ansible

Incus Ansible deployment 

---
- name: Create container
  hosts: incus1.example.com
  # become: yes
  tasks:
    - name: Create incus container
      community.general.lxd_container:
        url: "unix:/var/lib/incus/unix.socket"
        name: u2404
        source:
          type: image
          mode: pull
          server: https://images.linuxcontainers.org/
          alias: ubuntu/24.04/cloud
          protocol: simplestreams
        wait_for_container: true
        wait_for_ipv4_addresses: true
        config:
          limits.cpu: "4"
          boot.autostart: "true"
          cloud-init.user-data: |
            #cloud-config
            package_upgrade: true
            locale: en_US.UTF-8
            timezone: Europe/Berlin
            apt_upgrade: true
            package_upgrade: true
            packages:
              - openssh-server
            # disable_root: false
            ssh_authorized_keys:
              - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
          cloud-init.network-config: |
          network:
            version: 2
            ethernets:
              eno1:
                dhcp4: true
        profiles: ["disk-default", "nic-dev"]
      register: container
 
    - name: Configure temporary user for initial run
      set_fact:
        remote_user: ubuntu
      delegate_to: localhost
      delegate_facts: True
      when: container.changed- name: Create container
 
 
- name: Configure container
  hosts: u2404.example.com
  gather_facts: no
  remote_user:  "{{ hostvars['localhost']['remote_user'] | default(lookup('env', 'USER')) }}"
  become: yes
  tasks:
    - name: Create a user 'johnd' with a home directory
      ansible.builtin.user:
        name: johnd
        create_home: yes

Links
https://discuss.linuxcontainers.org/t/creating-container-with-ansible/20050/7
https://documentation.ubuntu.com/lxd/en/latest/cloud-init/
https://docs.ansible.com/ansible/latest/collections/community/general/lxd_container_module.html

Ansible: Collection

Manage collections

# Install collection
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install git@git.example.com:foo/ansible-collections/bar
ansible-galaxy collection install git+file:///home/user/path/to/repo_name
 
# List collections
ansible-galaxy collection list
# default user Ansible collection directory
~/.ansible/collections/ansible_collections/
 
# env vars
ANSIBLE_COLLECTIONS_PATHS
 
# ~/.ansible.cfg 
[defaults]
collections_paths = /path/to/collection
 
# get current path
ansible-config dump | grep -i collection

Include collection in playbook

- hosts: all
  collections:
    - my_namespace.my_collection
 
 
- hosts: all
  tasks:
    - import_role:
        name: my_namespace.my_collection.my_role

Defile collection dependency in role

Kubernetes the hard way

Links
https://github.com/kelseyhightower/kubernetes-the-hard-way

Configure OpenStack application credentials

mkdir -p ~/.config/openstack
 
cat <<EOF> ~/.config/openstack/clouds.yaml
clouds:
  dev-foo:
    auth_type: "v3applicationcredential"
    auth:
      auth_url: https://keystone.service.dev.example.com/v3
      application_credential_id: "YOUR_CREDENTIAL_ID"
      application_credential_secret: "YOUR_CREDENTIAL_PASS"
EOF

Install Terraform

cat <<EOF> /tmp/install-terraform.yml 
---
- hosts: localhost
  tasks:
    - name: Get latest Terraform version
      uri:
        url: https://checkpoint-api.hashicorp.com/v1/check/terraform
      register: response
 
    - set_fact:
        terraform_download_url: "{{ response.json.current_download_url }}"
        terraform_version: "{{ response.json.current_version }}"
 
    - name: Download Terraform {{ terraform_version }}
      unarchive:
        src: "{{ terraform_download_url }}terraform_{{ terraform_version }}_{{ ansible_system | lower }}_amd64.zip"
        remote_src: yes
        dest: ~/bin
        creates: ~/bin/terraform
        mode: 0550
EOF
 
ansible-playbook /tmp/install-terraform.yml

Create test env on OpenStack

Deploy OpenStack host with Ironic and Redfish

Define node variables

NODE=com4-dev
NODE_BMC_HOST=com4-dev.ipmi.dev.i.example.com
NODE_MAC_NIC1=00:11:22:33:44:55

Define env variables

NODE_BMC_USER=ADMIN
NODE_BMC_PASS=ADMIN

Create now node with Redfish (pxe device boot broken)
https://docs.openstack.org/ironic/latest/admin/drivers/redfish.html

openstack baremetal node create \
  --name ${NODE} \
  --driver redfish \
  --driver-info redfish_address="https://${NODE_BMC_HOST}" \
  --driver-info redfish_username=${NODE_BMC_USER} \
  --driver-info redfish_password=${NODE_BMC_PASS} \
  --driver-info redfish_verify_ca=false \
  --driver-info redfish_system_id=/redfish/v1/Systems/1

Create now node with IPMI
https://docs.openstack.org/ironic/latest/admin/drivers/ipmitool.html

openstack baremetal node create \
  --name ${NODE} \
  --driver ipmi \
  --driver-info ipmi_address=${NODE_BMC_HOST} \
  --driver-info ipmi_username=${NODE_BMC_USER} \
  --driver-info ipmi_password=${NODE_BMC_PASS}

iPXE
https://docs.openstack.org/ironic/latest/admin/interfaces/boot.html#pxe-boot

ansible-galaxy

Ansible galaxy

ansible-galaxy install <REPOSITORY>
 
ansible-galaxy role install  --roles-path /tmp https://github.com/avanov/ansible-galaxy-pyenv/archive/refs/tags/1.2.0.tar.gz
mv /tmp/1.2.0 ~/.ansible/roles/avanov.pyenv

https://galaxy.ansible.com/bennojoy/network_interface/ - Network configuration
https://github.com/Oefenweb/ansible-postfix
https://galaxy.ansible.com/geerlingguy/gitlab/

Linux software RAID (mdadm)
https://galaxy.ansible.com/mrlesmithjr/mdadm

ansible-galaxy install mrlesmithjr.mdadm

Docker: Anisble snippets

Ansible docker modules
https://docs.ansible.com/ansible/latest/modules/docker_container_module.html

- name: Enable autostart for running containers
  shell: docker update --restart=always $(docker ps -q)

- name: Get container info
  docker_container_info:
    name: www1
  register: result

- name: Does container exist?
  debug:
    msg: "The container {{ 'exists' if result.exists else 'does not exist' }}"

- name: Stop container
  docker_container:
    name: "{{ result.container.Name }}"
    state: stopped
  when:
    - result.exists
    - result.container.State.Running

OpenStack: Cloud management with Ansible

Ansible OpenStack modules
https://docs.ansible.com/ansible/latest/search.html?q=os_

Ansible OpenStack module repository
https://github.com/ansible/ansible/tree/devel/lib/ansible/modules/cloud/openstack

# Fix; To utilize this module, the installed version ofthe shade library MUST be >=1.8.0
wget http://mirrors.kernel.org/ubuntu/pool/universe/p/python-shade/python-shade_1.30.0-2_all.deb -O /tmp/python-shade_1.30.0-2_all.deb
sudo dpkg -i /tmp/python-shade_1.30.0-2_all.deb

Ansible Inventory

# http://docs.ansible.com/ansible/intro_inventory.html

[all:vars]
#host_key_checking=false
ansible_ssh_common_args='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
#information_environment=dev
#information_product=prod1
#ansible_ssh_user=ubuntu
#ansible_ssh_pass=pass1234
#ansible_user=root

[example.com]
www.example.com
db.example.com

[all:children]
local
example.com

[local:children]
phy.local
vm.local

[phy:children]
phy.local
phy.example.com

[phy.local]
www.local
db.local
backup.local
lxc.local ansible_host=192.168.1.11

Subscribe to ansible