Ansible: Difference between revisions

From Alpine Linux
m (→‎Setup hosts: Fixed broken link to Ansible documentation)
(3 intermediate revisions by one other user not shown)
Line 2: Line 2:


= Installation of ansible =
= Installation of ansible =
ansible is available in ''testing''. The latest package is broken, sorry.
ansible is available in ''main''.


{{Cmd|apk add ansible}}
{{Cmd|apk add ansible}}
Line 9: Line 9:
Generate a SSH key for the managed node. It's recommended to use a key which is protected with a password.
Generate a SSH key for the managed node. It's recommended to use a key which is protected with a password.


{{Cmd|ssh-keygen -t rsa}}
{{Cmd|ssh-keygen -t ed25519}}


= Managed nodes =
= Managed nodes =
Line 16: Line 16:
Install the Python package.
Install the Python package.


{{Cmd|apk add python}}
{{Cmd|apk add python3}}


== Transfer the SSH key ==
== Transfer the SSH key ==
There are two ways to do it. From a default Alpine installation you can use ssh and cat to do it.
There are two ways to do it. From a default Alpine installation you can use ssh and cat to do it.


{{Cmd|<nowiki>ssh root@[IP of the management system] 'cat ~/.ssh/id_rsa.pub' | cat - >> ~/.ssh/authorized_keys</nowiki>}}
{{Cmd|<nowiki>ssh root@[IP of the management system] 'cat ~/.ssh/id_ed25519.pub' | cat - >> ~/.ssh/authorized_keys</nowiki>}}


If you are planning to use additional features of SSH. <code>ssh-copy-id</code>, which is provided by the <code>openssh-client</code> package, can help you with the key setup.  
If you are planning to use additional features of SSH. <code>ssh-copy-id</code>, which is provided by the <code>openssh-client</code> package, can help you with the key setup.  


{{Cmd|ssh-copy-id -i ~/.ssh/id_rsa.pub root@[IP of the management system]}}
{{Cmd|ssh-copy-id -i ~/.ssh/id_ed25519.pub root@[IP of the management system]}}


= Setup hosts =
= Setup hosts =
Line 38: Line 38:
= First test =
= First test =


{{Cmd|$ ansible all -m ping -u you --sudo}}
{{Cmd|$ ansible all -m ping -u you}}


Another test is check all variables.
Another test is check all variables.
Line 72: Line 72:
</ol>
</ol>


The [http://git.alpinelinux.org/cgit/fab/alpine-ansible/ alpine-ansible git repository] contain some example playbooks.  
The [http://git.alpinelinux.org/user/fab/alpine-ansible/ alpine-ansible git repository] contain some example playbooks.


=See Also=
=See Also=

Revision as of 07:49, 29 April 2020

ansible is a simple configuration management, deployment, task-execution, and multinode orchestration framework. It uses SSH for the communication between the involved systems, no server or client daemons are needed, and no additional software beside Python on client boxes is required.

Installation of ansible

ansible is available in main.

apk add ansible

Create a SSH key

Generate a SSH key for the managed node. It's recommended to use a key which is protected with a password.

ssh-keygen -t ed25519

Managed nodes

There are only minimal requirements for the clients. For every system you want to manage, you need to have the client's SSH key in the authorized_keys file of the management system and Python.

Install the Python package.

apk add python3

Transfer the SSH key

There are two ways to do it. From a default Alpine installation you can use ssh and cat to do it.

ssh root@[IP of the management system] 'cat ~/.ssh/id_ed25519.pub' | cat - >> ~/.ssh/authorized_keys

If you are planning to use additional features of SSH. ssh-copy-id, which is provided by the openssh-client package, can help you with the key setup.

ssh-copy-id -i ~/.ssh/id_ed25519.pub root@[IP of the management system]

Setup hosts

Add all your remote systems to /etc/ansible/hosts. For details, please refer to Hosts and Groups in the ansible documentation.

Contents of /etc/ansible/hosts

192.168.1.50 10.0.0.12 webserver.example.org mail.example.org

First test

$ ansible all -m ping -u you

Another test is check all variables.

# ansible [IP of your Alpine Linux box] -m setup

Playbooks

When writing playbooks for Alpine Linux there are modules to keep in mind:

  1. There is support for OpenRC, the Init System, in the service module.
    - service:
       name: lighttpd
       enabled: yes
       state: started
    
  2. There is support for APK as of Ansible 2.0.
    - apk:
       name: lighttpd
       state: present
       update_cache: yes
    
  3. There is support for the Awall firewall as of Ansible 2.4.
    - awall:
       name: policyfile
       state: enabled
       activate: yes
    
  4. If you are going to re-use playbooks from other Linux distribution, please keep in mind that Alpine Linux uses different paths for the binaries. /bin/rm

The alpine-ansible git repository contain some example playbooks.

See Also