Skip to main content

142. Installation via Official Script

Status: Accepted Date: 2025-07-06

Context

We need a reliable and maintainable way to install the Ollama inference server as part of our Ansible automation. Ollama is a relatively new and fast-moving project. While it might be available in some community package repositories, the most up-to-date and recommended installation method provided by the Ollama team is via their official shell script (install.sh).

Trying to manually replicate the steps in this script (downloading the binary, setting permissions, creating the systemd service) in our Ansible role would be brittle and likely to break as the project evolves.

Decision

The 17_ollama Ansible role will install Ollama by downloading and executing the official install.sh script provided by the Ollama project.

The role will use Ansible's shell module to execute the command curl -fsSL https://ollama.com/install.sh | sh. This ensures we are always using the exact installation method recommended and maintained by the upstream vendor. The task will be configured with a creates condition to ensure it only runs if the Ollama binary does not already exist, making the task idempotent.

Consequences

Positive:

  • Upstream Alignment: We are using the officially supported and maintained installation method. This is the most reliable and future-proof approach. If the installation process changes, the script will be updated by the Ollama team, and our automation will automatically benefit without any changes on our side.
  • Simplicity: This is far simpler than manually managing all the installation steps. The Ansible role remains very simple and readable.
  • Always Up-to-Date: This method ensures we are always installing the latest stable version of Ollama.

Negative:

  • Executing Remote Scripts: The practice of curl | sh (piping a script from a remote URL directly into a shell) carries a significant security risk. We are trusting the remote server (ollama.com) to provide a non-malicious script, and we are running it with root privileges.
  • Less Control: We have less granular control over the installation process compared to a manual, step-by-step approach. The script does what it does, and we don't have an easy way to modify its behavior.

Mitigation:

  • Trusted Source: We are executing a script from a well-known, reputable, and trusted source (the official Ollama project). While the risk is not zero, it is very low and is a widely accepted practice for installing developer tools.
  • Idempotency: By checking for the existence of the binary before running the script, we ensure the task is idempotent and doesn't re-run unnecessarily.
  • Vendor's Responsibility: We are delegating the responsibility for a correct installation to the vendor, which is appropriate in this case. The complexity of a correct installation (including systemd service creation, etc.) is best managed by the experts on that software: the people who build it.