Poor man's Ansible Tower
After a while of messing around with the free / demo version of Ansible Tower I thought that this could also be done with free tools. With some help from the internet and as an IT consultant I found the way forward.
As we all known Ansible is for free and is a package in the Ubuntu repository. Ansible Tower is a frontend for Ansible that will provide scheduler and a fancy webfrontend.
Rundeck is a job scheduler and runbook administration that is for free and also has a fancy webfrontend.
So for the poor man's solution we are going to use the best of both worlds.
for the proof of concept we need a couple of things:
* ubuntu 16.04.1 LTS server/desktop with lxd and zfs * ansible container * rundeck container
ubuntu 16.04.1 LTS host server
This is a relative easy step, clean install on a spare server/vps a new, fresh install of Ubuntu 16.04.1 LTS, after the installation you need to install some extra packages for zfs and lxd.
update and installation of required host components:
sudo apt-get update sudo apt-get --yes dist-upgrade sudo apt-get --yes install zfsutils-linux lxd lxd-tools lxd-client
configuration of zfs:
sudo truncate -s 30G /usr/lib/lxd/zfs.img
configuration of lxd:
sudo lxd init --storage-backend zfs --storage-pool lxd --auto
deploy the following lxd-bridge configuration
# WARNING: This file is generated by a debconf template! # It is recommended to update it by using "dpkg-reconfigure -p medium lxd" # Whether to setup a new bridge or use an existing one USE_LXD_BRIDGE="true" # Bridge name # This is still used even if USE_LXD_BRIDGE is set to false # set to an empty value to fully disable LXD_BRIDGE="lxdbr0" # Update the "default" LXD profile UPDATE_PROFILE="true" # Path to an extra dnsmasq configuration file LXD_CONFILE="/etc/lxc/dnsmasq.conf" # DNS domain for the bridge LXD_DOMAIN="lxd" # IPv4 ## IPv4 address (e.g. 10.0.8.1) LXD_IPV4_ADDR="172.16.0.1" ## IPv4 netmask (e.g. 255.255.255.0) LXD_IPV4_NETMASK="255.255.0.0" ## IPv4 network (e.g. 10.0.8.0/24) LXD_IPV4_NETWORK="172.16.0.0/16" ## IPv4 DHCP range (e.g. 10.0.8.2,10.0.8.254) LXD_IPV4_DHCP_RANGE="172.16.1.1,172.16.255.254" ## IPv4 DHCP number of hosts (e.g. 250) LXD_IPV4_DHCP_MAX="65354" ## NAT IPv4 traffic LXD_IPV4_NAT="true" # IPv6 ## IPv6 address (e.g. 2001:470:b368:4242::1) LXD_IPV6_ADDR="fd00::20" ## IPv6 CIDR mask (e.g. 64) LXD_IPV6_MASK="64" ## IPv6 network (e.g. 2001:470:b368:4242::/64) LXD_IPV6_NETWORK="fd00::20/64" ## NAT IPv6 traffic LXD_IPV6_NAT="true" # Run a minimal HTTP PROXY server LXD_IPV6_PROXY="false"
After this configuration is saved in
/etc/default/lxd-bridge we can continue
sudo dpkg-reconfigure -f noninteractive -p medium lxd" sudo systemctl restart lxd-bridge.service
Installing other requirements
sudo apt-get install openssh-server python aptitude curl
after this is done you can restart the host server
Now that the host server is finished we can create a lxc container that can be used as the ansible server without the Ansible Tower function.
Creating the ansible container
echo "dhcp-host=ansible,172.16.0.10" >> /etc/lxc/dnsmasq.conf sudo echo "172.16.0.10 ansible.example.com ansible" >> /etc/hosts sudo systemctl restart lxd-bridge.service lxc image copy images:ubuntu/xenial local: --alias=ubuntu lxc launch ubuntu ansible lxc exec ansible -- bash
apt-get update apt-get --yes dist-upgrade apt-get install software-properties-common openssh-server apt-add-repository ppa:ansible/ansible apt-get update apt-get --yes install ansible mkdir /root/.ssh systemctl enable ssh systemctl restart ssh lxc file push ~/.ssh/id_rsa.pub ansible/root/.ssh/authorized_keys --mode=0644 lxc stop ansible lxc start ansible ssh -l root ansible.example.com
after this you can download / use ansible playbooks on this server.
The deployment of the rundeck container could be done by ansible, I've not (yet) written a playbook for it so we are going to do this manual.
Creating the rundeck container
echo "dhcp-host=rundeck,172.16.0.11" >> /etc/lxc/dnsmasq.conf sudo echo "172.16.0.11 rundeck.example.com rundeck" >> /etc/hosts sudo systemctl restart lxd-bridge.service lxc launch ubuntu rundeck
apt-get update apt-get --yes dist-upgrade apt-get install openssh-server wget curl openjdk-8-jdk aptitude python wget http://dl.bintray.com/rundeck/rundeck-deb/rundeck-2.7.1-1-GA.deb dpkg -i rundeck-2.7.1-1-GA.deb systemctl enable rundeckd cd /etc/rundeck ## change hostname from localhost to rundeck.example.com in ## framework.properties and rundeck-config.properties ## add a user to realm.properties ## if you don't want plain text passwords use the folling command cd /var/lib.rundeck/bootstrap java -cp jetty-all-9.0.7.v20131107.jar org.eclipse.jetty.util.security.Password <user> <pass> systemctl restart rundeckd
Now you are finished and can see rundeck in it's full glory, open a browser and connect to: http://rundeck.example.com:4440
There are somethings that I forgot, because I known that you can figure that out but I will point you in the right direction.
- ssh key's, ssh key's, ssh key's. - node configration in rundeck, use google for this. - playbooks and rundeck jobs, please put some effort in it, I could do it.
also if part of the code does not work, please let me know I will change it but in general if there is a typo the solution is also in found in that direction.