Setup Ansible Control Node
To set up an Ansible control node, execute the following steps from the Uyuni Web UI.
To configure a client as the Ansible Control Node, the Ansible package must be installed on that system.
Usually, the Ansible package should be obtained from the operating system vendor’s official repositories.
For example, on SUSE Linux Enterprise 15 SP6 and SP7, Ansible is available through the |
-
In the Uyuni Web UI, navigate to
, verify thatSUSE Linux Enterprise Server 15 SP6 x86_64
(or later) with theSystems Management Module
and the requiredPython 3 Module
are selected and synchronized. -
Deploy a SUSE Linux Enterprise 15 SP6 (or later) client.
-
In the Uyuni Web UI, navigate to the
page of the client. Select and subscribe the client to theSUSE Linux Enterprise Server 15 SP6 x86_64
(or later SP),Systems Management Module
andPython 3 Module
channels. -
Select
of your client. From theAdd-On System Types
list enableAnsible Control Node
and click Update Properties. -
Navigate to the client overview page, select
, and click Apply Highstate. -
Select the Events tab and verify the status of the highstate.
If you want to install a newer Ansible on a SUSE Linux Enterprise 15 SP4 or SP5 client, you must enable the |
Newer versions of Ansible no longer support managing nodes with outdated Python versions. If a managed node still defaults to an older Python version, you may encounter connection errors or failures during playbook runs. To address this, user should upgrade Python on the managed node, if possible and set the correct Python interpreter in the Ansible inventory or configuration. |
1. Create Ansible Inventory Files
Ansible Integration tools deploy a playbook as an inventory file. Create one inventory file for each operating system listed in Table 1.
-
Create and add your hosts to an inventory file to be managed by Ansible. The default path for an Ansible inventory is
/etc/ansible/hosts
.Listing 1. Inventory Exampleclient240.mgr.example.org client241.mgr.example.org client242.mgr.example.org client243.mgr.example.org ansible_ssh_private_key_file=/etc/ansible/some_ssh_key [mygroup1] client241.mgr.example.org client242.mgr.example.org [mygroup2] client243.mgr.example.org [all:vars] ansible_ssh_private_key_file=/etc/ansible/my_ansible_private_key
-
In the Uyuni Web UI, from the
Ansible
tab navigate to to add inventory files to the control node. -
Under the
Playbook Directories
section add/usr/share/scap-security-guide/ansible
to theAdd a Playbook Directories
field and click Save. -
Under
Inventory Files
add your inventory file locations to theAdd an Inventory file
field and click Save.Listing 2. Examples/etc/ansible/sles15 /etc/ansible/sles12 /etc/ansible/centos7
For additional playbook examples, see https://github.com/ansible/ansible-examples.
2. Establish Communication with Ansible Nodes
-
Create the SSH keys that you are using in your inventory.
ssh-keygen -f /etc/ansible/my_ansible_private_key
-
Copy the generated SSH keys to the Ansible managed clients. Example:
ssh-copy-id -i /etc/ansible/my_ansible_private_key root@client240.mgr.example.org
-
Declare the private key in
/etc/ansible/ansible.cfg
as follows:private_key_file = /etc/ansible/my_ansible_private_key
Replace
my_ansible_private_key
with the name of the file containing the private key. -
Test that Ansible is working by executing the following commands from the control node:
ansible all -m ping ansible mygroup1 -m ping ansible client240.mgr.example.org -m ping
You may now run remediations. For more information, see Compliance as Code.