AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Fedora 46 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Fedora 46 with Ansible: dnf5, kernel 6.18, Python 3.14, Podman 5.6, GNOME 50, post-quantum SSH, image mode (bootc).

Fedora 46 is the spring 2027 Fedora release. It ships kernel 6.18, Python 3.14, GNOME 50, OpenSSH 10.1 with stable post-quantum KEX, Podman 5.6, and full image mode (bootc) support. This guide covers the Ansible patterns for Fedora 46 workstations and lab servers.

Fedora 46 release facts

| Item | Value | |---|---| | GA | 2027-04 (target) | | EOL | ~2028-05 | | Default kernel | 6.18 | | Default Python | 3.14 | | Default package manager | dnf5 | | Container engine | Podman 5.6 | | Image mode | bootc (GA) |

See also: Ansible on Fedora 44 Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.21+ (next LTS). Python 3.14 fully supported as managed-node interpreter.

Baseline playbook

- name: Fedora 46 baseline
  hosts: fedora46
  become: true
  tasks:
    - name: Update packages
      ansible.builtin.dnf5: { name: "*", state: latest, update_cache: true }

- name: Install baseline tools
      ansible.builtin.dnf5:
        name: [vim-enhanced, chrony, firewalld, podman, cockpit, bootc, policycoreutils-python-utils]
        state: present


- name: SELinux enforcing
      ansible.posix.selinux: { policy: targeted, state: enforcing }


- name: Enable services
      ansible.builtin.service:
        name: "{{ item }}"
        enabled: true
        state: started
      loop: [chronyd, firewalld, cockpit.socket]

See also: Ansible on Fedora 45 Automation Complete Guide

Image mode (bootc) on Fedora 46

- name: Switch Fedora 46 to bootc image
  hosts: fedora46
  become: true
  tasks:
    - name: bootc switch
      ansible.builtin.command: bootc switch quay.io/fedora/fedora-bootc:46
      register: bs
      changed_when: "'Image' in bs.stdout"

- name: Reboot
      ansible.builtin.reboot:
      when: bs.changed

Post-quantum SSH (default in OpenSSH 10.1)

- name: Pin PQ KEX
  hosts: fedora46
  become: true
  handlers:
    - name: restart sshd
      ansible.builtin.service: { name: sshd, state: restarted }
  tasks:
    - name: SSH PQ drop-in
      ansible.builtin.copy:
        dest: /etc/ssh/sshd_config.d/10-pq.conf
        mode: "0644"
        content: |
          KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512@openssh.com,curve25519-sha256
          PasswordAuthentication no
          PermitRootLogin no
        validate: 'sshd -tf %s'
      notify: restart sshd

See also: Ansible on AlmaLinux 10 Automation Complete Guide

Best practices

• Use bootc for Kubernetes nodes and edge devices; classic dnf for workstations. • For PQ KEX, ensure your bastion runs OpenSSH 9.9+ (otherwise leave classical KEX as fallback). • Validate playbooks against dnf5 API changes between F45 and F46.

Conclusion

Fedora 46 makes image mode (bootc) GA and finalizes post-quantum SSH defaults. Ansible playbooks remain stable; only the bootc and SSH KEX pieces evolve from F45.

Installing Ansible on Fedora 46

# Install via DNF (recommended)
sudo dnf install ansible-core

# Or install full Ansible package
sudo dnf install ansible


# Or install via pip
pip install ansible --user


# Verify
ansible --version

DNF Package Management

- name: Manage Fedora 46 packages
  hosts: fedora
  become: true
  tasks:
    - name: Install essential packages
      ansible.builtin.dnf:
        name:
          - vim-enhanced
          - git
          - htop
          - tmux
          - firewalld
          - python3-pip
        state: present

- name: Update all packages
      ansible.builtin.dnf:
        name: "*"
        state: latest


- name: Enable RPM Fusion repository
      ansible.builtin.dnf:
        name: "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-46.noarch.rpm"
        state: present
        disable_gpg_check: true

Firewalld Configuration

    - name: Configure firewall
      ansible.posix.firewalld:
        service: "{{ item }}"
        permanent: true
        immediate: true
        state: enabled
      loop:
        - http
        - https
        - ssh

- name: Open custom port
      ansible.posix.firewalld:
        port: 8080/tcp
        permanent: true
        immediate: true
        state: enabled

SELinux Management

    - name: Set SELinux to enforcing
      ansible.posix.selinux:
        policy: targeted
        state: enforcing

- name: Allow HTTPD to connect to network
      ansible.posix.seboolean:
        name: httpd_can_network_connect
        state: true
        persistent: true

Flatpak Application Management

    - name: Install Flatpak apps on Fedora
      community.general.flatpak:
        name: "{{ item }}"
        state: present
      loop:
        - com.visualstudio.code
        - org.signal.Signal
        - com.slack.Slack

FAQ

Is Ansible included in Fedora 46 by default?

ansible-core is available in the default Fedora repositories. Install with sudo dnf install ansible-core. The full ansible package with all collections is also available.

Should I use DNF or pip to install Ansible on Fedora?

Use DNF for system-wide installation — it integrates with Fedora's update cycle. Use pip in a virtual environment if you need a specific version or want isolation from system packages.

How do I manage Fedora Silverblue/Kinoite with Ansible?

Fedora immutable variants (Silverblue, Kinoite) use rpm-ostree instead of DNF. Use community.general.rpm_ostree_pkg for package layering, and Flatpak for desktop applications.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home