Master Ansible: Step‑by‑Step Deployment on RHEL 8 with SSH Key Automation

Ansible is a newly emerged automation operations tool built on Python, combining the advantages of many tools (Puppet, CFEngine, Chef, Func, Fabric) to achieve batch system configuration, program deployment, and command execution.

Ansible works via modules; it itself lacks batch deployment capability. The actual batch deployment is performed by the modules it runs, providing a framework. The main components include:

Connection plugins: handle communication with managed hosts.

Host inventory: a configuration file defining the hosts to operate on.

Core modules, command modules, and custom modules.

Plugins for logging, email, etc.; playbooks allow multiple tasks to run on nodes simultaneously.

How to Deploy Ansible?

1. Prepare the experimental environment as shown in Table 1: RHEL 8 hosts with configured hostnames, IP addresses, and YUM repositories.

Ansible Principles

The control host contains many modules (scripts). Ansible transfers these modules or commands to managed hosts via SSH, executes them, and then exits the SSH session. Most modules require parameters to run successfully, similar to positional variables in shell scripts.

Step 1: Prepare Basic Environment

Control node requirements:

Domain name resolution (optional).

Configure SSH keys (Ansible relies on SSH for remote control).

Install Ansible software.

Modify /etc/hosts to add host entries:

# vim /etc/hosts
192.168.4.253 control
192.168.4.11 node1
192.168.4.12 node2
192.168.4.13 node3
192.168.4.14 node4
192.168.4.15 node5

Verify connectivity:

# ping node1   # repeat for each host

Configure SSH keys for password‑less login (critical):

# ssh-keygen -f /root/.ssh/id_rsa -N ''
# for i in node1 node2 node3 node4 node5; do
    ssh-copy-id $i
# done

Warning: if any host still requires a password, stop the process; subsequent steps will fail.

# ssh node1   # test password‑less login

All hosts should now allow password‑less SSH.

2) Install Ansible on the control host (software package located in ansible_soft directory):

# tar -xf ansible_soft.tar.gz
# cd ansible_soft
# dnf -y install *

Managed Node Requirements

Ansible uses SSH to manage machines.

Managed hosts must have SSH service enabled and allow login from the control host.

Managed hosts need Python installed.

Step 2: Modify Configuration Files

Main Configuration File Explanation

The main configuration file is ansible.cfg (see /etc/ansible/ansible.cfg for reference). Ansible searches for configuration files in the following order:

File pointed to by ANSIBLE_CONFIG environment variable. ./ansible.cfg in the current directory. ~/ansible.cfg in the user's home directory. /etc/ansible/ansible.cfg.

Modify the main configuration file:

# mkdir ~/ansible
# vim ~/ansible/ansible.cfg
[defaults]
inventory = ~/ansible/inventory
# forks = 5            # SSH concurrency
# ask_pass = True      # Use password instead of key
# host_key_checking = False  # Skip host key verification

Modify the Inventory File

The inventory file name must match the one defined in ansible.cfg:

# vim ~/ansible/inventory
[test]
node1
[proxy]
node2
[webserver]
node[3:4]
[database]
node5
[cluster:children]
webserver
database