10.3 Getting Started

We will install Docker in WSL (there are some problems with getting the network working between WSL and docker containers)

Note

Ansible is being used to configure virtual machines, we can configure containers (normally we create an image that we will reuse)

Run on the ControlNode (WSL)

# Upgrade all WSL packages
sudo apt update && sudo apt upgrade

# Install dependencies
sudo apt -y install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt add -

# Add new repository
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

# Pull all the new changes from the new added repository
sudo apt update
sudo apt -y install docker-ce docker-ce.cli containerd.io

# Run docker service
sudo service docker start

# Check if docker is running
sudo service docker status

# Create a new interactive Ubuntu container named managed_node1 running bash
docker run --name managed_node1 -it ubuntu bash

# Check running containers
docker ps

# Find out IPAddress
docker inspect -f "{{ .NetworkSettings.IPAddress }}" managed_node1

# or
docker exec -it managed_node1 bash
hostname -I

Run on the managed_node1

# To access via SSH server it needs an SSH server installed
apt update && apt -y install openssh-server

# allow to login as root account via SSH.
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

# change the password for the account
passwd

# start the SSH service on the container.
/etc/init.d/ssh start

# check that the service is running
/etc/init.d/ssh status

Run on the ControlNode (WSL)

# Exchange keys between systems
ssh-copy-id root@172.17.0.2

Note

There are 2 ways to connect to the: password or key. We prefer to use keys.

Setup the configuration and inventory

  1. create a new file ansible.cfg

[defaults]
inventory = inventory

  1. create a new file inventory

[nodes]
172.17.0.2             ansible_connection=ssh        ansible_user=root

Running Ansible

There are 2 ways of running Ansible:

  1. Adhoc commands

# This command will check if you have a connection to the managed nodes
ansible nodes -m ping

# This command will allow you to run a shell session on the managed node
ansible nodes -m shell -a "hostname"

# Create a new file in /tmp
ansible nodes -m shell -a "touch /tmp/example1"

# Check the newly created file
ansible nodes -m shell -a "ls -l /tmp/example1"

  1. Playbook

File manipulation

Create a new file create_new_file.yml

- name: Create a new file
hosts: nodes
tasks:

    - name: Change file ownership, group, and permissions
      ansible.builtin.file:
        path: /tmp/example2
        owner: root
        group: root
        mode: '0644'
        state: touch

    - name: Remove previous file
      ansible.builtin.file:
        path: /tmp/example
        state: absent

User manipulation

Create a new file create_users_groups.yml

- name: Create a new file
  hosts: nodes
  tasks:

    - name: Create multiple groups
      ansible.builtin.group:
        name: "{{ item }}"
        state: present
      loop:
        - developers
        - operators
        - admins

    - name: Add the user 'user1' with a specific uid 7654 and a primary group of 'developer'
      ansible.builtin.user:
        name: user1
        comment: User One
        uid: 7654
        group: developer

    - name: Add the user 'user2' with a bash shell, appending the group 'admins' and 'developers' to the user's groups
      ansible.builtin.user:
        name: user2
        shell: /bin/bash
        groups: admins,developers
        append: yes

    - name: Remove the user 'user1'
      ansible.builtin.user:
        name: user1
        state: absent
        remove: yes

    - name: Create a 2048-bit SSH key for user user3 in ~/user3/.ssh/id_rsa
      ansible.builtin.user:
        name: user3
        generate_ssh_key: yes
        ssh_key_bits: 2048
        ssh_key_file: .ssh/id_rsa

Working with roles

The Ansible repository can be built in multiple layouts, most uses on top-level the inventories, vars, playbooks and roles directory

production                # inventory file for production servers
staging                   # inventory file for staging environment
develop                   # inventory file for staging develop

group_vars/
  group1.yml             # here we assign variables to particular groups
  group2.yml
host_vars/
  hostname1.yml          # here we assign variables to particular systems
  hostname2.yml

site.yml                  # master playbook
webservers.yml            # playbook for web server tier
dbservers.yml             # playbook for db server tier

roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      # tasks file can include smaller files if warranted
        handlers/         #
            main.yml      # handlers file
        templates/        # files for use with the template resource
            web.conf.j2   # templates end in .j2
        files/            #
            hello.py      # files for use with the copy resource
            world.sh      # script files for use with the script resource
        vars/             #
            main.yml      # variables associated with this role
        defaults/         #
            main.yml      # default lower priority variables for this role
        meta/             #
            main.yml      # role dependencies

    monitoring/            # same structure as "common" role used above

Where can we find Ansible modules?

  1. ansible-doc documentation: ansible-doc user

  2. Ansible docs

How to debug when stuff is not working?

  1. Make sure that you’re always checking that what you expect is there, if you want to update a file make sure that is present in the location you’re expecting.

  2. Use debug statements inside of the playbooks

  3. Use verbose -vvvv