AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on RHEL 9 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Red Hat Enterprise Linux 9 (Plow) with Ansible: dnf, subscription-manager, SELinux, firewalld, podman, kernel live patching, Insights, and AAP.

Red Hat Enterprise Linux 9 (Plow) released in May 2022 and ships kernel 5.14, Python 3.9, OpenSSH 8.7, systemd 252, and Podman 4/5. RHEL 9 is in Full Support through May 2027 and Maintenance Support through May 2032, with ELS extending to May 2035. This is the master Ansible guide for RHEL 9 production fleets — including AAP 2.6 integration.

RHEL 9 release facts

| Item | Value | |---|---| | Code name | Plow | | GA | 2022-05-17 | | Latest minor | 9.6 | | Full Support end | 2027-05-31 | | Maintenance Support end | 2032-05-31 | | Default kernel | 5.14 | | Default Python | 3.9 (3.11/3.12 modules) | | Default container engine | Podman |

See also: Ansible on RHEL 10 Automation Complete Guide

Ansible-core compatibility

RHEL 9 includes ansible-core 2.14+ in AppStream; for current control nodes use ansible-core 2.18 LTS with ansible_python_interpreter=/usr/libexec/platform-python or /usr/bin/python3.

Inventory

[rhel9]
rhel9-app-01.corp.example.com
rhel9-app-02.corp.example.com

[rhel9:vars]
ansible_user=ec2-user
ansible_python_interpreter=/usr/bin/python3

See also: Ansible on AlmaLinux 9 Automation Complete Guide

Subscription registration

- name: Register RHEL 9 with subscription-manager
  hosts: rhel9
  become: true
  tasks:
    - name: Register and attach
      community.general.redhat_subscription:
        state: present
        username: "{{ rhsm_user }}"
        password: "{{ rhsm_password }}"
        auto_attach: true

- name: Enable required repos
      community.general.rhsm_repository:
        name:
          - rhel-9-for-x86_64-baseos-rpms
          - rhel-9-for-x86_64-appstream-rpms
          - codeready-builder-for-rhel-9-x86_64-rpms
        state: enabled

Baseline playbook

- name: RHEL 9 baseline
  hosts: rhel9
  become: true
  tasks:
    - name: Update all packages
      ansible.builtin.dnf:
        name: "*"
        state: latest
        update_cache: true

- name: Install baseline tools
      ansible.builtin.dnf:
        name:
          - vim-enhanced
          - bash-completion
          - chrony
          - firewalld
          - policycoreutils-python-utils
          - podman
          - cockpit
          - insights-client
        state: present


- name: Enable services
      ansible.builtin.service:
        name: "{{ item }}"
        enabled: true
        state: started
      loop: [chronyd, firewalld, cockpit.socket]

See also: Ansible on Fedora 44 Automation Complete Guide

SELinux enforcement

- name: Ensure SELinux enforcing on RHEL 9
  hosts: rhel9
  become: true
  tasks:
    - name: Set SELinux enforcing
      ansible.posix.selinux:
        policy: targeted
        state: enforcing

- name: Allow httpd to connect to network DB
      ansible.posix.seboolean:
        name: httpd_can_network_connect_db
        state: true
        persistent: true

firewalld

- name: Configure firewalld
  hosts: rhel9
  become: true
  tasks:
    - name: Open HTTPS
      ansible.posix.firewalld:
        service: https
        permanent: true
        state: enabled
        immediate: true

- name: Default zone public
      ansible.posix.firewalld:
        zone: public
        target: default
        state: enabled
        permanent: true

Kernel live patching with kpatch

- name: Live-patch RHEL 9
  hosts: rhel9
  become: true
  tasks:
    - name: Install kpatch
      ansible.builtin.dnf:
        name: [kpatch, kpatch-dnf]
        state: present

- name: Subscribe to live kernel patches
      ansible.builtin.command: dnf kpatch auto
      register: kp
      changed_when: "'Installed' in kp.stdout"

Insights onboarding

- name: Onboard Insights client
  hosts: rhel9
  become: true
  tasks:
    - name: Register Insights
      ansible.builtin.command: insights-client --register
      register: ins
      changed_when: "'Successfully' in ins.stdout"

AAP 2.6 integration

Use the Red Hat Ansible Automation Platform 2.6 Execution Environment for RHEL 9 nodes:

# requirements.yml
collections:
  - name: ansible.posix
    version: ">=1.5.4"
  - name: community.general
    version: ">=8.0.0"
  - name: redhat.satellite
    version: ">=4.0.0"

Best practices

• Use dnf module not yum; the latter is a compat shim. • Pin to AAP-supported collections; avoid mixing community and Red Hat-supported versions for the same namespace in production. • Enable Insights to feed compliance and CVE data into AAP dashboards. • Use ansible.posix.selinux and ansible.posix.seboolean for SELinux changes.

Conclusion

RHEL 9 is the enterprise-grade Ansible target for 2022–2032 deployments. Combine subscription-manager, SELinux enforcement, firewalld, Podman, and Insights with ansible-core 2.18 and AAP 2.6 to deliver fully governed RHEL 9 fleets.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home