- Installing Ansible on Oracle Linux 7 for test and development use
- Preparing the installation
- Installing Ansible
- Getting Started
- Prerequisites for Using Ansible with Oracle Cloud Infrastructure
- Installing the Ansible Collection with Yum
- Test the Installation
- Manual Installation
- Installing the Oracle Cloud Infrastructure SDK for Python
- Installing and Configuring Ansible
- Installing the Oracle Cloud Infrastructure Ansible Collection
- Sample Playbooks
- Writing a Sample Playbook
- Executing the Playbook
- How to Obtain Module Documentation
- Configuring Authentication
- For More Information
Installing Ansible on Oracle Linux 7 for test and development use
There are a few alternative ways of installing Ansible on Linux, and the install guide for Ansible does a great job in explaining them all in detail. There is a potentially easier way to get to a current Ansible version if you are using Oracle Linux 7, but it comes with a very important limitation. Let’s get that out of the way first.
You need to be aware that the RPM-based installation of Ansible as described in this blog post requires you to enable Oracle’s EPEL (“extra packages for Enterprise Linux”) repository. As per https://yum.oracle.com/oracle-linux-7.html, the EPEL repository is listed under “Packages for Test and Development” at the bottom of the page and these come with the following warning:
Note: The contents in the following repositories are for development purposes only. Oracle suggests these not be used in production.
If you are ok with the limitation I just quoted from Oracle’s YUM server, please read on. If not, head back to the official Ansible documentation and use a different installation method instead. I only use Ansible in my own lab and therefore don’t mind.
Preparing the installation
Back to the topic of Ansible …
The way you install Ansible depends on how current your system is. Beginning in 2019 Oracle changed the YUM configuration, moving from a monolithic configuration file to a more granular approach. I blogged about it at the time, and you can find the change documented on Oracle’s YUM repository as well. This post assumes you have already made the transition to the new YUM configuration. If not, check the previous link for instructions. My vagrant box is based on Oracle Linux 7.9 so I should be ok.
Before you can install Ansible, you need to enable the EPEL repo.
[vagrant@ansible ~]$ sudo yum-config-manager --enable ol7_developer_EPEL [vagrant@ansible ~]$ sudo yum repolist Loaded plugins: ulninfo repo id repo name status ol7_UEKR6/x86_64 Latest Unbreakable Enterprise Kernel Release 6 for Oracle Linux 282 ol7_developer_EPEL/x86_64 Oracle Linux 7Server EPEL Packages for Development (x86_64) 37,236 ol7_latest/x86_64 Oracle Linux 7Server Latest (x86_64) 22,263 repolist: 59,781
You may have to install oracle-epel-release-el7 first, if /etc/yum.repos.d/oracle-epel-ol7.repo doesn’t exist yet.
Be careful though: your changes might trigger a kernel upgrade as described in an earlier post of mine.
Installing Ansible
With the developer EPEL repository enabled, you finally have access to Ansible. Now before you rush and install Ansible, a word of caution: there are actually 2 versions of Ansible available:
It’s not immediately obvious, but the latter is the version you want:
[vagrant@ansible ~]$ sudo yum info ansible-python3 Loaded plugins: ulninfo Available Packages Name : ansible-python3 Arch : noarch Version : 2.9.18 Release : 1.el7 Size : 16 M Repo : ol7_developer_EPEL/x86_64 Summary : SSH-based configuration management, deployment, and task execution system URL : http://ansible.com License : GPLv3+ Description : : : : : Ansible is a radically simple model-driven configuration management, : multi-node deployment, and remote task execution system. Ansible works : over SSH and does not require any software or daemons to be installed : on remote nodes. Extension modules can be written in any language and : are transferred to managed machines automatically. : : This package installs versions of ansible that execute on Python3.
Note the last line: this package installs the version based on Python 3. To avoid name clashes, the binaries have a suffix, as in ansible- 3 or ansible-playbook-3 . Once ansible-python3 is installed, you can see it’s working:
[vagrant@ansible ~]$ ansible-playbook-3 --version ansible-playbook-3 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/vagrant/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible-playbook-3 python version = 3.6.8 (default, Mar 9 2021, 15:08:44) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44.0.3)] [vagrant@ansible ~]$
Getting Started
This topic discusses how to get started using the Oracle Cloud Infrastructure ( OCI ) Ansible collection. The OCI Ansible collection replaces our legacy Ansible modules.
If you currently use our legacy Ansible modules and would like to start using collections, refer to our migration guide.
To start using Ansible with OCI , ensure that you meet the prerequisites, then install the Ansible collection using yum or manually.
You can use Resource Manager to preinstall the Oracle Cloud Development Kit on a Compute instance in your compartment. The Oracle Cloud Development Kit includes Ansible, the OCI Ansible collection and its dependencies, and preconfigures the required authorization.
Both Ansible and our Ansible collection also come preinstalled and preauthenticated on Cloud Shell.
Prerequisites for Using Ansible with Oracle Cloud Infrastructure
- You must have an Oracle Cloud Infrastructure account.
- You must have a user in that account in a security group with a policy that grants necessary permissions for working with resources in the account compartments. For guidance, see How Policies Work.
- You must have the necessary credentials and OCID information.
Installing the Ansible Collection with Yum
If you’re running Oracle Linux 7 or Oracle Linux 8, you can use yum to install the Oracle Cloud Infrastructure Ansible collection RPM.
The Ansible collection RPM installs the OCI Ansible collection and its required dependencies: the OCI SDK for Python and Ansible.
This installation uses Python version 3.6 and Ansible version 2.9 or later.
Use one of the following commands to enable the Oracle Linux developer repository and install the Ansible collection RPM, depending on your Oracle Linux version.
yum install -y oci-ansible-collection --enablerepo ol7_developer --enablerepo ol7_developer_EPEL
yum install -y oci-ansible-collection --enablerepo ol8_developer --enablerepo ol8_developer_EPEL
After installing the RPM, you must configure the SDK and CLI configuration file as explained in Configuring Authentication.
Test the Installation
To test the installation of the RPM and configuration of the SDK, you can run a sample Ansible playbook.
If you’re using Oracle Linux 7, use the following command to test your installation:
ansible-3 localhost -m oracle.oci.oci_object_storage_namespace_facts
If you’re using Oracle Linux 8, use the following command to test your installation:
ansible localhost -m oracle.oci.oci_object_storage_namespace_facts
Manual Installation
Installing the Oracle Cloud Infrastructure SDK for Python
- Download and install the SDK for Python by following instructions in the topic, SDK for Python. For additional guidance, see Downloading and Installing the SDK.
- After installing the SDK for Python, you must configure it using instructions in the topic Configuring the SDK.
Installing and Configuring Ansible
- To install Ansible, follow the instructions provided in the Ansible Installation Guide.
- For guidance configuring Ansible, see Configuring Ansible.
The OCI Ansible collection requires Ansible version 2.9 or later. If you are using an earlier version of Ansible, refer to the documentation for our legacy modules.
Installing the Oracle Cloud Infrastructure Ansible Collection
Install the OCI Ansible collection from Ansible Galaxy by using the following command:
$ ansible-galaxy collection install oracle.oci
If you’ve already installed the collection, you can update its modules to the latest version by adding the —force flag to the command. For example:
$ ansible-galaxy collection install --force oracle.oci
Sample Playbooks
Sample playbooks are available in the Oracle Cloud Infrastructure Ansible collection GitHub project. The samples library is updated regularly with the addition of new samples. See Example Ansible Playbooks for more information.
Writing a Sample Playbook
After your installation is complete, or if you’re using the Cloud Shell, you can write a sample playbook that uses Ansible modules. Following is an example playbook (named list_buckets.yml ) that uses the oci_object_storage_bucket_facts module to fetch facts pertaining to the buckets in your compartment.
--- - name : List summary of existing buckets in OCI object storage collections: - oracle.oci connection: local hosts: localhost tasks: - name: List bucket facts oci_object_storage_bucket_facts: namespace_name: '' compartment_id: '' register: result - name: Dump result debug: msg: '>'
Executing the Playbook
Execute the Ansible playbook using Python by invoking this command:
$ ansible-playbook list_buckets.yml
How to Obtain Module Documentation
Detailed information about using our Ansible modules is available on docs.oracle.com and readthedocs.io.
To obtain access to detailed information about using Ansible modules in the CLI, use the ansible-doc command on the module’s name. For example, to get the documentation for the oci_object_storage_bucket_facts module, execute the following command:
$ ansible-doc oracle.oci.oci_object_storage_bucket_facts
Configuring Authentication
When creating and configuring Oracle Cloud Infrastructure resources, Ansible modules use authentication information that is outlined in the SDK and CLI Configuration File.
User Credentials that are referenced in Oracle Cloud Infrastructure SDK configuration files grant access to Oracle Cloud Infrastructure resources. Therefore, it is important to secure the credentials to prevent unauthorized access to these resources. To secure the credentials on the controller node where your Ansible playbooks run, follow guidelines outlined in the document Securing IAM (see section entitled «IAM Credentials»).
Ansible modules permit you to override authentication information specified in the SDK configuration file by using module options and environment variables. Documentation for authentication overrides is provided internally, as described in How to Obtain Module Documentation. However, using environment variables and Ansible module options to override authentication information must be avoided in production scenarios.
We recommend using Oracle Cloud Infrastructure SDK configuration files to specify authentication information. To support multiple users, use the «profiles» feature in the SDK configuration file. When distributing roles that use Ansible modules, ensure that no IAM credentials are included with the roles.