Posts tagged Ansible

Ansible 2.8: Let’s –become


Last week, Red Hat released Ansible 2.8. One of the major changes is the new become facility, which will deprecate many former sudo functions.
The deprecated CLI arguments for –sudo, –sudo-user, –ask-sudo-pass, -su, –su-user, and –ask-su-pass have been removed, in favor of the more generic –become, –become-user, –become-method, and –ask-become-pass. Check your ansible.cfg and start using the new syntax.Other (minor) changes:

Other changes I might check out:

Check out the complete Ansible 2.8 porting guide on this website.

Error connecting to the Tower server


If you’re using Ansible Tower on Red Hat 7 or CentOS 7 you might see the yellow-mark on the top right page saying: “Live events: error connecting to the Tower server” or get errors when using the API (And the web-interface is one big graphical API) when adding groups, giving a ‘500’ error. This is a known issue, and you can do the following to step back python’s ssl handling package:

rpm -Uvh --oldpackage \ \

# Once you do that, restart the tower services:

ansible-tower-service restart

Installing Ansible Tower


When installing Ansible tower on CentOS 7 in my lab environment I noticed some problems during the install. When downloading and running the installer you’ll see these notices:

TASK [preflight : Preflight check - Read in tower version] *****************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "file not found: /var/lib/awx/.tower_version"}



TASK [preflight : Preflight check - Passwords must be defined for a fresh install]
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Please configure passwords in the inventory file before running setup"}

 to retry, use: --limit @/home/ansible/ansible-tower-setup-3.1.4/install.retry

The fix is easy. Provide passwords in the ‘inventory’ file and restart the installer. It will now configure Ansible for you with all requirements such as Postgres, Supervisord, RabbitMQ and Nginx for you with the provides passwords.

localhost ansible_connection=local





# Needs to be true for fqdns and ip addresses

After the installation, browse to http://hostname, in my case http://ansible1 and you’ll be headed towards the Red Hat Ansible website to request a license. A 10-node license is free and will for your needs for training purposes towards Red Hat Certificate of Expertise in Ansible Automation exam (EX407).

Ansible slow on CentOS servers


If you’re getting started with Ansible you’ll notice it can be slow on servers running CentOS (or Red Hat). The reason for this is that CentOS systems have Kerberos authentication for SSH enabled by default. If you set GSSAPIAuthentication to no in /etc/ssh/sshd_config then things will speed up. And since you’re editing the configuration file, also set the UseDNS value to nu to save another DNS-lookup. You shot notice Ansible isn’t as slow as before.

You can also set this configuration for the Ansible user in the ~/.ssh/config file of the ansible user in case you are using an IPA server and/or Kerberos authentication in your environment.

[ansible@ansible-server ~]$ cat ~/.ssh/config 
Host * 
    GSSAPIAuthentication no



Go to Top