AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Oracle Linux 9 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Oracle Linux 9 with Ansible: dnf, UEK kernel, Ksplice live patching, OCI integration, SELinux, firewalld, Podman.

Oracle Linux 9 is Oracle's RHEL 9 rebuild with optional Unbreakable Enterprise Kernel (UEK 7/8) and Ksplice zero-downtime kernel patching. It is supported through July 2032 with optional ELS to 2035. This guide is the master Ansible reference for Oracle Linux 9 fleets, including OCI-specific automation.

Oracle Linux 9 release facts

| Item | Value | |---|---| | GA | 2022-06-27 | | Premier Support | until 2027-06 | | Extended Support | until 2032-07 | | ELS | until 2035-07 | | Default RHCK kernel | 5.14 | | UEK 7 kernel | 5.15 | | UEK 8 kernel | 6.12 |

See also: Ansible on Oracle Linux 10 Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS.

Baseline playbook

- name: Oracle Linux 9 baseline
  hosts: ol9
  become: true
  tasks:
    - name: Update packages
      ansible.builtin.dnf: { name: "*", state: latest, update_cache: true }

- name: Install baseline tools (and UEK)
      ansible.builtin.dnf:
        name:
          - vim-enhanced
          - chrony
          - firewalld
          - policycoreutils-python-utils
          - podman
          - cockpit
          - kernel-uek
        state: present


- name: Set default kernel to UEK
      ansible.builtin.command: grubby --set-default /boot/vmlinuz-*.el9uek.x86_64
      register: gr
      changed_when: "'Default kernel' in gr.stdout"

See also: Ansible on AlmaLinux 10 Automation Complete Guide

Ksplice live patching

- name: Configure Ksplice
  hosts: ol9
  become: true
  tasks:
    - name: Install Ksplice client
      ansible.builtin.dnf: { name: uptrack, state: present }

- name: Enable autoinstall
      ansible.builtin.lineinfile:
        path: /etc/uptrack/uptrack.conf
        regexp: '^autoinstall'
        line: 'autoinstall = yes'


- name: Run uptrack-upgrade
      ansible.builtin.command: uptrack-upgrade -y
      register: kp
      changed_when: "'Effective kernel version' in kp.stdout"

OCI integration

Use the oracle.oci collection to provision OCI compute and bind it to Ansible inventory:

- name: Launch OL9 instance in OCI
  hosts: localhost
  tasks:
    - name: Launch instance
      oracle.oci.oci_compute_instance:
        compartment_id: "{{ compartment_ocid }}"
        availability_domain: "{{ ad }}"
        shape: VM.Standard.E5.Flex
        image_id: "{{ ol9_image_ocid }}"
        display_name: ol9-app-01
        metadata:
          ssh_authorized_keys: "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"
        state: present
      register: vm

See also: Ansible on AlmaLinux 9 Automation Complete Guide

SELinux + firewalld

- name: SELinux enforcing
  ansible.posix.selinux: { policy: targeted, state: enforcing }

- name: Open HTTPS
  ansible.posix.firewalld: { service: https, permanent: true, state: enabled, immediate: true }

Best practices

• Choose UEK for newer hardware and better workload performance; choose RHCK for strict ABI compatibility. • Use Ksplice to eliminate planned reboot windows for kernel CVEs. • For OCI workloads, prefer the official oracle.oci collection over generic cloud modules.

Conclusion

Oracle Linux 9 layers UEK and Ksplice on top of the RHEL 9 ABI. Ansible playbooks written for RHEL 9 work unchanged; add oracle.oci and Ksplice tasks to take full advantage of the platform.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home