Ansible for Beginners: Automate Your RHEL System Administration

Introduction

As with other Red Hat Enterprise Linux (RHEL) systems, RHEL system administrators aim to improve their workflow by automating system administration tasks where possible. Ansible is a versatile automation tool that facilitates the integration of configuration management, application deployment, and system administration. Whether you are preparing for the Red Hat Certified System Administrator (RHCSA) exam or want to upskill in automation, this guide aims to teach you how Ansible can automate your RHEL system administration activities.

Why Learn Ansible?

Ansible is dominant tool for System Administrator, DevOps Engineers, and IT professionals who want to streamline and automate their workflows. Important reasons to learn Ansible: 

1. Simplicity: Ansible is designed in such a way so that it becomes easy to learn and use. It’s depended on YAML which is a human-readable data format which define automation tasks in the form of playbooks. Unlike traditional scripting YAML is intuitive and requires negligible programming knowledge making it accessible to beginners and experts.
2. Efficiency:  Ansible automates routine administrative tasks like software installation user management and configuration updates. It reduces the need for manual intervention it also reduces the chances of human error and speeds up the operation of repetitive operations which helps saving time and effort.
3. Consistency: If you are managing multiple servers manually it can lead to variations in configurations which leads to system failures or security vulnerabilities. Ansible ensures that all servers maintain the same configurations by applying predefined playbooks, reducing discrepancies and improving system stability.
4.  Scalability: Whether you are managing a few servers or thousands, Ansible scales effortlessly. It allows administrators to configure large infrastructure with minimal changes, making it ideal for organizations that need to expand their IT operations without increasing administrative overhead.
5. Cost effective: Ansible is open-source and has no need for extra software agents to be installed on managed nodes. Agentless design reduces hardware and software expenses while making maintenance easier, making it a cost-effective solution for large, medium, and small-sized businesses alike.
6. Versatile: Ansible is not only for system administration. It has a broad spectrum of IT automation activities, such as network configuration, cloud provisioning, security compliance, and application deployment. Its versatility makes it an effective tool for DevOps and IT professionals. 

What is Ansible? 

Ansible is an agent less automation tools that helps IT administrators to automate repetitive tasks across multiple servers. Unlike, configuration management tools Ansible do not require any agent on the target machines, it communicates through SSH and uses YAML based playbooks to define automation tasks. 

Key Features of Ansible:

1. Agentless:

Traditional configuration management tools like Puppet or Chef require agents to be installed on every managed node. Whereas, Ansible does not need any additional software on target machines. It uses existing protocols such as SSH for Linux and WinRM for Windows to communicate and execute commands. This helps cuts overhead, eliminates compatibility issues, and simplifies maintenance as there’s no need to manage extra software on managed nodes.

2. Declarative Language:

Ansible uses YAML to define system configurations. YAML is human-readable and easy to understand which makes it simple for users to write playbooks without requiring deep programming knowledge. Instead of writing complex scripts administrators define the desired state of a system and Ansible ensures the system is configured accordingly.

3. Scalability:

Ansible is designed to scale efficiently from a few nodes to thousands of servers. Its simple inventory system helps you can organize servers into groups and apply configurations across multiple machines. Large organizations use Ansible to manage enterprise-wide IT infrastructures with less effort.

4. Idempotency:

Idempotency means that running the same Ansible playbook multiple times will not cause unintentional changes. If a configuration is already applied, Ansible does nothing, which ensures that the system remains in the wanted state without out of work executions. This prevents unnecessary modifications and guarantees consistency across deployments.

5. Secure:

Ansible powers SSH for secure communication, removing the need for additional security layers or credential storage on managed nodes. It supports features like vault encryption for sensitive data (e.g., passwords and API keys) to increase security. Unlike agent-based tools that require open ports and additional security configurations, Ansible lessens security risks by using existing authentication mechanisms.

 How to Set Up Ansible On RHEL?

Prerequisites:

1. A RHEL based system with root or sudo privileges. 
2. Python installed it is usually pre-installed in RHEL.
3. SSH access to managed nods.

Installation Steps: 

1.   To update your system run the following command 

sudo dnf update -y

       2. To install Ansible use this command

sudo dnf install -y ansible

      3. Verify the Installation by clicking the Ansible version

ansible --version

 

Configuring Ansible

Setting Up Inventory

Ansible uses an inventory file to define the managed host. The default inventory file is located at

/etc/ansible/hosts

 is the default inventory file used by Ansible to define and manage groups of remote hosts (nodes). In this file, system administrators list the IP addresses or hostnames of the machines they want Ansible to manage.

 Edit the file inventory: Open the inventory file using text editor: 

sudo nano /etc/ansible/hosts

 

Meaning of command 

• sudo: Runs the command with superuser (root) privileges it is necessary for editing system files.
• nano: Opens the nano text editor which is a simple and user-friendly terminal-based editor.
• /etc/ansible/hosts: This is Ansible's default inventory file where managed nodes (servers) are listed and grouped.

Purpose of command 

This command allows to edit the Ansible inventory file to define which servers Ansible will manage. In this file, you can group hosts, assign IP addresses, and specify configurations

  Add the managed notes:

[webservers] 192.168.1.10 192.168.1.11   [dbservers] 192.168.1.20

Save and exit. 

Meaning of command

• [webservers]: This is a group name for servers that will be managed as "webservers".
• 192.168.1.10 and 192.168.1.11: These are the IP addresses of the servers that belong to the webservers group.
• [dbservers]: This is another group name it represents a group of servers designated as database servers.
• 192.168.1.20: The IP address of the server in the dbservers group.

Purpose of command 

• This inventory structure allows you to logically organize servers into groups, so that you can apply configurations or tasks to specific types of machines. 

 Testing Connectivity

Use the ping module to test connectivity to managed nodes. 

ansible all -m ping

 Meaning of the Command

• ansible: This is the Ansible command-line tool used to execute tasks.
• all: This specifies the target hosts or servers. In this case, all refers to all the hosts defined in the inventory file. It simply means that the task will be executed on every host listed there.
• -m ping: The -m option specifies the module to be used. Here, ping is the Ansible module being invoked. The ping module is used to check the connection and verify that Ansible can reach the managed nodes. It's a simple way to test if the control node can communicate with the managed nodes.

Purpose of command 

This command tests connectivity between the Ansible control node (the machine from which Ansible is being run) and all the managed hosts listed in the inventory. If successful, you’ll see "pong" in the output for each host, confirming that Ansible can communicate with them.

 Writing your first playbook 

An Ansible playbook is a YAML file containing tasks to automate system administration.

Create a new playbook file and add the following YAML code to install Apache on web servers:

--- - name: Install Apache on Web Servers   hosts: webservers   become: yes   tasks:     - name: Install httpd       dnf:         name: httpd         state: present     - name: Start and Enable Apache       service:         name: httpd         state: started         enabled: yes

 

Meaning of command

- name: Install Apache on Web Servers: This is the name of the playbook, telling the action it will perform. In this case, it directs that the playbook will install Apache on servers defined as "webservers".

• hosts: webservers: This line specifies the target group for the playbook. Ansible will execute this playbook on all servers listed under the webservers group in the inventory file.
• become: yes: This indicates that the tasks in the playbook should be executed with elevated privileges (sudo). This is required to install software and start/enable services.
• tasks: This section lists the tasks that will be executed on the target hosts.
• - name: Install httpd: The first task is to install the Apache HTTP server (httpd package) on the web servers.
• dnf: The module used to manage packages on RHEL-based systems (like CentOS, Fedora, and RHEL itself).
• name: httpd: Specifies the package to install (Apache).
• state: present: Ensures that the httpd package is installed. If it's not installed, it will be installed.
• - name: Start and Enable Apache: The second task ensures that Apache is started and enabled to start on boot.
• service: The module used to manage services on Linux.
• name: httpd: Specifies the Apache service (httpd) to be managed.
• state: started: Ensures the Apache service is started.
• enabled: yes: Ensures that Apache will start automatically when the system boots.

Purpose of command 

This playbook installs Apache (httpd) on the servers in the webservers group, starts the Apache service, and confirms that it will automatically start on boot.

 Save the file as install apache.yml and run the playbook using following command:

ansible-playbook install_apache.yml

 

Meaning of the Command

• ansible-playbook: This Ansible command is used to run a playbook which is a YAML file containing instructions for automating tasks across multiple managed servers.
• install_apache.yml: This is the name of the playbook file you want to run. The  .yml extension indicates it is a YAML file, and in this case, the file contains instructions for installing Apache on the target servers.

Purpose of command

The command implements the install_apache.yml playbook, which automates the process of installing and configuring Apache (httpd) on the servers specified in the playbook. This file contains steps like installing the Apache package, starting the service, and enabling it to start on boot.

 Automating Common RHEL Tasks

User Management

To create a new user, use the following playbook:

--- - name: Create a user   hosts: all   become: yes   tasks:     - name: Add user john       user:         name: john         state: present

 

Meaning of the Command

• - name: Create a user: This describes the task that the playbook will perform—creating a user on the target hosts (servers).
• hosts: all: This line specifies that the task will be executed on all servers listed in the Ansible inventory (defined in /etc/ansible/hosts).
• become: yes: This indicates that the task should be executed with elevated privileges (using sudo), which is required for creating users.
• tasks: This section defines the specific actions to be performed in the playbook.
• - name: Add user john: The name of this individual task is "Add user john." This describes the action of creating the user john.
• user: This module is used to manage user accounts on the target machine.
• name: john: This specifies the name of the user to create, which is john.
• state: present: This ensures that the user john is created. If the user already exists, no changes are made (idempotency). If the user doesn’t exist, it will be created.

Purpose of command 

This playbook will create a user named john on all servers defined in the Ansible inventory. If the user john already exists, it won’t be recreated.

 Run the playbook: Execute playbook with this command

ansible-playbook create_user.yml

 Meaning of the command

• ansible-playbook: This is the command used to run an Ansible playbook, which is a YAML file containing a series of automation tasks.
• create_user.yml: This is the specific playbook file that you want to run. The .yml extension indicates that this is a YAML file containing Ansible instructions, and in this case, it's designed to create a new user on the target servers.

Purpose of command

The command executes the create_user.yml playbook, which will automate the process of creating a new user (as defined in the playbook) on all the managed nodes specified in the inventory. This playbook contains steps such as creating the user account and assigning permissions or attributes.

 Package Management 

Ensure that vim is installed on all managed nods by adding the following playbook:

- name: Install Vim   hosts: all   become: yes   tasks:     - name: Install vim       dnf:         name: vim         state: present

 

Meaning of the Command

• name: Install Vim: This is the name or title of the playbook, describes the action it will perform, which in this case is installing vim on the target servers.
• hosts: all: This line specifies that the task should be executed on all servers defined in the Ansible inventory (listed in /etc/ansible/hosts).
• become: yes: This indicates that the tasks should be executed with elevated privileges (like sudo), which is necessary to install packages on the system.
• tasks: This section lists the specific tasks to be executed within the playbook.
• - name: Install vim: The task name, describing what the task will do: install the vim editor.
• dnf: This is the Ansible module used to manage packages on RHEL-based systems.
• name: vim: Specifies the package to be installed (vim in this case).
• state: present: This ensures that the vim package is installed. If it’s not installed, it will be installed; if it’s already installed, nothing will be changed (idempotent behaviour).

Purpose of command

This playbook will ensure that vim is installed on all the servers defined in your Ansible inventory. If vim is not installed, it will be installed, and if it’s already present, the playbook will not make any changes.

 System Updates

 Use this playbook to automate systems updates across all managed nods.

- name: Update all packages   hosts: all   become: yes   tasks:     - name: Update packages       dnf:         name: "*"         state: latest

 

Meaning of the Command

• name: Update all packages: This is the name or description of the playbook, stating that it will update all packages on the target machines.
• hosts: all: This line indicates that the tasks will be executed on all servers listed in the Ansible inventory (/etc/ansible/hosts).
• become: yes: This specifies that the playbook should be executed with elevated privileges (i.e., sudo), which is required for tasks like updating system packages.
• tasks: This section contains the specific tasks that Ansible will perform.
• - name: Update packages: This task is labelled "Update packages" and tells what the task does: it updates all system packages.
• dnf: This is the Ansible module used to manage packages on RHEL-based systems (such as Red Hat, CentOS, Fedora).
• name: "*": The wildcard * here indicates that all installed packages will be updated.
• state: latest: This ensures that each package is updated to the latest available version. If a package is already up-to-date, it will not be changed.

Purpose of command

This playbook updates all the installed packages on all the managed servers. The dnf package manager is used to ensure that each package is updated to its latest version.

 Conclusion

 Ansible simplifies RHEL System Administration by automating repetitive tasks, ensuring consistency and improving efficiency. By using Ansible playbooks, IT administrators can mechanize software installations, system updates, and configuration management effortlessly. Start experimenting with Ansible today and modernize your system administration everyday jobs!