Ansible Support for Fedora Server core services – Introduction

Peter Boy
Fedora Server is geared towards supporting and simplifying the installation and administration of Core Services using Ansible. This article describes the necessary cross-service preparations. You find the service-specific details in the respective documentation for the individual services.

You are in the Fedora Server documentation staging area!

These documents are not approved yet and may be incomplete and/or incorrect. Take everything here with a grain of salt! You would probably prefer to study the published documentation.

Status of this document: Work in progress

Most importantly, Ansible is an "agent-less" support system. You don’t install supporting software on each of your servers. Instead, the Ansible software, installed on a so-called "control node" knows all about the required installation and administration steps, and log in to a server system, as any administrator would do, and performs the necessary steps by following the appropriate instructions, again just as an administrator would.

Of course, Ansible needs to know what needs to be done. The documentation for the respective services describes how an administrator provides this information for Ansible.

Further important properties are…​ (TBD).

An Ansible administration environment consists of 2 types of computers

  1. the controle node that provides all the information and rules how to configure and maintain a client server. The control node initializes all maintanance activities.

  2. the client(s) to be maintained, usually headless servers. But you can also maintain desktops of any other devices with ssh connectivity and administratin terminal.

The upstream project documentation provides a complete overview.

Set up the controle node

Any Linux computer can act as a control node, but MacOS or Windows are also capable of doing so.

Installation steps

You can use any Fedora Desktop spin as controle node and also a Fedora Server instance. You don’t need a graphical UI. As an administrator, you can do everything on the command line.

  1. Install the Ansible RPM package.

    [...]$ sudo dnf install ansible

    When completed you may check the installed version get some context infos.

    [...]$ sudo ansible --version
ansible [core 2.16.14]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.13/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.13.2 (main, Feb  4 2025, 00:00:00) [GCC 14.2.1 20250110 (Red Hat 14.2.1-7)] (/usr/bin/python3)
  jinja version = 3.1.6
  libyaml = True

    Among others you get the information about the location of the configuration file, and how to handle plugins.

  2. Set up ssh key-based authentication

    Ansible connects to client machines via ssh. So you need to create a ssh key pair for each admin user. Later you will copy the public file to each server system you have to maintain using Ansible.

    […]$ ssh-keygen -t ed25519 -C "Ansible admin your_email@example.com" -f id_<outputkeyfile>

    On older systems you may use

    […]$ ssh-keygen -t rsa -b 4096 -C "Ansible admin your_email@example.com" -f id_<outputkeyfile>

  3. Create directory for the Ansible working files and create a file inventory therein. The inventory file will hold a list of servers you are maintaining.

    […]$ mkdir ~/ansible-admin && cd ~/ansible-admin
[…]$ touch inventory

    The complete directoy structure would look like

                               ansible-admin
                                 |
             --------------------|-------------------------------------
             |                |             |           |             |
         Inventor(y|ies)    Playbook     Playbook     Playbook      Playbook
                              NFS        WebService     IPA           ....
             |                 |             |           |             |
          -------           -------      -------      -------       -------
          |  |  |           |  |  |      |  |  |      |  |  |       |  |  |
      (inventories)       Files/Roles   Files/Roles  Files/Roles   Files/Roles

  4. Test the setup.

    TBD

Set up the client machine(s)

On the client machine

  1. For each intended administrative user create an account if not already exists.

    […]$ sudo adduser   {OPTINS}  HOSTADMIN_01

On the control node

  1. Copy your public ansible key file onto the rsp. client account

    […]$ sudo TBD

  2. Copy the Ansible playbook and its supporting files into the Ansible working files directory

    […]$ sudo TBD

    An example

    In case of installing an NFS service, it would result in the following directoy structure

    ansible-admin
    |
    |-- inventory
    |
    |-- variables
    |
    |-- nfs-service.yml
    |
    |-- nfs-service.d
    |  |
    |  |-- handlers/
    |  |   |
    |  |   --- main.yml
    |  |
    |  |-- meata/
    |  |   |
    |  |   --- main.yml
    |  |
    |  |-- tasks/
    |  |   |
    |  |   --- main.yml
    |  |
    |  |-- templates/
    |  |   |
    |  |   --- main.yml
    |  |
    |  |-- vars/
    |      |
    |      --- main.yml
    |
    |
    |-- next-service.yml
    |
    |-- next-service.d
    |   |
    |   |-- file.yml
    |   |
    |   --- tasks/
    |
    |
    |

Want to help? Learn how to contribute to Fedora Docs