AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Oracle Linux 9 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Oracle Linux 9 with Ansible: dnf, UEK kernel, Ksplice live patching, OCI integration, SELinux, firewalld, Podman.

Oracle Linux 9 is Oracle's RHEL 9 rebuild with optional Unbreakable Enterprise Kernel (UEK 7/8) and Ksplice zero-downtime kernel patching. It is supported through July 2032 with optional ELS to 2035. This guide is the master Ansible reference for Oracle Linux 9 fleets, including OCI-specific automation.

Oracle Linux 9 release facts

| Item | Value | |---|---| | GA | 2022-06-27 | | Premier Support | until 2027-06 | | Extended Support | until 2032-07 | | ELS | until 2035-07 | | Default RHCK kernel | 5.14 | | UEK 7 kernel | 5.15 | | UEK 8 kernel | 6.12 |

See also: Ansible on Oracle Linux 10 Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS.

Baseline playbook

- name: Oracle Linux 9 baseline
  hosts: ol9
  become: true
  tasks:
    - name: Update packages
      ansible.builtin.dnf: { name: "*", state: latest, update_cache: true }

- name: Install baseline tools (and UEK)
      ansible.builtin.dnf:
        name:
          - vim-enhanced
          - chrony
          - firewalld
          - policycoreutils-python-utils
          - podman
          - cockpit
          - kernel-uek
        state: present


- name: Set default kernel to UEK
      ansible.builtin.command: grubby --set-default /boot/vmlinuz-*.el9uek.x86_64
      register: gr
      changed_when: "'Default kernel' in gr.stdout"

See also: Ansible on AlmaLinux 10 Automation Complete Guide

Ksplice live patching

- name: Configure Ksplice
  hosts: ol9
  become: true
  tasks:
    - name: Install Ksplice client
      ansible.builtin.dnf: { name: uptrack, state: present }

- name: Enable autoinstall
      ansible.builtin.lineinfile:
        path: /etc/uptrack/uptrack.conf
        regexp: '^autoinstall'
        line: 'autoinstall = yes'


- name: Run uptrack-upgrade
      ansible.builtin.command: uptrack-upgrade -y
      register: kp
      changed_when: "'Effective kernel version' in kp.stdout"

OCI integration

Use the oracle.oci collection to provision OCI compute and bind it to Ansible inventory:

- name: Launch OL9 instance in OCI
  hosts: localhost
  tasks:
    - name: Launch instance
      oracle.oci.oci_compute_instance:
        compartment_id: "{{ compartment_ocid }}"
        availability_domain: "{{ ad }}"
        shape: VM.Standard.E5.Flex
        image_id: "{{ ol9_image_ocid }}"
        display_name: ol9-app-01
        metadata:
          ssh_authorized_keys: "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"
        state: present
      register: vm

See also: Ansible on AlmaLinux 9 Automation Complete Guide

SELinux + firewalld

- name: SELinux enforcing
  ansible.posix.selinux: { policy: targeted, state: enforcing }

- name: Open HTTPS
  ansible.posix.firewalld: { service: https, permanent: true, state: enabled, immediate: true }

Best practices

• Choose UEK for newer hardware and better workload performance; choose RHCK for strict ABI compatibility. • Use Ksplice to eliminate planned reboot windows for kernel CVEs. • For OCI workloads, prefer the official oracle.oci collection over generic cloud modules.

Conclusion

Oracle Linux 9 layers UEK and Ksplice on top of the RHEL 9 ABI. Ansible playbooks written for RHEL 9 work unchanged; add oracle.oci and Ksplice tasks to take full advantage of the platform.

Installing Ansible on Oracle Linux 9

# Enable EPEL
sudo dnf install oracle-epel-release-el9 -y

# Install Ansible
sudo dnf install ansible-core -y


# Verify
ansible --version

DNF Package Management

- name: Configure Oracle Linux 9
  hosts: oraclelinux
  become: true
  tasks:
    - name: Install essential packages
      ansible.builtin.dnf:
        name:
          - vim-enhanced
          - git
          - curl
          - firewalld
          - python3-pip
          - oracle-epel-release-el9
        state: present

- name: Enable CodeReady Builder repo
      ansible.builtin.command: dnf config-manager --set-enabled ol9_codeready_builder
      changed_when: true

Oracle-Specific Tasks

    - name: Install Oracle Instant Client
      ansible.builtin.dnf:
        name:
          - oracle-instantclient-release-23ai-el9
        state: present

- name: Configure Oracle UEK kernel
      ansible.builtin.dnf:
        name: kernel-uek
        state: latest


- name: Configure firewalld
      ansible.posix.firewalld:
        service: "{{ item }}"
        permanent: true
        immediate: true
        state: enabled
      loop:
        - ssh
        - http
        - https


- name: Configure SELinux
      ansible.posix.selinux:
        policy: targeted
        state: enforcing

FAQ

Is Oracle Linux 9 compatible with RHEL 9 playbooks?

Yes. Oracle Linux 9 is binary-compatible with RHEL 9. Playbooks for RHEL 9 work on OL9 with no changes. The main difference is Oracle's Unbreakable Enterprise Kernel (UEK).

Should I use UEK or RHCK on Oracle Linux?

UEK (Unbreakable Enterprise Kernel) is Oracle's default and optimized kernel. RHCK (Red Hat Compatible Kernel) is available for strict RHEL compatibility. For most workloads, UEK is recommended.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home