I have been thinking about starting to test Ansible in order to learn some of the basics, so what better way to do it in a easy to access system as a Raspberry Pi.

We won’t be doing anything amazing here, just some basics processes on how to start with Ansible.

Lets start!!

Like I was mentioning earlier, lets use a small Raspberry Pi 2:

    Linux raspi-2 4.19.97-v7+ #1294 SMP Thu Jan 30 13:15:58 GMT 2020 armv7l

    The programs included with the Debian GNU/Linux system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.

    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
    permitted by applicable law.
    Last login: Fri Feb  7 15:10:01 2020 from 192.168.0.21
        .',;:cc;,'.    .,;::c:,,.    P-42@raspi-2
       ,ooolcloooo:  'oooooccloo:    OS: Raspbian 10 buster
       .looooc;;:ol  :oc;;:ooooo'    Kernel: armv7l Linux 4.19.97-v7+
         ;oooooo:      ,ooooooc.     Uptime: 4d 23h 1m
           .,:;'.       .;:;'.       Packages: 635
           .... ..'''''. ....        Shell: 25900
         .''.   ..'''''.  ..''.      WM: Not Found
         ..  .....    .....  ..      CPU: ARMv7 rev 5 (v7l) @ 4x 900MHz
        .  .'''''''  .''''''.  .     GPU: BCM2708
      .'' .''''''''  .'''''''. ''.   RAM: 193MiB / 926MiB
      '''  '''''''    .''''''  '''
      .'    ........... ...    .'.
        ....    ''''''''.   .''.
        '''''.  ''''''''. .'''''
         '''''.  .'''''. .'''''.
          ..''.     .    .''..
                .'''''''
                 ......
    P-42@raspi-2:~#

Installing Ansible

We can use apt or your particular distro package manager, but doing that, we risk no getting the latest version available.
In some cases, I have to agree that is good idea, we make sure system is kept stable and the packages has been tested enough, but in technologies like Ansible, which is still changing so rapidly, I recommend you to go ahead in your tests and get the latest version, that way you will also learn to use those latest versions, which have some modules usage differences.

Lets see the version installed using apt in Raspbian

    P-42@raspi-2:~#sudo apt-get update
    Get:1 http://archive.raspberrypi.org/debian buster InRelease [25.1 kB]
    Get:2 http://raspbian.raspberrypi.org/raspbian buster InRelease [15.0 kB]
    [....]
    Fetched 13.3 MB in 17s (806 kB/s)
    Reading package lists... Done

   P-42@raspi-2:~#sudo apt list ansible
    Listing... Done
    ansible/stable,now 2.7.7+dfsg-1 all [residual-config]
    P-42@raspi-2:~#

Lets compare it with the version we get using pip3

    P-42@raspi-2:~#pip3 search "ansible"
    [...]
    ansible (2.9.4)               - Radically simple IT automation

As you can see ,there are some difference, so I really recommend you to use pip for the installation

To Install Ansible using pip3, install pip3 first and then lets install Ansible for your current user:

    P-42@raspi-2:~#sudo apt-get install python3-pip
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following packages were automatically installed and are no longer required:
      ieee-data libsodium23 python3-bcrypt python3-httplib2 python3-jinja2 python3-jmespath 
      [....]
      Setting up libpython3-dev:armhf (3.7.3-1) ...
    Processing triggers for mime-support (3.62) ...
    P-42@raspi-2:~#

    P-42@raspi-2:~#pip3 install --user ansible
    Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
    Collecting ansible
      Using cached https://files.pythonhosted.org/packages/d7/d7/5afcb906038cd8a217ac57110055e27000c5cfe05ecafe969aaa119d1652/ansible-2.9.4.tar.gz
    Requirement already satisfied: PyYAML in /usr/lib/python3/dist-packages (from ansible) (3.13)
    Requirement already satisfied: cryptography in /usr/lib/python3/dist-packages (from ansible) (2.6.1)
    Requirement already satisfied: jinja2 in /usr/lib/python3/dist-packages (from ansible) (2.10)
    Building wheels for collected packages: ansible
      Running setup.py bdist_wheel for ansible ... done
      Stored in directory: /home/P-42/.cache/pip/wheels/f2/8a/6e/a433065001168c4ecbb5eb34224ec0af954e2a12aefe3da2cb
    Successfully built ansible
    Installing collected packages: ansible
    Successfully installed ansible-2.9.4
    P-42@raspi-2:~#

Installing Ansible using the --user option, will make that the binary will be available directly under your user home, and not in your root bin directory (/bin,/usr/bin..)

    P-42@raspi-2:~#which ansible
    /home/P-42/.local/bin/ansible
    P-42@raspi-2:~#

For that, I recommend you to add your $user_home/.local/bin to your PATH environment:

    P-42@raspi-2:~#env |grep bin
    SHELL=/bin/bash
    PATH=/home/P-42/gems/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games:/home/P-42/.local/bin
    _=/usr/bin/env
    P-42@raspi-2:~#

Ansible Project Configuration

Now that we have Ansible installed, lets set some basic configuration.

Create a directory for our first project where we are going to set the different configuration files and Ansible playbooks

    P-42@raspi-2:~#mkdir Ansible
    mkdir: created directory 'Ansible'
    P-42@raspi-2:~# 

First file we are going to create, is an Ansible configuration file. This will make sure we are using correct inventory file and some specific options for this project.
In this case, we will use the inventory file in the local directory and will be connecting to the remote server as root. Additionally, will disable ssh-key check so we can connect to the servers without doing first ssh-key handshake (is a security risk, but will help us to destroy and deploy containers and VMs more rapidly in the future)

    P-42@raspi-2:~/Ansible#cat ansible.cfg
    [defaults]
    # host_key_check diabled to avoid issues connecting to the Servers *Is a security risk*
    host_key_checking = False

    # Make user we are using local inventory and not the default one
    inventory=./inventory

    # Set default user to root
    remote_user=root
    P-42@raspi-2:~/Ansible#

Using --version attribute, will allow us to make sure we are suing correct configuration file:

    P-42@raspi-2:~/Ansible#ansible --version
    ansible 2.9.4
      config file = /home/P-42/Ansible/ansible.cfg
      configured module search path = ['/home/P-42/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
      ansible python module location = /home/P-42/.local/lib/python3.7/site-packages/ansible
      executable location = /home/P-42/.local/bin/ansible
      python version = 3.7.3 (default, Dec 20 2019, 18:57:59) [GCC 8.3.0]
    P-42@raspi-2:~/Ansible#

Lets create the inventory file with the list of hosts we will use for our project

    P-42@raspi-2:~/ansible#cat inventory
    [all]
    server[1:4]

    [webservers]
    server1
    server2

We can list all the hosts from our inventory

    P-42@raspi-2:~/Ansible#ansible all --list-hosts
      hosts (4):
        server1
        server2
        server3
        server4
    P-42@raspi-2:~/Ansible#

** These servers we are using are Docker containers we created using the following tutorial: https://dev.to/project42/install-and-deploy-docker-in-raspberry-pi-14kj

If we try the command ansible ping we will have errors, since we can not actually connect to our servers using ssh public keys

    P-42@raspi-2:~/Ansible#ansible all -m ping
    server2 | UNREACHABLE! => [
        "changed": false,
        "msg": "Failed to connect to the host via ssh: root@server2: Permission denied (publickey,password).",
        "unreachable": true
    ]
    server1 | UNREACHABLE! => [
        "changed": false,
        "msg": "Failed to connect to the host via ssh: root@server1: Permission denied (publickey,password).",
        "unreachable": true
    ]
    server3 | UNREACHABLE! => [
        "changed": false,
        "msg": "Failed to connect to the host via ssh: root@server3: Permission denied (publickey,password).",
        "unreachable": true
    ]
    server4 | UNREACHABLE! => [
        "changed": false,
        "msg": "Failed to connect to the host via ssh: root@server4: Permission denied (publickey,password).",
        "unreachable": true
    ]
    P-42@raspi-2:~/Ansible#

Deploying our first Playbook

Lets deploy the following Ansible Playbook in order to add our ssh public key to all servers root user

    P-42@raspi-2:~/Ansible#cat ssh-key.yml
    ---
    - name: Set authorized key for user root copying it from current user
      hosts: all
      tasks:
      - name: Install ssh-key
        authorized_key:
          user: root
          state: present
          key: "[ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') ]]"
    P-42@raspi-2:~/Ansible#

In order to use Ansible without having ssh-keys in the different servers, we will need to install the package sshpass first

    P-42@raspi-2:~/Ansible#sudo apt-get install sshpass -y
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following packages were automatically installed and are no longer required:
      ieee-data libsodium23 python3-bcrypt python3-httplib2 python3-jinja2 python3-jmespath python3-kerberos python3-libcloud python3-lockfile
      python3-markupsafe python3-nacl python3-netaddr python3-ntlm-auth python3-paramiko 
      [....]
    Processing triggers for man-db (2.8.5-2) ...
    P-42@raspi-2:~/Ansible#

Lets now deploy the playbook ssh-key.yml using the option -k so ansible will ask for the root password before connecting to the systems, allowing it to get the ssh-key added:

    P-42@raspi-2:~/Ansible#ssh root@server1
    Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.19.97-v7+ armv7l)

     * Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage

    Last login: Wed Feb 12 18:20:18 2020 from 172.168.0.1
    root@server1:~#

    P-42@raspi-2:~/Ansible#ansible-playbook -k ssh-key.yml
    SSH password:

    PLAY [Set authorized key for user root copying it from current user] **************************************************************************

    TASK [Gathering Facts] ************************************************************************************************************************
    [DEPRECATION WARNING]: Distribution Ubuntu 16.04 on host server1 should use /usr/bin/python3, but is using /usr/bin/python for backward
    compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
    https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in
    version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
    ok: [server1]
    [DEPRECATION WARNING]: Distribution Ubuntu 16.04 on host server4 should use /usr/bin/python3, but is using /usr/bin/python for backward
    compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
    https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in
    version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
    ok: [server4]
    [DEPRECATION WARNING]: Distribution Ubuntu 16.04 on host server2 should use /usr/bin/python3, but is using /usr/bin/python for backward
    compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
    https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in
    version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
    ok: [server2]
    [DEPRECATION WARNING]: Distribution Ubuntu 16.04 on host server3 should use /usr/bin/python3, but is using /usr/bin/python for backward
    compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
    https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in
    version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
    ok: [server3]

    TASK [Install ssh-key] ************************************************************************************************************************
    changed: [server2]
    changed: [server4]
    changed: [server1]
    changed: [server3]

    PLAY RECAP ************************************************************************************************************************************
    server1                    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
    server2                    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
    server3                    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
    server4                    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

    P-42@raspi-2:~/Ansible#

and voila! we got our ssh-keys deployed and we can connect the systems without using the root password
(We can ignore does warning by enabling deprecation_warnings=False in ansible.cfg, but I recommend you to leave them to learn new things and get better usage of Ansible)

    P-42@raspi-2:~/Ansible#ansible all -m ping
    [DEPRECATION WARNING]: Distribution Ubuntu 16.04 on host server3 should use /usr/bin/python3, but is using /usr/bin/python for backward
    compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
    https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in
    version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
    server3 | SUCCESS => [
        "ansible_facts": [
            "discovered_interpreter_python": "/usr/bin/python"
        ],
        "changed": false,
        "ping": "pong"
    ]
    [DEPRECATION WARNING]: Distribution Ubuntu 16.04 on host server2 should use /usr/bin/python3, but is using /usr/bin/python for backward
    compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
    https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in
    version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
    server2 | SUCCESS => [
        "ansible_facts": [
            "discovered_interpreter_python": "/usr/bin/python"
        ],
        "changed": false,
        "ping": "pong"
    ]
    [DEPRECATION WARNING]: Distribution Ubuntu 16.04 on host server4 should use /usr/bin/python3, but is using /usr/bin/python for backward
    compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
    https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in
    version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
    server4 | SUCCESS => [
        "ansible_facts": [
            "discovered_interpreter_python": "/usr/bin/python"
        ],
        "changed": false,
        "ping": "pong"
    ]
    [DEPRECATION WARNING]: Distribution Ubuntu 16.04 on host server1 should use /usr/bin/python3, but is using /usr/bin/python for backward
    compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
    https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in
    version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
    server1 | SUCCESS => [
        "ansible_facts": [
            "discovered_interpreter_python": "/usr/bin/python"
        ],
        "changed": false,
        "ping": "pong"
    ]
    P-42@raspi-2:~/Ansible#

Like a mentioned, this is just a simple example of how to get started with Ansible in Raspberry Pi.

Last modified: 1 August 2020

Author

Comments

Write a Reply or Comment

Your email address will not be published.