My Ansible Development Setup

A few weeks ago I started digging into the Ansible universe. One of the first things I learned was the need for a proper Ansible Development Setup. My common Ansible playbooks are focused on VMware vSphere and the ecosystem around a proper deployment workflow (IPAM, CI, DNS and so on). However, this blog post should only cover a few general topics and not specific integrations.

Ansible Control Machine

I have decided to use a simple CentOS 7 VM as Ansible Control Machine for my home lab.

Minor OS preperation and Ansible setup:

yum install -y epel-release
yum update -y
yum install -y ansible git vim htop

Extra packages for the VMware related Ansible Modules:

yum install -y python-pip
pip install pyvmomi

mkdir /extras/
cd /extras/
git clone https://github.com/vmware/vsphere-automation-sdk-python.git
cd vsphere-automation-sdk-python/
pip install --upgrade --force-reinstall -r requirements.txt --extra-index-url file:///extras/vsphere-automation-sdk-python/lib

The VMware related Ansible Modules leverages for the most common functions the vSphere Management SDK packages (pyVmomi). This SDK uses the vSphere SOAP API. Some functions, such as tag management, additionally require the vSphere Automation Python SDK. This SDK uses the VMware REST API.

PowerShell for some special use cases:

cd /extras/
curl https://packages.microsoft.com/config/rhel/7/prod.repo | sudo tee /etc/yum.repos.d/microsoft.repo
yum install powershell

Basic VIM configuration for Ansible YAML files:

au! BufNewFile,BufReadPost *.{yaml,yml} set filetype=yaml foldmethod=indent
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab
set number
set cursorline

The configuration file for the VIM editor is ~/.vimrc. There are also some VIM Ansible Plugins, like vim-ansible-yaml available, but for my Setup, they are net required.

My Ansible Development Setup - VIM Layout

Create Ansible Vault Password File

It is very important to protect your confidential information, especial when your projects are shared via GitHub! Ansible Vault is the tool of choice to handle sensitive data such as passwords or keys in encrypted files. At this point, we only create the password file on the Ansible Control Machine as a preparation for further steps.

vi ~/.vault_pass.txt
-Your Password-

Ansible Workstation

To complete the basic Ansible Development Setup, my client needs to be prepared for efficient use. I have decided to use Visual Studio Code with the Ansible Extension. The extension allows to ship the local project to the Ansible Control Machine on save and run it when needed from there.

Additional settings for the Ansible Extension:

"files.associations": {
"**/*.yml": "ansible"
},
"ansible.customOptions": "--vault-password-file ~/.vault_pass.txt"

The ansible.customOptions will ensure that my Ansible Password File will be used to encrypt the protected files with confidential data like server names, user names, passwords and other environment details.

Server file for quick access to the Workstation to Control Machine connection:

[
     {
         "host": "10.0.2.15",
         "port": 22,
         "user": "root",
         "password": "-Your Password-"
     }
]

The Server File is located at “$HOME\.ssh\servers.json”.

Ansible Project

This is just a simple Ansible project with one Playbook to demonstrate the Ansible Development Setup in action.

Project folder structure:

C:.
│   README.md
│   vmware_test_debug.yml
│
├───.vscode
│       settings.json
│
├───group_vars
│       all.yml
│
└───roles

Settings

The only Setting for the project is the Auto-Upload configuration to the Conttol Machine.

{
    "ansible.fileCopyConfig": [
        {
            "server": "10.0.2.15",
            "sourcePath": "c:\\Users\\-Your User-\\Documents\\GitHub\\Ansible-Playground/",
            "targetPath": "Ansible-Playground/",
            "copyOnSave": true
        }
    ]
}

The Settings.json File is located in the .vscode folder of the Working Directory.

Variables

This project only uses the default group_vars file all.yml to store all variables. The whole file is encrypted with Ansible-Vault.

Ansible Development Setup - Ansible-Vault encrypt

With Ansible-Vault you are also able to encrypt only specific parts of a file, like a password.

Playbook

The example playbook only creates some debug messages to verify that everything works as expected.

- name: Test Debug 
  hosts: localhost
  gather_facts: no
  tasks:
  - name: Output vCenter details
    debug:
        msg: 
        - "my vCenter:      {{ vcenter_hostname }}"
        - "my Username:     {{ vcenter_username }}"
        - "my Password:     {{ vcenter_password }}" # Do not in Production!!

Ansible Development Setup – Playbook Run

If all components of the Ansible Development Setup are configured properly, you are able to execute the Playbook from your local Workstation directly on the Ansible Control Machine.

Ansible Development Setup - Ansible-Playbook run

Further Info

9 Comments

  1. Dan 22. March 2019
    • Markus Kraus 22. March 2019
  2. Saik 8. June 2019
    • Markus Kraus 8. June 2019
  3. Saik 8. June 2019
  4. Saik 11. June 2019
  5. Mike 30. May 2020
    • Markus Kraus 30. May 2020

Leave a Reply