[RHCE] 04 – Install and configure an Ansible control node

      Ankush More

      04_01 Installing Required Packages for Ansible

      RHEL/CentOS Installation Commands

      # filepath: /examples/install_rhel.sh
# Enable EPEL Repository
dnf install -y epel-release

# Install Ansible and dependencies
dnf install -y ansible
dnf install -y python3
dnf install -y python3-pip
dnf install -y sshpass
dnf install -y git

      Ubuntu/Debian Installation Commands

      # filepath: /examples/install_ubuntu.sh
# Update package lists
apt update

# Install Ansible and dependencies
apt install -y ansible
apt install -y python3
apt install -y python3-pip
apt install -y sshpass
apt install -y git

      Python Dependencies

      # filepath: /examples/install_python_deps.sh
# Install Python packages
pip3 install ansible
pip3 install pywinrm    # For Windows hosts
pip3 install jmespath   # For JSON processing
pip3 install netaddr    # For IP address handling

      Version Verification

      # filepath: /examples/verify_install.sh
# Check versions
ansible --version
python3 --version
pip3 list | grep ansible

      Package Requirements File

      # filepath: /examples/requirements.txt
ansible>=2.9.0
pywinrm>=0.4.1
jmespath>=0.10.0
netaddr>=0.8.0

      Common Issues and Solutions

      # filepath: /examples/troubleshooting.sh
# Fix Python symlink if needed
ln -s /usr/bin/python3 /usr/bin/python

# Fix permissions if needed
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

# SELinux configuration if needed
setsebool -P ssh_keysign on

      04_02 Static Host Inventory Guide

      Basic INI Format

      # filepath: /etc/ansible/inventory/hosts
# Single hosts
web1.example.com
web2.example.com ansible_host=192.168.1.101

# Basic groups
[webservers]
web1.example.com
web2.example.com

[dbservers]
db1.example.com
db2.example.com

      YAML Format

      # filepath: /etc/ansible/inventory/inventory.yml
all:
  hosts:
    mail.example.com:
  children:
    webservers:
      hosts:
        web1.example.com:
          http_port: 80
        web2.example.com:
          http_port: 8080
    dbservers:
      hosts:
        db1.example.com:
        db2.example.com:

      Complete Production Example

      # filepath: /etc/ansible/inventory/production
# Web Servers
[webservers]
web[01:03].prod.example.com
192.168.1.[10:20]

# Database Servers
[dbservers]
db[01:02].prod.example.com ansible_user=dbadmin

# Load Balancers
[lbservers]
lb01.prod.example.com
lb02.prod.example.com

# Group Variables
[webservers:vars]
http_port=80
proxy_timeout=5

[dbservers:vars]
mysql_port=3306
mysql_max_connections=150

# Nested Groups
[prod:children]
webservers
dbservers
lbservers

[prod:vars]
ansible_user=ansible
ansible_become=true
ntp_server=ntp.prod.example.com

      Testing Inventory

      # filepath: verify_inventory.sh
# List all hosts
ansible-inventory --list

# List specific group
ansible webservers --list-hosts

# Graph view
ansible-inventory --graph

# Ping all hosts
ansible all -m ping -i /etc/ansible/inventory/production

      04_03 Ansible Configuration Guide

      Basic Configuration

      # filepath: /etc/ansible/ansible.cfg
[defaults]
inventory = /etc/ansible/hosts
remote_user = ansible
host_key_checking = False
forks = 5
log_path = /var/log/ansible.log

[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False

      Production Configuration

      # filepath: /etc/ansible/production.cfg
[defaults]
inventory = /etc/ansible/inventory/production
remote_user = ansibleprod
private_key_file = ~/.ssh/prod_key
vault_password_file = ~/.vault_pass
roles_path = ./roles:/usr/share/ansible/roles
log_path = /var/log/ansible/prod.log
forks = 20
timeout = 30

[ssh_connection]
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=3600s

[privilege_escalation]
become = True
become_method = sudo

[colors]
highlight = white
verbose = blue
warn = bright purple
error = red
debug = dark gray

      Development Configuration

      # filepath: /etc/ansible/development.cfg
[defaults]
inventory = ./inventory/development
remote_user = ansibledev
host_key_checking = False
retry_files_enabled = True
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible_facts
fact_caching_timeout = 86400

[privilege_escalation]
become = True
become_method = sudo

      Testing Configuration Settings

      # filepath: test_config.sh
# Test configuration
ansible-config dump --only-changed

# Verify paths
ansible-config view

# Show current configuration
ansible-config list

      04_04 Static Inventory Guide

      Basic INI Format

      # filepath: /etc/ansible/hosts
web1.example.com
db1.example.com ansible_host=192.168.1.10

[webservers]
web[1:3].example.com
192.168.1.[20:25]

[dbservers]
db[01:02].example.com

      Advanced Grouping

      # filepath: /etc/ansible/production
# Application Servers
[app_servers]
app[01:04].prod.example.com

# Database Servers
[db_servers]
db[01:02].prod.example.com

# Load Balancers
[lb_servers]
lb[01:02].prod.example.com

# Environment Groups
[prod:children]
app_servers
db_servers
lb_servers

# Group Variables
[app_servers:vars]
http_port=8080
app_env=production

[db_servers:vars]
mysql_port=3306
backup_enabled=yes

# Global Production Variables
[prod:vars]
ansible_user=ansible
ntp_server=ntp.prod.example.com
dns_server=dns.prod.example.com

      Host Variables Example

      # filepath: /etc/ansible/host_vars/app01.prod.example.com.yml
---
http_port: 80
app_path: /var/www/app
memory_limit: 4G

      Group Variables Example

      # filepath: /etc/ansible/group_vars/prod.yml
---
ansible_user: ansible
ansible_become: true
backup_retention: 7
monitoring_enabled: true

      Verification Commands

      # filepath: verify_inventory.sh
ansible-inventory --list
ansible-inventory --graph
ansible all -m ping
ansible-inventory --host app01.prod.example.com

      Discover more from Altgr Blog

      Subscribe to get the latest posts sent to your email.

      Related Posts

      Leave a Reply

      Your email address will not be published. Required fields are marked *