AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Rocky Linux 9 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Rocky Linux 9 (Blue Onyx) servers with Ansible: dnf, SELinux, firewalld, Podman, kernel live patching, migration from CentOS.

Rocky Linux 9 (Blue Onyx) is the community RHEL 9 rebuild produced by the Rocky Enterprise Software Foundation. It tracks RHEL 9 1:1 (kernel 5.14, Python 3.9, Podman, systemd 252) and is supported through May 2032. This is the master Ansible guide for Rocky Linux 9 fleets, including migration from CentOS Linux 7/8.

Rocky Linux 9 release facts

| Item | Value | |---|---| | Code name | Blue Onyx | | GA | 2022-07-14 | | Latest minor | 9.6 | | Support end | 2032-05-31 | | Default kernel | 5.14 | | Default Python | 3.9 | | Container engine | Podman |

See also: Ansible on Rocky Linux 10 Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS with ansible_python_interpreter=/usr/bin/python3.

Inventory

[rocky9]
rocky9-01.example.com
rocky9-02.example.com

[rocky9:vars]
ansible_user=rocky

See also: Ansible on AlmaLinux 9 Automation Complete Guide

Baseline playbook

- name: Rocky Linux 9 baseline
  hosts: rocky9
  become: true
  tasks:
    - name: Update all packages
      ansible.builtin.dnf: { name: "*", state: latest, update_cache: true }

- name: Enable EPEL
      ansible.builtin.dnf:
        name: epel-release
        state: present


- name: Install baseline tools
      ansible.builtin.dnf:
        name:
          - vim-enhanced
          - chrony
          - firewalld
          - policycoreutils-python-utils
          - podman
          - cockpit
        state: present


- name: Enable services
      ansible.builtin.service:
        name: "{{ item }}"
        enabled: true
        state: started
      loop: [chronyd, firewalld, cockpit.socket]


- name: SELinux enforcing
      ansible.posix.selinux: { policy: targeted, state: enforcing }

Migration from CentOS 7

- name: Migrate CentOS 7 to Rocky Linux 9 (re-provision)
  hosts: centos7
  become: true
  tasks:
    - name: Stop application services
      ansible.builtin.service: { name: "{{ app_service }}", state: stopped }

- name: Backup app data
      ansible.builtin.archive:
        path: /var/lib/{{ app_service }}
        dest: "/srv/backups/{{ inventory_hostname }}-{{ ansible_date_time.iso8601_basic_short }}.tar.gz"


- name: Trigger PXE/cloud reprovision
      ansible.builtin.uri:
        url: "{{ provisioner_api }}/reprovision"
        method: POST
        body_format: json
        body: { host: "{{ inventory_hostname }}", os: "rocky9" }

For in-place migration use the migrate2rocky script invoked from Ansible:

- name: In-place migrate CentOS 8 -> Rocky 9 stream
  hosts: centos8
  become: true
  tasks:
    - name: Download migrate script
      ansible.builtin.get_url:
        url: https://raw.githubusercontent.com/rocky-linux/rocky-tools/main/migrate2rocky/migrate2rocky.sh
        dest: /root/migrate2rocky.sh
        mode: "0755"

- name: Run migration
      ansible.builtin.command: /root/migrate2rocky.sh -r
      args:
        creates: /etc/rocky-release

See also: Ansible on RHEL 9 Automation Complete Guide

Patching with serial rollouts

- name: Patch Rocky 9 fleet
  hosts: rocky9
  become: true
  serial: 25%
  tasks:
    - name: Apply security updates
      ansible.builtin.dnf:
        name: "*"
        state: latest
        security: true
        update_cache: true

- name: Reboot if kernel updated
      ansible.builtin.reboot:
      when: ansible_facts['kernel'] != lookup('ansible.builtin.file', '/proc/version')

Best practices

• Stay on EPEL 9 for community packages; pin via releasever. • Subscribe to the Rocky Linux Errata RSS feed and gate updates with security: true. • Use kpatch (kpatch-dnf) for live kernel updates without reboots. • Mirror Rocky repos internally for offline / air-gapped sites.

Conclusion

Rocky Linux 9 is a drop-in RHEL 9 replacement with the same ABI and the same Ansible playbooks — minus subscription-manager. It is ideal for cost-sensitive enterprises that want RHEL behavior without entitlements. Ansible playbooks written for RHEL 9 typically run unchanged on Rocky 9.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home