ansible-pull demo

Local Development

Setting up the local development environment to work with Ansible.

You'll need virtualenv:

sudo apt-get install python3-virtualenv -y

Start the environment:

python3 -m venv .venv
virtualenv .venv
source .venv/bin/activate

Install the dependencies:

python3 -m pip install --upgrade pip
python3 -m pip install -r requirements.txt

Control Node

Depending on yor preference, the following provisioning options are available in this repository.

Multipass

Launch the instance:

multipass launch 24.04 `
  --name vm-ansible `
  --cpus 4 `
  --memory 8G `
  --disk 50G `
  --timeout 1800 `
  --cloud-init .\multipass\cloud-init.yaml

Connect via SSH:

multipass shell vm-ansible

Check if *** System restart required ***. If so, sudo reboot.

Verify the cloud-init status:

cloud-init status

Check logs if necessary:

/var/log/cloud-init-output.log
/var/log/cloud-init.log

VirtualBox

Prepare the directory with Vagrant:

mkdir -p vagrant-pull-node/ansible
cd vagrant-pull-node/ansible
vagrant init "ubuntu/jammy64"

Set additional parameters as in the virtualbox/Vagrantfile. This will add the necessary packages.

Create and connect to the VM:

vagrant up
vagrant ssh

Docker

Tip

In case of docker fetch errors, you may try docker system prune -a

For lightweight docker environment, set it up:

docker compose build
docker compose up -d
docker compose exec workstation /bin/bash

ansible-pull

This section is executed from within the control node.

Simple Pull Command

Tip

A fork will be required to create tokens in the account

Connect to the GitHub account and generate a new token. Prefer a fine-grained token, where only read-only permissions to the Contents to the repository is required.

Note

Preferring the https URL option to use GitHub tokens

The next ansible-pull command was adapted from this page.

For development purposes, create a /opt/ansible/pull.sh script:

Tip

Create link for ln -s /opt/ansible/pull.sh /home/vagrant/pull.sh

#!/bin/bash
token=1234
url="https://$token:x-oauth-basic@github.com/epomatti/ansible-pull-demo.git"
ansible-pull -U $url -d /opt/epomatti/ansible-pull-demo

Execute the Ansible pull script:

bash pull.sh

Crontab

The local.yml file will create a cron job to pull new configuration every minute. The package flock will be used to prevent cron job overlap.

Check the crontab logs:

sudo tail -f /var/log/syslog

The script output will be redirected to this file:

sudo tail -f /var/log/ansible-pull.log

To make ad-hoc adjustments to the local configuration:

sudo systemctl stop cron

Ansible Vault

Create the key file, and add a secure password:

touch ~/.vault_key
chmod 600 ~/.vault_key

Encrypt files (they must be commited to the repository):

ansible-vault encrypt --vault-password-file ~/.vault_key secret.txt

Decrypt the files locally:

ansible-vault decrypt --vault-password-file ~/.vault_key secret.txt

When pulling, use the key:

ansibel pull --vault-password-file

Testing

Tip

This is about test strategies for testing the application you are deploying

The primary tool for this should be Molecule.

bash local.sh

Running the tests:

bash tests.sh

Reference Content

• Using Ansible "Pull" Mode to Dynamically Automate Server/Workstation Builds
• Getting started with Ansible 01 - Introduction
• Using Ansible to automate your Laptop and Desktop configs!
• Encrypting Files with Ansible Vault