Skip to content

Ansible

Installing Ansible

See http://docs.ansible.com/intro_installation.html for the long instructions.

There's multiple ways to install ansible. I used Python's 'pip' command to install it on OS X, but you can also use homebrew or a git checkout.

pip

sudo pip install ansible

homebrew

brew install ansible

checkout

git clone git://github.com/ansible/ansible.git
cd ./ansible
source ./hacking/env-setup

If you use the checkout method, add a line to your ~/.profile (on OS X) or your ~/.bashrc file (all other sane OSes).

You only need ansible on your local machine. It does not need to be installed on the servers.

Installing Third Party Ansible Roles

See http://docs.ansible.com/galaxy.html for more information about managing third party roles.

In brief, you'll need to sign up for galaxy at https://galaxy.ansible.com and execute the following command in the de-ansible repo.

ansible-galaxy install --force -r requirements.yaml

Learning About Ansible

If you just want to use ansible for DE related tasks, move on to the other sections.

If you want to make your own playbooks for existing inventories of servers, read: http://docs.ansible.com/playbooks_intro.html.

If you want to create a new inventory or modify an existing one, read: http://docs.ansible.com/intro_inventory.html.

Each playbook uses one or more modules. Modules encapsulate operations that run on servers and make them idempotent. There are a lot of existing modules, which you can read about at http://docs.ansible.com/modules_by_category.html.

Ansible Config Settings

The design of the DE's ansible variables makes use of YAML "hashes". If you ever intend to override a single value in a hash, you will need to set ansible's hash behaviour to "merge". The easiest way to set these are with environment variables. For example, add these lines to your ~/.bash_profile or ~/.bashrc file:

export ANSIBLE_HASH_BEHAVIOUR="merge"

Or these settings can be updated in a local ansible.cfg.

Preparing Servers

simplejson

Each server needs to have the simplejson Python library available for the default Python installation.

CentOS ⅚

sudo yum install python-simplejson

This should already be done for the development servers.

curl

Each server needs to have curl on it so ansible can send messages to chat. curl is provided by default on CentOS distributions, It needs to be manually installed on Ubuntu systems.

Ubuntu

sudo apt-get install curl

httplib2

Each server needs to have httplib2 Python library available for the default Python installation. It needs to be manually installed on Ubuntu and CentOS 6 systems.

TODO: Is manual installation still necessary? The private-registry-image-builder role installs it with pip (on CentOS7 systems at least).

Ubuntu

sudo apt-get install python-httplib2

CentOS 6

sudo yum install python-httplib2

Setting Up Your Accounts

You will need passwordless ssh access to each of the servers listed in the inventory for the environment you're working in.

Generate RSA private and public keys

If you do not already have a ~/.ssh/id_rsa.pub file generated, then run this command to create it:

ssh-keygen -t rsa

Install ssh-copy-id

See https://github.com/beautifulcode/ssh-copy-id-for-OSX for instructions on setting up ssh-copy-id on OS X.

Copying ssh keys

ssh-copy-id -i <path-to-public-key> <server>

For example:

ssh-copy-id -i ~/.ssh/id_rsa.pub user@example.iplantcollaborative.org

Do that for each of the servers in the inventory. I'd recommend setting up an SSH config that has entries for each of the servers (include the fully-qualified domain name) first; it will allow you to skip a lot of typing.

Next, you need to generate entries in ~/.ssh/known_hosts for each of the servers. The easiest way to do this is to ssh into each of the servers once after you've set up passwordless ssh access. You need to SSH into the fully-qualified domain name of the host. For example:

ssh example.iplantcollaborative.org

You will also need sudo access on those servers for some operations. You should already have this if you're in the dev group on the servers.