Ansible
I am pretty tired of one-off scripting and I’m sure eventually I’ll have to retire my current web server when the time comes, so I am starting to get ansible configured so I can prepare for any migration or upgrades. I also felt my configuration on the server drift as I started to add services.
My current webserver has 3 basic services running: NGINX, Docker, and Rsyslog. Nginx is the frontend to most of the docker containers running; and rsyslog collects and aggregates the logs for NGINX and Docker. There are also minor services on the server such as Letsencrypt which has tasks I would like to automate. Although this may not seem like a lot, these three main services are highly customzied and have no source control management for their current configurations. Every time I need to make a change I hop into the server with ssh and make it. There’s no documentation around these configurations as it feels unnecessary at present; ansible will be a “self document” for the server once it is configured.
Roles
Basically I started to notice my server was becoming a snowflake with configurations changing every time I logged into the server. I really didn’t like the thought of this as I started to add services to the node, so I decided to move all my one-off scripts and config files into Ansible roles where I can easily deploy them. This will allow me to re-deploy services to other services without having to re-configure config files by hand or possibly mis-configuring new servers thinking they have the same configuration as old servers when they clearly do not.
Install on macOS
I have python2.X and python3.7 on my computer. I aliased python to python3. I also made the change to alias pip to pip3.
The install was pretty quick, the only difficult part was realizing that pip install --user ansible installs ansible to /Users/<yourusername>/Library/Python/3.7/bin so I had to update my path.. (small quirk)
~/.zshrc File:
alias python="python3"
alias pip="pip3"
export PATH="/Users/Jack/Library/Python/3.7/bin:$PATH"
I then ran export ~/.zshrc in the terminal and everything was up and running.
Running ansible --version returned:
ansible 2.8.6
config file = None
configured module search path = ['/Users/Jack/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/Jack/Library/Python/3.7/lib/python/site-packages/ansible
executable location = /Users/Jack/Library/Python/3.7/bin/ansible
python version = 3.7.3 (default, Mar 27 2019, 09:23:15) [Clang 10.0.1 (clang-1001.0.46.3)]
Configuring Inventory & ~/.ansible.cfg
In the config file (~/.ansible.cfg) I updated it to look like the following to update where I wanted ansible to find my inventory:
[defaults]
inventory = /Users/Jack/.ansible/hosts
I then updated my inventory/hosts file (/Users/Jack/.ansible/hots) to look account for my at present 2 servers:
[itsltns]
itsltns-static
itsltns-forum
Ansible is smart enough to use my ~/.ssh/config config file to find private key information and the IP’s of the two servers:
host itsltns-static
HostName 1.1.1.1
Port 22
User jack
IdentityFile /Users/Jack/.ssh/aws/mkey.pem
host itsltns-forum
HostName 1.1.1.1
Port 22
User jack
IdentityFile /Users/Jack/.ssh/mkey.pem
IP’s can be found easily with some basic linux knowledge, but I obfuscated them in this post..
First Ping-Pong
While attempting to run my first module on the remote servers I continued to run into a python deprecation issue. I couln’t just continue to let this error mess with me, so I decided to fix it by adding the line interpreter_python = /usr/bin/python to my ansible.cfg file. This suppressed the error for the time being, but I’m sure I’ll come across this again when upgrading ansible from 2.8 to 2.12.
Running the simple ping command has never made me more pleased:
$ ansible itsltns -m ping
itsltns-forum | SUCCESS => {
"changed": false,
"ping": "pong"
}
itsltns-static | SUCCESS => {
"changed": false,
"ping": "pong"
}
This only means I can do anything now.
Conclusion
I am pretty excited to be up and running with Ansible. I plan to go into more detail on roles and playbooks sometime later. For now I am happy with my current results. Solving complex problems starts with understanding the simple ones first.
Links
pip install git+https://github.com/ansible/ansible.git@devel