Home Lab Guides: Proxmox 6 — Automation with Ansible
This guide will take you through the process of installing Ansible to automate app management, configurations and much more.
Anisble has MANY options and customizations available with information available on website.
https://docs.ansible.com/ansible/2.4/playbooks_best_practices.html
Home Lab Guides: Proxmox 6
Part 1: Basic Setup and Installation
Part 2: PCI(e) Passthrough with NVIDIA
Part 3: IPFire Firewall
Part 4: Pi-hole
Part 5: Network and System Monitoring with Grafana, InfluxDB and Telegraf
Part 6: Automation with Ansible
Table of Contents
1.0 Preparation
2.0 Ansible
2.1 Installation
2.2 Connect Visual Studio Code (optional)
2.3 Create directory/file tree
3.0 Playbooks
3.1 Site.yml
3.2 Playbooks/ubuntu.yml
3.3 Production/hosts
4.0 Roles/Common
4.1 Tasks/main.yml
4.2 Tasks/dist-upgrade.yml
5.0 Telegraf (optional)
5.1 SCP telegraf.conf
5.2 Update tasks/main.yml
5.3 Tasks/telegraf.yml
5.4 Handlers/main.yml
6.0 Setup target systems
6.1 Create ansibleadmin user
6.2 Key-based
7.0 Run a Playbook
8.0 References
9.0 Author's Notes
1.0 Preparation
For right now, we’ll use a Console window to work with the terminal, but, normally, you should SSH in through CLI or a program like PuTTY.
- Create a basic Ubuntu 20.04 container with a static IP.
- Start the container and open a Console window.
- Log in using the user
root
and the password you set during the container creation. - Ensure the container is up-to-date.
apt-get update && apt-get dist-upgrade -y
5. Create a master Ansible user with a VERY complex password and save it in a bitlocker drive or somewhere safe because this user will be used on every target system. Visit Strong Random Password Generator to generate a variety of passwords.
useradd -m ansibleadmin
passwd ansibleadmin # Prompts for new password
usermod -aG sudo ansibleadmin
2.0 Ansible
This section will guide you through the installation of Ansible and the creation of a basic playbook.
2.1 Installation
apt-get install ansible -y
2.2 Connect Visual Studio Code (optional)
This part is for Windows only; however, you can install VS Code or Atom on Linux and connect in the same or similar way.
- Download and install VS Code from https://code.visualstudio.com/
- Press
CTRL + SHIFT + X
to open the Extensions search panel and search forRemote — SSH
then click the blue Install button. - You should now see a green (><) Remote Session icon in the bottom left of VS Code. Click it.
4. In the new panel at the top, click the following in order to open the config file.
1. Remote-SSH: Connect to Host…
2. Configure SSH Hosts…
3. C:\Users\YOU\.ssh\config
5. Add an entry for your Ansible server. I suggest using IPs for host and hostname for now unless you have a solid grasp on DNS.
Host Ansible Server
HostName your-ansible-server-ip
User ansibleadmin
Port 22# You'll need to change Port any time you change the SSH port on the host
6. Click the green (><) Remote Session icon, then Remote-SSH: Connect to Host… and you should now see Ansible Server in the list. Click it to open a new VS Code window.
7. At the top, click Linux, then accept the key fingerprint and enter your ansibleadmin password.
8. Press CTRL + SHIFT + E then click Open Folder.
9. In the new panel at the top, search for /etc/ansible/
and click OK.
10. Enter your ansibleadmin password again if prompted.
11. Press CTRL + SHIFT + ` (the ~ key) to open a new terminal window.
2.3 Create directory/file tree
There are many ways you can setup Ansible including production and development branches. The file structure for the roles/tasks/handlers we’re going to be using are automatically understood and run by Ansible.
It’s a good idea to change your default SSH port and deny root login as soon as possible which means you’ll have to log in under a different user. Since you’re not root in VS Code, you’ll have to change the permissions to be able to edit and create.
1. Recursively change the group to ansibleadmin.
chmod 775 /etc/ansible
chown root:ansibleadmin /etc/ansible
2. As user ansibleadmin
, navigate to /etc/ansible/
and create the following directories, and hosts
and .yml
files.
/etc/ansible/
|-- playbooks
| `-- ubuntu.yml
|-- production
| `-- hosts
|-- roles
| `-- common
| |-- files
| |-- handlers
| | `-- main.yml
| |-- tasks
| | |-- dist-upgrade.yml
| | |-- main.yml
`-- site.yml
3.0 Playbooks
Add the following lines to each file respectively.
3.1 Site.yml
# file: site.yml
- import_playbook: playbooks/ubuntu.yml
3.2 Playbooks/ubuntu.yml
# file: playbooks/ubuntu.yml
- name: Managing Ubuntu Hosts
gather_facts: yes # Gather system facts about the hosts
hosts: ubuntu # This matches [ubuntu] in production/hosts
become: yes # Become SUDO
roles:
- common
3.3 Production/hosts
# file: production/hosts
[ubuntu]
192.168.90.106
4.0 Roles/Common
4.1 Tasks/main.yml
# file: roles/common/tasks/main.yml
- name: Running Distribution Upgrade
include_tasks: dist-upgrade.yml
4.2 Tasks/dist-upgrade.yml
# file: roles/common/tasks/dist-upgrade.yml
- name: Updating APT Distribution
apt:
update_cache: yes
upgrade: dist
5.0 Telegraf (optional)
When you have more than a couple of systems to monitor with Grafana, Ansible’s true power shines. If you’re using Telegraf to send metrics, copy telegraf.conf
to /etc/ansible/roles/common/files/
with SCP.
5.1 SCP telegraf.conf
- Log in to your Grafana server and SCP telegraf.conf to your Ansible server
scp /etc/telegraf/telegraf.conf ansibleadmin@your-ansible-server-ip:/etc/ansible/roles/common/files/
5.2 Update tasks/main.yml
# file: roles/common/tasks/main.yml
- name: Gathering package facts
package_facts:
manager: apt
tags: init,install-telegraf- name: Running Distribution Upgrade
include_tasks: dist-upgrade.yml
tags: init- name: Install and setup telegraf
include_tasks: telegraf.yml
tags: init,install-telegraf
5.3 Tasks/telegraf.yml
# file: roles/common/tasks/telegraf.yml
- name: Add influx key
apt_key:
url: https://repos.influxdata.com/influxdb.key
state: present
when: '"telegraf" not in ansible_facts.packages'- name: Add telegraf repository
apt_repository:
repo: deb https://repos.influxdata.com/{{ ansible_distribution|lower }} {{ ansible_distribution_release|lower }} stable
when: '"telegraf" not in ansible_facts.packages'- name: Install telegraf
apt:
name: telegraf
state: present
enabled: yes
when: '"telegraf" not in ansible_facts.packages'- name: Copy config
copy:
src: files/telegraf.conf
dest: /etc/telegraf/telegraf.conf
notify: "Restart Telegraf"
# Handler runs ONLY when when a change is detected
5.4 Handlers/main.yml
# file: roles/common/handlers/main.yml
- name: Restart Telegraf
service:
name: telegraf
state: restarted
6.0 Setup target systems
6.1 Create ansibleadmin users
- Log into each target system and create an ansibleadmin sudo user with the same password as the Ansible server’s user.
useradd -m -g ansibleadmin -G sudo -s /bin/bash ansibleadmin
passwd ansibleadmin # Prompts for new password
usermod -aG sudo ansibleadmin
2. Add target system IPs to /etc/ansible/production/hosts
.
6.2 Key-based
- Generate a new key on Ansible server.
ssh-keygen
2. Name the key file.
/home/ansibleadmin/.ssh/ansible_rsa
3. Leave the passphrase empty.
4. Copy Ansible server key to each target system.
ssh-copy-id -i /home/ansibleadmin/.ssh/ansible_rsa ansibleadmin@target-system-ip
5. Test SSH connection.
ssh -i /home/ansibleadmin/.ssh/ansible_rsa -l ansibleadmin target-system-ip
7.0 Run a Playbook
- Navigate to
/etc/ansible
and run the following command to execute every operation in your site.yml using your production/hosts file.
ansible-playbook -i production site.yml -K -u ansibleadmin --key-file "/home/ansibleadmin/.ssh/ansible_rsa"
2. Target specific tasks with tags.
ansible-playbook -i production site.yml -K -u ansibleadmin --tags init,install-telegraf --key-file "/home/ansibleadmin/.ssh/ansible_rsa"
8.0 References
Ansible apt_repository Module Tutorial + Examples | TopTechSkills.com; 12–01–2021; https://www.toptechskills.com/ansible-tutorials-courses/ansible-apt_repository-module-tutorial-examples/
Ssh-copy-id for copying SSH keys to server; 12–01–2021; https://www.ssh.com/ssh/copy-id
9.0 Author’s Notes
- Thanks for reading this article! If you have any questions, suggestions or comments, feel free to leave a comment.