AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Rocky Linux 10 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Rocky Linux 10 (Red Quartz) servers with Ansible: dnf, image mode, SELinux, firewalld, Podman 5, post-quantum SSH, and migration from Rocky 9.

Rocky Linux 10 (Red Quartz) is the community rebuild of RHEL 10. It tracks RHEL 10 (kernel 6.12, Python 3.12, OpenSSH 9.9, Podman 5, image mode via bootc) and is supported through May 2035. This guide covers Rocky 10 automation and migration from Rocky 9.

Rocky Linux 10 release facts

| Item | Value | |---|---| | Code name | Red Quartz | | GA | 2025-06 | | Support end | 2035-05-31 | | Default kernel | 6.12 | | Default Python | 3.12 | | Default OpenSSH | 9.9p1 | | Container engine | Podman 5 | | Image mode | bootc |

See also: Ansible on AlmaLinux 10 Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS or newer.

Inventory

[rocky10]
rocky10-01.example.com
rocky10-02.example.com

[rocky10:vars]
ansible_user=rocky
ansible_python_interpreter=/usr/bin/python3

See also: Ansible on RHEL 10 Automation Complete Guide

Baseline playbook

- name: Rocky Linux 10 baseline
  hosts: rocky10
  become: true
  tasks:
    - name: Update all packages
      ansible.builtin.dnf: { name: "*", state: latest, update_cache: true }

- name: Install baseline tools
      ansible.builtin.dnf:
        name:
          - vim-enhanced
          - chrony
          - firewalld
          - policycoreutils-python-utils
          - podman
          - cockpit
          - bootc
        state: present


- name: Enable services
      ansible.builtin.service:
        name: "{{ item }}"
        enabled: true
        state: started
      loop: [chronyd, firewalld, cockpit.socket]


- name: SELinux enforcing
      ansible.posix.selinux: { policy: targeted, state: enforcing }

Image mode (bootc) deployment

- name: Switch to a new bootc image
  hosts: rocky10
  become: true
  tasks:
    - name: bootc switch to staged image
      ansible.builtin.command: bootc switch quay.io/corp/rocky10-base:2026.05
      register: bs
      changed_when: "'Image' in bs.stdout"

- name: Reboot to new deployment
      ansible.builtin.reboot:
      when: bs.changed

See also: Ansible on Rocky Linux 9 Automation Complete Guide

Post-quantum SSH

- name: Enable PQ KEX
  ansible.builtin.copy:
    dest: /etc/ssh/sshd_config.d/10-pq.conf
    mode: "0644"
    content: |
      KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256
      PasswordAuthentication no
    validate: 'sshd -tf %s'
  notify: restart sshd

Migration from Rocky 9 (migrate2rocky10)

- name: In-place migrate Rocky 9 -> Rocky 10
  hosts: rocky9_to_migrate
  become: true
  tasks:
    - name: Download migration helper
      ansible.builtin.get_url:
        url: https://raw.githubusercontent.com/rocky-linux/rocky-tools/main/migrate2rocky10/migrate2rocky10.sh
        dest: /root/migrate2rocky10.sh
        mode: "0755"

- name: Run migration
      ansible.builtin.command: /root/migrate2rocky10.sh -r
      args:
        creates: /etc/rocky-release.10

Best practices

• Use bootc image mode for stateless workloads (Kubernetes nodes, edge gateways). • Validate the SSH KEX change against your jump hosts (ssh -Q kex). • For mutable workloads (databases) keep classic RPM mode. • Mirror Rocky 10 repos internally; image-mode containers can be served from your registry.

Conclusion

Rocky Linux 10 brings RHEL 10 features — image mode, post-quantum SSH, kernel 6.12, Podman 5 — to community-supported infrastructure. Ansible playbooks port cleanly from RHEL 10 with no subscription-manager.

Installing Ansible on Rocky Linux 10

# Enable EPEL
sudo dnf install epel-release -y

# Install Ansible
sudo dnf install ansible-core -y


# Verify
ansible --version

Server Configuration

- name: Configure Rocky Linux 10 server
  hosts: rocky
  become: true
  tasks:
    - name: Install essential packages
      ansible.builtin.dnf:
        name:
          - vim-enhanced
          - git
          - curl
          - wget
          - htop
          - firewalld
          - epel-release
        state: present

- name: Configure firewall
      ansible.posix.firewalld:
        service: "{{ item }}"
        permanent: true
        immediate: true
        state: enabled
      loop:
        - ssh
        - http
        - https


- name: Set SELinux enforcing
      ansible.posix.selinux:
        policy: targeted
        state: enforcing


- name: Enable automatic security updates
      ansible.builtin.dnf:
        name: dnf-automatic
        state: present


- name: Configure automatic updates
      ansible.builtin.systemd:
        name: dnf-automatic-install.timer
        state: started
        enabled: true


- name: Harden SSH
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: "{{ item.regexp }}"
        line: "{{ item.line }}"
      loop:
        - { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no' }
        - { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' }
      notify: restart sshd


handlers:
    - name: restart sshd
      ansible.builtin.service:
        name: sshd
        state: restarted

FAQ

Is Rocky Linux 10 compatible with RHEL 10?

Yes. Rocky Linux is a 1:1 binary-compatible rebuild of RHEL. Ansible playbooks for RHEL 10 work on Rocky Linux 10 without modification.

How do I migrate from CentOS to Rocky Linux?

Use the migrate2rocky script for in-place migration. Ansible can automate pre-migration checks and post-migration validation.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home