Ansible: Difference between revisions
(Expand + update formatting/wording) |
m (Add ansible-lint) |
||
Line 6: | Line 6: | ||
It uses SSH for the communication between the involved systems, no server or client daemons are needed, and no additional software beside Python on managed nodes is required. | It uses SSH for the communication between the involved systems, no server or client daemons are needed, and no additional software beside Python on managed nodes is required. | ||
= Installation = | == Installation == | ||
On the control node (master host), you can install the {{Pkg|ansible-core}} package and/or the {{Pkg|ansible}} package, which is a "batteries included" package that brings in {{Pkg|ansible-core}} along with a set of curated [https://docs.ansible.com/collections.html collections]. Both are available from the [[Repositories#Community|community]] repository: | On the control node (master host), you can install the {{Pkg|ansible-core}} package and/or the {{Pkg|ansible}} package, which is a "batteries included" package that brings in {{Pkg|ansible-core}} along with a set of curated [https://docs.ansible.com/collections.html collections]. Both are available from the [[Repositories#Community|community]] repository: | ||
Line 14: | Line 14: | ||
{{Cmd|# apk add ansible}} | {{Cmd|# apk add ansible}} | ||
== Create a SSH key == | === Create a SSH key === | ||
Generate a SSH key for the managed node. It's recommended to use a key which is protected with a password. | Generate a SSH key for the managed node. It's recommended to use a key which is protected with a password. | ||
Line 20: | Line 20: | ||
{{Cmd|$ ssh-keygen -t ed25519}} | {{Cmd|$ ssh-keygen -t ed25519}} | ||
= Managed nodes = | == Managed nodes == | ||
There are only minimal requirements for the clients. For every system you want to manage, you need to have the client's SSH key in the <code>authorized_keys</code> file of the management system and Python. | There are only minimal requirements for the clients. For every system you want to manage, you need to have the client's SSH key in the <code>authorized_keys</code> file of the management system and Python. | ||
Line 28: | Line 28: | ||
{{Cmd|# apk add python3}} | {{Cmd|# apk add python3}} | ||
== Transfer the SSH key == | === Transfer the SSH key === | ||
There are two ways to do it. From a default Alpine installation you can use ssh and cat to do it. | There are two ways to do it. From a default Alpine installation you can use ssh and cat to do it. | ||
Line 37: | Line 37: | ||
{{Cmd|ssh-copy-id -i ~/.ssh/id_ed25519.pub root@[IP of the management system]}} | {{Cmd|ssh-copy-id -i ~/.ssh/id_ed25519.pub root@[IP of the management system]}} | ||
= Usage = | == Usage == | ||
== Configuration == | === Configuration === | ||
{{Todo|https://docs.ansible.com/ansible/latest/reference_appendices/config.html}} | {{Todo|https://docs.ansible.com/ansible/latest/reference_appendices/config.html}} | ||
== Inventory == | === Inventory === | ||
The inventory is the list of managed nodes or "hosts". The default location is <code>/etc/ansible/hosts</code>. You can specify a different inventory file using <code>-i PATH</code> on the command line. | The inventory is the list of managed nodes or "hosts". The default location is <code>/etc/ansible/hosts</code>. You can specify a different inventory file using <code>-i PATH</code> on the command line. | ||
Line 55: | Line 55: | ||
10.0.1.50}} | 10.0.1.50}} | ||
== Ping == | === Ping === | ||
Check that you can reach all nodes: | Check that you can reach all nodes: | ||
Line 61: | Line 61: | ||
{{Cmd|$ ansible all -m ping}} | {{Cmd|$ ansible all -m ping}} | ||
== Playbooks == | === Playbooks === | ||
When writing playbooks for Alpine Linux there are some things to keep in mind: | When writing playbooks for Alpine Linux there are some things to keep in mind: | ||
Line 93: | Line 93: | ||
</ol> | </ol> | ||
== Vault == | === Vault === | ||
{{Todo|https://docs.ansible.com/ansible/latest/vault_guide/index.html}} | {{Todo|https://docs.ansible.com/ansible/latest/vault_guide/index.html}} | ||
=See Also= | === ansible-lint === | ||
Check if using "[https://ansible-lint.readthedocs.io/ proven practices]": | |||
{{Cmd|$ ansible-lint -s ./PATH}} | |||
== See Also == | |||
* https://docs.ansible.com/ansible/latest/collections/community/general/apk_module.html - Official documentation for the apk module. | * https://docs.ansible.com/ansible/latest/collections/community/general/apk_module.html - Official documentation for the apk module. |
Revision as of 20:46, 28 January 2023
This material needs expanding ... Please feel free to help us complete it. |
Ansible is a simple configuration management, deployment, task-execution, and multinode orchestration framework.
It uses SSH for the communication between the involved systems, no server or client daemons are needed, and no additional software beside Python on managed nodes is required.
Installation
On the control node (master host), you can install the ansible-core package and/or the ansible package, which is a "batteries included" package that brings in ansible-core along with a set of curated collections. Both are available from the community repository:
# apk add ansible
Create a SSH key
Generate a SSH key for the managed node. It's recommended to use a key which is protected with a password.
$ ssh-keygen -t ed25519
Managed nodes
There are only minimal requirements for the clients. For every system you want to manage, you need to have the client's SSH key in the authorized_keys
file of the management system and Python.
Install the Python package:
# apk add python3
Transfer the SSH key
There are two ways to do it. From a default Alpine installation you can use ssh and cat to do it.
ssh root@[IP of the management system] 'cat ~/.ssh/id_ed25519.pub' | cat - >> ~/.ssh/authorized_keys
If you are planning to use additional features of SSH. ssh-copy-id
, which is provided by the openssh-client
package, can help you with the key setup.
ssh-copy-id -i ~/.ssh/id_ed25519.pub root@[IP of the management system]
Usage
Configuration
Inventory
The inventory is the list of managed nodes or "hosts". The default location is /etc/ansible/hosts
. You can specify a different inventory file using -i PATH
on the command line.
See How to build your inventory for more information.
Contents of /etc/ansible/hosts
Ping
Check that you can reach all nodes:
$ ansible all -m ping
Playbooks
When writing playbooks for Alpine Linux there are some things to keep in mind:
- There is support for OpenRC, the Init System, in the service module.
- name: Make "lighttpd" start on boot and start now, if not started. ansible-builtin.service: name: lighttpd enabled: true state: started
- There is support for APK as of Ansible 2.0, in the apk module.
- name: Ensure lighttpd is installed, update cache and install if not. community.general.apk: name: lighttpd state: present update_cache: yes
- There is support for the Awall firewall as of Ansible 2.4, in the awall module.
- name: Enable "foobar" policy community.general.awall: name: foobar state: enabled activate: true
-
If you are going to re-use playbooks from other Linux distributions, please keep in mind that Alpine Linux uses different paths for the binaries. For example
rm
is/bin/rm
.
Vault
ansible-lint
Check if using "proven practices":
$ ansible-lint -s ./PATH
See Also
- https://docs.ansible.com/ansible/latest/collections/community/general/apk_module.html - Official documentation for the apk module.
- ArchWiki: Ansible