AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on RHEL 10 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Red Hat Enterprise Linux 10 (Coughlan) with Ansible: dnf, image mode (bootc), SELinux, firewalld, Podman 5, post-quantum SSH, AAP 2.6.

Red Hat Enterprise Linux 10 (Coughlan) was released on May 20, 2025. It introduces image mode (bootc) as a first-class deployment model, kernel 6.12, Python 3.12, OpenSSH 9.9 with post-quantum KEX, systemd 256, and Podman 5. RHEL 10 is in Full Support through May 2030, Maintenance Support through May 2035.

RHEL 10 release facts

| Item | Value | |---|---| | Code name | Coughlan | | GA | 2025-05-20 | | Full Support end | 2030-05-31 | | Maintenance end | 2035-05-31 | | Default kernel | 6.12 | | Default Python | 3.12 | | Default OpenSSH | 9.9p1 (post-quantum) | | Container engine | Podman 5 | | Image mode | bootc |

See also: Ansible on RHEL 9 Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS or newer. Python 3.12 is the system Python on RHEL 10.

Inventory

[rhel10]
rhel10-app-01.corp.example.com
rhel10-app-02.corp.example.com

[rhel10:vars]
ansible_user=cloud-user
ansible_python_interpreter=/usr/bin/python3

See also: Ansible on AlmaLinux 10 Automation Complete Guide

Baseline playbook

- name: RHEL 10 baseline
  hosts: rhel10
  become: true
  tasks:
    - name: Update all packages
      ansible.builtin.dnf:
        name: "*"
        state: latest
        update_cache: true

- name: Install baseline tools
      ansible.builtin.dnf:
        name:
          - vim-enhanced
          - chrony
          - firewalld
          - policycoreutils-python-utils
          - podman
          - cockpit
          - insights-client
          - bootc
        state: present


- name: Enable services
      ansible.builtin.service:
        name: "{{ item }}"
        enabled: true
        state: started
      loop: [chronyd, firewalld, cockpit.socket]

Image mode with bootc

RHEL 10 introduces image mode — managing the OS as a container image with bootc. Ansible orchestrates the image-mode rollout:

- name: Roll out new bootc image to RHEL 10 hosts
  hosts: rhel10
  become: true
  tasks:
    - name: Switch to new bootc image
      ansible.builtin.command: bootc switch quay.io/corp/rhel10-base:2026.05
      register: bootc_switch
      changed_when: "'Image' in bootc_switch.stdout"

- name: Schedule reboot to staged image
      ansible.builtin.reboot:
        reboot_timeout: 1800
      when: bootc_switch.changed


- name: Verify new deployment
      ansible.builtin.command: bootc status --json
      register: bootc_status
      changed_when: false

See also: Ansible on Rocky Linux 10 Automation Complete Guide

Post-quantum SSH

- name: Enable post-quantum SSH KEX
  hosts: rhel10
  become: true
  handlers:
    - name: restart sshd
      ansible.builtin.service: { name: sshd, state: restarted }
  tasks:
    - name: Drop hardened SSH config
      ansible.builtin.copy:
        dest: /etc/ssh/sshd_config.d/10-hardened.conf
        mode: "0644"
        content: |
          KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256
          PasswordAuthentication no
          PermitRootLogin no
        validate: 'sshd -tf %s'
      notify: restart sshd

SELinux + firewalld

- name: SELinux enforcing
  ansible.posix.selinux: { policy: targeted, state: enforcing }

- name: Open HTTPS
  ansible.posix.firewalld: { service: https, permanent: true, state: enabled, immediate: true }

Podman 5 systemd integration with Quadlet

- name: Deploy nginx container with Quadlet
  hosts: rhel10
  become: true
  tasks:
    - name: Drop Quadlet unit
      ansible.builtin.copy:
        dest: /etc/containers/systemd/nginx.container
        mode: "0644"
        content: |
          [Container]
          Image=docker.io/library/nginx:alpine
          PublishPort=80:80
          [Install]
          WantedBy=default.target

- name: Reload systemd and start
      ansible.builtin.systemd: { daemon_reload: true }


- name: Enable nginx
      ansible.builtin.systemd: { name: nginx, enabled: true, state: started }

Best practices

• Adopt image mode (bootc) for stateless servers (Kubernetes nodes, edge devices). • For mutable RPM workloads use the classic dnf flow. • Validate SSH KEX changes against your bastion's OpenSSH version (≥ 9.0 required for sntrup761x25519). • Use AAP 2.6 Execution Environments built on RHEL 10 base for collections compatibility.

Conclusion

RHEL 10 reshapes enterprise Linux around image mode, post-quantum crypto, and Podman 5 Quadlet. With ansible-core 2.18+ and AAP 2.6, you can manage both classic RPM hosts and immutable bootc-managed nodes from one playbook tree.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home