Ansible on Oracle Linux 10 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Oracle Linux 10 with Ansible: dnf, UEK 8, Ksplice live patching, OCI provisioning, image mode, SELinux, Podman 5.

Oracle Linux 10 ships RHEL 10 ABI plus Oracle's UEK 8 (kernel 6.12) and Ksplice zero-downtime live patching. It supports image mode (bootc), Podman 5, OpenSSH 9.9 with PQ KEX, and is supported through July 2035 (ELS).

Oracle Linux 10 release facts

| Item | Value | |---|---| | GA | 2025-07 | | Premier Support | until 2030-07 | | Extended Support | until 2032-07 | | ELS | until 2035-07 | | Default RHCK kernel | 6.12 | | UEK 8 kernel | 6.12 (Oracle build) | | Default Python | 3.12 |

Baseline playbook

- name: Oracle Linux 10 baseline hosts: ol10 become: true tasks: - name: Update packages ansible.builtin.dnf: { name: "*", state: latest, update_cache: true } - name: Install baseline tools ansible.builtin.dnf: name: [vim-enhanced, chrony, firewalld, policycoreutils-python-utils, podman, cockpit, bootc, kernel-uek] state: present - name: Enable services ansible.builtin.service: name: "{{ item }}" enabled: true state: started loop: [chronyd, firewalld, cockpit.socket]

- name: SELinux enforcing ansible.posix.selinux: { policy: targeted, state: enforcing }

Ksplice on UEK 8

- name: Ksplice on Oracle Linux 10 hosts: ol10 become: true tasks: - name: Install uptrack ansible.builtin.dnf: { name: uptrack, state: present }

- name: Run live updates ansible.builtin.command: uptrack-upgrade -y register: out changed_when: "'Installing' in out.stdout"

Image mode with bootc

- name: Switch Oracle Linux 10 to bootc image hosts: ol10 become: true tasks: - name: bootc switch ansible.builtin.command: bootc switch container-registry.oracle.com/os/oraclelinux:10-bootc register: bs changed_when: "'Image' in bs.stdout"

- name: Reboot ansible.builtin.reboot: when: bs.changed

OCI provisioning with `oracle.oci`

- name: Launch OL10 instance in OCI
  hosts: localhost
  tasks:
    - name: Provision instance
      oracle.oci.oci_compute_instance:
        compartment_id: "{{ compartment_ocid }}"
        availability_domain: "{{ ad }}"
        shape: VM.Standard.E5.Flex
        image_id: "{{ ol10_image_ocid }}"
        display_name: ol10-app-01
        metadata:
          ssh_authorized_keys: "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"
        state: present

Best practices

• Combine Ksplice with image-mode rollouts: live-patch hot CVEs, schedule image swaps for monthly minor updates. • Pin the oracle.oci collection to a tested version; OCI APIs evolve quickly. • Use OCI Bastion + dynamic inventory for ephemeral instances.

Conclusion

Oracle Linux 10 combines RHEL 10 features with UEK 8 and Ksplice. Ansible playbooks for RHEL 10 work as-is; the oracle.oci collection adds OCI-native provisioning and inventory.

Install Ansible on Oracle Linux 10

# Install Ansible via dnf sudo dnf install -y ansible-core # Verify installation ansible --version

# Or install via pip in a virtual environment python3 -m venv ~/ansible-venv source ~/ansible-venv/bin/activate pip install ansible

Oracle Linux 10 Dynamic Inventory with OCI

# oci_inventory.yml
plugin: oracle.oci.oci
regions:
  - us-ashburn-1
  - us-phoenix-1
compartments:
  - compartment_ocid: "{{ compartment_ocid }}"
    fetch_hosts_from_subcompartments: true
filters:
  - lifecycle_state: RUNNING
  - freeform_tags:
      managed_by: ansible
hostnames:
  - display_name
groups:
  ol10: "'Oracle Linux' in image_id"

Firewall Configuration

- name: Configure firewalld on Oracle Linux 10 hosts: ol10 become: true tasks: - name: Allow HTTPS traffic ansible.posix.firewalld: service: https permanent: true state: enabled immediate: true - name: Allow custom application port ansible.posix.firewalld: port: 8443/tcp permanent: true state: enabled immediate: true

- name: Set default zone ansible.posix.firewalld: zone: public state: enabled permanent: true

Podman Container Management

- name: Deploy containers with Podman on Oracle Linux 10 hosts: ol10 become: true tasks: - name: Pull application image containers.podman.podman_image: name: container-registry.oracle.com/database/express:latest state: present

- name: Run Oracle XE container containers.podman.podman_container: name: oracle-xe image: container-registry.oracle.com/database/express:latest state: started ports: - "1521:1521" - "5500:5500" env: ORACLE_PWD: "{{ vault_oracle_password }}" volumes: - /data/oracle:/opt/oracle/oradata

FAQ

Does Ansible work with Oracle Linux 10 out of the box?

Yes. Oracle Linux 10 is RHEL-compatible, so all Ansible modules for RHEL work on Oracle Linux 10. The ansible.builtin and ansible.posix collections fully support it.

What is UEK 8 and why use it with Ansible?

UEK 8 (Unbreakable Enterprise Kernel) is Oracle's optimized Linux kernel. It supports Ksplice for zero-downtime kernel patching — which you can automate with Ansible.

How do I manage OCI resources with Ansible?

Install the oracle.oci collection (ansible-galaxy collection install oracle.oci) for native OCI modules including compute instances, networking, storage, and database services.

Can I use bootc image mode with Ansible?

Yes. Use ansible.builtin.command with bootc switch to transition to image-based deployments. This provides atomic updates and easy rollbacks.

• How to install Ansible in RedHat Enterprise Linux 9 • Ansible SELinux Management Guide • Ansible Podman Container Management

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home

AnsiblePilot — Master Ansible Automation

Popular Topics

About Luca Berton