[Howto] Managing Solaris 11 via Ansible

Ansible LogoAnsible can be used to manage various kinds of Server operating systems – among them Solaris 11.

Managing Solaris 11 servers via Ansible from my Fedora machine is actually less exciting than previously thought. Since the amount of blog articles covering that is limited I thought it might be a nice challenge.

However, the opposite is the case: it just works. On a fresh Solaris installation, out of the box. There is not even need for additional configuration or additional software. Of course, ssh access must be available – but the same is true on Linux machines as well. It’s almost boring 😉

Here is an example to install and remove software on Solaris 11, using the new package system IPS which was introduced in Solaris 11:

$ ansible solaris -s -m pkg5 -a "name=web/server/apache-24"
$ ansible solaris -s -m pkg5 -a "state=absent name=/text/patchutils"

While Ansible uses a special module, pkg5, to manage Solaris packages, service managing is even easier because the usual service module is used for Linux as well as Solaris machines:

$ ansible solaris -s -m service -a "name=apache24 state=started"
$ ansible solaris -s -m service -a "name=apache24 state=stopped"

So far so good – of course things get really interesting if playbooks can perform tasks on Solaris and Linux machines at the same time. For example, imagine Apache needs to be deployed and started on Linux as well as on Solaris. Here conditions come in handy:

- name: install and start Apache
  hosts: clients
    - "vars/{{ ansible_os_family }}.yml"
  sudo: yes

    - name: install Apache on Solaris
      pkg5: name=web/server/apache-24
      when: ansible_os_family == "Solaris"

    - name: install Apache on RHEL
      yum:  name=httpd
      when: ansible_os_family == "RedHat"

    - name: start Apache
      service: name={{ apache }} state=started

Since the service name is not the same on different operating systems (or even different Linux distributions) the service name is a variable defined in a family specific Yaml file.

It’s also interesting to note that the same Ansible module works different on the different operating systems: when a service is ordered to be stopped, but is not even available because the corresponding package and thus service definition is not even installed, the return code on Linux is OK, while on Solaris an error is returned:

TASK: [stop Apache on Solaris] ************************************************
failed: [argon] => {"failed": true}
msg: svcs: Pattern 'apache24' doesn't match any instances

FATAL: all hosts have already failed -- aborting

It would be nice to catch the error, however as far as I know error handling in Ansible can only specify when to fail, and not which messages/errors should be ignored.

But besides this problem managing Solaris via Ansible works smoothly for me. And it even works on Ansible Tower, of course:


I haven’t tried to install Ansible on Solaris itself, but since packages are available that shouldn’t be much of an issue.

So in case you have a mixed environment including Solaris and Linux machines (Red Hat, Fedora, Ubuntu, Debian, Suse, you name it) I can only recommend to start using Ansible as soon as you possible. It simply works and can ease the pain of day to day tasks substantially.

8 thoughts on “[Howto] Managing Solaris 11 via Ansible”

  1. In 2.0 you get the `package` module which will execute the underlying package manager for each OS/Distro, as detected by fact gathering and set in ansible_pkg_mgr var.

    As with service, the name is still OS/distro dependent so you still need to deal with that yourself.

  2. But I can’t penetrate it with my user-id using ansible-playbook/tower on solaris 11. I know it execute with your sudo-no-password but can you allow solaris to have no sudo-password, also allowing root remote connection is a big risk. Do installing ansible-client works?

    1. The user management of Solaris is very similar to the user management on Linux machines or other UNIX systems. So yes, you can create a file in /etc/sudoers.d/ setting the appropriate sudo-no-passwd rights.
      And yes, allowing root remote connections is a big risk. Use a normal user with limited privileges, and configure sudo appropriately.

  3. Never mind, I was able to allow no sudo password on solaris 11.3,

    40 cp /etc/sudoers.d/svc-system-config-user /etc/sudoers.d/svc-system-config-user.bak
    41 vi /etc/sudoers.d/svc-system-config-user
    42 ls -la /etc/sudoers.d/svc-system-config-user
    43 chmod 740 /etc/sudoers.d/svc-system-config-user
    44 ls -la /etc/sudoers.d/svc-system-config-user
    45 vi /etc/sudoers.d/svc-system-config-user

    1. I’m glad to hear that it works for you. Do you mind sharing the content of the file /etc/sudoers.d/svc-system-config-user to show what you actually configured?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: