The recommended way is to use the ssh-copy-id command, you need to specify the user and host, and it’ll copy the key i.e. add it to authorized_keys.
$ ssh-copy-id nahmed@192.168.40.193
Ansible ssh-copy
$ ssh-copy-id nahmed@192.168.40.194
Ansible ssh-copy

Verify SSH

Let’s now verify if ssh authentication is working fine, by ssh-ing into the remote servers.
$ ssh nahmed@192.168.40.193
$ ssh nahmed@192.168.40.194
Ansible ssh

Step 3 – Create Ansible Inventory

The Ansible manager (master/controller) gets to know about the hosts to perform provisioning on via ‘Inventory‘ file. The inventory allows simple listing as well as groups. By default the inventory file gets created at /etc/ansible/hosts. Let’s add our two remote hosts into the inventory, open the file using editor of your choice:
$ sudo vi /etc/ansible/hosts
Add the following in the file:
[test-servers]
192.168.40.193
192.168.40.194
The ‘test-servers‘ in the brackets indicates as group names, it is used in classifying systems and deciding which systems you are going to controlling at what times and for what reason.

Step 4 – Verification

We are done with Ansible setup, all we need to do is verify if it’s working i.e. Ansible manager (ansible-controller in our case) can perform provisioning tasks on remote hosts. There are two ways to use ansible
  • Ad-Hoc – executing a task (command) on the remote host using Ansible’s comman-line tool.
  • Using Playbboks – permanently writing plays (group of tasks) for all or specific hosts or host groups, using YAML configuration specification language, that can be re-used and put to version control.
Let’s ping the 2 remote nodes using Ansible command-line tool – -m flag is to specify the Ansible module we need to use, and -all for all the hosts/groups in the inventory:
$ ansible -m ping all
Note: In case you have various groups of hosts, instead of all use the group name i.e.  ansible -m ping test-servers
Ansible ping
Let’s get the hostnames – using the Ansible’s shell (http://docs.ansible.com/ansible/shell_module.html) module:
$ ansible -m shell -a "hostname" test-servers
Ansible shell

Leave a Reply

Your email address will not be published. Required fields are marked *