Working with Ansible
Ansible is an IT automation tool that facilitates the task of setting up and maintaining remote servers. Ansible uses an inventory file to keep track of which hosts are part of your infrastructure, and how to reach them for running commands and playbooks.
When using Managed RHEL and Ansible in your environment, there are a few things to consider.
Installing Ansible
You have the following options to install Ansible:
- Install ansible-core from the Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) repository.
- Install the ansible community package from the Extra Packages for Enterprise Linux (EPEL) repository.
- Install your desired Ansible (ansible or ansible-core) package with pip (the Python package manager).
Keep in mind, if you install the ansible community package, it will also install the corresponding version of ansible-core as a dependency. This behavior is the same for installations from your operating system's package manager (yum, dnf) or for installations with pip.
Difference between ansible-core and ansible packages
Up to version 2.9 there was only one Ansible package, called ansible. Starting with version 2.10, Ansible distributes two deliverables: a community package called ansible and a minimalist package called ansible-core (called ansible-base in version 2.10). The ansible package includes the Ansible language and runtime, plus a range of community curated collections. It recreates and expands on the functionality that was included in Ansible 2.9.
ansible community package | ansible-core |
---|---|
Uses new versioning (2.10, then 3.0.0) | Continues “classic Ansible” versioning (2.11, then 2.12) |
Follows semantic versioning rules | Does not use semantic versioning |
Maintains only one version at a time | Maintains latest version plus two older versions |
Includes language, runtime, and selected Collections | Includes language, runtime, and built-in plugins |
Developed and maintained in Collection repositories | Developed and maintained in ansible/ansible repository |
You can check the Ansible documentation to see what's included in ansible-core: https://docs.ansible.com/ansible-core/devel/collections/ansible/builtin/index.html (current development version)
Updating Ansible
You have to update your Ansible package(s) yourself.
The ansible-core package is excluded from the automated patching, even it is provided from an official Red Hat repository. This decision is based on the following reasons:
- Even if Ansible updates only have little impact in most cases, it might break things depending on the version jump.
- We don't know if you have a hard requirement for a specific Ansible version.
- If you install the ansible community package from EPEL, it will also install the corresponding ansible-core package from Red Hat's AppStream repository. If we included ansible-core in the automated patching, there might be missing dependencies, depending on the version jump. This is because the ansible community package is distributed via the EPEL repository, which is disabled for the automated patching.
The ansible community package is anyway excluded from the automated patching, since this is delivered via the EPEL repository. The EPEL repository is completely excluded from the automated patching because EPEL sometimes also introduces major version changes. As already mentioned, ansible requires ansible-core. So for updating ansible, ansible-core also needs to be updated.
Running a playbook
Prerequisites
- One Ansible control node: Any Linux server with Ansible installed and configured to connect to your Managed RHEL remote server
- One or more Ansible hosts: One or more Managed RHEL server
Step 1
Request Temp Admin
of your Managed RHEL server and define a password for the temporary admin user custadm
.
Step 2
After you created an inventory file, write the Ansible playbook. In the example below the playbook will install two packages.
- hosts: all
become: true
tasks:
- name: Install Packages
yum:
name: "{{ item }}"
state: latest
loop: [ 'nginx', 'tree' ]
tags: [ 'setup']
Step 3
To execute the playbook on all remote Managed RHEL server listed within the inventory file, we execute the following command from the Ansible control node:
$ ansible-playbook -i inventory myplaybook.yml -u custadm -k -K
This will use the remote user custadm
to connect and authenticate -k
to the Managed RHEL server. Since the remote user requires a password for running commands with SUDO, we need to provide the -K
option for the SUDO password.
Step 4
Afterwards return your Managed RHEL server to Full Managed state by executing the day-2 action Return to Full Managed
.