Ansible
Ansible - is an automation platform, which is built on imperative approach.
Unlike Terraform with its declarative approach, here we do not describe the state we want to achieve, but describe the way to achieve this state, while Ansible gives us idempotence (in simple words , multiple runs will not lead to a change in the final state, for example, running the playbook (a set of actions) of nginx installation 5 times, we won't get 5 reinstallations of the package,but just one installation and 4 checks that it is already there, and no action is required).
That's Ansible in short and I don't want to tell more about it, because Ansible has a great docs and community, you can find it without me anyway. Let's go further to the interest point: Ansible do not support Windows as a control node, only unix-like systems are supported. Well, for these cases Windows has the WSL, which we will use for it. Just in case there is another way to use Ansible with devContainers.
I use WSL 2 with Ubuntu, ubuntu config --default-user root
:
wsl
# let's install latest python, because ubuntu has an old one
add-apt-repository ppa:deadsnakes/ppa
apt-get update
apt-get install -y python3.11 libffi-dev libssl-dev
# I don't know much about python ecosystem around venv, 2.7 & 3 wars,
# I just want to use something like python-is-python3 ¯\(°_o)/¯
ln -s /usr/bin/python3.11 /usr/bin/python
update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 1
# We don't need to store old Ubuntu packages
apt remove --purge python3-apt && apt install python3-apt
apt install python3.11-distutils
# check
update-alternatives --config python3
python --version
# install pip
python -m ensurepip --upgrade
# In case if you don't have ensurepip ^^^:
# curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
# python get-pip.py
# check pip:
python -m pip -V
# upgrade pip
python -m pip install --upgrade pip
## let's add pip scripts to PATH (if wsl is under root)
echo 'PATH=$PATH:/root/.local/bin/' >> ~/.bashrc
. ~/.bashrc
# let's check venv, use in /tmp/ or in git repo where you can wipe new files
python -m venv env
# if you see something like:
# Error: Command ... returned non-zero exit status 1
# you should install venv
apt install python3.11-venv
# install ansible via pip, if you want to automate Windows machines install pywinrm too
python -m pip install --user ansible pywinrm
# The best linter which works with vscode & redhat ansible plugin
python -m pip install ansible-lint
As IDE for Ansible I use vscode with these extensions (.vscode/extensions.json
):
{
"recommendations": [
"redhat.ansible",
"mattiasbaake.vscode-snippets-for-ansible"
]
}
The first one is an official plugin for Ansible from RedHat, the second is generated snippets from Ansible collections.
Let's run code .
in WSL to install vscode server, after start we will get an error about ansible-lint
,
because vs code plugin under wsl uses wrong projectDir.
Workaround is creation of .config/ansible-lint.yml
in the repo, and ansible-lint will find the right --project-dir
.
You are ready to write playbooks, but run with ansible-playbook -i inventory.yaml playbook.yaml
is too annoying,
let's use a vscode build task on opened playbook file, create .vscode/tasks.json
:
{
"version": "2.0.0",
"tasks": [
{
"label": "Run ansible-playbook on current file",
"command": "ansible-playbook -i inventory.yaml ${file} --diff",
"type": "shell",
"args": [],
"problemMatcher": [],
"presentation": {
"reveal": "always"
},
"group": {
"isDefault": true,
"kind": "build"
},
"options": {
"env": {
"ANSIBLE_DEBUG": "0"
}
}
}
]
}
So the end, you can run now playbooks with default ctrl+shift+b
in vscode (but I use alt+shift+d
).
If something wrong with playbook you can set ANSIBLE_DEBUG
to 1 and see the full log of a playbook.
Docs
- Ansible Documentation - Getting started with Ansible
- Not bad introducing article with real case scenario -
Exploring Ansible via Setting Up a WireGuard VPN