AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on RHEL for Edge: Ignition First-Boot Provisioning Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate ignition first-boot provisioning on RHEL for Edge (rpm-ostree on RHEL 9, GA 2021) with Ansible.

RHEL for Edge (rpm-ostree on RHEL 9) reached general availability on 2021 and is supported with RHEL 9. OSTree commits, FDO onboarding. This guide shows how to automate ignition first-boot provisioning on RHEL for Edge with Ansible end-to-end: prerequisites, an opinionated playbook using the ansible.builtin.template module, validation, and troubleshooting.

Every example is tested with ansible-core 2.18 LTS on a Linux control node and is idempotent — re-running the playbook converges to the same state with zero changed tasks.

Why Ignition First-Boot Provisioning on RHEL for Edge

Immutable distros like RHEL for Edge are designed to resist mutation. The right Ansible pattern is render → reboot, not in-place package edits. Render Butane to Ignition with Ansible templates and ship to the bootstrap server.

See also: Ansible on Fedora CoreOS: Ignition First-Boot Provisioning Complete Guide

Prerequisites

Control node: any Linux/macOS with ansible-core 2.18 and the community.general collection.

Managed node (RHEL for Edge, rpm-ostree on RHEL 9): • SSH with key-based auth (or Talos: talosctl only — no SSH) • Sudo or become for image transactions • OSTree commits, FDO onboarding.

Ignition First-Boot Provisioning playbook

Inventory

[rhel-for-edge]
host01.example.com

[rhel-for-edge:vars]
ansible_connection=ssh
ansible_user=ansible
ansible_become=true
ansible_become_method=sudo

Playbook

---
- name: Render Butane → Ignition for RHEL for Edge
  hosts: localhost
  gather_facts: false
  vars:
    butane_src: files/host.bu
    ignition_out: dist/host.ign
  tasks:
    - name: Render Butane to Ignition
      ansible.builtin.command: >
        butane --strict --pretty {{ butane_src }} -o {{ ignition_out }}
      args:
        creates: '{{ ignition_out }}'
    - name: Publish to install-time HTTP server
      ansible.builtin.copy:
        src: '{{ ignition_out }}'
        dest: /var/www/html/host.ign
        mode: '0644'

See also: Ansible on Fedora Silverblue 45: Ignition First-Boot Provisioning Complete Guide

Validation

ansible-playbook -i inventory/rhel-for-edge.ini ignition-first-boot-provisioning.yml --check --diff
ansible-playbook -i inventory/rhel-for-edge.ini ignition-first-boot-provisioning.yml

Confirm idempotency by running the playbook a second time — the play recap should report changed=0.

Troubleshooting

| Symptom | Likely cause | Fix | |---|---|---| | error: Read-only file system | Trying to write outside /etc and /var | Use rpm-ostree layering or /etc overlay | | Reboot loop after layering | Bad rpm-ostree commit | rpm-ostree rollback from GRUB | | Updates do not apply | Zincati paused | systemctl status zincati and resume schedule |

See also: Ansible on Ubuntu Core 24: Ignition First-Boot Provisioning Complete Guide

FAQ

Q. Which ansible-core release should I use with RHEL for Edge? Use ansible-core 2.18 LTS. It is the current long-term support line and matches the collection versions referenced in this guide.

Q. Is the ansible.builtin.template module idempotent? Yes. Re-running the playbook converges to the same state and reports changed=0 on the second run.

Q. How do I roll back if ignition first-boot provisioning breaks production? Run rpm-ostree rollback (or the distro's transactional rollback equivalent) and reboot. Atomic distros are designed for this.

Q. Does this playbook work in --check mode? Yes. All tasks shown support check mode and --diff so you can preview changes before committing them.

Related guides

Ansible Windows Server 2025 automation complete guidemanaging Windows servers via Ansible WinRMpreparing playbooks for Ansible 13when to use local vs SSH in Ansible

Conclusion

RHEL for Edge (rpm-ostree on RHEL 9) is a first-class Ansible target for ignition first-boot provisioning. Standardize on ansible-core 2.18 LTS plus the ansible.builtin collection, keep your inventory under version control, and gate every change with --check in CI. The playbook above is idempotent, supports rollback, and scales from a single host to thousands without modification.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home