Installing and Running Ansible on Fedora 25

Posted on by

I have two machines beyond the Laptop on which I am currently typing this article. I want to manage them from my workstation using Ansible. All three machines are running Fedora 25 Workstation.

The two nodes are called dialga and munchlax. You can guess my kids’ interests.

[all]
dialga 
munchlax

Make sure basic Ansible functionality works:

$ ansible -i $PWD/inventory.ini all -m ping
munchlax | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
dialga | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

Some config changes I have to make:

Create a new user and group both called ansible on this machine. Change the sudoers file to let the ansible user perform sudo operations without passing a password. This is a security risk in general, but I will be gating all access via my desktop machine and Key based Auth only. I can use my ~/ayoung/.ssh directory to pre-populate this directory, as it only has public keys in it.

A cloud-init install on OpenStack would have set this for me, but since we are talking bare metal here, and no Ironic/PXE, I include this to document what was done manually.

$ sudo cp -a ~ayoung/.ssh/ ~ansible/
$ sudo chown -R ansible:ansible ~ansible/.ssh

Get rid of GSSAPI auth for SSH. I am not using it, and, since I have TGT for my work account, it is slowing down all traffic. Ideally, I would leave GSSAPI enabled, but prioritize Key based auth higher.

$ sudo grep GSSAPI /etc/ssh/sshd_config
# GSSAPI options
#GSSAPIAuthentication yes
GSSAPIAuthentication no
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

Make sure to restart sshd:

sudo systemctl restart sshd

Ensure that the ansible, python2, and dnf_python2 RPMs are installed. Ansible now runs with local modules. This speeds things up, but requires the nodes to have pre-installed code, which I don’t really like. Don’t want to have to update ansible at the start of all playbooks. I am fairly certain that these can all be installed during the initial install of the machine if you chose the additional ansible dnf group.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.