Red Hat Enterprise Linux Automation with Ansible
Install Ansible on a control node and describe the distinction between community Ansible and Red Hat Ansible Automation Platform.
You can obtain Ansible software in different ways, each with their own level of support.
From the upstream community
As part of Red Hat Enterprise Linux, with limited support
With the fully supported Red Hat Ansible Automation Platform product
This course focuses on the last of these three, using the tools provided with Red Hat Ansible Automation Platform. However, the Ansible language and basic concepts are the same no matter how you obtain the software.
The upstream Ansible community develops Ansible and distributes versions of it in two ways.
The first of these is Ansible Core.
This is a minimalist component that consists of the core runtime that can interpret Ansible content and a set of commonly used Ansible modules (included as the ansible.builtin Ansible Content Collection).
This runtime is structured so that the control node acts as the execution environment for Ansible code.
The second is community Ansible. This is a distribution of Ansible Core plus a selection of other Ansible Content Collections selected by the open source community, adding additional Ansible modules and roles.
Both are provided by the upstream developers as Python pip packages; neither community version is supported by Red Hat.
Red Hat provides Ansible Core as an RPM package, ansible-core, included with Red Hat Enterprise Linux 9 in the AppStream repository.
It is intended to enable support for automation code provided or generated by Red Hat.
It is supported, but the scope of support is limited to any Ansible Playbooks, roles, or modules that are included with or generated by a Red Hat product, such as the system roles included in the rhel-system-roles package, Red Hat Insights remediation playbooks, and OpenSCAP compliance Ansible Playbooks.
Other use cases, including using the other Ansible modules and plug-ins included with Ansible Core 2.13, are outside the scope of support.
For more information, see the Knowledgebase article "Using Ansible in RHEL 9".
Red Hat provides a fully supported version of Ansible through Red Hat Ansible Automation Platform. Ansible Automation Platform provides a supported version of the Ansible Core toolset plus additional certified and supported content, tools, components, and cloud services. Customers with a valid subscription can use its RPM repository, install the additional tools, and consume certified content from the cloud services.
Important
This course uses Red Hat Ansible Automation Platform 2.2, which includes Ansible Core 2.13. This version of Ansible Automation Platform is roughly similar to the community Ansible 6 distribution, although Ansible Automation Platform includes different Ansible Content Collections and additional tools and components.
The course teaches you how to write and run Ansible automation code, and the skills you learn here help you with community Ansible as well.
Installing the server components of Ansible Automation Platform, such as automation controller and automation hub, is beyond the scope of this course.
Red Hat Ansible Automation Platform 2 includes a number of distinct components that together provide a complete and integrated set of automation tools and resources.
Ansible Core provides the fundamental functionality used to run Ansible Playbooks. It defines the automation language that is used to write Ansible Playbooks in YAML text files. It provides the key functions such as loops, conditionals, and other Ansible imperatives needed for automation code. It also provides the framework and basic command-line tools to drive automation.
Red Hat Ansible Automation Platform 2.2 provides Ansible Core 2.13 in the ansible-core RPM package and in its ee-minimal-rhel8 and ee-supported-rhel8 automation execution environments.
Historically, Ansible provided a large number of modules as part of the core package; an approach referred to in the Ansible community as "batteries included". However, with the success and rapid growth of Ansible, the number of modules included with Ansible grew exponentially. This led to certain challenges with support, especially because users sometimes wanted to use earlier or later versions of modules than were packaged with a particular version of Ansible.
The upstream developers decided to reorganize most modules into separate Ansible Content Collections made up of related modules, roles, and plug-ins that are supported by the same group of developers.
Ansible Core itself is limited to a small set of modules provided by the ansible.builtin Ansible Content Collection, which is always part of Ansible Core.
Red Hat provides access to more than 120 certified content collections with a Red Hat Ansible Automation Platform 2 subscription. Many community-supported collections are also available on Ansible Galaxy.
Red Hat Ansible Automation Platform 2 provides a new top-level tool to develop and test Ansible Playbooks, the automation content navigator (ansible-navigator).
This tool replaces and extends the functionality of several command-line Ansible utilities, including ansible-playbook, ansible-inventory, ansible-config, and so on.
In addition, it separates the control node on which you run Ansible from the automation execution environment that runs it, by running your playbooks in a container. This makes it easier for you to provide a complete working environment for your automation code for deployment to production.
An automation execution environment is a container image that contains Ansible Core, Ansible Content Collections, and any Python libraries, executables, or other dependencies needed to run your playbook.
When you run a playbook with ansible-navigator, you can select an automation execution environment for it to use to run that playbook.
When your code is working, you can provide the playbook and the automation execution environment to automation controller and know that it has everything needed to correctly run your playbook.
Automation controller, formerly called Red Hat Ansible Tower, is the component of Red Hat Ansible Automation Platform that provides a central point of control to run your enterprise automation code. It provides a web UI and a REST API that can be used to configure, run, and evaluate your automation jobs.
To run Ansible Playbooks, install automation content navigator (ansible-navigator) on your control node and download an execution environment.
Hosts that are managed by Ansible do not need to have ansible-navigator installed; you only need to install that tool on the control node from which you run Ansible Playbooks.
Python 3.8 or later needs to be installed on the control node before installing the ansible-core package.
You need a valid Red Hat Ansible Automation Platform subscription to install automation content navigator on your control node.
If you have activated Simple Content Access for your organization in the Red Hat Customer Portal, then you do not need to attach the subscription to your system.
The installation process is as follows:
Note
You do not need to run these exact steps in your classroom environment because it is preconfigured to download the ee-supported-rhel8 execution environment.
Install automation content navigator on your control nodes.
[user@controlnode ~]$ sudo dnf install ansible-navigatorVerify that automation content navigator is installed on the system.
[user@controlnode ~]$ ansible-navigator --version
ansible-navigator 2.1.0Log in to the container registry.
[user@controlnode ~]$podman login registry.redhat.ioUsername:your-registry-usernamePassword:your-registry-passwordLogin Succeeded!
Download the container image for the execution environment that you plan to use with automation content navigator. (Automation content navigator might also automatically download the default execution environment when you run the
ansible-navigatorcommand.)
[user@controlnode ~]$podman pull \>registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8:latest
Display the list of locally available container images to verify that the image was downloaded.
[user@controlnode ~]$ ansible-navigator images
Image Tag Execution environment Created Size
0│ee-supported-rhel8 latest True 5 weeks ago 1.32 GBNote
If you require access to the ansible-playbook command, which uses your control node as the execution environment (and does not use container-based execution environments), you can install the ansible-core package as well:
[user@controlnode ~]$ sudo dnf install ansible-coreHowever, ansible-navigator generally provides a better development experience and makes it easier for you to develop Ansible Playbooks that you can later migrate to automation controller for use by other members of your organization.
One of the benefits of Ansible is that managed hosts do not need to have a special agent installed. The Ansible control node connects to managed hosts by using a standard network protocol to ensure that the systems are in the specified state.
Managed hosts might have some requirements depending on how the control node connects to them and what modules are run on them.
Linux and UNIX managed hosts need to have Python 3.8 or later installed for most modules to work. For Red Hat Enterprise Linux 8, you might be able to depend on the
platform-pythonpackage. You can also enable and install thepython38application stream.
If SELinux is enabled on the managed hosts, ensure that the
python3-libselinuxpackage is installed before using modules that are related to any copy, file, or template functions. If the other Python components are installed, you can use Ansible modules such asansible.builtin.dnforansible.builtin.packageto ensure that this package is also installed.Ansible needs to be able to connect to the machine by using SSH, and if it connects as a regular user it needs to be able to use a mechanism such as
sudoto get superuser access.
Note
Some modules might have their own additional requirements.
For example, the ansible.builtin.dnf module, which can be used to install packages on current Fedora systems, requires the python3-dnf package.
The ansible.windows Ansible Content Collection that is part of the default automation execution environment includes a number of modules that are specifically designed for Microsoft Windows managed hosts.
Most of the modules specifically designed for Microsoft Windows managed hosts require PowerShell 3.0 or later on the managed host rather than Python. In addition, the managed hosts need to have Windows PowerShell remoting configured.
Ansible also requires .NET Framework 4.0 or later to be installed on Microsoft Windows managed hosts.
This course uses Linux-based managed hosts in its examples, and does not go into great depth on the specific differences and adjustments needed when managing Microsoft Windows managed hosts.
More information on managing Microsoft Windows managed hosts is available on the Ansible website at https://docs.ansible.com/ansible/latest/user_guide/windows.html, or in the Red Hat training course Microsoft Windows Automation with Red Hat Ansible Automation Platform (DO417).
You can also use Ansible automation to configure managed network devices such as routers and switches. Ansible includes many modules specifically designed for this purpose. This includes support for Cisco IOS, IOS XR, and NX-OS; Juniper Junos; Arista EOS; and VyOS-based networking devices, among others.
You can write Ansible Playbooks for network devices using the same basic techniques that you use when writing playbooks for servers. Because most network devices cannot run Python, Ansible runs network modules on the control node, not on the managed hosts. Special connection methods are also used to communicate with network devices, typically using either CLI over SSH, XML over SSH, or API over HTTP(S).
This course does not cover the automation of network device management in any depth. For more information on this topic, see Ansible for Network Automation on the Ansible community website, or the Red Hat training course Network Automation with Red Hat Ansible Automation Platform (DO457).
