Ansible II: playbooks, containers and inventory

#it automation #configuration as code

Welcome to the Ansible series! This is the second article in which we will start by creating our first SSH Docker container to simulate one remote machine, write an inventory and build a simple playbook to use against.

UPDATE: I found that in the Docker for Windows approach you can’t use the containers IP to connect to them. Source in the documentation. I added new sections using Vagrant and VirtualBox which will represent better a real scenario.

Our first (or second) VM

In the previous article, we installed VirtualBox and Vagrant. You also probably started your first VM. The vagrant command should be in accessible from your PowerShell prompt. So let’s start a

We will start by creating a new folder for our project and then the vagrant configuration file. I will be using a Ubuntu Bionic virtual machine, but feel free to get other versions or other distributions.

PS> mkdir ansible-series
PS> cd ansible-series

Now open the folder with your favorite editor, I will be using Visual Studio Code, so I will code . in my terminal and the editor will pop up with the opened folder. Now create a Vagrantfile and write the following:

# Vagrantfile
Vagrant.configure("2") do |config|
  config.vm.define "main" do |main|
    main.vm.box = "ubuntu/bionic64"
    main.vm.network "private_network", ip: "10.0.0.10"
  end
end

This configuration will create a VM called ‘main’ that will run Ubuntu Bionic 18.04 64-bits which will be assigned to the IP 10.0.0.10. To connect to it, you can use:

PS> vagrant ssh
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-65-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed Oct 16 18:04:41 UTC 2019

  System load:  0.0               Processes:             96
  Usage of /:   10.0% of 9.63GB   Users logged in:       0
  Memory usage: 12%               IP address for enp0s3: 10.0.2.15
  Swap usage:   0%                IP address for enp0s8: 10.0.0.10


0 packages can be updated.
0 updates are security updates.


Last login: Wed Oct 16 18:04:27 2019 from 10.0.2.2
vagrant@ubuntu-bionic:~$ exit

So now you are at the prompt inside the Ubuntu VM we just created with vagrant up. Now we will connect with SSH directly… prepare yourself! We specified the IP inside the Vagrantfile, in our case: 10.0.0.10. If you played with Vagrant a little, maybe you noticed the .vagrantfolder. Inside it there are many files, one of them it used internally by Vagrant to SSH into the machine. This file is .vagrant\machines\main\virtualbox\private_key:

ssh -i .vagrant\machines\main\virtualbox\private_key vagrant@10.0.0.10

Then a prompt will ask us to accept that the IP has X fingerprint. Write ‘yes’ and press ENTER. This basically is protecting us in the future against someone changing the server under this IP.

The authenticity of host '10.0.0.10 (10.0.0.10)' can not be established.
ECDSA key fingerprint is SHA256:Pjx1qPgS0TLV3gMNO69G/ogWhH68WP4MhqZxT4Agaw8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.10' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-65-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed Oct 16 18:11:38 UTC 2019

  System load:  0.0               Processes:             96
  Usage of /:   10.0% of 9.63GB   Users logged in:       0
  Memory usage: 12%               IP address for enp0s3: 10.0.2.15
  Swap usage:   0%                IP address for enp0s8: 10.0.0.10


0 packages can be updated.
0 updates are security updates.


Last login: Wed Oct 16 18:04:41 2019 from 10.0.2.2
vagrant@ubuntu-bionic:~$

And we are connected again, but now using PowerShell directly, not vagrant ssh. Rembemer that we just used a file (a SSH key) inside the .vagrant/machines/main/virtualbox note that it includes main the name that we defined in the Vagrantfile.

Creating the inventory and the playbook

Now it is time that we use Ansible! We will need an inventory and a playbook. We will start by creating an inventory. In this case, it will be pretty small since we are only attacking one machine.

[all]
10.0.0.10

Now it is time for the final piece: the playbook. We will do a pretty basic one, since we are only getting started, but they will get more complicated as the series advance. For now, we have this one:

---
- hosts: all
  vars:
    remote_user: vagrant
    ansible_private_key_file: .vagrant/machines/main/virtualbox/private_key

  tasks:
    - name: ping
      ping:

Variables can be defined inside playbooks, in a block at the hosts level called vars. These are shared by all the tasks inside the playbook, so we will be able to grab them anywhere. In our case, we only need to tell Ansible how to connect to our machines using ansible_user and the SSH key we used before via ansible_private_key_file (probably you are wondering from where this came, check Ansible SSH plugin).

To run the playbook we use ansible-playbook:

ansible-playbook -i inventory playbook.yml

Aaaaand you may se an error that says… WARNING: UNPROTECTED PRIVATE KEY FILE! and Permissions 0777 for '.vagrant/machines/main/virtualbox/private_key' are too open.. The SSH key files should have certain permissions to avoid things go bad, so we change it so only us can change its contents or read it:

chmod 400 .vagrant/machines/main/virtualbox/private_key

Then run the playbook again.

PLAY [all]

TASK [Gathering Facts]
ok: [10.0.0.10]

TASK [ping]
ok: [10.0.0.10]

PLAY RECAP
10.0.0.10              : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Closing

Now we have the basics of Ansible, with that we can move forward into more complex scenarios. We will revisiting those topics since they are the building blocks of Ansible. In the following article we will start our adventure aiming to deploy a web service, we will learn about adding multiple machines to our Vagrantfile and we will be launching multiple playbooks against our machines. Do not miss it!

Continue reading

It was useful? Done something similar? Have feedback?