Ansible II: playbooks, containers and inventory
Welcome to the Ansible series! This is the second article in which we will start by creating our first SSH Docker container to simulate one remote machine, write an inventory and build a simple playbook to use against.
UPDATE: I found that in the Docker for Windows approach you can’t use the containers IP to connect to them. Source in the documentation. I added new sections using Vagrant and VirtualBox which will represent better a real scenario.
Our first (or second) VM
In the previous article, we installed VirtualBox and Vagrant. You also probably started your first VM. The
vagrant command should be in accessible from your PowerShell prompt. So let’s start a
We will start by creating a new folder for our project and then the vagrant configuration file. I will be using a Ubuntu Bionic virtual machine, but feel free to get other versions or other distributions.
PS> mkdir ansible-series PS> cd ansible-series
Now open the folder with your favorite editor, I will be using Visual Studio Code, so I will
code . in my terminal and the editor will pop up with the opened folder. Now create a
Vagrantfile and write the following:
# Vagrantfile Vagrant.configure("2") do |config| config.vm.define "main" do |main| main.vm.box = "ubuntu/bionic64" main.vm.network "private_network", ip: "10.0.0.10" end end
This configuration will create a VM called ‘main’ that will run Ubuntu Bionic 18.04 64-bits which will be assigned to the IP
10.0.0.10. To connect to it, you can use:
PS> vagrant ssh Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-65-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Wed Oct 16 18:04:41 UTC 2019 System load: 0.0 Processes: 96 Usage of /: 10.0% of 9.63GB Users logged in: 0 Memory usage: 12% IP address for enp0s3: 10.0.2.15 Swap usage: 0% IP address for enp0s8: 10.0.0.10 0 packages can be updated. 0 updates are security updates. Last login: Wed Oct 16 18:04:27 2019 from 10.0.2.2 vagrant@ubuntu-bionic:~$ exit
So now you are at the prompt inside the Ubuntu VM we just created with
vagrant up. Now we will connect with SSH directly… prepare yourself! We specified the IP inside the
Vagrantfile, in our case:
10.0.0.10. If you played with Vagrant a little, maybe you noticed the
.vagrantfolder. Inside it there are many files, one of them it used internally by Vagrant to SSH into the machine. This file is
ssh -i .vagrant\machines\main\virtualbox\private_key email@example.com
Then a prompt will ask us to accept that the IP has X fingerprint. Write ‘yes’ and press ENTER. This basically is protecting us in the future against someone changing the server under this IP.
The authenticity of host '10.0.0.10 (10.0.0.10)' can not be established. ECDSA key fingerprint is SHA256:Pjx1qPgS0TLV3gMNO69G/ogWhH68WP4MhqZxT4Agaw8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.10' (ECDSA) to the list of known hosts. Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-65-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Wed Oct 16 18:11:38 UTC 2019 System load: 0.0 Processes: 96 Usage of /: 10.0% of 9.63GB Users logged in: 0 Memory usage: 12% IP address for enp0s3: 10.0.2.15 Swap usage: 0% IP address for enp0s8: 10.0.0.10 0 packages can be updated. 0 updates are security updates. Last login: Wed Oct 16 18:04:41 2019 from 10.0.2.2 vagrant@ubuntu-bionic:~$
And we are connected again, but now using PowerShell directly, not
vagrant ssh. Rembemer that we just used a file (a SSH key) inside the
.vagrant/machines/main/virtualbox note that it includes
main the name that we defined in the Vagrantfile.
Creating the inventory and the playbook
Now it is time that we use Ansible! We will need an inventory and a playbook. We will start by creating an inventory. In this case, it will be pretty small since we are only attacking one machine.
Now it is time for the final piece: the playbook. We will do a pretty basic one, since we are only getting started, but they will get more complicated as the series advance. For now, we have this one:
--- - hosts: all vars: remote_user: vagrant ansible_private_key_file: .vagrant/machines/main/virtualbox/private_key tasks: - name: ping ping:
Variables can be defined inside playbooks, in a block at the
hosts level called
vars. These are shared by all the tasks inside the playbook, so we will be able to grab them anywhere. In our case, we only need to tell Ansible how to connect to our machines using
ansible_user and the SSH key we used before via
ansible_private_key_file (probably you are wondering from where this came, check Ansible SSH plugin).
To run the playbook we use
ansible-playbook -i inventory playbook.yml
Aaaaand you may se an error that says…
WARNING: UNPROTECTED PRIVATE KEY FILE! and
Permissions 0777 for '.vagrant/machines/main/virtualbox/private_key' are too open.. The SSH key files should have certain permissions to avoid things go bad, so we change it so only us can change its contents or read it:
chmod 400 .vagrant/machines/main/virtualbox/private_key
Then run the playbook again.
PLAY [all] TASK [Gathering Facts] ok: [10.0.0.10] TASK [ping] ok: [10.0.0.10] PLAY RECAP 10.0.0.10 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Now we have the basics of Ansible, with that we can move forward into more complex scenarios. We will revisiting those topics since they are the building blocks of Ansible. In the following article we will start our adventure aiming to deploy a web service, we will learn about adding multiple machines to our Vagrantfile and we will be launching multiple playbooks against our machines. Do not miss it!
It was useful? Done something similar? Have feedback?