Skip to content

Instantly share code, notes, and snippets.

@camille-hdl

camille-hdl/README.md

Created November 13, 2024 15:17
Show Gist options
  • Save camille-hdl/48844e9cfb8223793b1d1a6cf9254ee1 to your computer and use it in GitHub Desktop.
Save camille-hdl/48844e9cfb8223793b1d1a6cf9254ee1 to your computer and use it in GitHub Desktop.
Download ZIP
Ansible lab with Podman containers running Debian, on macos
Raw
README.md

More details in this article : https://camillehdl.dev/ansible-lab-with-podman-on-macos/

Gists don't support subdirectories, Replace - by / to get the directory hierarchy.

Prerequisites

  • This was tested on macos 15 with apple silicon.
  • Podman Desktop installed on your machine.
  • YOU NEED TO ADD A KEY PAIR IN THE lab/Containerfiles/controller/ directory and the public key in lab/Containerfiles/node/
  • If, as in my example, you need sshfs, you need macfuse https://osxfuse.github.io

Building the images

>lab/$ ./scripts/build-images.sh

Starting the lab

>lab/$ ./start.sh

Then, assuming your Ansible stuff is in an ansible/ directory next to lab/:

cd ansible
ansible-galaxy install -r requirements.yml
ansible-playbook -i inventories/lab/hosts.yml playbooks/your-playbook.yml
Raw
ansible-inventories-lab-hosts.yml
all:
children:
nodes:
hosts:
your_first_server:
ansible_host: lab_node1
ansible_user: root
ansible_ssh_private_key_file: ~/.ssh/ansible_lab
your_second_server:
ansible_host: lab_node2
ansible_user: root
ansible_ssh_private_key_file: ~/.ssh/ansible_lab
Raw
lab-Containerfiles-controller-Containerfile
# This is the image for the Controller container, the one running Ansible.
# When you run the script `start.sh`, you will end up in a shell in this container.
# YOU SHOULD HAVE AN ansible_lab/ansible_lab.pub key pair in the same directory.
# this will be used to allow ssh connectivity between containers
# If you have openssl, use `ssh-keygen -t ed25519 -N "" -f /path/to/this/directory/ansible_lab`
FROM debian:12
ENV DEBIAN_FRONTEND noninteractive
RUN apt -y update && apt -y install ansible vim
RUN mkdir /root/.ssh
ADD ansible_lab /root/.ssh/ansible_lab
ADD ansible_lab.pub /root/.ssh/ansible_lab.pub
RUN chmod 600 /root/.ssh/ansible_lab
RUN chmod 600 /root/.ssh/ansible_lab.pub
RUN cp /root/.ssh/ansible_lab /root/.ssh/id_rsa
RUN cp /root/.ssh/ansible_lab.pub /root/.ssh/id_rsa.pub
RUN echo "StrictHostKeyChecking no" > /root/.ssh/config
RUN echo "UserKnownHostsFile /dev/null" >> /root/.ssh/config
Raw
lab-Containerfiles-node-Containerfile
# This is the image for the node containers, the ones Ansible will deploy to
# YOU SHOULD HAVE AN ansible_lab.pub public key in the same directory.
# This should be the same public key used in the Controller containerfile
FROM debian:12
ENV DEBIAN_FRONTEND noninteractive
RUN apt -y update && apt -y install openssh-server openssl
ADD ansible_lab.pub /root/.ssh/authorized_keys
RUN ssh-keygen -A
RUN echo "export PS1=\"[\u@\H \W]\$ \"" >> /etc/profile
CMD ["/sbin/init"]
EXPOSE 22
Raw
lab-scripts-buildimages.sh
#!/usr/bin/env bash
set -eu
LAB_DIR=$(realpath "$(dirname "$0")/..")
cd "$LAB_DIR"
if [ ! -d "Containerfiles" ]; then
echo "Error: current directory is incorrect. This script should be run from the lab/ directory"
exit 1
fi
podman build -t lab_ansible_controller ./Containerfiles/controller
podman build -t lab_node ./Containerfiles/node
Raw
lab-scripts-dostart.sh
#!/usr/bin/env bash
######
# This scripts starts containers with the right capabilities, and launches a shell in the controller container.
# This should be run from the lab/ directory.
######
LAB_DIR=$(realpath "$(dirname "$0")/..")
cd "$LAB_DIR"
if [ ! -d "scripts" ]; then
echo "Error: current directory is incorrect. This script should be run from the lab/ directory"
exit 1
fi
podman network create lab_network
# EDIT THE FOLLOWING LINES ACCORDING TO HOW MANY NODES YOU NEED, AND WITH WHICH CAPABILITIES
# for example, node1 needs the SYS_ADMIN capability and /dev/fuse to use sshfs
podman run -d --name lab_node1 --network lab_network --cap-add=CAP_AUDIT_WRITE --cap-add=CAP_AUDIT_CONTROL --cap-add SYS_ADMIN --device /dev/fuse lab_node
# node2 exposes port 8443 for https access
podman run -d --name lab_node2 --network lab_network --cap-add=CAP_AUDIT_WRITE --cap-add=CAP_AUDIT_CONTROL -p 8443:443 lab_node
echo "Nodes started."
# Starts the controller and opens a shell within it
podman run -it --name ansible_controller --network lab_network --cap-add=CAP_AUDIT_WRITE --cap-add=CAP_AUDIT_CONTROL -v "$(pwd)/../ansible:/ansible" lab_ansible_controller /bin/bash
Raw
lab-scripts-dostop.sh
#!/usr/bin/env bash
LAB_DIR=$(realpath "$(dirname "$0")/..")
cd "$LAB_DIR"
# EDIT THIS LINE IF YOU HAVE MORE NODES
podman rm -f ansible_controller lab_node1 lab_node2
podman network rm lab_network
echo "Containers and network removed."
Raw
lab-start.sh
#!/usr/bin/env bash
LAB_DIR=$(realpath "$(dirname "$0")")
cd "$LAB_DIR"
if [ ! -d "scripts" ]; then
echo "Error: current directory is incorrect. This script should be run from the lab/ directory"
exit 1
fi
scripts/dostart.sh
Raw
lab-stop.sh
#!/usr/bin/env bash
LAB_DIR=$(realpath "$(dirname "$0")")
cd "$LAB_DIR"
if [ ! -d "scripts" ]; then
echo "Error: current directory is incorrect. This script should be run from the lab/ directory"
exit 1
fi
scripts/dostop.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment