Automate Setup of Oracle Linux with Oracle Linux Automation Engine

Introduction

This tutorial provides a playbook for automating the initial setup of Oracle Linux using the configuration management tool Oracle Linux Automation Engine.

Objectives

In this lab, you'll learn about writing and running a playbook that:

Creates a user
Adds the user to the sudo group
Copies a local SSH public key to the user's authorized_keys file

Prerequisites

A minimum of two Oracle Linux systems with the following configuration:
- latest Oracle Linux 8 (x86_64)
- a non-root user with sudo permissions
- ssh keypair for the non-root user
- the ability to ssh from one host (control-node) to the other (host) using passwordless ssh login

Write the Playbook

Note: When using the free lab environment, see Oracle Linux Lab Basics for connection and other usage instructions.

Before proceeding: If you are not familiar with running playbooks, check out our introduction tutorial, Write a Playbook with Oracle Linux Automation Engine .

This tutorial's playbook consists of a variable file containing key-value pairs and the actual playbook. The playbook includes the variable file, where its values become part of the plays when running tasks.

Oracle Linux Automation Engine allows defining variables in several locations, each having an order of precedence. For this tutorial, we'll use a playbook vars_file directive.

Create the Variables file

If not already connected, open a terminal and connect via ssh to the ol-control-node system.
```
ssh oracle@<ip_address_of_ol-control-node>
```
Create a working directory.
```
mkdir -p ~/ol-setup-playbook
```
Change to the working directory.
```
cd ~/ol-setup-playbook
```
Create the variable directory and file.
```
mkdir vars
```
```
cd vars
```
```
touch defaults.yml
```
Playbook level variables are defined within the playbook using the vars or vars_files directive. The vars directive specifies the variables as part of the play, while the vars_files directive includes an external file containing the variables. These variables can either be dynamically created from another play or statically created. We use static variables in this example to define the configuration before running the playbook.

Edit the Variables file

Open the defaults.yml file using your editor of choice. Here, we'll use vi.
```
vi defaults.yml
```
Enter vi insert mode by typing i.
Add the variables and values as shown in the example.
Example:
```
---
username: oracle
user_default_password: oracle
local_ssh_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
additional_packages: ['git']
```
The information provided explains each variable and how to use them.
- username: The name of the sudo user created when running the playbook. For this example, the user's name will be oracle.
- user_default_password: The default password for the oracle user when created. The password is required when running sudo commands.
- local_ssh_key: Copies the local user's public key at the given path to the remote user's authorized_key file. The example uses the lookup plugin to find the public key id_rsa.pub in the local users $HOME/.ssh/ directory.
- additional_packages: The name of any additional packages to install provided in an array. Each package in the array should be enclosed in single quotes and separated by a comma. If installing an appstream module such as container-tools, the array would look like ['git','@container-tools:ol8'].
After editing the vars/defaults.yml file, save and close the file. If using vi, you can do that by typing ESC, :wq! and ENTER.

With the variables defined, we can now write a playbook and use those variables.

Create the Playbook

From a terminal on the Oracle Linux Automation Engine Control Node:

Change to the top level of the working directory.
```
cd ~/ol-setup-playbook
```
Create the playbook file.
```
vi setup-playbook.yml
```
Enter vi insert mode by typing i.

Add the following to the playbook file.

Example:

---
- hosts: all
  become: yes
  vars_files:
    - vars/defaults.yml

  tasks:

  # Steps for adding a user
  - name: add user account with access to sudo
    ansible.builtin.user:
      name: "{{ username }}"
      password: "{{ user_default_password | password_hash('sha512') }}"
      comment: Ansible created user
      groups: wheel
      append: yes
      update_password: on_create

  - name: set authorized key for user using local public key file
    ansible.posix.authorized_key:
      user: "{{ username }}"
      state: present
      key: "{{ local_ssh_key }}"

  # Steps for adding packages
  - name: install additional packages
    ansible.builtin.dnf:
      name: "{{ additional_packages }}"
      state: latest

A playbook and the names of the modules aim to make the playbook self-documenting. The information below will explain a few items further.

hosts: all: This line specifies which hosts from the inventory will run the tasks.
become: yes: Instructs the tasks within this section of the playbook to be run with the sudo privilege by default.
vars_files" This directive loads the variables file containing this tutorial's playbook configuration.

Once done editing the setup-playbook.yml file, save and close the file. If using vi, you can do that by typing ESC, :wq! and ENTER.

Install the Required Collections

The ansible-core package contains a minimal module set for managing hosts called the ansible.builtin collection. A collection is a method for distributing playbooks, roles, modules, or plugins that perform a targeted task. ansible-core requires downloading and installing any modules or collections required outside the builtins.

As the playbook above uses the ansible.posix collection, we need to install this collection and will do this using a requirements file.

Create a requirements file.

cat << 'EOF' | tee ~/ol-setup-playbook/requirements.yml > /dev/null
---
collections:
  - name: ansible.posix
EOF

Install the collection.

ansible-galaxy collection install -r ~/ol-setup-playbook/requirements.yml

Example Output:

[oracle@ol-control-node ol-setup-playbook]$ ansible-galaxy collection install -r ~/ol-setup-playbook/requirements.yml
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/download/ansible-posix-1.4.0.tar.gz to /home/oracle/.ansible/tmp/ansible-local-39533ugjdil2i/tmpsg_fnwhn/ansible-posix-1.4.0-yi0o8e2j
Installing 'ansible.posix:1.4.0' to '/home/oracle/.ansible/collections/ansible_collections/ansible/posix'
ansible.posix:1.4.0 was installed successfully

Run the Playbook

Before running the playbook, we need to create an inventory file for this project.

From a terminal on the Oracle Linux Automation Engine Control Node:

Create a new inventory file in the ol-setup-playbook directory.
```
vi inventory
```
Enter vi insert mode by typing i.
Add a group name of production and the public IP address of the ol-node01 system, as shown in the example.
Example:
```
[production]
ol-node01 ansible_host=130.61.100.96
```
Save and close the file. If using vi, you can do that by typing ESC, :wq! and ENTER.
Test the connection with the ad hoc ping command.
```
ansible ol-node01 -i inventory -m ping -u opc
```
- -u: Passes the username for the ssh connection. In the free lab environment, we use the opc user, the default user provided on Oracle Linux instances in Oracle Cloud Infrastructure (OCI).
The command runs successfully with results similar to those shown.
Example output:
```
ol-node01 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
```

Run the playbook.

ansible-playbook -i inventory setup-playbook.yml -u opc

The command should run successfully with results similar to those shown.

Example output:

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
[WARNING]: Platform linux on host ol-node01 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/referen
ce_appendices/interpreter_discovery.html for more information.
ok: [ol-node01]

TASK [add user account with access to sudo] ************************************
changed: [ol-node01]

TASK [set authorized key for user using local public key file] *****************
changed: [ol-node01]

TASK [install additional packages] *********************************************
changed: [ol-node01]

PLAY RECAP *********************************************************************
ol-node01                   : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

The playbook uses the - hosts: all entry to determine against which hosts from the inventory to run the playbook. In this case, it will run the playbook against all the hosts listed.

Connect to host

If the playbook runs successfully, we can now connect to the ol-node01 system with the oracle user as defined in the username variable.

From the Oracle Linux Automation Engine Control Node terminal:

Connect via ssh to the ol-node01 system.
```
ssh oracle@10.0.0.151
```
The free lab environment uses the ol-control-node terminal and the internal IP address of ol-node01 to make this connection, as the Luna Desktop environment does not contain the required private ssh key file for authentication.
If you changed the local_ssh_key variable, you would need to pass the `-i' option to ssh, pointing to the private key file of the specified pair.
Example:
```
ssh -i ~/.ssh/<local_ssh_private_key> <username>@<ip_address_of_host>
```
Verify installation of the requested packages.
After logging in, you can verify the git package installed.
```
git --version
```

Summary

Making this connection and running the git command confirms you have successfully set up your new instance using Oracle Linux Automation Engine.

For More Information

Oracle Linux Automation Manager Documentation
Oracle Linux Automation Manager Training
Oracle Linux Training Station